Change Control bei computergestützten Systemen ist kein triviales Thema.Zwar sind die betrieblichen internen Vorgaben zum Change Control meistvorhanden, doch der Teufel steckt hier häufig im Detail.
計(jì)算機(jī)化系統(tǒng)中的變更控制不是一個(gè)微不足道的主題����。盡管公司內(nèi)部對(duì)變更控制的要求通常很到位�,但細(xì)節(jié)往往是魔鬼。
Regulatorische Vorgaben
監(jiān)管要求
Die regulatorischen Vorgaben sind spärlich und insbesondere EU-GMP Annex11 "Computerised Systems" ist bezüglich der Anforderungen eherbescheiden. Hier findet man lediglich folgende Forderung:
EU-GMP 附錄11“計(jì)算機(jī)化系統(tǒng)”要求如下:
Annex 11 - 10. Änderungs- und Konfigurationsmanagement: Jede Änderung an einem computergestützten System einschließlichder System-konfigurationen sollte kontrolliert und nach einem festgelegtenVerfahren erfolgen.
變更和配置管理: 對(duì)計(jì)算機(jī)化系統(tǒng)的每一次變更�����,包括系統(tǒng)配置�,都應(yīng)根據(jù)規(guī)定的程序進(jìn)行控制和執(zhí)行。
Zusätzlich muss man aber auch noch die im EU-GMP Anhang 15"Qualification and validation" genannten Vorgaben berücksichtigen.Ein erster wesentlicher Hinweis findet sich unter dem Abschnitt"Grundsätze": Alle geplanten Änderungen an Einrichtungen,Ausrüstung, Betriebsmitteln und Prozessen, die die Produktqualität beeinflussenkönnen, sollten formell dokumentiert und die Auswirkungen auf denValidierungsstatus oder die Kontrollstrategie untersucht werden.
此外,還必須考慮 EU-GMP 附錄 15“確認(rèn)與驗(yàn)證”中規(guī)定的要求��?��?稍?ldquo;原則”部分找到一些關(guān)鍵說明:所有可能影響產(chǎn)品質(zhì)量的設(shè)施��、設(shè)備��、操作和流程的變更都應(yīng)正式記錄在案���,并調(diào)查對(duì)驗(yàn)證狀態(tài)或控制策略的影響。
Des Weiteren werden im Annex 15 unter anderem noch folgende Punkteangesprochen:
此外���,附錄 15 還提及以下幾點(diǎn):
Das Qualitätsrisikomanagement sollte im Zusammenhang mit Change Control genutzt werden.
質(zhì)量風(fēng)險(xiǎn)管理應(yīng)與變更控制結(jié)合使用�����。
Änderungen sollten von verantwortlichen Personen genehmigt werden.
變更應(yīng)經(jīng)負(fù)責(zé)人批準(zhǔn)�����。
Die Bewertung der Auswirkungen der Änderung vor der abschließenden Genehmigung.
在最終批準(zhǔn)之前評(píng)估變更的影響��。
Nach Durchführung der Änderung sollte bewertet werden, ob die Änderung erfolgreich war.
變更完成后����,應(yīng)評(píng)估變更是否成功。
Der PIC/S Guidance PI 011 befasst sich im Kapitel 18 ausführlich mit demChange Control. Zunächst werden grundlegende Forderungen an die Dokumentationgestellt. Was soll dokumentiert werden?
PIC/S 指南 PI 011 的第 18 章詳細(xì)介紹了變更控制�����。首先是對(duì)文件的基本要求�����。應(yīng)該記錄什么�?
Es soll ein Verfahren zur Prüfung und Freigabe von Änderungen (SOP) geben.
應(yīng)有一個(gè)變更審核和批準(zhǔn)的程序(SOP)。
Ausführliche Aufzeichnungen über vorgeschlagene Änderungen mit Begründung.
變更的詳細(xì)記錄并附有理由����。
Ermittlung der Auswirkungen vor Implementierung der Änderungen.
在實(shí)施變更之前確定影響�����。
Aufzeichnungen über Überprüfung und Urteil zum Change (Freigabe oder Ablehnung).
記錄變更的審查和決定(批準(zhǔn)或拒絕)�����。
Einführung einer Methode zur Anzeige des Änderungsstatus.
描述用以顯示變更狀態(tài)的方法�����。
Methode zur Beurteilung der Gesamtauswirkung der Änderung, einschl. Tests.
用以評(píng)估變更的整體影響的方法,包括測(cè)試�。
Schnittstelle zwischen Änderungskontrollverfahren und Konfigurationsmanagementsystem.
變更控制程序和配置管理系統(tǒng)之間的交叉。
Inspektionspraxis
檢查實(shí)踐
Was wurde im Rahmen von GMP-Inspektionen als an Inspektionsmängelngefunden? Folgend einige Beispiele, die häufiger zu finden waren:
GMP檢查中發(fā)現(xiàn)了哪些檢查缺陷�?以下是一些更常見的示例:
Beispiel 1
示例 1
Eine Bewertung hinsichtlich der Kritikalität des Changes konnte nichtvorgelegt werden.
無法提供關(guān)于變更關(guān)鍵性的評(píng)估。
Es macht Sinn, Änderungen in unterschiedliche Klassen einzuteilen. Auchdas AiM 07121202 (Aide mémoire - Katalog von Vorgaben, Fragen und Empfehlungen;dient der Harmonisierung bei der Vorbereitung, Durchführung und Nachbereitungeiner Inspektion) der EFG 11* beschreibt eine Klassifizierung. Aus derKlasse ergibt sich dann der Aufwand im Zusammenhang mit dem Change. ZurKlassifizierung können in der Praxis unterschiedliche Einteilungen vorgenommenwerden. Hier einige Varianten, die in der Praxis zu finden sind:
將變更劃分為不同級(jí)別是有意義的���。以下是一些示例:
Klasse 1, 2, 3 usw.
1級(jí)�、2級(jí)�����、3 級(jí)等���。
Major, Minor
主要�,次要
Critical, Significant, Insignificant, …
重大�����、主要�、微小、...
Kritisch, wenig kritisch, sehr kritisch, …
關(guān)鍵�����,一般,非常關(guān)鍵����,...
Beispiel 2
示例 2
Der Betrieb hatte ein Change Control-System etabliert. Es war jedochunklar, welche Änderungen über dieses Verfahren abzuarbeiten sind. Es fanden sichlediglich Hinweise zum Umgang mit Software-Updates. Nicht geregelt warenfolgende Punkte im Umgang mit
公司已建立變更控制系統(tǒng)。但是���,尚不清楚將通過此程序處理哪些變更��。只有關(guān)于如何處理軟件更新的說明��。以下幾點(diǎn)處理不規(guī)范:
Hardware defekten
硬件缺陷
Security-Patches
安全補(bǔ)丁
Änderungen bei Benutzerkonten
對(duì)用戶帳戶的變更
Notwendigen Änderungen auf Grund erkannter Softwarefehler
由于檢測(cè)到軟件錯(cuò)誤而進(jìn)行的必要變更
Änderungen am Testsystem
測(cè)試系統(tǒng)的變更
Zu den Security-Patches ein Hinweis aus PIC/S PI 041-1:
PIC / S PI 041-1 關(guān)于安全補(bǔ)丁的規(guī)定如下:
PIC/S PI 041-1
Security patches for operating systems and network components should be appliedin a controlled and timely manner according to vendor recommendations in orderto maintain data security. The application of security patches should beperformed in accordance with change management principles.
操作系統(tǒng)和網(wǎng)絡(luò)組件的安全補(bǔ)丁應(yīng)根據(jù)供應(yīng)商的建議以受控和及時(shí)的方式應(yīng)用�,以維護(hù)數(shù)據(jù)安全��。安全補(bǔ)丁的應(yīng)用應(yīng)按照變更管理原則進(jìn)行��。
Beispiel 3
示例 3
Konkrete Vorgaben für Zeitintervalle, bis wann ein Change abgeschlossensein muss, sind nicht dokumentiert vorhanden. Es sollte hier ein dokumentiertesKonzept geben, innerhalb welcher Zeitintervalle eine Änderung abzuschließen ist(Zeitplanung). Hierzu empfiehlt es sich, ein abgestuftes Verfahren einzuführen.Angaben wie beispielsweise ein Jahr nach Antragstellung sind extrem lang undbei einem hot-fix nicht akzeptabel.
未規(guī)定必須完成變更的時(shí)間間隔�����。應(yīng)有一個(gè)書面的時(shí)間間隔概念��,在該時(shí)間間隔內(nèi)必須完成變更(時(shí)間計(jì)劃)���。為此����,建議引入分級(jí)程序�。例如,變更申請(qǐng)后一年內(nèi)完成對(duì)于缺陷整改來說是非常漫長(zhǎng)且不可接受的�。
Computerized System Change Management In GAMP5-Second Edition
新版GAMP5 建議的計(jì)算機(jī)化系統(tǒng)變更管理
變更分類:
Standard/Routine Changes: Such changes may be considered low risk to patient safety, product quality, and data integrity. Work instructions, system administration plans, support plans, service requests, or similar may be used to define the change implementation tasks and responsibilities. A record of the change should be maintained, including any verification tasks required to confirm successful implementation of the change. Internal audit processes should identify any misuse of the standard/routine change process.
標(biāo)準(zhǔn)/例行變更:此類變更可能被認(rèn)為對(duì)患者安全、產(chǎn)品質(zhì)量和數(shù)據(jù)完整性的風(fēng)險(xiǎn)較低�����。工作說明�����、系統(tǒng)管理計(jì)劃�、支持計(jì)劃、服務(wù)請(qǐng)求或類似內(nèi)容可用于定義變更實(shí)施任務(wù)和職責(zé)�����。應(yīng)保留變更的記錄�,包括確認(rèn)成功實(shí)施變更所需的任何驗(yàn)證任務(wù)。內(nèi)部審計(jì)流程應(yīng)識(shí)別任何濫用標(biāo)準(zhǔn)/例行變更流程的情況���。
Like-for-Like Replacements/Repairs: These changes may be controlled by maintenance, service management, or system administration procedures designed to control materials usage and record system history. For computerized systems, like-for-like changes may be extended to like-for-kind (similar) changes providing use of such similar components has been prior approved, e.g., replacement of a disk with an alternative higher capacity disk.
同類替換/維修:這些變更可能由用以控制物料使用和記錄系統(tǒng)歷史記錄的維護(hù)��、服務(wù)管理或系統(tǒng)管理程序進(jìn)行控制��。對(duì)于計(jì)算機(jī)化系統(tǒng)�����,同類變更可以擴(kuò)展到類似變更�,前提是此類類似組件的使用事先已獲得批準(zhǔn),例如���,用更高容量的磁盤替換磁盤�����。
Repairs and replacements are typically low-risk changes. Repair and replacement processes may be defined in several ways, including pre-approved or standard/routine changes, system administration plans, or service requests. Replacement components and devices are pre-approved for use as replacements. Approved replacements are usually determined during the initial validation project. Replacements include like-for-like (identical components) and like-for-kind (similar pre-approved components with the same functional characteristics). Repairs and replacements are usually triggered by the incident and problem management process following the detection of a failure. Verification of successful repair or replacement should also be recorded. Where devices hold data or configuration, procedures should define how data and/or configuration is restored to the replacement component, including any verification activities.
維修和更換通常是低風(fēng)險(xiǎn)的變更���。維修和更換流程可以通過多種方式定義,包括預(yù)先批準(zhǔn)或標(biāo)準(zhǔn)/例行變更�、系統(tǒng)管理計(jì)劃或服務(wù)請(qǐng)求。更換組件和設(shè)備通過已預(yù)先批準(zhǔn)用作更換組件����。批準(zhǔn)的更換組件通常在初始驗(yàn)證項(xiàng)目期間確定。替換包括相同(相同組件)和同類(具有相同功能特征的類似預(yù)先批準(zhǔn)的組件)�����。維修和更換通常由檢測(cè)到故障后的事件和問題管理過程觸發(fā)�����。還應(yīng)記錄驗(yàn)證維修或更換成功�。如果設(shè)備保存數(shù)據(jù)或配置,則程序中應(yīng)定義如何將數(shù)據(jù)和/或配置還原到替換組件�����,包括任何驗(yàn)證活動(dòng)�����。
System Administration Changes: Some system administration activities may involve changes to system components. Any such changes and associated responsibilities should be defined as part of system administration procedures; see Appendix O12.
系統(tǒng)管理變更:某些系統(tǒng)管理活動(dòng)可能涉及對(duì)系統(tǒng)組件的變更�。任何此類變更和相關(guān)責(zé)任都應(yīng)定義為系統(tǒng)管理程序的一部分。
Emergency Changes: Emergency changes may be implemented when a delay in the implementation of the change may result in a greater impact, e.g., data loss or data integrity impact, impact on system availability due to a cyber security attack. The criteria for determining an emergency change should be defined in change procedures. Emergency changes may require the retrospective application of the change process to document the change.
緊急變更:當(dāng)變更延遲實(shí)施可能導(dǎo)致更大的影響時(shí)���,可能會(huì)實(shí)施緊急變更�,例如,數(shù)據(jù)丟失或數(shù)據(jù)完整性影響���,以及由于網(wǎng)絡(luò)安全攻擊而對(duì)系統(tǒng)可用性的影響�。確定緊急變更的標(biāo)準(zhǔn)應(yīng)在變更程序中定義���。緊急變更可能需要回顧性應(yīng)用變更流程來記錄變更�����。
Temporary Changes: Temporary changes are planned to be in place for a limited period. Any such changes may introduce new or increased risk that should be assessed and managed. Particular attention should be paid to the reversal of temporary changes to ensure that they are “rolled back” and properly reviewed through the formal change management process before being made permanent. Due to their temporary nature, temporary changes may not require updates to system life cycle documentation and records. The specification and assessment of the change may be contained within the change records. Temporary changes should be monitored to ensure that they do not remain beyond the plan duration.
臨時(shí)變更:臨時(shí)變更計(jì)劃在有限的時(shí)間內(nèi)實(shí)施�����。任何此類變更都可能帶來新的或增加的風(fēng)險(xiǎn)���,應(yīng)對(duì)其進(jìn)行評(píng)估和管理。應(yīng)特別注意撤銷臨時(shí)變更��,以確保在成為永久性變更之前�,通過正式變更管理過程“回滾”和適當(dāng)審查這些變更。由于其臨時(shí)性質(zhì)���,臨時(shí)變更可能不需要更新系統(tǒng)生命周期文檔和記錄���。變更的說明和評(píng)估可能包含在變更記錄中���。應(yīng)監(jiān)視臨時(shí)變更�����,以確保它們不會(huì)超出所計(jì)劃的持續(xù)時(shí)間�����。
Global Changes: Changes to global systems and services may require additional governance to minimize the impact of locally identified changes on other functions and regions. For additional information related to managing change in a globally implemented computerized system, see the ISPE GAMP® Good Practice Guide: Global Information Systems Control and Compliance (Second Edition) [80].
全局變更:對(duì)全局系統(tǒng)和服務(wù)器進(jìn)行變更可能需要額外的治理�,以最大程度地減少本地識(shí)別的變更對(duì)其他功能和區(qū)域的影響。有關(guān)管理全球?qū)嵤┑挠?jì)算機(jī)化系統(tǒng)中的變更的其他信息�,請(qǐng)參閱 ISPE GAMP® 良好實(shí)踐指南:全球信息系統(tǒng)控制和合規(guī)性(第二版)[80]。
系統(tǒng)在線升級(jí)/補(bǔ)丁引起的變更
Changes may be scheduled, for example periodic updates by an IaaS, PaaS, and/or SaaS provider, with limited or no opportunity to evaluate the impact of the change. Supplier assessment and monitoring processes should ensure that the service provider has a robust change and release management process that ensures such changes are not released without appropriate change management and verification.
變更可能由 IaaS�����、PaaS 和/或 SaaS 提供商定期更新����,評(píng)估變更影響的機(jī)會(huì)有限或沒有機(jī)會(huì)。供應(yīng)商評(píng)估和監(jiān)控流程應(yīng)確保服務(wù)提供商具有穩(wěn)健的變更和發(fā)布管理流程����,以確保不會(huì)在沒有適當(dāng)?shù)淖兏芾砗万?yàn)證的情況下發(fā)布此類變更��。
The regulated company should be aware of the service providers release schedule and should evaluate the impact of releases on business processes and regulated data. System use procedures should be updated to reflect any impact on business processes. User training should be provided as appropriate for major upgrades. Where appropriate, the regulated company should conduct testing to confirm business processes have not been adversely impacted by the changes. This may include leveraging supplier testing through risk-based supplier evaluation.
受監(jiān)管公司應(yīng)了解服務(wù)提供商的發(fā)布計(jì)劃��,并應(yīng)評(píng)估發(fā)布對(duì)業(yè)務(wù)流程和受監(jiān)管數(shù)據(jù)的影響����。應(yīng)基于對(duì)業(yè)務(wù)流程的任何影響更新系統(tǒng)使用程序�����。應(yīng)酌情為重大升級(jí)提供用戶培訓(xùn)�����。適當(dāng)時(shí)��,受監(jiān)管公司應(yīng)進(jìn)行測(cè)試以確認(rèn)業(yè)務(wù)流程沒有受到變更的不利影響���。這可能包括通過基于風(fēng)險(xiǎn)的供應(yīng)商評(píng)估來利用供應(yīng)商測(cè)試���。
Infrastructure support and/or DevOps teams manage changes to IT infrastructure and platforms using standard configuration templates (e.g., VM templates or IaC). Tools for managing such changes often follow a standard (configurable) life cycle that ensures changes are assessed and approved prior to deployment to controlled environments. Automated monitoring may be used to deployed configuration changes and monitor unauthorized changes to the IT infrastructure, including reverting back to approved configurations.
基礎(chǔ)架構(gòu)支持和/或 DevOps 團(tuán)隊(duì)使用標(biāo)準(zhǔn)配置模板(例如 VM 模板或 IaC)管理 IT 基礎(chǔ)架構(gòu)和平臺(tái)的變更。用于管理此類變更的工具通常遵循標(biāo)準(zhǔn)(可配置)生命周期��,以確保在部署到受控環(huán)境之前評(píng)估和批準(zhǔn)變更。自動(dòng)監(jiān)視可用于部署配置變更并監(jiān)視對(duì) IT 基礎(chǔ)結(jié)構(gòu)的未經(jīng)授權(quán)的變更��,包括恢復(fù)到批準(zhǔn)的配置���。
補(bǔ)丁和系統(tǒng)更新的管理方法
Regulated companies should develop an approach to patch and upgrade management that:
受監(jiān)管公司應(yīng)制定一種修補(bǔ)和升級(jí)管理方法����,該方法:
Provides criteria for determining enterprise threat levels, and thus the urgency for applying patches
提供確定企業(yè)威脅級(jí)別的標(biāo)準(zhǔn)�����,從而提供應(yīng)用補(bǔ)丁的緊迫性
Allows for flexibility in patch application that considers risks to both the enterprise and risks to the compliant status of regulated systems
允許在補(bǔ)丁應(yīng)用中靈活地考慮企業(yè)風(fēng)險(xiǎn)和受監(jiān)管系統(tǒng)合規(guī)狀態(tài)的風(fēng)險(xiǎn)
Generates configuration records that show the version and patch level for a system at any point in its life cycle
生成配置記錄�����,顯示系統(tǒng)在其生命周期中任何時(shí)間點(diǎn)的版本和修補(bǔ)程序級(jí)別
Generates change records that describe what level of testing was done. This may include general testing at the enterprise level and/or application-specific tests. It may be determined by analysis of release notes that an application is unaffected, and no testing is required.
生成描述已完成的測(cè)試級(jí)別的變更記錄����。這可能包括企業(yè)級(jí)的一般測(cè)試和/或特定于應(yīng)用程序的測(cè)試���?��?梢酝ㄟ^分析發(fā)布說明來確定應(yīng)用程序不受影響���,并且不需要測(cè)試。
There is a need to determine what effect applying (or electing not to apply) a patch or upgrade will have on the compliance status of GxP regulated computerized systems. Many patches are released by suppliers to address urgent security vulnerabilities, and exploits may already be known or may be imminent. The time required to evaluate and test all affected GxP regulated computerized systems prior to implementation of the patch may therefore increase the risk to the integrity of these systems and their data.
有必要確定應(yīng)用(或選擇不應(yīng)用)補(bǔ)丁或升級(jí)對(duì) GxP 監(jiān)管計(jì)算機(jī)化系統(tǒng)的合規(guī)性狀態(tài)有何影響�����。許多補(bǔ)丁是供應(yīng)商發(fā)布來解決緊急安全漏洞�,漏洞可能已經(jīng)知道或可能即將發(fā)生。因此�����,在實(shí)施補(bǔ)丁之前評(píng)估和測(cè)試所有受影響的GxP監(jiān)管的計(jì)算機(jī)化系統(tǒng)所需的時(shí)間可能會(huì)增加這些系統(tǒng)及其數(shù)據(jù)的完整性風(fēng)險(xiǎn)�����。
Regulated companies should develop a risk-management approach for patch and upgrade management that considers both regulatory compliance and the level of threat to the system and the wider computing environment. The approach should ensure there is a requirement for clear communication at the appropriate times.
受監(jiān)管的公司應(yīng)為補(bǔ)丁和升級(jí)管理開發(fā)一種風(fēng)險(xiǎn)管理方法��,該方法既要考慮法規(guī)符合性�,又要考慮對(duì)系統(tǒng)和更廣泛的計(jì)算環(huán)境的威脅程度。該方法應(yīng)確保需要在適當(dāng)?shù)臅r(shí)候進(jìn)行明確的溝通�。
Application-specific patches should be planned as part of normal change management procedures.
應(yīng)用程序的修補(bǔ)程序應(yīng)作為正常變更管理過程的一部分進(jìn)行規(guī)劃。
質(zhì)量部門在變更風(fēng)險(xiǎn)評(píng)估中的角色:
The quality unit should approve the process for risk evaluation of all patches, but generally is not involved in the assessments. The evaluation should be performed by appropriate SMEs. If the quality unit is involved in an assessment, they should not have final say in how the patch is managed. Enterprise risk typically has to be given precedence over GxP risk. If a patch must be applied that is considered to have undesirable GxP risk, business process owners and the quality unit should work together to mitigate the risk. This could involve verification activities, a temporary business process change, or other approaches.
質(zhì)量部門應(yīng)對(duì)所有補(bǔ)丁的風(fēng)險(xiǎn)評(píng)估過程進(jìn)行批準(zhǔn)���,但通常不參與評(píng)估����。評(píng)估應(yīng)由適當(dāng)?shù)闹黝}專家進(jìn)行。如果質(zhì)量部門參與評(píng)估���,他們不應(yīng)該對(duì)如何管理補(bǔ)丁有最終決定權(quán)���。企業(yè)風(fēng)險(xiǎn)通常必須優(yōu)先于 GxP 風(fēng)險(xiǎn)。如果必須應(yīng)用被認(rèn)為具有不良 GxP 風(fēng)險(xiǎn)的修補(bǔ)程序����,則業(yè)務(wù)流程所有者和質(zhì)量部門應(yīng)共同努力以降低風(fēng)險(xiǎn)。這可能涉及驗(yàn)證活動(dòng)�、臨時(shí)業(yè)務(wù)流程變更或其他方法�。
新版(2023版)GMP指南
計(jì)算機(jī)化系統(tǒng)變更管理
“變更管理適用于計(jì)算機(jī)化系統(tǒng)的硬件、軟件��、相關(guān)系統(tǒng)文檔以及系統(tǒng)內(nèi)的記錄/數(shù)據(jù)�。此程序一般具有通用性,可適用于公司的所有系統(tǒng)�����。
計(jì)算機(jī)化系統(tǒng)變更管理中需要根據(jù)變更內(nèi)容和受影響的系統(tǒng)��,考慮是否對(duì)于原先的驗(yàn)證范圍(比如功能增減、適用范圍變化等)有影響�����,來評(píng)估是否需要進(jìn)行再驗(yàn)證�,以及再驗(yàn)證需要進(jìn)行的范圍;一般在沒有功能性變化的情況下�����,可以考慮不進(jìn)行再驗(yàn)證行動(dòng)����,而是通過評(píng)估方式進(jìn)行呈現(xiàn)。”
“主數(shù)據(jù)維護(hù)可以作為日常操作的一部分通過系統(tǒng)操作SOP進(jìn)行管理���,通過系統(tǒng)變更申請(qǐng)表進(jìn)行管理�,如LIMS中產(chǎn)品標(biāo)準(zhǔn)�、分析方法的維護(hù)等。系統(tǒng)升級(jí)或系統(tǒng)中流程的變更�����,應(yīng)按質(zhì)量體系變更流程執(zhí)行�����。”
“針對(duì)計(jì)算機(jī)化系統(tǒng)運(yùn)維階段涉及的IT基礎(chǔ)架構(gòu)的變更管理,根據(jù)發(fā)生的場(chǎng)景發(fā)起 IT 基礎(chǔ)架構(gòu)的變更��,建議包含但不限于以下情況:
硬件的組件發(fā)生更換:
軟件的版本發(fā)生改變;
配置參數(shù)發(fā)生變動(dòng);
網(wǎng)絡(luò)架構(gòu)發(fā)生改變;
安全設(shè)備變動(dòng)及策略�����、授權(quán)異動(dòng)�����。
比如在LIMS 運(yùn)行中���,對(duì)其數(shù)據(jù)庫或操作系統(tǒng)安裝補(bǔ)丁包�,即要發(fā)起變更評(píng)估其是否會(huì)對(duì)數(shù)據(jù)庫的服務(wù)啟動(dòng)和應(yīng)用系統(tǒng)服務(wù)啟動(dòng)產(chǎn)生影響�。在網(wǎng)絡(luò)拓?fù)渲?,?duì)邊界防火墻訪問策略進(jìn)行調(diào)整,即要評(píng)估其對(duì)訪問及權(quán)限的影響并測(cè)試�。”
京公網(wǎng)安備11010802046783號(hào)