About auditing vault activity

The Meridian FDA Module is capable of logging all actions that have been completed that create, modify, delete, or export data related to any object in the vault using any of the client applications and application links, including Meridian Enterprise Configurator. This feature meets the requirements of Title 21 Part 11 of the U.S. Code of Federal Regulations that applies to the Food and Drug Administration. Once configured for a vault, audit data is logged automatically. No client configuration is required.

Audit data is only logged for standard Meridian Enterprise and Meridian FDA Module commands. Custom commands can be audited by adding calls to a VBScript function in the vault’s event handlers. The data is stored in a secured database separate from the document metadata. Audit log data is generated automatically in chronological order. Data cannot be imported into the activity database. No user, regardless of their privileges, can modify the audit data. New audit data does not overwrite existing audit data. Audit data is retained for the life of the vault. For a list of the audited actions, see Audited actions.

The data can be viewed, filtered, and exported by authorized users as described in the BlueCielo Meridian FDA Module User's Guide. Meridian Enterprise security roles can be configured to allow display of the FDA Module audit report as described in Security privilege descriptions. For system administrators, an example template for SQL Report Writer is provided.

Configuring a vault to generate audit data is described in the following topics.