Regularly would also be every ten years. The period of time must be substantiated by means of the process risk and documented. Example: Part of the periodic review or in the case of a batch release, part of the system’s event log, and therefore at every release.
First of all, it must be clarified whether the data can be changed at all (e.g.: electronic recorders or SPS). If not, this should be the reasoning within the risk assessment for the audit trail not being necessary. Define in an SOP that each change has to be documented e.g. in a logbook and verified by a second person.
