Audit trail

Record history

One History tab per record that merges two complementary streams — what the user did (Activity) and what the record looked like before (Field changes) — with filter chips, source-tagged entries, and an inspector-ready print export.

For
Quality Managers, auditors, anyone preparing for inspection
Reading time
5 min

In one sentence

Every regulated record — NCR, Audit, MOC, JHA, FMEA, Risk, Exemption, Meeting, Document, Gap Analysis, Supplier, Client — carries a single History tab that timelines two complementary streams together: user actions (what was done) and database field changes (what the data looked like before), with filter chips to focus, source badges to tell them apart, and a Print export that carries both streams chronologically.

Three things to remember
  • One tab, two streams. History merges what used to live across Activity and a separate History tab. A teal Activity badge marks the application-level events ("Submitted for approval", "Comment added"); a slate Field change badge marks the record-level diffs ("Status changed from Under Review to Approved").
  • Filter the noise away. Three chips at the top — All / Activity / Field changes — with per-stream counts, so you can hone in on whatever question you're actually trying to answer.
  • Append-only by design. The audit trail can't be rewritten — not by you, not by an admin, not by support. The protection is layered: the application can't issue an edit, the database refuses the edit at its access boundary, and an immutability rule on the trail blocks the edit even if both prior layers were bypassed.

Where the tab lives

On the detail page of every regulated record type — alongside Overview, Details, Approvals, Attachments, Links, and so on. The tab loads lazily on first click so opening the detail page itself stays snappy.

The tab used to be two — Activity and History — on most modules. They're now merged into one. If you were used to the old layout, the new History tab is the home for everything that was on either of the old tabs.

The two streams

Each entry in History carries a small badge telling you which stream it came from:

BadgeStreamWhat it captures
Activity (teal)Application events"Submitted for approval by Alice", "AI drafted root cause", "Notification sent to Bob", "Linked to MOC-2026-0119". The intent and narrative side.
Field change (slate)Record-level changes"Status changed from Under Review to Approved", "Assignee changed from Alice to Bob". The mechanics side — captured by the system automatically, so even actions that didn't log a narrative event still show up here.

Both streams answer different questions. "What did the user do?" belongs to Activity. "What did this record look like before?" belongs to Field changes. The combined timeline is what an inspector or investigator actually wants — see the user's intent and the data outcome side-by-side.

Filter chips

Three chips at the top of the tab:

  • All — both streams, chronologically interleaved.
  • Activity — only application-level events. The narrative.
  • Field changes — only database diffs. The mechanics.

Each chip carries a count, so you can see at a glance "this record has 47 Activity entries and 12 Field changes."

What each entry shows

Activity entry — the actor, what they did, when, and any free-text context the action carried (an approval comment, a rejection reason, a description).

Field change entry — the operation (Created / Updated / Deleted), who made the change (name + role at the time, snapshotted), when, and the list of fields that changed. Click to expand and see the before → after diff for each field. Internal bookkeeping fields are filtered out so the diff stays focused on business meaning.

Every record type carries a comment box at the top of the History tab — NCRs, MOCs, audits, FMEAs, JHAs, risks, exemptions, meetings, suppliers, clients, and products. Use it to append a free-form note to the timeline: investigation notes that don't fit a specific field, context for a status change, a heads-up for the next reviewer. Notes appear inline in the chronological feed as Activity entries with the author's name and timestamp, immutable like the rest.

Above the list, the Print history button opens a dedicated print-friendly page at /record-history/{table}/{id}/print in a new tab. The page is laid out for the browser's Print → Save as PDF dialog; no PDF library is involved.

What the printed page carries:

  • A §11.50 manifest header at the top, identifying the record, its type, the record ID, the total number of changes, who printed it, and when.
  • Both streams in chronological order — Activity and Field changes interleaved, with their source badges intact.
  • The full field-by-field before-and-after diff for every Field change update.

The print export gives an inspector the same view you see on screen, but as a permanent printable artifact. See Signature manifestation for how the §11.50 header is structured.

How a typical investigation reads history

For an NCR investigation walk-through:

  • Open the All view — you see Created → AI drafted → Investigator assigned → Status changed to in-progress → Containment action added → Linked to NCR-2026-0418 → Closed in one timeline.
  • Switch to Field changes to verify status transitions had the values you expect.
  • Switch to Activity to see the human story without the field-level noise.
  • Click Print history to attach a defensible artifact to the inspection pack.

The pattern works across modules — same UI, same shortcuts, same export.

What's tracked

The History tab is on every regulated record type: NCRs, Audits, MOCs, JHAs, FMEAs, Risks, Exemptions, Meetings, Documents (internal and external), Gap Analyses, Suppliers, Clients. The Field-change stream extends to the child content modules use behind the scenes (audit findings, MOC checklist items, FMEA items, and so on).

If a module is missing the tab, that record type isn't yet wired to field-change capture — usually because it's reference data (a label catalog, an enum) rather than a regulated record.

Why this matters — 21 CFR §11 framing

Part 11 §11.10(e) requires a secure, computer-generated, time-stamped audit trail of operations that create, modify, or delete electronic records. The History tab is the user-facing surface for that requirement. Two complementary streams + filter chips + an immutable print export = inspection evidence in one place.

Part 11 §11.50 calls for signature manifestations to identify the signer, datetime, and meaning of each signature when printed. The print-history page carries that manifest header so a printed audit trail is itself self-identifying — an inspector reading a printed PDF can verify the record, the date, the printer, and the run from the header.

What it doesn't do

  • It's not a rollback tool. Reading history doesn't revert anything. Reverting an approved document or rewinding an MOC to an earlier state is a separate flow on the module itself.
  • It doesn't capture failed attempts. A user who tried to approve but was blocked by a permissions check doesn't show up. Only successful operations are recorded.
  • Notes on the tab aren't conversations. The comment box is an append-only journal, not a thread. Each note is immutable once saved.
Was this helpful?
Suggest an edit →