|
Auditing
Department: |
Date
of Audit: |
|||
|
No. |
Name of Auditor(s) |
Department |
Signature & Date |
|
|
1 |
||||
|
2 |
||||
|
3 |
||||
|
Sr. No. |
Assessment Question |
Guidance |
Observation |
|
1.
Documentation & Record: |
|||
|
1.1 |
Is the logbook/ records paginated and issued by
QA? |
All the activity shall be recorded in the
paginated logbooks and issued by QA |
 |
|
1.2 |
Is
doer of the activity recording the observation/parameter with sign/date and
time (as applicable)? |
The
documents shall be Attributable to the person generating the data |
 |
|
1.3 |
Are the data entries being performed with
indelible ink (with color of ink as defined in SOP) and readable? |
Document shall be Legible and permanent. |
 |
|
1.4 |
Is
any scribe used for making data entries? |
Should
only take place where the act of recording places the product or activity at
risk and mentioned in SOPs. |
 |
|
1.5 |
Are the required entries in the log books/batch
documents/ Analytical sheets made on time and available? |
Document shall be Contemporaneous |
 |
|
1.6 |
Is
the information/ data available in original record or certified true copy? |
Document
shall be Original |
 |
|
1.7 |
Is any editing to errors performed in logbook/
document without documented amendment as per SOPs? |
The document shall be Accurate |
 |
|
1.8 |
Are
logbooks/ documents has reference of unique identification number as defined
in SOPs? |
All
documents shall have a unique identification number (including the version
number) and shall be checked, approved, signed and dated (as applicable) |
 |
|
1.9 |
Is there any blank formats (including SOP
formats, Logbooks, note books, worksheets) found in area which is not issued
by the quality unit? |
All blank formats (including SOP formats,
Logbooks, worksheets, laboratory notebooks) shall be controlled by the
quality unit |
 |
|
1.10 |
Are
logbooks/ documents has a reference of format no. as defined in SOPs? |
Documents
should be stored in a manner that ensures appropriate version control |
 |
|
1.11 |
Is a soft copy Master document accessible at
computers? |
Master copy (in soft copy) should be prevented
from unauthorized or inadvertent changes |
 |
|
1.12 |
Are
there any obsolete format/ SOP/ document available or in a computer? |
Updated
versions shall be distributed in a timely manner. |
 |
|
1.13 |
Is there any blank space left in the filled page
of log book/ BPCR/ DRS etc. |
Entry of 'NA' placed in blank space (if required)
followed by sign/date. |
 |
|
1.14 |
Is
there enough space provided in logbooks/ BPCR/ DRS etc. in which the manual
activities are recorded should be ensured. |
Documents
should be Contemporaneous |
 |
|
1.15 |
Is 24 hr (HH:MM) time format being used in
documents? |
Time format should be HH:MM (24-hour format) |
 |
|
1.16 |
Are clocks/ timer designated in area
easily accessible to note the timings by doer? |
Clocks/ timer should be synchronized and
easily accessible. Documents should be Contemporaneous. |
 |
|
1.17 |
Are
clocks/ timer designated in area easily accessible to be changed/ modified by
any person? |
Clocks/
timer should not be easily accessible to be changed/ modified by user. |
 |
|
1.18 |
Is the correct unit of measurement is used while
recording: temperature/ weight etc.? |
Significant unit of measurement shall be used as
per requirement. |
 |
|
1.19 |
Are
critical activities signed by doer being checked by another person (wherever
applicable)? |
Doer
and checker provision shall be in place for critical activities. Data should
be Accurate and Original |
 |
|
1.20 |
Are print outs (e.g. autoclave, balance etc.) duly
signed by doer and checker and have cross reference to the original / mother
document? |
Records shall be checked, and cross reference
shall be available. Data should be Accurate |
 |
|
1.21 |
Are
print outs which are on thermal paper being photocopied prior to attachment? |
Thermal
paper printouts shall be photocopied and dully signed. Data should be Legible |
 |
|
1.22 |
Are the procedures of document review available
and followed? |
Data review procedures describing review of
relevant metadata should be available (as applicable) |
 |
|
1.23 |
Is
archival of paper records not performed by QA in secure and controlled
archives? |
Archival
of paper records by designated personnel in secure and controlled archives |
 |
|
1.24 |
Is the observation being recorded as visible in
the display on the instrument/equipment screen/ PLC/HMI etc.? |
Digits for data shall be visible from
equipment/instrument display. |
 |
|
1.25 |
Are
entries in logbooks sequential, reliable, complete and legible? |
Entries
should be sequential, reliable, complete and legible. |
 |
|
1.26 |
Is transcribed data verified against the raw data
for correctness and accuracy? |
The document should be original. If the
transcribed cross reference of the mother document shall be mentioned. |
 |
|
1.27 |
Is
there any unauthorized changes observed in the document? |
Unauthorized
changes should not be done in the documents |
 |
|
1.28 |
Is whitener/ opaque substance/ eraser / white
tape or whiteouts etc. used in the document for correction? |
Data should be Legible (No usage of opaque substance) |
 |
|
1.29 |
Are
corrections not initially signed with a date and properly justified? |
Corrections
shall be justified with sign and date. |
 |
|
1.30 |
Is there any partial correction of the numerical
value? |
No partial correction of numerical value. Data
should be Legible |
 |
|
1.31 |
Does
a signature log for employees available? |
The
log should be available and maintained |
 |
|
2.
Electronic Data: |
|||
|
2.1 |
Are
individual Login IDs and unique passwords assigned to individuals? |
Individual
login ID should be assigned for the individual persons. |
 |
|
2.2 |
Is user creation, authorization list available for the system defining access levels? |
List shall be available for individual equipment and access levels should be defined. |
 |
|
2.3 |
Does
the Audit trail contain the following details, Name
of the person who performed the activity Description
of the activity Time
and date of the activity Justification
in case of any changes made |
The
audit trial should contain the attributes |
 |
|
2.4 |
Does electronic data saved at the time of the
activity and before proceeding to the next step of the sequence of events? |
Data shall be saved at the time of activity. Data
should be Contemporaneous and Original |
 |
|
2.5 |
Is
the audit trail secure and time- stamped that independently record operator
actions? |
Audit
trail should be secured and time-stamped. |
 |
|
2.6 |
Is privileges given to any person to overwrite
the original data? |
Data should be Legible and access to overwrite
the data should be prohibited |
 |
|
2.7 |
Are
electronic records archived by any person in random manner? |
Archival
of electronic records by designated person in secure, controlled and
reproducible electronic archives |
 |
|
2.8 |
Is there any provision available to change the
time/date of the system by doer/ checker? |
System should not allow changing the time and
date. |
 |
|
2.9 |
Is
the time/date of the system synchronized across the GXP operations? |
Time/date
of system should be synchronized |
 |
|
2.10 |
Does audit trail review in routine data review/
approval process? |
Audit trial review procedure should be available. |
 |
|
2.11 |
Does
relevant meta data review along with original electronic data? |
Relevant
meta data shall be reviewed with original data. |
 |
|
2.12 |
Is data review signified by electronically
signing the electronic data & metadata? |
As per approved procedure and system limitations
as validated. |
 |
|
2.13 |
Is
computer system validated and controls/ setting tested, locked and protected
from unauthorized access? |
Validation
should be available. |
 |
|
2.14 |
Does the system
validation documentation include established controls to ensure data
integrity (data security- access roles/permissions, sequence of operations,
enabling of relevant audit trail)? |
Validation should
be available. |
 |
|
2.15 |
Are the standards for the system’s password
strength and complexity defined and documented within system documentation
(requirements, and testing)? |
Computer system validation document should be
available with password complexity. |
 |
|
2.16 |
Is there a defined password
expiration that is enforced by the system? |
Password expiration should be
enforced. |
 |
|
2.17 |
Is data retained in a non-editable format or PDF
format etc.? |
Approved procedure should be available for back-up
and storage |
 |
|
2.18 |
Are back-up copies of original
electronic records stored in another location as a safeguard in case of
disaster? |
Approved procedure should be
available for back-up and storage |
 |
|
2.19 |
Are periodic tests performed to verify the ability
to retrieve archived electronic data from storage locations? |
Approved procedure should be available for back-up
and storage review |
 |
|
2.20 |
Is archival copy compared with the
original electronic data to confirm entire content and meaning of the
original record? |
Approved procedure for archival of
data should be available. |
 |
|
2.21 |
Are time/date and done by/ checked by printed on
records electronically? |
Records should be available in form of time and
date stamped records and signed. |
 |
|
2.22 |
Is authorization to verify data
separate from doer? |
Authorization to generate data
shall be separate to authorization to verify data |
 |
|
2.23 |
Is restoring of Back up data/Archiving Data
validated and regularly tested? |
Computer system validation shall demonstrate. |
 |
|
2.24 |
Does a list of computerized system
available? |
The name, location and primary
function of each computerized system should be available. |
 |
|
2.25 |
A list of currently approved users, specifying the
users name and surname, and any specific usernames should be available. |
List shall be available for individual equipment. |
 |
|
2.26 |
System administrators should be
independent of users performing the task |
preferably IT personnel |
 |
|
2.27 |
Can the general user switch off the audit trail? |
The system should not allow changing the settings |
 |
|
3. Personnel Training: |
|||
|
3.1 |
Is a Training record for data integrity and cGMP
available? |
All personnel should be trained on the data
integrity concept and cGMP |
 |
|
3.2 |
Is a Training record available for
related SOPs as per the job assigned? |
All personnel should be trained on
related SOPs as per the job assigned |
 |
