Audit trail

From LIMSWiki
Jump to navigationJump to search

An audit trail is a security-relevant chronological record, set of records, or destination and source of records that provide documentary evidence of the sequence of activities that have affected at any time a specific operation, procedure, or event.[1][2][3] It may be composed of manual or computerized records of events and information, or both.

An audit trail includes an unambiguous record of events — either individually, or in blocks of temporally connected changes — associated with an individual user (or if changes are created automatically by the system, this must be indicated) and the date and time the change occurred (e.g., by the use of a time zone or reference to GMT). The process that creates an audit trail often run in privileged mode so it can access and supervise all actions from all users and disallow normal users from accessing the audit trail. Another way of handling this issue is through the use of a role-based security model in the software.[4]

Audit trails are recommended or mandated in various guidance, standards, and regulations, including:

  • 21 CFR Part 211: mentioned at various points, including at section 68, 100, 160, 188, and 194[5]
  • ASTM E1578: "The laboratory informatics solution should have validated electronic audit trails that record information about each transaction, both for initial entries as well as modifications to entries."[6]
  • CJIS Security Policy: "...shall produce, at the application and/or operating system level, audit records containing sufficient information to establish what events occurred, the sources of the events, and the outcomes of the events"[7]
  • E.U. Commission Directive 2003/94/EC: "... and audit trails shall be maintained"[8]
  • ISO 15189: "Ensures the integrity of the data and information and includes the recording of system failures and the appropriate immediate and corrective actions" and is "in compliance with national or international requirements regarding data protection"[9]
  • NIST SP 800-53 Rev. 5: "Ensure that audit records contain information that establishes" a variety of "indicators of event success or failure"[10]


  1. "National Information Assurance (IA) Glossary" (PDF). Committee on National Security Systems. 26 April 2010. pp. 4. Archived from the original on 15 April 2012. Retrieved 05 January 2022. 
  2. "ATIS Telecom Glossary 2012 - audit trail". ATIS Committee PRQC. 2012. Archived from the original on 13 March 2013. Retrieved 05 January 2022. 
  3. "Audit Trails" (TXT). National Institute for Standardization. March 1997. Retrieved 05 January 2022. 
  4. Brancik, Kenneth C. (2007). "Chapter 2: Related Research in Insider Computer Fraud and Information Security Controls". Insider computer fraud: an in-depth framework for detecting and defending against insider IT attacks. CRC Press. pp. 18–19. ISBN 1420046594. 
  5. "Code of Federal Regulations Title 21 Part 211 Current Good Manufacturing Practice for Finished Pharmaceuticals". U.S. Food and Drug Administration. 1 October 2021. Retrieved 05 January 2022. 
  6. "ASTM E1578-18 Standard Guide for Laboratory Informatics". ASTM International. 23 August 2019. Retrieved 05 January 2022. 
  7. "Criminal Justice Information Services (CJIS) Security Policy". U.S. Department of Justice. 1 June 2020. Retrieved 05 January 2022. 
  8. "Commission Directive 2003/94/ED" (PDF). Official Journal of the European Union. 8 October 2003. Retrieved 05 January 2022. 
  9. "ISO 15189:2012 Medical laboratories — Requirements for quality and competence". International Organization for Standardization. November 2012. Retrieved 05 January 2022. 
  10. "NIST Special Publication 800-53 Revision 5: Security and Privacy Controls for Information Systems and Organizations" (PDF). National Institute of Standards and Technology. September 2020. Retrieved 05 January 2022.