Log in
Register|
Ken Peh ★ Malaysia, 2014-07-01 07:37 (3947 d 22:19 ago) Posting: # 13185 Views: 6,384 |
|
|
Dear Members, How do we prove that R has audit trail ? For example, if we use Bear or PowerTOST in R, how do we provide to inspector audit trail ?  Highly appreciate your feedback and comments. Thank you. Regards, Ken Edit: Category and subject line changed. [Helmut] |
|
Helmut ★★★   Vienna, Austria, 2014-07-01 14:12 (3947 d 15:43 ago) @ Ken Peh Posting: # 13186 Views: 5,578 |
|
|
Hi Ken, ❝ How do we prove that R has audit trail ? You can’t – there is none (like in SAS, Matlab, S-Plus, Phoenix/WinNonlin,  ). Have a look at this document.* The only software having an audit-trail out of the box are all LIMS and some CDS.❝ For example, if we use Bear or PowerTOST in R, how do we provide to inspector audit trail ? Tell the inspector that there is none. Have a set of SOPs which you follow. Provide a transparent workflow documenting all steps performed.
— Dif-tor heh smusma 🖖🏼 Довге життя Україна! ![[image]](https://static.bebac.at/pics/Blue_and_yellow_ribbon_UA.png) Helmut Schütz ![[image]](https://static.bebac.at/img/CC by.png) The quality of responses received is directly proportional to the quality of the question asked. 🚮 Science Quotes |
|
ElMaestro ★★★ Denmark, 2014-07-01 15:17 (3947 d 14:38 ago) @ Ken Peh Posting: # 13188 Views: 5,433 |
|
|
Hi Ken, Helmut, all, I think quite a few CROs I have talked to have doubts about R and audit trails. Understandably. Per se, there is just no audit trail built into R, but I am sure we could make one. I think I could write a windows application that takes the following as input: -Name + company of user -R script -path to R -time, date etc. As output the following will be generated for a session: -name of user -R script -R output -name of person granting rights to user -path to R -unique session number -time, date etc. All output -which will be the audit trail and result simultaneously- will be associated with checksums. The windows application will then be able to authenicate any such input posthoc. For example, an inspector or auditor will immediately be able to test if the session output has been manipulated. If the user tampers with the output, then application will capture it and output an error. Any interest in this? — Pass or fail! ElMaestro |
|
Helmut ★★★ Vienna, Austria, 2014-07-01 19:51 (3947 d 10:05 ago) @ ElMaestro Posting: # 13195 Views: 5,461 |
|
|
Hi ElMaestro, ❝ Any interest in this? ![[image]](img/uploaded/image4.gif) would you share 15% of your honorary with me if I try to crack your code? My qualification: I validated an Agilent LIMS (HP LAB/UX) in the 1990s. It was both fun and scary to unveil how the audit trail was implemented (BTW, much easier on a Unix-OS than on Win). The system passed its first GLP-certification in 1997. — Dif-tor heh smusma 🖖🏼 Довге життя Україна! Helmut Schütz The quality of responses received is directly proportional to the quality of the question asked. 🚮 Science Quotes |
|
ElMaestro ★★★ Denmark, 2014-07-01 20:42 (3947 d 09:13 ago) @ Helmut Posting: # 13198 Views: 5,469 |
|
|
Hi Helmut, ❝ would you share 15% of your honorary with me if I try to crack your code? ❝ My qualification: I validated an Agilent LIMS (HP LAB/UX) in the 1990s. It was both fun and scary to unveil how the audit trail was implemented (BTW, much easier on a Unix-OS than on Win). The system passed its first GLP-certification in 1997. I will let you beta-test it  And true to modern style software making I will reward you if you are able to manipulate the audit trail or result without the program detecting it. I expect noone is going to pay me for programming this stuff, so it is rather acceptable for me to promise you 15% of nothing. Will add a bonus, even.  However, if you do not manage to manipulate the audit trail or result without the program being able to detect it, then you have a choice of either of the following two severe punishments: a. Getting thoroughly whipped by my ship's cat-o-nine-tails on the town square of Vienna. or b. Buying me a cold brewski next time we meet. I imagine reverse engineering (decompile + change + recompile) would be the only way to manipulate it. Probably no way to protect any software against it, unless it is hosted on my local server and accessed remotely. — Pass or fail! ElMaestro |
Ing. Helmut Schütz