Empower Software Audit Trails and Logs: A guide to the different locations of audit trails in Empower and what information they provide to reviewers

Significance of the Topic

Audit trails are essential elements of modern regulated laboratories, providing an immutable record of every change to data, methods, and system configurations. In the context of 21 CFR Part 11, GMP, GLP, and GCP regulations, properly implemented audit trails underpin data integrity, product quality, and regulatory compliance. By capturing operator-independent, time-stamped events with secure protection against tampering, audit trails enable transparent review processes and support trust in electronic records.

Objectives and Study Overview

This white paper examines the locations, configurations, and capabilities of audit trails in Waters Empower Software. It outlines where audit records are generated, how they meet regulatory requirements, and how reviewers can access and interpret them. The paper also addresses common gaps in audit‐trail use, offers best practices for configuration and periodic review, and highlights supporting logs and message streams.

Methodology and Instrumentation

The study is based on a detailed review of Empower audit-trail mechanisms, including:

• System Audit Trail for global application actions.
• Project Audit Trail and specialized histories for methods, samples, and sample sets.
• Acquisition and Injection Logs for instrument run parameters and interactive overrides.
• Message Center and additional console logs for troubleshooting.

The analysis references Empower versions up to 3 FR3, Waters™ ACQUITY™ UPLC™ systems, and industry guidance documents.

Used Instrumentation

• Waters Empower Chromatography Data System.
• ACQUITY UPLC Systems with PDA Detectors.
• Oracle database backend for relational linkages.

Main Results and Discussion

Empower implements multiple, interlinked audit trails to satisfy §11.10 and global requirements:

• System Audit Trail records all configuration and administrative actions, including login failures and policy changes, with no possibility of modification.
• Project Audit Trail tracks every data and metadata event—method edits, sample modifications, result creations or deletions—storing ‘before’ and ‘after’ values along with user-provided reasons for change.
• Acquisition and Injection Logs capture instrument parameters and any interactive changes during runs, permanently linked to raw data.
• Method versioning ensures methods are never overwritten, uniquely identified, and can be compared to highlight parameter differences.
• Sample and Sample Set Histories audit metadata edits, flag altered records, and support risk-based review workflows.
• Message Center aggregates logs from Empower, instrument drivers, and the OS to support troubleshooting, while critical change events remain in formal audit trails.

Time-stamp management is emphasized through synchronized UTC or fixed-zone settings. Archiving policies guarantee audit-trail availability for the full retention period, with project-level and system-level trails backed up and restorable.

Benefits and Practical Applications

By leveraging Empower’s audit-trail features, laboratories gain:

• Robust data integrity controls through unalterable, computer-generated event logs.
• Traceability across methods, results, and metadata via permanent relational links in the Oracle database.
• Streamlined electronic review and approval using integrated audit-trail viewers and view filters.
• Regulatory confidence with documented compliance to FDA, OECD, WHO, EU, and PIC/S guidance.

These capabilities reduce manual report generation, limit reliance on static PDFs, and support risk-based exception reviews rather than exhaustive paper‐based audits.

Future Trends and Applications

Emerging opportunities include:

• Enhanced automation of periodic audit-trail reviews, leveraging AI/ML to flag anomalies and outliers for focused investigation.
• Deeper integration of audit logs with enterprise quality management systems for unified oversight.
• Standardized electronic reporting templates that dynamically include audit-trail summaries.
• Cloud-based architectures offering secure, synchronized time sources and centralized log management.

Conclusion

Empower Software’s comprehensive audit-trail framework addresses key regulatory demands for data integrity and traceability. Through multiple, secure, and interlinked event records—spanning system changes, project-specific actions, instrument operations, and metadata edits—laboratories can implement rigorous, risk-based review processes. Adherence to best practices in configuration, time-stamp synchronization, archiving, and reviewer documentation ensures long-term compliance and continuous improvement.

References

1. FDA Title 21 Chapter I Subchapter A Part 11 Electronic Records; Electronic Signatures.
2. OECD Guidance Number 17: Application of GLP Principles to Computerized Systems (2016).
3. WHO TRS 996 Annex 05: Computer-Generated Audit Trails.
4. EU GMP Annex 11: Computerized Systems.
5. PIC/S GMP Guide Annex 11: Computerized Systems.
6. FDA Q&A on CGMP Records and Reports Guidance.
7. FDA Title 21 Part 211 GMP for Finished Pharmaceuticals.