Does anyone know where i can find a best practice for PI Audit Trail Review?
Well, typically you consult the audit trail to check if changes were executed as documented in your change procedure, or to check if there were changes made that were not captured in the change procedure. That check could be part of a audit by internal or external parties.
Is that the kind of practice you are looking for?
The problem is the amount of noise thats written to the audit log from batch interfaces etc.. and for a periodic review of a few years is next to impossible to review all events as there is an excessive amount.
What im looking for is a procedure of what to look for in the log, should it be filtered first to remove the batch events etc?
I've looked around tech support and the learning channel and there doesn't seem to be any guides.
I know you can have a debate, but i normally consider that the system does not need to capture it's own actions as that is already captured in the configuration specifications and subsequent tests. So you don't audit trail anything done by an non-system actor. You can (and i typically do) configure AF Audit trail to remove all entries belonging to the service accounts you use for these.
That's the only way that the Audit trail stays usable.
Is your system a "validated" system (pharma use) of a regular PI system. The requirement and best practice differ between the 2
The system is for pharma use. I am looking for a guide to performing a periodic review.
Currently as mentioned above the audit log is filled with automatic batch interface changes.
It would be great if OSISoft had a user guide to compiling a review.
Monitoring and checking the audit trail with the OSIsoft Audit viewer is still an excess amount of work. The only thing I know of (never tried it myself) is to write a Windows PowerShell script to get the logs from PI Audit by executing pidiag and sending the results to a SQL Server database. Within the new SQL format you can run queries to find deviations and errors
Exactly, this is what my problem is. I have not been able to find a way to date to effectively use this volume of data.
I was thinking of the same approach to output to SQL, applying some level of filtering then qualifying the application, but this seems like a lot of work when we have the PI audit application for this purpose.
If there is some way to export / filter the data then write a work instruction to do so i would prefer this approach but i dont know how to achieve this hence my request.
Retrieving data ...