We are facing a situation with a customer where we built a software
application to collect, analyze and report data from an instrument. The
application collects raw data from the instrument via a serial port.
Users enter several pieces of information through a set of data entry
screens. This “metadata” is then applied to the collected raw data for
analysis and reporting.
Is it necessary for the software application to provide a mechanism to
report pre-edit and post-edit values for all the user entered "metadata"
to ensure part 11 compliance? The application does provide System, User
and Assay level audit trails which indicate changes made to data along
with reason for change. However, the actual values pre and post change
are not captured by the audit trail. It is our interpretation that the
only primary record w.r.t the software application is the raw data
generated from the instrument and that all user entered metadata is
simply being “transcribed” from elsewhere and technically does not come
under the purview of part 11 compliance requirements with regards the
software. It is understood that the transcribed data would need to
comply with necessary requirements, however, those would apply to the
point of origin of such data.
Thoughts and comments are greatly welcome.