Digital and electronic signatures:數(shù)字及電子簽名:
Q: What is the difference between a digital and an e-signature?
數(shù)字簽名和電子簽名有什么不同?
A: A digital signature is attached to an electronic file and not maintained within an electronic system and stays with the data and moves with the data. The signature can be verified by the recipient. An e-signature is executed and maintained within a validated electronic system and stays in the electronic system. The e-signature can only be verified in the source system.
數(shù)字簽名附在電子文件上��,并不保存在電子系統(tǒng)內(nèi)�����,它隨數(shù)據(jù)而存��,隨數(shù)據(jù)而動���。該簽名可由接收方驗證���。電子簽名在經(jīng)過驗證的電子系統(tǒng)內(nèi)執(zhí)行和維護,并保留在電子系統(tǒng)中��。電子簽名只能在原系統(tǒng)中驗證��。
Q: What is the best practice to handle hybrid signature?
處理混合簽名的最佳操作是什么?
(Hybrid signature is mixing handwritten or ‘wet’ signatures and digital signatures/e-signature on the same document)
(混合簽名是在同一文件上既有手寫或“濕”簽名�����,也有數(shù)字簽名/電子簽名)
A: It is the preference to sign off documents fully wet or fully digital. Hybrid signature should be more exceptional if there are no other options.
最好是全濕式或全數(shù)字化簽名文件。如果沒有其他選擇���,混合簽名應(yīng)該更加特殊��。
In that case the handwritten signature(s) must be applied first and afterwards the document can be prepared for digital signature(s). In that way the metadata for the digital signature(s)/e-signature(s) can be maintained. The fully signed electronic document is the official GXP document. (a printout doesn’t contain the metadata and verification of digital signatures/e-signatures can’t be done). The wet or a true copy of the wet signature and e-signed copy must be kept as a linked document in a secure, validated for intended use, environment, in line with the company’s record management policy.
在這種情況下���,必須先使用手寫簽名,然后才能為文件準(zhǔn)備數(shù)字簽名��。這樣就可以維護數(shù)字簽名/電子簽名的元數(shù)據(jù)���。完全簽名的電子文檔是官方的GXP文檔�����。(打印件不包含元數(shù)據(jù)���,不能進(jìn)行數(shù)字簽名/電子簽名的確認(rèn))。濕(手寫)簽名和電子簽名件的濕副本或真實副本必須作為鏈接文件保存在安全的�����、經(jīng)過預(yù)期用途驗證的環(huán)境中��,遵循公司的記錄管理政策
Q: Is it acceptable to use a scanned image of a wet signed document as GXP? (internal use)
是否可以使用濕簽名文件的掃描圖像作為GXP用途?(內(nèi)部使用)
A: It is only acceptable if the scanned image is a verified true copy of the original wet signed record and allowed by your local legal and regulatory requirements.
只有當(dāng)掃描圖像是原始濕(手寫)簽名記錄的經(jīng)過驗證的真實副本��,并且符合您當(dāng)?shù)氐姆珊头ㄒ?guī)要求時���,才能接受掃描圖像
Q: How do I need to handle a document with a scanned image of a wet signed document that I also need to sign? (external use, e.g. with third parties, working on different locations)
如果文件附有須簽名的濕簽名文件的掃描圖像�����,我應(yīng)如何處理?(外部使用��,例如與第三方���,在不同地點工作)
A: This document can be used if the party who’s sending this scanned document has an established true copy process in place and the scanned document is already verified and attested as a true copy. The sender should have and an established document retention policy in line with your expectations.
如果發(fā)送此掃描文件的一方有既定的真實副本流程,并且掃描文件已經(jīng)被驗證和證明為真實副本���,則可以使用此文件�����。發(fā)件人應(yīng)該有一個符合您期望的既定文件保留政策
Q: How do we handle digitally signed documents in an electronic document management system? (e.g. loading an Adobe digitally signed document into your document management systems without losing the digital signature certificate)
在電子文件管理系統(tǒng)內(nèi)���,我們?nèi)绾翁幚頂?shù)字簽名的文件?(例如�����,在不丟失數(shù)字簽名證書的情況下�����,將Adobe數(shù)字簽名文檔加載到您的文檔管理系統(tǒng)中)
A: The document management system should be validated for this intended use, verifying that the digital signature is maintained in the system and that it is possible to retrieve it when necessary. This process should be defined and documented.
文件管理系統(tǒng)應(yīng)根據(jù)預(yù)期用途進(jìn)行驗證�����,驗證數(shù)字簽名是否保存在系統(tǒng)中�����,并且在必要時可以檢索到��。這個過程應(yīng)該被定義和記錄��。
If it is not possible to maintain this digital signature in the system, the digitally signed document should be stored in a secure validated environment.
如果不可能在系統(tǒng)中維護此數(shù)字簽名���,則應(yīng)將數(shù)字簽名的文檔存儲在經(jīng)過驗證的安全環(huán)境中
Password management: 密碼管理
Q: How do I define when a password should be entered during a specific operation when data is being recorded?
在記錄數(shù)據(jù)時,如何定義特定操作什么時候需要輸入密碼?
A: This practice is described in 21CFR11, chapter 11.200 ‘e-signature and components’:
這種做法在21CFR11第11.200章“電子簽名和組件”中有描述:
(i) When an individual executes a series of signings during a single, continuous period of controlled system access, the first signing shall be executed using all electronic signature components (= user ID and password or biometrics); subsequent signings shall be executed using at least one electronic signature component that is only executable by, and designed to be used only by, the individual.
當(dāng)個人在單一��、連續(xù)的受控系統(tǒng)訪問期間執(zhí)行一系列簽名時�����,第一次簽名時應(yīng)使用所有電子簽名元素(=用戶ID和密碼或生物識別技術(shù));后續(xù)簽名應(yīng)使用至少一個電子簽名元素,該元素只能由個人執(zhí)行��,并設(shè)計為僅由個人使用
(ii) When an individual executes one or more signings not performed during a single, continuous period of controlled system access, each signing shall be executed using all of the electronic signature components
當(dāng)個人執(zhí)行一個或多個非在單一�����、連續(xù)的受控系統(tǒng)訪問期間執(zhí)行的簽名時��,每個簽名應(yīng)使用所有電子簽名元素執(zhí)行
Q: Is the storage of passwords in the internet browser allowed for GXP applications?
GXP應(yīng)用程序是否允許在互聯(lián)網(wǎng)瀏覽器中存儲密碼?
A: No, ideally this feature should be deactivated in all browsers used for GXP applications.
不�����,理想情況下��,這個功能應(yīng)該在所有用于GXP應(yīng)用程序的瀏覽器中禁用
Access management:權(quán)限管理
Q: Can I use generic accounts for 3rd party support employees? (e.g. lab technicians, on-line support SAP)
我可以為第三方支持員工使用通用賬戶嗎?(如實驗室技術(shù)人員���,在線支持SAP)
A: No. The account should be attributable to the person executing the actions and there should be processes and systems in place to manage this.
不。該賬戶應(yīng)歸屬于執(zhí)行行動的人���,并且應(yīng)該有適當(dāng)?shù)牧鞒毯拖到y(tǒng)來管理這一點
Record life cycle management:記錄的生命周期管理
Q: How to protect critical paper records? Is it necessary to scan all records or is physical protection (fire protected cabinets, location of the paper record archive(s)) sufficient?
如何保護重要的紙質(zhì)記錄?是否有必要掃描所有記錄���,或者物理保護(防火柜��,紙質(zhì)記錄存檔的位置)是否足夠?
A: Records should be protected and retrievable for the appropriate retention period. There is no need to scan under the condition that the documents are stored in a safe and secure environment.
記錄應(yīng)在適當(dāng)?shù)谋4嫫谙迌?nèi)得到保護和檢索��。在文件存儲在安全可靠的環(huán)境下�����,不需要掃描
Q: Is it allowed to replace a physical paper archive if your scan your records? Can the paper records be destroyed afterwards?
如果你掃描你的記錄�����,是否可以取代紙質(zhì)的存檔?紙質(zhì)記錄事后可以銷毀嗎?
A: In practice this is possible if the digital copy is a true copy, however you need to comply with local legal and regulatory requirements to decide if you can destroy the paper records or not.
實際上��,如果數(shù)字副本是真實副本���,這是可能的,但是你需要遵守當(dāng)?shù)氐姆珊捅O(jiān)管要求�����,以決定你是否可以銷毀紙質(zhì)記錄
Q: If hardware and/or software packages are not supported anymore (Windows updates, application software), is it possible to print out the electronic data or do you need to keep the ‘old’ systems up and running? (with the risk that you’re not able to see the electronic data anymore in case of soft and hardware errors)
如果硬件和/或軟件包(Windows更新���、應(yīng)用軟件)不再被支持��,是否可以打印出電子數(shù)據(jù)���,還是需要保持“舊”系統(tǒng)的運行?(有因軟硬件錯誤而無法看到電子數(shù)據(jù)的風(fēng)險)
A: A print-out is only allowed if it is a true copy with all raw data and meta-data. In practice this is very difficult. The first option is to migrate those data to an appropriate system. Another option is to create a virtual environment where you can run the legacy system in a validated state and where all data can be retrieved.
只有當(dāng)它是包含所有原始數(shù)據(jù)和元數(shù)據(jù)的真實副本時才允許打印出來��。在實際操作中�����,這是非常困難的���。第一種選擇是將這些數(shù)據(jù)遷移到適當(dāng)?shù)南到y(tǒng)��。另一種選擇是創(chuàng)建一個虛擬環(huán)境���,您可以在其中以已驗證的狀態(tài)運行遺留系統(tǒng)��,并且可以在其中檢索所有數(shù)據(jù)
京公網(wǎng)安備11010802046783號