How Do I Create A Secure Audit Trail Of Points, Alarms And Events In CX-Supervisor?


In some applications, especially those destined for the pharmaceutical industry, it is important to keep a log of important events and changes that have occurred within a system so, in the event of problems, the logs can be reviewed and remedial action taken where necessary.

CX-Supervisor has always had the ability to log data items, alarms and events but from version 3.1 these logs are capable of being more secure and the information in them detailed enough to enable the final applications to be compliant the some of the strict regulations such as 21 CFR Part 11.

Configuring the Audit Trail Settings

The settings for the audit trail functionality are located by going to Project -> Runtime Settings -> Audit Trail Settings:


This will display the Audit Trail Configuration Dialog:

The default is to create a read only database in Microsoft Access format. Only CX-Supervisor knows the password for writing (in order to be able to generate the audit trail). Choosing the Setup for the database allows you to choose an alternative connection string (for advanced users) and how often to create a new database file. By default CX-Supervisor will create a new database file whenever the audit trail is started using the 'StartAuditTrail' script command. The alternative option is to always log to the same audit trail database. Note: a new database file will always be created when the size of the database reaches 5 million records.

By default, when using Access format, the database files will be stored in the application folder. This dialog gives you the option of choosing an alternative folder or disk. This can be especially useful if the application is situated on an IPC such as the Omron DyaloX.

You also have the option to generate audit trail to an SQL Server database. The connection string, including password details must be added in the Setup dialog. Obviously it is important that this write password is kept secure. CX-Supervisor will automatically generate the tables and fields required for the audit trail when the application is run.

In this dialog you can configure an Audit Trail ID point and an Audit Trail Note Point. These are points which contain custom data that will be logged with every audited record. These are designed to contain information such as a batch ID and details of the batch.

This dialog also allows you to choose if Alarms and/or events are logged to the secure audit trail. By default they will log to the standard text files they have always logged to. Choosing to log them to the secure database will not stop them going to the text files but will additionally send all the information to the secure audit trail database. Alarms have the option of all being logged or only alarms that are individually chosen to audit in the alarm settings.

Generating Audit Trail from A Point

It is possible to generate audit trail from any defined point (except System Points).

In the Advanced point settings dialog there is an option to generate audit trail, when this option is chosen, any changes to this point value will be logged into the secure audit trail when the audit trail starts.



Generating Audit Trail From An Individual Alarm

In the audit trail settings dialog you can choose to audit all alarms or individual alarms. If this is set to 'Selected Alarms', alarms will only generate audit trail if they are set to do so in the Add/Modify Alarm dialog:

Starting Audit Trail From A Script

The audit trail will not automatically be generated until the application calls the StartAuditTrail script command. This can be called from any script including project initialisation scripts if it is essential that audit trail starts as soon as the application.

There is also a StopAuditTrail command which can be called when the application needs to stop generating audit trail - for example after a batch has been completed.

Using the Audit Trail

So we now have an application that can generate a secure audit trail. The audit trail can be accessed using MS Access or using your usual SQL viewer in the location you chose to store the data.

The log contains details of the currently logged in user, the date and time of the audit, the point or alarm name, previous and new values and details of the batch and comment.

This log should be kept secure and measures taken to ensure that users cannot remove the file either by accident or maliciously. Creating the audit trail with the correct data helps to create an application that fulfils some of the needs of regulations such as 21 CFR Part 11. It is important that other measures related to security and archiving of the audit trail are also followed.