GLOSSARY

What is an audit trail in clinical imaging?

An audit trail in clinical imaging is a time-stamped, tamper-evident electronic record that captures every action taken on an imaging dataset, measurements and analysis — who accessed it, what was changed, and when — enabling regulators and sponsors to verify data integrity throughout a clinical trial.

Any imaging system used to create, modify, or manage data supporting regulated clinical trial endpoints must maintain a compliant audit trail in accordance with 21 CFR Part 11, GxP, and EMA Annex 11 requirements. The requirement applies to the system or systems used to manage imaging data — meaning that audit trail coverage must extend to the platforms and tools that generate, process, or store regulated records, wherever those functions reside.

Audit trail — simple definition An audit trail in clinical imaging is a secure, time-stamped record of all actions performed on imaging data, used to ensure data integrity and regulatory compliance.

Why are audit trails required in clinical imaging trials?

Regulatory agencies require audit trails in clinical imaging to ensure that imaging data has not been manipulated between collection and analysis. Three frameworks establish this requirement.

FDA 21 CFR Part 11 governs electronic records and signatures in clinical research. For imaging systems it requires that all changes to electronic records — including image uploads, annotations, and read outputs — be recorded with the date, time, and identity of the person who made the change. The system must prevent users from overwriting or deleting audit trail entries.¹

GxP standards — covering Good Clinical Practice (GCP), Good Laboratory Practice (GLP), and Good Manufacturing Practice (GMP) — extend audit trail requirements across the full trial operation. GCP specifically requires that any changes to imaging data be documented without obscuring the original entry.

EMA Annex 11 is the complementary European regulation governing computerised systems used in GxP-regulated activities, with overlapping but not identical requirements to 21 CFR Part 11. Where Part 11 focuses narrowly on electronic records and signatures, Annex 11 applies more broadly to computerised systems across the full GxP landscape. For sponsors running multinational trials, both frameworks apply simultaneously.

Audit trail requirements in clinical imaging

To be compliant with FDA 21 CFR Part 11, GxP, and EMA Annex 11, an imaging audit trail must:

• Be automatically generated by the system — not manually created or maintained by users
• Be time-stamped using a consistent, synchronised system clock (UTC strongly recommended) with sufficient precision to reconstruct the order of events
• Be linked to a specific authenticated user — capturing username and role at minimum
• Capture all creation, modification, and deletion of regulated imaging data and metadata, including the original value and the changed value, along with other critical system actions as defined by validation and risk assessment
• Prevent modification or deletion of audit entries without preserving the original record and full traceability
• Retain the original record alongside any subsequent changes
• Be exportable in a human-readable format — typically CSV or PDF — for regulatory inspection
• Continue recording post-data lock — access attempts after lock should be captured

Audit trail scope and configuration must be defined and verified during system validation as part of the computer system validation (CSV) process. Platforms that allow audit entries to be altered or suppressed without preserving the original and full traceability are considered non-compliant under both 21 CFR Part 11 and EMA Annex 11.

Evaluating imaging platforms for your next trial
Download QMENTA's compliance checklist — covering audit trails, 21 CFR Part 11, GxP, and ISO 13485 requirements for imaging data management.
Download the checklist →

What must a compliant imaging audit trail capture?

A compliant imaging audit trail must capture all creation, modification, and deletion of regulated records. At minimum this includes:

• Timestamp — using a synchronised, consistent system clock with sufficient precision to reconstruct event order (UTC recommended)
• User identity — authenticated username and assigned role of the person who performed the action
• Action type — upload, view, annotation, central read, approval, deletion attempt, data export
• Data object — the specific image, DICOM series, or study affected
• Before and after state — the original value and the changed value for any modification
• IP address and session ID — commonly captured for security and traceability, though not explicitly mandated by 21 CFR Part 11 or EMA Annex 11
• Electronic signature — where required for regulated approvals or sign-offs under the protocol or sponsor SOPs, linked to the user's credentials
• System-generated events — automated QC flags, PHI de-identification steps, protocol deviation alerts

Audit trails must also be periodically reviewed as part of quality and data integrity processes — not merely generated and stored. This review expectation is established under GCP guidance and data integrity expectations from FDA and EMA.

Audit trail vs. activity log vs. data log — what is the difference?

These terms are used inconsistently across platforms and vendors. Understanding the distinction is important for regulatory compliance evaluations.

Audit trail

A system-generated, tamper-evident record that meets the specific requirements of 21 CFR Part 11, GxP, and EMA Annex 11. Audit trail entries cannot be modified or deleted by any user. The original record is preserved alongside any changes. The trail is exportable for inspection. This is the standard required for clinical trial data that supports a regulatory submission.

Activity log

A record of system events generated for operational purposes — monitoring performance, diagnosing errors, tracking user sessions. Activity logs are often mutable: administrators may be able to edit, suppress, or delete entries. An activity log that can be modified by administrators does not meet the audit trail standard under 21 CFR Part 11, regardless of how comprehensive its coverage is.

Data log

A colloquial term used inconsistently across systems. In some platforms, "data log" refers to an audit-trail-equivalent record. In others, it refers to a raw event stream without tamper-evidence or export requirements. When evaluating an imaging platform for trial use, sponsors should not assume a "data log" meets audit trail requirements — the specific regulatory requirements (tamper-evidence, user attribution, export capability) should be confirmed against the vendor's compliance documentation.

The practical test: if a platform allows any user — including system administrators — to modify or suppress log entries, it does not have a compliant audit trail, regardless of what the feature is called.

How are audit trails used across the imaging trial lifecycle?

Audit trail requirements apply at every stage of a clinical imaging trial.

Site qualification — records which sites were onboarded, when, and which personnel were granted access; required before the first image is submitted.

Image submission — captures upload events, automated QC check outcomes, PHI de-identification steps, and any rejected submissions at the point of submission.

Central review — logs reader assignments, blinding confirmations, read timestamps, adjudication decisions, and any changes to read outputs — all individually recorded. See: central review in clinical trials.

Data lock — records the identity of the person who applied the lock, the timestamp, and the associated electronic signature. Post-lock access attempts continue to be captured.

Regulatory submission — the audit trail must be exportable in a format retrievable by FDA or EMA inspectors, typically as a structured CSV or PDF export accompanied by a system validation report confirming completeness and integrity.

What are the most common audit trail failures in imaging inspections?

FDA inspection observations (Form 483s) frequently cite audit trail deficiencies — including incomplete audit trails, lack of audit trail review, and mutable log entries — as data integrity issues in clinical trial systems.² The most common failure modes are:

Coverage gaps — the system logs some events but not all required fields, leaving certain user actions unrecorded.

Mutable logs — audit trail entries can be edited or deleted by system administrators, making the record non-compliant regardless of how complete it otherwise is.

Clock skew — timestamps are not synchronised to UTC across sites, creating inconsistencies that cannot be resolved during inspection.

Incomplete blinding records — no log confirming that readers were blinded before assignment, which is a specific GCP requirement for unblinded trials using central review.

Incomplete security function logs – no log to show a user role was modified, and the associated data record was tampered with.

Export failures — the audit trail exists within the platform but cannot be exported in a regulator-readable format within a reasonable timeframe.

How do cloud imaging platforms generate audit trails automatically?

Cloud-native imaging platforms generate audit trails at the infrastructure level — recording all regulated events in real time without relying on site personnel to document them manually. All creation, modification, and deletion of records within the system, by any user at any site, is written to an immutable log that cannot be altered without preserving the original record and full traceability. Of critical importance are also the security audit trails logging all related security mapping functions.

This architecture satisfies the core 21 CFR Part 11 requirement that audit trails be computer-generated and tamper-evident, and supports the ALCOA+ data integrity principles — Attributable, Legible, Contemporaneous, Original, and Accurate — that regulatory agencies expect to see demonstrated across clinical trial data.

QMENTA's Imaging Hub generates automated audit trails as a core platform function. External pharmaceutical partner audits conducted in 2025 validated the platform's compliance infrastructure with zero nonconformities across all GxP and 21 CFR Part 11 requirements.

Key takeaways

• An audit trail is required for all clinical imaging data used in regulatory submissions — the requirement applies to the imaging platform, not just the EDC
• It must be system-generated, time-stamped, tamper-evident, and exportable — platforms where administrators can modify or delete log entries are non-compliant
• FDA 21 CFR Part 11, GxP, and EMA Annex 11 all require audit trails; for multinational trials, both FDA and EMA standards must be satisfied simultaneously
• Audit trails must capture events across the full trial lifecycle — from site qualification through data lock and post-lock access
• The most common inspection failures are mutable logs, coverage gaps, clock skew, and export failures — not the absence of logging
• Retention requirement: investigator records must be retained for at least two years after approval or discontinuation under 21 CFR 312.62; sponsors may be subject to longer retention under ICH E6 (GCP) and internal policies³
• Cloud-based platforms generate audit trails automatically at the infrastructure level — no reliance on manual documentation by site staff

By Paulo Rodrigues, PhD, Chief Technology Officer and Co-Founder at QMENTA

Paulo Rodrigues leads technology strategy at QMENTA and writes about imaging clinical trials, protocol standardization, real-time QC, and compliance-ready neuroimaging workflows for multi-site studies. View executive leadership.

¹ FDA. 21 CFR Part 11 — Electronic Records; Electronic Signatures. ecfr.gov

² Attribution: based on QMENTA's operational experience across GxP-validated imaging trials and external pharmaceutical partner audits. Sponsors should review FDA Warning Letters and 483 observations for specific published examples.

³ FDA. 21 CFR 312.62 — Investigator Recordkeeping and Record Retention. ecfr.gov