Put yourself in an auditor’s shoes for a moment.

You have some executed protocol results.

Mark-Up

On the page, the tester entered some data and signed the page. But there’s a protocol change (a markup) and maybe it’s in a different color ink than what the tester was using and maybe it looks a little different from the tester’s writing.

As an auditor, you ask who made this change?

It’s a legitimate question given the inconsistencies.

Readily Attributable

Every bit of recorded information should be readily attributable to whomever made the entry.

The same goes for electronically-captured results.

If there is no metadata (information about the data) that tells who executed the step that captured the data, when the data was captured, and what the data relates to, the auditor could conclude that it was merely fabricated.

Annotations on the test results should only be made when necessary; e.g., to explain a change, when incorrect entries are corrected, etc.

Unnecessary Annotation

Unnecessary annotations; e.g., notes (and worse, doodles!) need to be avoided.

They are red flags for auditors.

All entries, whether electronically made, hand-written, changes, etc. need to be attributable to who made the entry, when the entry was made, and why the entry was made.

Online course
6 modules
Computer System Validation (CSV): Validation Testing – Part 2


Find out more about this course