金币
UID171161
帖子
主题
积分2939
注册时间2014-4-17
最后登录1970-1-1
听众
性别保密
|
发表于 2022-8-23 16:33:29
|
显示全部楼层
The need for audit trail review should be based on a documented and justified risk assessment, taking into account:
Initial verification of audit trail functionality, and subsequent verification (as appropriate) during change management
Effective segregation of duties and related role-based security
Established and effective procedures for system use, administration, and change management
Any review of audit trails deemed necessary should focus on checking that they are enabled and effective.
Suitable records security controls should be in place for high risk records, and appropriate segregation of duties enforced (e.g. such that nobody with a conflict of interest has privileges that would allow alteration of data or audit trail configuration).
Audit trails should be regarded as only one element in a wider framework of controls, processes, and procedures aimed at an acceptable level of record and data integrity.
Audit trails should be regarded primarily as a tool to be used for investigation, as and when required, rather than for continuous routine review.
审计追踪应该主要被当作是用于调查的一种工具,在需要时以供使用,而不是持续常规的审核
Routine review of all audit trial content is not required, and is not consistent with a risk-based approach. The cost and effort is not justified by any likely benefit.
对审计追踪全部内容的常规审核是不必要的,也与基于风险的理念想违背。
摘自GAMP对EU Annex 11的解读
|
|