7月7日���,歐盟委員會和PIC/S均發(fā)布了新的GMP修訂:包括正文第4章《文件記錄》���、附錄11《計算機(jī)化系統(tǒng)》和一個新的附錄——附錄22《人工智能》���,如下:
翻譯如下:
Annex 11: Computerised Systems
附錄 11:計算機(jī)化系統(tǒng)
Reasons for changes: The GMP GDP Inspectors Working Group and the PIC/S Committee jointly recommended that the current version of Annex 11 on Computerised Systems be revised to reflect changes in regulatory and manufacturing environments. The revised guideline should clarify requirements and expectations from regulatory authorities, and remove ambiguity and inconsistencies.Reasons for changes:
變更原因:藥品GMP / GDP檢查員工作組與 PIC/S 委員會(藥品檢查合作計劃委員會 )共同建議,對現(xiàn)行關(guān)于計算機(jī)化系統(tǒng)的附錄 11 進(jìn)行修訂���,以反映監(jiān)管和生產(chǎn)環(huán)境的變化���。經(jīng)修訂的指南應(yīng)明確監(jiān)管機(jī)構(gòu)的要求和期望���,消除模糊不清和不一致之處 ���。
Document map
文件目錄
1. Scope
1. 范圍
2. Principles2. 原則
3. Pharmaceutical Quality System3. 藥品質(zhì)量體系
4. Risk Management4. 風(fēng)險管理
5. Personnel and Training5. 人員與培訓(xùn)
6. System Requirements6. 系統(tǒng)要求
7. Supplier and Service Management7. 供應(yīng)商與服務(wù)管理
8. Alarms8. 報警
9. Qualification and Validation9. 確認(rèn)與驗(yàn)證
10. Handling of Data10. 數(shù)據(jù)處理
11. Identity and Access Management11. 身份與訪問管理
12. Audit Trails12. 審計追蹤13. Electronic Signatures13. 電子簽名
14. Periodic Review14. 定期審查
15. Security15. 安全性
16. Backup16. 備份
17. Archiving17. 歸檔Glossary術(shù)語
Introduction引言
With an ever-evolving IT landscape, increased use of cloud services, and introduction of new technologies in computerised systems used in GMP activities, there is a growing need for updated guidance on regulatory requirements, and for adopting a common approach between member states of the European Union (EU) and the Pharmaceutical Inspection Co-operation Scheme (PIC/S). The updated Annex 11 outlines the requirements for the use of computerised systems in GMP-regulated activities, thereby ensuring product quality, patient safety and data integrity.隨著信息技術(shù)環(huán)境不斷演變、云服務(wù)使用日益增加���,以及藥品GMP活動所用計算機(jī)化系統(tǒng)中新技術(shù)的引入���,對于監(jiān)管要求方面更新的指導(dǎo),以及歐盟(EU)成員國與藥品檢查合作計劃(PIC/S)成員國之間采用統(tǒng)一方法的需求日益增長。新版附錄 11 闡明了在受 GMP 監(jiān)管的活動中使用計算機(jī)化系統(tǒng)的要求���,從而確保產(chǎn)品質(zhì)量���、患者安全和數(shù)據(jù)完整性 。
1. Scope1. 范圍
This annex applies to all types of computerised systems used in the manufacturing of medicinal products and active substances.本附錄適用于藥品和活性物質(zhì)生產(chǎn)中使用的所有類型的計算機(jī)化系統(tǒng)���。
2. Principles2. 原則
2.1.Lifecycle management. Computerised systems should be validated before use and maintained in a validated state throughout their lifecycle.2.1. 生命周期管理:計算機(jī)化系統(tǒng)應(yīng)在使用前進(jìn)行驗(yàn)證���,并在其整個生命周期內(nèi)保持驗(yàn)證狀態(tài)。
2.2.Quality Risk Management. Quality Risk Management (QRM) should be applied throughout all lifecycle phases of a computerised system used in GMP activities. The approach should consider the complexity of processes, the level of automation, and the impact on product quality, patient safety and data integrity.2.2. 質(zhì)量風(fēng)險管理:質(zhì)量風(fēng)險管理(QRM)應(yīng)應(yīng)用于 GMP 活動中所用計算機(jī)化系統(tǒng)的所有生命周期階段���?��?紤]流程的復(fù)雜性、自動化程度和新穎性���,以及對產(chǎn)品質(zhì)量���、患者安全和數(shù)據(jù)完整性的影響。
2.3.Alternative practices. Practices which constitute alternatives to the activities required in this document may be used, if they have been proven and documented to provide the same or higher level of control.2.3. 替代方法:若某些方法可作為本文件要求活動的替代方式���,且已被證明并記錄可提供相同或更高級別的控制���,則可采用這些方法 ���。
2.4.Data integrity. It is critically important that data captured, analysed and reported by systems used in GMP activities are trustworthy. As defined by the ALCOA+ principles, data integrity covers many topics including but not limited to requirements defined in the sections Handling of Data, Identity and Access Management, Audit Trails, Electronic Signatures, and Security.2.4. 數(shù)據(jù)完整性:GMP 活動所用系統(tǒng)捕獲、分析和報告的數(shù)據(jù)應(yīng)可靠���,這至關(guān)重要���。如 ALCOA + 原則所定義,數(shù)據(jù)完整性涵蓋眾多主題���,包括但不限于 “數(shù)據(jù)處理”“身份與訪問管理”“審計追蹤”“電子簽名” 和 “安全性” 章節(jié)中規(guī)定的要求 ���。
2.5. System requirements. System requirements which describe the functionality the regulated user has automated and is relying on when performing GMP activities, should be documented and kept updated to fully reflect the implemented system and its intended use. The requirements should serve as the very basis for system qualification and validation.2.5. 系統(tǒng)要求:描述受監(jiān)管用戶在開展 GMP 活動時已自動化且依賴的功能的系統(tǒng)要求���,應(yīng)形成文件并持續(xù)更新���,以充分反映已實(shí)施的系統(tǒng)及其預(yù)期用途。這些要求應(yīng)作為系統(tǒng)確認(rèn)和驗(yàn)證的根本依據(jù) ���。
2.6.Outsourced activities. When using outsourced activities, the regulated user remains fully responsible for adherence to the requirements included in this document, for maintaining the evidence for it, and for providing it for regulatory review.2.6. 外包活動:當(dāng)使用外包活動時���,受監(jiān)管用戶仍需對遵守本文件包含的要求���、留存相關(guān)證據(jù)以及為監(jiān)管審查提供證據(jù)負(fù)全部責(zé)任。
2.7.Security. Regulated users should keep updated about new security threats to GMP systems, and measures to protect these should be implemented and improved in a timely manner, where needed.2.7. 安全性:受監(jiān)管用戶應(yīng)及時了解針對 GMP 系統(tǒng)的新安全威脅���,并且在有需要時���,應(yīng)及時實(shí)施和改進(jìn)保護(hù)這些系統(tǒng)的措施 。
2.8.No risk increase. Where a computerised system replaces another system or a manual operation, there should be no resultant decrease in product quality, patient safety or data integrity. There should be no increase in the overall risk of the process.2.8. 風(fēng)險不增加:當(dāng)計算機(jī)化系統(tǒng)取代另一系統(tǒng)或人工操作時���,產(chǎn)品質(zhì)量���、患者安全或數(shù)據(jù)完整性不應(yīng)因此降低。流程的總體風(fēng)險不應(yīng)增加���。
3. Pharmaceutical Quality System3. 藥品質(zhì)量體系
3.1. Pharmaceutical quality system. A regulated user should implement a pharmaceutical quality system (PQS), which covers all computerised systems used in GMP activities and personnel involved with these. It should include all activities required in this document and in addition, it should be ensured that:3.1. 藥品質(zhì)量體系:受監(jiān)管用戶應(yīng)實(shí)施藥品質(zhì)量體系(PQS)���,該體系涵蓋藥品GMP活動中使用的所有計算機(jī)化系統(tǒng)以及參與這些系統(tǒng)相關(guān)工作的人員。它應(yīng)包含本文件要求的所有活動���,此外���,還應(yīng)確保:
i.All deviations occurring during validation or operation of computerised systems are recorded and any significant deviations investigated with the objective of determining the root cause and any impact on product quality, patient safety or data integrity. Suitable corrective and preventive actions (CAPA) should be identified and implemented, and the effectiveness of these should be verified.i. 計算機(jī)化系統(tǒng)在驗(yàn)證或運(yùn)行期間出現(xiàn)的所有偏差均應(yīng)記錄���,任何重大偏差均應(yīng)開展調(diào)查,目的是確定根本原因以及對產(chǎn)品質(zhì)量���、患者安全或數(shù)據(jù)完整性的任何影響���。應(yīng)識別并實(shí)施適當(dāng)?shù)募m正和預(yù)防措施(CAPA),且應(yīng)驗(yàn)證這些措施的有效性���。
ii.Any change to a computerised system including but not limited to its configuration, its hardware and software components, and its platform and operating system, are made in a controlled manner and in accordance with defined procedures. Any significant change which may impact product quality, patient safety or data integrity, should be subject to re-qualification and validation.ii. 對計算機(jī)化系統(tǒng)的任何變更���,包括但不限于其配置、硬件和軟件組件���、平臺及操作系統(tǒng)的變更,均應(yīng)通過受控方式并依照既定程序進(jìn)行���。任何可能影響產(chǎn)品質(zhì)量���、患者安全或數(shù)據(jù)完整性的重大變更���,均應(yīng)重新進(jìn)行確認(rèn)和驗(yàn)證。
iii.Internal audits are planned, conducted, reported and followed up on to detect procedural deviations and ensure product quality, patient safety and data integrity.iii. 應(yīng)規(guī)劃���、實(shí)施���、報告內(nèi)部審計并開展后續(xù)跟進(jìn)工作,以發(fā)現(xiàn)程序偏差���,確保產(chǎn)品質(zhì)量���、患者安全和數(shù)據(jù)完整性。
iv.Regular management reviews cover relevant performance indicators for the computerised system and the process it is used in (quality metrics) and ensure that adequate action is taken.iv. 定期管理評審應(yīng)涵蓋計算機(jī)化系統(tǒng)及其所應(yīng)用流程的相關(guān)績效指標(biāo)(質(zhì)量指標(biāo) )���,并確保采取適當(dāng)?shù)男袆印?br />
v.Senior management effectively oversee the state of control throughout the system lifecycle, allocate appropriate resources, and implement a culture that promotes data integrity, security and a timely and effective handling of deviations.v. 高級管理層應(yīng)有效監(jiān)督系統(tǒng)整個生命周期內(nèi)的控制狀態(tài)���,分配適當(dāng)資源,并營造一種促進(jìn)數(shù)據(jù)完整性���、安全性以及及時有效處理偏差的文化���。
4. Risk Management4. 風(fēng)險管理
4.1.Lifecycle. Quality Risk Management (QRM) should be applied throughout the lifecycle of a computerised system considering any possible impact on product quality, patient safety or data integrity.4.1. 生命周期:考慮到對產(chǎn)品質(zhì)量���、患者安全或數(shù)據(jù)完整性的任何可能影響,質(zhì)量風(fēng)險管理(QRM)應(yīng)貫穿計算機(jī)化系統(tǒng)的整個生命周期���。
4.2.Identification and analysis. Risks associated with the use of computerised systems in GMP activities should be identified and analysed according to an established procedure. Examples of risk management methods and tools can be found in ICH Q9 (R1).4.2. 識別與分析:與藥品GMP活動中使用計算機(jī)化系統(tǒng)相關(guān)的風(fēng)險���,應(yīng)按照既定程序進(jìn)行識別和分析。風(fēng)險管理方法和工具的示例可參見 ICH Q9(R1)���。
4.3.Appropriate validation. The validation strategy and effort should be determined based on the intended use of the system and potential risks to product quality, patient safety and data integrity.4.3. 適當(dāng)?shù)尿?yàn)證���。驗(yàn)證策略和投入應(yīng)根據(jù)系統(tǒng)的預(yù)期用途以及對產(chǎn)品質(zhì)量、患者安全和數(shù)據(jù)完整性的潛在風(fēng)險來確定���。
4.4.Mitigation. Where applicable, risks associated with the use of computerised systems in GMP activities should be mitigated and brought down to an acceptable level, if possible, by modifying processes or system design. The outcome of the risk management process should result in the choice of an appropriate computerised system architecture and functionality.4.4. 緩解措施:在適用情況下���,與 GMP 活動中使用計算機(jī)化系統(tǒng)相關(guān)的風(fēng)險應(yīng)盡可能通過修改流程或系統(tǒng)設(shè)計來緩解,并降低到可接受的水平���。風(fēng)險管理過程的結(jié)果應(yīng)是選擇合適的計算機(jī)化系統(tǒng)架構(gòu)和功能���。
4.5.Data integrity. Quality risk management principles should be used to assess the criticality of data to product quality, patient safety and data integrity, the vulnerability of data to deliberate or indeliberate alteration, deletion or loss, and the likelihood of detection of such actions.4.5.數(shù)據(jù)完整性:應(yīng)運(yùn)用質(zhì)量風(fēng)險管理原則���,評估數(shù)據(jù)對產(chǎn)品質(zhì)量���、患者安全和數(shù)據(jù)完整性的關(guān)鍵程度、數(shù)據(jù)遭受蓄意或非蓄意更改���、刪除或丟失的脆弱性���,以及檢測到此類行為的可能性���。
5. Personnel and Training5. 人員與培訓(xùn)
5.1.Cooperation. When conducting the activities required in this document, there should be, where applicable, close cooperation between all relevant parties. This includes process owner, system owner, users, subject matter experts (SME), QA, QP, the internal IT department, vendors, and service providers.5.1. 協(xié)作:在開展本文件要求的活動時���,在適用情況下,所有相關(guān)方之間應(yīng)密切協(xié)作���。這包括流程負(fù)責(zé)人���、系統(tǒng)負(fù)責(zé)人���、用戶���、主題專家(SME)���、QA、QP���、內(nèi)部IT部門���、供應(yīng)商和服務(wù)提供商���。
5.2.Training. All parties involved with computerised systems used in GMP activities should have adequate system specific training, and appropriate qualifications and experience, corresponding to their assigned responsibilities, duties and access privileges.5.2. 培訓(xùn):參與藥品GMP活動所用計算機(jī)化系統(tǒng)的所有相關(guān)方���,應(yīng)接受充分的針對該系統(tǒng)的培訓(xùn),且應(yīng)具備與其被分配的職責(zé)、任務(wù)和訪問權(quán)限相匹配的適當(dāng)資質(zhì)和經(jīng)驗(yàn)���。
6. System Requirements6. 系統(tǒng)要求
6.1.GMP functionality. A regulated user should establish and approve a set of system requirements (e.g. a User Requirements Specification, URS), which accurately describe GMP functionality the regulated user has automated and is relying on when performing GMP activities. This principle should be applied regardless of whether a system is developed in - house, is a commercial off - the - shelf product, or is provided as - a - service, and independently on whether it is developed following a linear or iterative software development process.6.1. GMP 功能:受監(jiān)管用戶應(yīng)建立并批準(zhǔn)一套系統(tǒng)要求(如用戶需求規(guī)范,URS)���,其應(yīng)準(zhǔn)確描述受監(jiān)管用戶在開展藥品GMP活動時已自動化且所依賴的功能。無論系統(tǒng)是內(nèi)部開發(fā)���、商用現(xiàn)成產(chǎn)品,還是以服務(wù)形式提供���,也無論其是遵循線性還是迭代軟件開發(fā)流程進(jìn)行開發(fā),都應(yīng)遵循這一原則���。
6.2.Extent and detail. The extent and detail of defined requirements should be commensurate with the risk, complexity and novelty of a system, and the description should be sufficient to support subsequent risk analysis, specification, design, purchase, configuration, qualification and validation. It should include, but may not be limited to, operational, functional, data integrity, technical, interface, performance, availability, security, and regulatory requirements. Where relevant, requirements should include process maps and data flow diagrams, and use cases may be applied.6.2. 范圍與詳細(xì)程度:已界定要求的范圍和詳細(xì)程度應(yīng)與系統(tǒng)的風(fēng)險���、復(fù)雜性和新穎性相匹配���,且描述應(yīng)足以支持后續(xù)的風(fēng)險分析、規(guī)范制定、設(shè)計、采購、配置、確認(rèn)和驗(yàn)證。應(yīng)包括但不限于操作���、功能���、數(shù)據(jù)完整性���、技術(shù)���、接口、性能���、可用性、安全性和監(jiān)管要求���。在相關(guān)情況下���,要求應(yīng)包含流程圖和數(shù)據(jù)流程圖���,也可應(yīng)用用例���。
6.3.Ownership. If a system is purchased or consists of software - as - a - service, a requirements specification may be provided by the vendor. However, the regulated user should carefully review and approve the document and consider whether the system fulfils GMP requirements and company processes as is, or whether it should be configured or customised. The regulated user should take ownership of the document covering the implemented version of the system and formally approve and control it after making any necessary changes.6.3. 所有權(quán):若系統(tǒng)是采購的或由軟件即服務(wù)(SaaS)構(gòu)成,供應(yīng)商可能會提供需求規(guī)范���。然而,受監(jiān)管用戶應(yīng)仔細(xì)審核并批準(zhǔn)該文件���,并考慮系統(tǒng)是否按現(xiàn)狀滿足 GMP 要求和公司流程,或者是否應(yīng)進(jìn)行配置或定制���。受監(jiān)管用戶應(yīng)取得涵蓋系統(tǒng)已實(shí)施版本的文件的所有權(quán)���,并在進(jìn)行任何必要變更后,正式批準(zhǔn)并管控該文件���。
6.4.Update. Requirements should be updated and maintained throughout the lifecycle of a system to ensure that they continue to give a complete and accurate description of system functionality as the system undergoes subsequent changes and customisations. Updated requirements should form the very basis for qualification and validation of a system.6.4. 更新:在系統(tǒng)的整個生命周期內(nèi)���,要求應(yīng)進(jìn)行更新和維護(hù)���,以確保在系統(tǒng)經(jīng)歷后續(xù)變更和定制時,它們能持續(xù)完整且準(zhǔn)確地描述系統(tǒng)功能���。更新后的要求應(yīng)構(gòu)成系統(tǒng)確認(rèn)和驗(yàn)證的根本依據(jù)。
6.5.Traceability. Documented traceability between individual requirements, underlaying design specifications and corresponding qualification and validation test cases should be established and maintained. The use of effective tools to capture and hold requirements and Page 5 of 19 facilitate the traceability is encouraged.6.5. 可追溯性:應(yīng)建立并維護(hù)單個需求���、底層設(shè)計規(guī)范以及相應(yīng)的確認(rèn)和驗(yàn)證測試用例之間的文件化可追溯性���。鼓勵使用有效的工具來捕獲和留存需求���,以促進(jìn)可追溯性���。
6.6.Configuration. It should be clear what functionality, if any, is modified or added by configuration of a system. Options allowing configuration of system functionality should be described in the requirements specification and the chosen configuration should be documented in a controlled configuration specification.6.6. 配置:應(yīng)明確通過系統(tǒng)配置修改或增加了哪些功能(如有)���。允許配置系統(tǒng)功能的選項(xiàng)應(yīng)在需求規(guī)范中描述,且所選配置應(yīng)記錄在受控的配置規(guī)范中���。
7. Supplier and Service Management7. 供應(yīng)商與服務(wù)管理
7.1.Responsibility. When a regulated user is relying on a vendor’s qualification of a system used in GMP activities, a service provider, or an internal IT department’s qualification and/or operation of such system, this does not change the requirements put forth in this document. The regulated user remains fully responsible for these activities based on the risk they constitute on product quality, patient safety and data integrity.7.1. 責(zé)任:當(dāng)受監(jiān)管用戶依賴供應(yīng)商對藥品GMP活動所用系統(tǒng)的確認(rèn)���、服務(wù)提供商或內(nèi)部信息技術(shù)(IT)部門對該系統(tǒng)的確認(rèn)和 / 或操作時���,這并不會改變本文件規(guī)定的要求���。基于這些活動對產(chǎn)品質(zhì)量���、患者安全和數(shù)據(jù)完整性構(gòu)成的風(fēng)險���,受監(jiān)管用戶仍對這些活動負(fù)全部責(zé)任���。
7.2.Audit. When a regulated user is relying on a vendor’s or a service provider’s qualification and/or operation of a system used in GMP activities, the regulated user should, according to risk and system criticality, conduct an audit or a thorough assessment to determine the adequacy of the vendor or service provider’s implemented procedures, the documentation associated with the deliverables, and the potential to leverage these rather than repeating the activities.7.2. 審計:當(dāng)受監(jiān)管用戶依賴供應(yīng)商���、服務(wù)提供商對 GMP 活動所用系統(tǒng)的確認(rèn)和 / 或操作時���,受監(jiān)管用戶應(yīng)根據(jù)風(fēng)險和系統(tǒng)關(guān)鍵性���,開展審計或全面評估���,以確定供應(yīng)商或服務(wù)提供商已實(shí)施程序的充分性���、與交付成果相關(guān)文件的充分性���,以及利用這些程序而非重復(fù)開展活動的可能性���。
7.3.Oversight. When a regulated user is relying on a service provider’s or an internal IT department’s operation of a system used in GMP activities, the regulated user should exercise effective oversight of this according to defined service level agreements (SLA) and key performance indicators (KPI) agreed with the service provider or the internal IT department.7.3. 監(jiān)督:當(dāng)受監(jiān)管用戶依賴服務(wù)提供商或內(nèi)部 IT 部門對 GMP 活動所用系統(tǒng)的操作時���,受監(jiān)管用戶應(yīng)根據(jù)與服務(wù)提供商或內(nèi)部 IT 部門商定的既定服務(wù)水平協(xié)議(SLA)和關(guān)鍵績效指標(biāo)(KPI)���,對此進(jìn)行有效監(jiān)督���。
7.4.Documentation availability. When a regulated user relies on a vendor’s, a service provider’s or an internal IT department’s qualification and/or operation of a system used in GMPactivities, the regulated user should ensure that documentation for activities required in this document is accessible and can be explained from their facility. In this, the regulated user may be supported by the vendor, the service provider or the internal IT department.7.4. 文件可用性:當(dāng)受監(jiān)管用戶依賴供應(yīng)商���、服務(wù)提供商或內(nèi)部 IT 部門對 GMP 活動所用系統(tǒng)的確認(rèn)和 / 或操作時���,受監(jiān)管用戶應(yīng)確保本文件要求的活動相關(guān)文件可獲取���,且可從其設(shè)施處進(jìn)行解釋說明���。在此過程中,受監(jiān)管用戶可獲得供應(yīng)商���、服務(wù)提供商或內(nèi)部 IT 部門的支持。
7.5.Contracts. When a regulated user is relying on a service provider’s or an internal IT department’s qualification and/or operation of a system used in GMP activities, the regulated user should have a contract with a service provider or have approved procedures with an internal IT department which:7.5. 合同:當(dāng)受監(jiān)管用戶依賴服務(wù)提供商或內(nèi)部 IT 部門對 GMP 活動所用系統(tǒng)的確認(rèn)和 / 或操作時���,受監(jiān)管用戶應(yīng)與服務(wù)提供商簽訂合同���,或與內(nèi)部 IT 部門制定經(jīng)批準(zhǔn)的程序���,其中應(yīng)規(guī)定:
i.Describes the activities and documentation to be providedi. 描述需提供的活動及文件
ii.Establishes the company procedures and regulatory requirements to be metii. 規(guī)定需滿足的公司程序及監(jiān)管要求
iii.Agrees on regular, ad hoc and incident reporting and oversight (incl. SLAs and KPIs), answer times, resolution times, etc.iii. 就常規(guī)、臨時及事件報告與監(jiān)督(包括服務(wù)水平協(xié)議(SLAs)和關(guān)鍵績效指標(biāo)(KPIs) )���、響應(yīng)時間���、解決時間等達(dá)成一致
iv.Agrees on conditions for supplier auditsiv. 就供應(yīng)商審核條件達(dá)成一致
v.Agrees on support during regulatory inspections, if so requestedv. 如有要求���,就監(jiān)管檢查期間的支持事宜達(dá)成一致
vi.Agrees on resolution of issues brought up during normal operation, audits and regulatory inspections etc.vi. 就正常運(yùn)行、審核及監(jiān)管檢查等過程中發(fā)現(xiàn)問題的解決方式達(dá)成一致
vii.Defines requirements and processes for communication of quality and security related issuesvii. 界定與質(zhì)量和安全相關(guān)問題的溝通要求及流程
viii.Defines an exit strategy by which the regulated user may retain control of system dataviii. 規(guī)定退出策略���,使受監(jiān)管用戶能夠保留對系統(tǒng)數(shù)據(jù)的控制權(quán)
ix.Agrees on the process for release of new system versions and on the regulated user’s possibility to test these prior to release.ix. 就新系統(tǒng)版本的發(fā)布流程,以及受監(jiān)管用戶在發(fā)布前對其進(jìn)行測試的可能性達(dá)成一致
8. Alarms8. 報警
8.1.Reliance on system. Alarms should be implemented in computerised systems where a regulated user is relying on the system to notify about an event. This is required when the user must take a specific action, without which product quality, patient safety or data integrity might otherwise be compromised.8.1. 依賴系統(tǒng):在受監(jiān)管用戶依賴系統(tǒng)就某一事件進(jìn)行通知的計算機(jī)化系統(tǒng)中���,應(yīng)設(shè)置報警功能���。當(dāng)用戶必須采取特定行動(若不采取該行動���,產(chǎn)品質(zhì)量���、患者安全或數(shù)據(jù)完整性可能會受到損害 )時���,需設(shè)置此類報警���。
8.2.Settings. Alarm limits, delays, and any early warnings or alerts, should be appropriately justified, and set within approved and validated process and product specifications. Setting, changing or deactivation should only be available to users with appropriate access privileges and should be managed by an approved procedure.8.2. 設(shè)置:報警限值、延遲時間以及任何預(yù)警或警報���,都應(yīng)經(jīng)過合理論證���,并在已批準(zhǔn)且經(jīng)驗(yàn)證的工藝和產(chǎn)品質(zhì)量標(biāo)準(zhǔn)范圍內(nèi)進(jìn)行設(shè)置���。報警的設(shè)置���、更改或停用操作,僅應(yīng)向具備相應(yīng)訪問權(quán)限的用戶開放���,且應(yīng)通過已批準(zhǔn)的程序進(jìn)行管理���。
8.3.Signalling. Alarms should set off visible and/or audible signals when set alarm limits are exceeded and after any defined delay. The signalling should accommodate a timely reaction and should be appropriate to the work environment.8.3. 信號發(fā)出:當(dāng)超出設(shè)定的報警限值且經(jīng)過任何規(guī)定的延遲時間后���,報警應(yīng)觸發(fā)可見和 / 或可聽信號���。信號的發(fā)出應(yīng)便于及時做出反應(yīng),且應(yīng)與工作環(huán)境相適配���。
8.4. Acknowledgement. Critical alarms potentially impacting product quality, patient safety or data integrity should only be acknowledged by users with appropriate access privileges. As part of the acknowledgement, i.e. a confirmation that the alarm has been seen and appropriate action will be taken, a comment should be added about why the alarm was acknowledged (see 12 Audit Trails).8.4. 確認(rèn):可能影響產(chǎn)品質(zhì)量、患者安全或數(shù)據(jù)完整性的關(guān)鍵報警���,僅應(yīng)由具備相應(yīng)訪問權(quán)限的用戶進(jìn)行確認(rèn)���。作為確認(rèn)的一部分(即確認(rèn)已看到報警并將采取適當(dāng)行動 )���,應(yīng)添加一條關(guān)于為何確認(rèn)該報警的注釋(見 12 審計追蹤 )���。
8.5.Log. All alarms and acknowledgements should be automatically added to an alarm log. This should contain the name of the alarm, date and time of the alarm, date and time of the acknowledgement, username and role of the user acknowledging the alarm and any comment about why the alarm was acknowledged. It should not be possible for users working according to GMP to deactivate or edit alarm logs.8.5. 記錄:所有報警及確認(rèn)信息都應(yīng)自動添加到報警日志中。日志應(yīng)包含報警名稱���、報警發(fā)生的日期和時間���、確認(rèn)的日期和時間���、確認(rèn)報警的用戶的用戶名和角色���,以及關(guān)于為何確認(rèn)該報警的任何注釋���。遵循藥品GMP開展工作的用戶不應(yīng)能夠停用或編輯報警日志���。
8.6.Searchability and sortability. Alarm logs should be searchable and sortable in the
originating system, or it should be possible to export logs to a tool which provides this functionality. Other methods of reviewing alarms may also be used, if they provide the same effectiveness.
8.6. 可搜索性和可排序性:報警日志應(yīng)能在生成系統(tǒng)中進(jìn)行搜索和排序���,或者應(yīng)能夠?qū)⑷罩緦?dǎo)出到具備該功能的工具中���。若其他查看報警的方法能達(dá)到相同效果���,也可使用���。
8.7.Review. Alarm logs should be subject to appropriate periodic reviews based on approved procedures, in which it should be evaluated whether they have been timely acknowledged by authorised users and whether appropriate action has been taken. Reviews should be documented, and results should be evaluated to identify any trends that could indicate negative performance of a system or process, or impact on the product. The frequency and Page 7 of 19detail of reviews should be based on the risk to product quality, patient safety and data integrity.8.7. 審核:應(yīng)依據(jù)已批準(zhǔn)的程序,對報警日志進(jìn)行適當(dāng)?shù)亩ㄆ趯徍?��。審核中?yīng)評估報警是否已被授權(quán)用戶及時確認(rèn)���,以及是否已采取適當(dāng)行動���。審核應(yīng)形成文件記錄���,且應(yīng)對結(jié)果進(jìn)行評估���,以識別任何可能表明系統(tǒng)或流程存在不良表現(xiàn)或?qū)Ξa(chǎn)品產(chǎn)生影響的趨勢。審核的頻率和詳細(xì)程度應(yīng)基于對產(chǎn)品質(zhì)量���、患者安全和數(shù)據(jù)完整性的風(fēng)險���。
9. Qualification and Validation9. 確認(rèn)與驗(yàn)證
9.1.Principles. Qualification and validation activities for computerised systems should follow the general principles outlined in GMP Annex 15. The activities should address both standard and configured system functionality, as well as any functionality realised through customisation.9.1. 原則:計算機(jī)化系統(tǒng)的確認(rèn)與驗(yàn)證活動應(yīng)遵循GMP 附錄 15 中概述的一般原則���。這些活動應(yīng)涵蓋標(biāo)準(zhǔn)和已配置的系統(tǒng)功能���,以及通過定制實(shí)現(xiàn)的任何功能���。
9.2.Quality risk management. Computerised systems should be qualified and validated in accordance with the principles of quality risk management. Decisions on the scope and extent of qualification and validation of specific functionality and entire systems should be based on a justified and documented risk assessment of individual requirements and, where relevant, functional specifications, considering the risk for product quality, patient safety and data integrity.9.2. 質(zhì)量風(fēng)險管理:計算機(jī)化系統(tǒng)應(yīng)依照質(zhì)量風(fēng)險管理原則進(jìn)行確認(rèn)和驗(yàn)證���。關(guān)于特定功能和整個系統(tǒng)的確認(rèn)與驗(yàn)證范圍及程度的決策���,應(yīng)基于對單個需求以及相關(guān)功能規(guī)范(如適用 )的合理且有文件記錄的風(fēng)險評估���,同時考慮對產(chǎn)品質(zhì)量���、患者安全和數(shù)據(jù)完整性的風(fēng)險���。
9.3 Installation and configuration. Prior to commencing any test activity, it should be verified that a computerised system and its components have been correctly installed and configured according to specifications, and where applicable, that relevant components have been properly calibrated. Operating systems and platforms should be updated to supported versions and relevant security patches should be deployed (see 15.10 Updated platforms and 15.13 Timely patching).9.3. 安裝與配置:在開展任何測試活動之前���,應(yīng)驗(yàn)證計算機(jī)化系統(tǒng)及其組件已根據(jù)規(guī)范正確安裝和配置���,且在適用情況下,相關(guān)組件已正確校準(zhǔn)���。操作系統(tǒng)和平臺應(yīng)更新至受支持的版本���,并應(yīng)部署相關(guān)安全補(bǔ)?��。ㄒ?15.10 已更新的平臺和 15.13 及時打補(bǔ)丁 )���。
9.4.Evidence. System qualification and validation should provide evidence in the form of executed test scripts, and where relevant, screen dumps, that requirements, and where applicable, derived functional specifications, are met by the system.9.4. 證據(jù):系統(tǒng)確認(rèn)和驗(yàn)證應(yīng)通過已執(zhí)行的測試腳本(以及相關(guān)的屏幕截圖���,如適用 )的形式提供證據(jù)���,證明系統(tǒng)滿足需求以及(如適用 )衍生的功能規(guī)范���。
9.5.Traceability. Test cases should be traceable to individual requirements or specifications, e.g. by means of a requirements traceability matrix. Test cases not referring (traceable) to requirements or applicable specifications do not meet the requirements to qualification and validation.9.5. 可追溯性:測試用例應(yīng)可追溯到單個需求或規(guī)范���,例如通過需求追溯矩陣���。未提及(可追溯到 )需求或適用規(guī)范的測試用例,不滿足確認(rèn)和驗(yàn)證的要求���。
9.6. Focus. Increased focus should be on testing a system’s handling of key functional
requirements, on functionality intended to ensure that activities are conducted according to GMP, and on functionality designed to ensure data integrity. This includes but is not limited to access privileges, release of products and results, calculations, audit trails, error handling, handling of alarms and warnings, boundary and negative testing, reports and interfaces, and restore from backup.
9.6. 重點(diǎn):應(yīng)更加注重測試系統(tǒng)對關(guān)鍵功能需求的處理���、旨在確保活動依照 GMP 開展的功能���,以及為確保數(shù)據(jù)完整性而設(shè)計的功能���。這包括但不限于訪問權(quán)限���、產(chǎn)品和結(jié)果的放行���、計算���、審計追蹤���、錯誤處理���、報警和警告的處理���、邊界和負(fù)面測試���、報告和接口���,以及從備份恢復(fù)���。
9.7.Plan and approval. Qualification and validation activities should be conducted according to approved plans, protocols and test scripts. Test scripts should be described in sufficient detail to ensure a correct and repeatable conduct of test steps and prerequisites.9.7. 計劃與批準(zhǔn):確認(rèn)和驗(yàn)證活動應(yīng)依照已批準(zhǔn)的計劃、方案和測試腳本開展���。測試腳本的描述應(yīng)足夠詳細(xì)���,以確保測試步驟和前提條件能正確且可重復(fù)地執(zhí)行���。
9.8.Completion prior to use. Qualification and validation activities should be successfully completed and reported prior to approval and taking a system into use. Conditional approval to proceed to taking a system into use may be granted where certain acceptance criteria have not been met, or deviations have not been fully addressed. A condition for this is, that there is a documented assessment, that any deficiencies in the affected system functionality or Page 8 of 19 GMP processes, will not impact product quality, patient safety or data integrity. Where a conditional approval is issued, it should be explicitly stated in the validation report and there should be close follow-up on approval of outstanding actions according to plan.9.8. 使用前完成:確認(rèn)和驗(yàn)證活動應(yīng)在批準(zhǔn)并啟用系統(tǒng)之前成功完成并報告。在某些接受標(biāo)準(zhǔn)未滿足或偏差未完全解決的情況下���,可有條件批準(zhǔn)啟用系統(tǒng)���。條件是要有文件記錄的評估���,證明受影響的系統(tǒng)功能或藥品GMP流程中的任何缺陷不會影響產(chǎn)品質(zhì)量、患者安全或數(shù)據(jù)完整性���。若頒發(fā)有條件批準(zhǔn)���,應(yīng)在驗(yàn)證報告中明確說明���,且應(yīng)根據(jù)計劃密切跟進(jìn)未完成行動的批準(zhǔn)情況 ���。
9.9.Authorisation. Qualification and validation documentation may be provided by a service provider, a vendor or an internal IT department in parts or in whole. However, the regulated user is fully accountable and should carefully review and authorise the use of the documentation. They should carefully consider whether it covers the implemented version and supports GMP, and company processes as is, or whether it should be repeated in parts or completely by the regulated user.9.9. 批準(zhǔn):確認(rèn)和驗(yàn)證文件可由服務(wù)提供商���、供應(yīng)商或內(nèi)部信息技術(shù)(IT)部門部分或全部提供。然而���,受監(jiān)管用戶負(fù)有全部責(zé)任���,應(yīng)仔細(xì)審核并批準(zhǔn)文件的使用。他們應(yīng)仔細(xì)考慮文件是否涵蓋已實(shí)施的版本、是否支持 GMP 及公司現(xiàn)有流程���,或者是否應(yīng)由受監(jiān)管用戶部分或全部重新開展相關(guān)活動 。
10. Handling of Data10. 數(shù)據(jù)處理
10.1.Input verification. Where critical data is entered manually, systems should, were applicable, have functionality to verify the plausibility of the inputs (e.g. within expected ranges), and alert the user when the input is not plausible.10.1. 輸入驗(yàn)證:在手動輸入關(guān)鍵數(shù)據(jù)的情況下���,系統(tǒng)應(yīng)在適用時具備驗(yàn)證輸入合理性(如在預(yù)期范圍內(nèi) )的功能���,并在輸入不合理時向用戶發(fā)出警報���。
10.2.Data transfer. Where a routine work process requires that critical data be transferred from one system to another (e.g. from a laboratory instrument to a LIMS system), this should, where possible, be based on validated interfaces rather than on manual transcriptions. If critical data is transcribed manually, effective measures should be in place to ensure that this does not introduce any risk to data integrity.10.2. 數(shù)據(jù)傳輸:當(dāng)常規(guī)工作流程要求將關(guān)鍵數(shù)據(jù)從一個系統(tǒng)傳輸?shù)搅硪粋€系統(tǒng)(如從實(shí)驗(yàn)室儀器傳輸?shù)綄?shí)驗(yàn)室信息管理系統(tǒng)(LIMS) )時���,應(yīng)在可能的情況下基于經(jīng)驗(yàn)證的接口進(jìn)行傳輸���,而非手動轉(zhuǎn)錄���。若關(guān)鍵數(shù)據(jù)手動傳輸���,應(yīng)采取有效措施確保不會給數(shù)據(jù)完整性帶來任何風(fēng)險。
10.3.Data migration. Where an ad hoc process requires that critical data or a whole database be migrated from one system to another (e.g. when moving data from a retired to a new system), this should be based on a validated process. Among other things, it should consider the constraints on the sending and receiving side.10.3. 數(shù)據(jù)遷移:當(dāng)臨時流程要求將關(guān)鍵數(shù)據(jù)或整個數(shù)據(jù)庫從一個系統(tǒng)遷移到另一個系統(tǒng)(如將數(shù)據(jù)從舊系統(tǒng)遷移到新系統(tǒng) )時���,應(yīng)基于經(jīng)驗(yàn)證的流程進(jìn)行���。除其他事項(xiàng)外���,還應(yīng)考慮發(fā)送方和接收方的約束條件。
10.4.Encryption. Where applicable, critical data should be encrypted on a system.10.4. 加密:在適用情況下���,關(guān)鍵數(shù)據(jù)應(yīng)在系統(tǒng)上進(jìn)行加密���。
11. Identity and Access Management11. 身份與訪問管理
11.1.Unique accounts. All users should have unique and personal accounts. The use of shared accounts except for those limited to read-only access (no data or settings can be changed), constitute a violation of data integrity.11.1. 唯一賬戶:所有用戶都應(yīng)擁有唯一的個人賬戶。使用共享賬戶(僅限只讀訪問(無法更改數(shù)據(jù)或設(shè)置 )的賬戶除外 )構(gòu)成對數(shù)據(jù)完整性的違規(guī)���。
11.2. Continuous management. User accesses and roles should be granted, modified and revoked as relevant and in a timely manner as users join, change, and end their involvement in GMP activities.11.2. 持續(xù)管理:隨著用戶加入、變動以及結(jié)束參與藥品GMP活動,應(yīng)適時且相關(guān)地授予���、修改和撤銷用戶訪問權(quán)限及角色���。
11.3.Certain identification. The method of authentication should identify users with a high degree of certainty and provide an effective protection against unauthorised access. Typically, it may involve a unique username and a password, although other methods providing at least the same level of security may be employed (e.g. biometrics). Authentication only by means of a token or a smart card is not sufficient, if this could be used by another user.11.3. 可靠識別:身份驗(yàn)證方法應(yīng)能高度可靠地識別用戶���,并有效防止未經(jīng)授權(quán)的訪問���。通常,這可能涉及唯一用戶名和密碼���,不過也可采用其他至少具備同等安全級別的方法(如生物識別 )���。若令牌或智能卡可能被其他用戶使用���,則僅通過令牌或智能卡進(jìn)行身份驗(yàn)證是不夠的���。
11.4.Confidential passwords. Passwords and other means of authentication should be kept confidential and protected from all other users, both at system and at a personal level. Passwords received from e.g. a manager, or a system administrator should be changed at the first login, preferably required by the system.11.4. 保密密碼:密碼及其他身份驗(yàn)證方式應(yīng)在系統(tǒng)和個人層面上對所有其他用戶保密并加以保護(hù)。從如經(jīng)理或系統(tǒng)管理員處獲取的密碼���,應(yīng)在首次登錄時更改���,最好由系統(tǒng)強(qiáng)制要求更改���。
11.5. Secure passwords. Passwords should be secure and enforced by systems. Password rules should be commensurate with risks and consequences of unauthorised changes in systems and data. For critical systems, passwords should be of sufficient length to effectively prevent unauthorised access and contain a combination of uppercase, lowercase, numbers and symbols. A password should not contain e.g. words that can be found in a dictionary, the name of a person, a user id, product or organisation, and should be significantly different from a previous password.11.5. 安全密碼:密碼應(yīng)安全且由系統(tǒng)強(qiáng)制實(shí)施���。密碼規(guī)則應(yīng)與系統(tǒng)和數(shù)據(jù)中未經(jīng)授權(quán)更改的風(fēng)險及后果相匹配���。對于關(guān)鍵系統(tǒng)���,密碼長度應(yīng)足以有效防止未經(jīng)授權(quán)的訪問,且應(yīng)包含大寫字母���、小寫字母���、數(shù)字和符號的組合。密碼不應(yīng)包含如字典中能查到的單詞、人名���、用戶 ID���、產(chǎn)品或組織名稱���,且應(yīng)與之前的密碼有顯著差異 ���。
11.6.Strong authentication. Remote authentication on critical systems from outside controlled perimeters, should include multifactor authentication (MFA).11.6. 強(qiáng)身份驗(yàn)證:從受控區(qū)域外對關(guān)鍵系統(tǒng)進(jìn)行遠(yuǎn)程身份驗(yàn)證時���,應(yīng)包含多因素身份驗(yàn)證(MFA) ���。
11.7.Auto locking. Accounts should be automatically locked after a pre-defined number of successive failed authentication attempts. Accounts should only be unlocked by the system administrator after it has been confirmed that this was not part of an unauthorised login attempt or after the risk for such attempt has been removed.11.7. 自動鎖定:在連續(xù)多次身份驗(yàn)證失?��。ù螖?shù)預(yù)先定義)后���,賬戶應(yīng)自動鎖定���。僅在確認(rèn)該情況并非未經(jīng)授權(quán)的登錄嘗試的一部分���,或此類嘗試的風(fēng)險已消除后,系統(tǒng)管理員才可解鎖賬戶。
11.8. Inactivity logout. Systems should include an automatic inactivity logout, which logs out a user after a defined period of inactivity. The user should not be able to change the inactivity logout time (outside defined and acceptable limits) or deactivate the functionality. Upon inactivity logout, a re-authentication should be required (e.g. password entry).11.8. 無活動注銷:系統(tǒng)應(yīng)包含自動無活動注銷功能,在用戶無活動狀態(tài)持續(xù)預(yù)定義時長后���,將用戶注銷���。用戶不應(yīng)能夠更改無活動注銷時間(超出定義的可接受范圍)或停用該功能���。無活動注銷后���,應(yīng)要求重新進(jìn)行身份驗(yàn)證(如輸入密碼).
11.9.Access log. Systems should include an access log (separate, or as part of the audit trail) which, for each login, automatically logs the username, user role (if possible, to choose between several roles), the date and time for login, the date and time for logout (incl. inactivity logout). The log should be sortable and searchable, or alternatively, it should be possible to export the log to a tool which provides this functionality.11.9. 訪問日志:系統(tǒng)應(yīng)包含訪問日志(單獨(dú)的���,或作為審計追蹤的一部分),對于每次登錄���,自動記錄用戶名、用戶角色(若可能���,在多個角色中選擇)���、登錄日期和時間、注銷日期和時間(包括無活動注銷)���。日志應(yīng)可排序和搜索,或者應(yīng)能夠?qū)⑷罩緦?dǎo)出到具備該功能的工具中���。
11.10.Guiding principles. Access privileges for users of computerised systems used in GMP activities should be managed according to the following two guiding principles:11.10. 指導(dǎo)原則:藥品GMP活動所用計算機(jī)化系統(tǒng)的用戶訪問權(quán)限���,應(yīng)根據(jù)以下兩項(xiàng)指導(dǎo)原則進(jìn)行管理:
·Segregation of duties, i.e. that users who are involved in GMP activities do not have administrative privileges.職責(zé)分離,即參與 GMP 活動的用戶不應(yīng)擁有管理權(quán)限���。
·Least privilege principle, i.e. that users do not have higher access privileges than what is necessary for their job function.最小權(quán)限原則���,即用戶擁有的訪問權(quán)限不應(yīng)高于其工作職能所需的權(quán)限���。
11.11.Recurrent reviews. User accounts should be subject to recurrent reviews where managers confirm the continued access of their employees in order to detect accesses which should have been changed or revoked during daily operation, but were accidentally forgotten. If user accounts are managed by means of roles, these should be subject to the same kind of reviews, where the accesses of roles are confirmed. The reviews should be documented, and appropriate action taken. The frequency of these reviews should be commensurate with the risks and consequences of changes in systems and data made by unauthorised individuals.11.11. 定期審核:用戶賬戶應(yīng)接受定期審核,由管理人員確認(rèn)其員工的持續(xù)訪問權(quán)限���,以便發(fā)現(xiàn)那些在日常操作中本應(yīng)更改或撤銷但意外被遺忘的訪問權(quán)限���。若用戶賬戶通過角色進(jìn)行管理���,這些角色也應(yīng)接受同類審核,確認(rèn)角色的訪問權(quán)限。審核應(yīng)形成文件記錄���,并采取適當(dāng)行動���。這些審核的頻率應(yīng)與未經(jīng)授權(quán)人員對系統(tǒng)和數(shù)據(jù)進(jìn)行更改的風(fēng)險及后果相匹配。
12. Audit Trails12. 審計追蹤
12.1. Manual user interactions. Systems which are used to control processes, capture, hold or report data, and where users can create, modify or delete data, settings or access privileges, Page 10 of 19 acknowledge alarms or execute electronic signatures etc., should have an audit trail functionality which automatically logs all manual user interactions.12.1. 手動用戶交互:用于控制流程���、捕獲���、保存或報告數(shù)據(jù),且用戶可創(chuàng)建、修改或刪除數(shù)據(jù)���、設(shè)置或訪問權(quán)限���、確認(rèn)報警或執(zhí)行電子簽名等的系統(tǒng)���,應(yīng)具備審計追蹤功能���,自動記錄所有手動用戶交互���。
12.2. Who, what, when, why. The audit trail should unambiguously capture the user who made a change (including the user’s role, if users may have more than one role), what was changed (including the data that was changed and the old and the new value), and the date and time when the change was made (including the time zone if applicable). Audit trail data should be recorded at the time of events, not at the end of a process. Where data is changed from an old value to a new value, systems should automatically prompt the user for, and register the reason, why the change was made.12.2. 何人���、何事、何時���、何故.審計追蹤應(yīng)清晰捕獲做出更改的用戶(若用戶可能有多個角色���,包括用戶的角色)、更改的內(nèi)容(包括被更改的數(shù)據(jù)以及舊值和新值)���,以及更改發(fā)生的日期和時間(如適用,包括時區(qū))���。審計追蹤數(shù)據(jù)應(yīng)在事件發(fā)生時記錄���,而非在流程結(jié)束時���。當(dāng)數(shù)據(jù)從舊值更改為新值時���,系統(tǒng)應(yīng)自動提示用戶并記錄更改原因。
12.3.No edit or deactivation. Audit trail functionality should be enabled and locked at all times, and it should not be possible for any user to edit audit trail data. If audit trail settings or system time can be changed, or if the functionality can be deactivated, this should by itself create an entry in the audit trail, and it should only be possible for a system administrator not involved in any GMP activities (see 11.10 Guiding principles).12.3. 不可編輯或停用:審計追蹤功能應(yīng)始終啟用并鎖定,任何用戶都不應(yīng)能夠編輯審計追蹤數(shù)據(jù)。若審計追蹤設(shè)置或系統(tǒng)時間可更改,或該功能可停用���,此操作本身應(yīng)在審計追蹤中創(chuàng)建一條記錄���,且僅應(yīng)由未參與任何藥品GMP活動的系統(tǒng)管理員執(zhí)行(見 11.10 指導(dǎo)原則 )。
12.4.Accommodate review. Systems should accommodate effective and efficient reviews of audit trail data. It should be possible for all users to sort and search audit trail data (who, what, when and why) in the system, or alternatively, to allow export of the data to a tool where this is possible.12.4. 便于審核:系統(tǒng)應(yīng)便于對審計追蹤數(shù)據(jù)進(jìn)行有效且高效的審核���。所有用戶應(yīng)能夠在系統(tǒng)中對審計追蹤數(shù)據(jù)(何人���、何事���、何時���、何故)進(jìn)行排序和搜索���,或者可將數(shù)據(jù)導(dǎo)出到具備該功能的工具中���。
12.5. Reviews. Audit trail reviews should be conducted according to a documented procedure for the specific system, or type of systems. The procedure should outline who should make the review, what should be reviewed, and when should the review be made. The use of tools to help conduct audit trail reviews is encouraged and appropriate action should be taken and documented following the reviews. Any significant variation from the expected outcome found during the audit trail review should be fully investigated and recorded.12.5. 審核:應(yīng)依據(jù)針對特定系統(tǒng)或系統(tǒng)類型的文件化程序開展審計追蹤審核���。程序應(yīng)規(guī)定由誰進(jìn)行審核、審核內(nèi)容以及審核時間���。鼓勵使用工具輔助開展審計追蹤審核,審核后應(yīng)采取適當(dāng)行動并形成文件記錄���。審計追蹤審核中發(fā)現(xiàn)的與預(yù)期結(jié)果的任何重大偏差���,都應(yīng)進(jìn)行全面調(diào)查并記錄���。
12.6.Independent review. Audit trail reviews should be conducted by personnel not directly involved in the activities covered by the review (a peer review).12.6. 獨(dú)立審核:審計追蹤審核應(yīng)由未直接參與審核所涉活動的人員進(jìn)行(同行評審)。
12.7. Scope of review. Reviewing all entries in an audit trail record may not be effective. Reviews should be targeted, based on risk and adapted to local manufacturing processes. Procedures for audit trail reviews should focus on detecting any deliberate or indeliberate changes to critical processes or data that indicate a violation of GMP principles, including, but not limited to, repetition of activities, errors, omissions, unauthorised process deviations and loss of data integrity. A key element should be to verify the reason why a change is made.12.7. 審核范圍:審核審計追蹤記錄中的所有條目可能并非有效方式���。審核應(yīng)基于風(fēng)險有針對性地開展,并適應(yīng)本地生產(chǎn)流程���。審計追蹤審核程序應(yīng)聚焦于檢測對關(guān)鍵流程或數(shù)據(jù)的任何故意或無意更改,這些更改可能表明違反了藥品GMP原則���,包括但不限于活動重復(fù)���、錯誤、遺漏���、未經(jīng)授權(quán)的流程偏差以及數(shù)據(jù)完整性受損���。其中一個關(guān)鍵要素是驗(yàn)證更改的原因 。
12.8. Timeliness of review. Audit trail reviews should be conducted in a timely manner according to the risk of the process reviewed. The audit trail review should be conducted prior to batch release, unless the risk of a later detection of any unwarranted changes can be justified.12.8. 審核的及時性:應(yīng)根據(jù)所審核流程的風(fēng)險���,及時開展審計追蹤審核。審計追蹤審核應(yīng)在批次放行前進(jìn)行���,除非后續(xù)發(fā)現(xiàn)任何不當(dāng)更改的風(fēng)險可被證明是合理的。
12.9.Electronic copy. It should be possible to obtain a complete electronic copy of system data including audit trail data. Flat and locked files are not acceptable, it should be possible to search and sort data.12.9. 電子副本:應(yīng)能夠獲取包含審計追蹤數(shù)據(jù)在內(nèi)的系統(tǒng)數(shù)據(jù)的完整電子副本���。靜態(tài)且鎖定的文件不可接受,應(yīng)能夠?qū)?shù)據(jù)進(jìn)行搜索和排序���。
12.10. Availability to QP. Audit trail reviews with direct impact on the release of a product should be available to the QP at the time of batch release.12.10. 對質(zhì)量受權(quán)人的可用性:對產(chǎn)品放行有直接影響的審計追蹤審核結(jié)果���,應(yīng)在批次放行時可供質(zhì)量受權(quán)人(QP)查閱 ���。
13. Electronic Signatures13. 電子簽名
13.1.Scope. Requirements for electronic signatures in this document apply to systems and tools used in processes where GMP require a signature.13.1. 范圍:本文件中電子簽名的要求適用于藥品GMP要求簽名的流程中使用的系統(tǒng)和工具。
13.2.Open systems. Where the system owner does not have full control of system accesses (open systems), or where required by other legislation, electronic signatures should, in addition, meet applicable national and international requirements, such as trusted services.13.2. 開放系統(tǒng):當(dāng)系統(tǒng)所有者無法完全控制系統(tǒng)訪問(開放系統(tǒng)),或其他法規(guī)有要求時���,電子簽名還應(yīng)滿足適用的國家和國際要求,如可信服務(wù)���。
13.3. Re-authentication. When executing an electronic signature, a system should enforce users to perform a full re-authentication providing at least the same level of security as during system login (see 11.3 Certain identification). When executing subsequent electronic signatures in immediate sequence, authentication may be by means of a password or biometrics only. Authentication only by means of a smart card, a pin code, or relying on the previous system authentication is not acceptable.13.3. 重新認(rèn)證:執(zhí)行電子簽名時���,系統(tǒng)應(yīng)強(qiáng)制用戶進(jìn)行完整的重新認(rèn)證���,其安全級別至少應(yīng)與系統(tǒng)登錄時相同(見 11.3 可靠識別 )���。連續(xù)執(zhí)行后續(xù)電子簽名時,可僅通過密碼或生物識別進(jìn)行認(rèn)證���。僅通過智能卡���、個人識別碼(PIN)或依賴之前的系統(tǒng)認(rèn)證進(jìn)行認(rèn)證是不可接受的���。
13.4.Date and time. Systems should automatically log the date and time and, where applicable, the time zone when an electronic signature was applied.13.4. 日期和時間:系統(tǒng)應(yīng)自動記錄應(yīng)用電子簽名的日期和時間���,以及適用時的時區(qū)。
13.5.Meaning. It should be clear when a user is executing an electronic signature and where applicable, systems should prompt the user for the meaning of the signature (e.g. reviewer or approver).13.5. 含義:應(yīng)明確用戶何時執(zhí)行電子簽名���,且在適用時,系統(tǒng)應(yīng)提示用戶說明簽名的含義(如審核人或批準(zhǔn)人)���。
13.6. Manifestation. When an electronic signature is displayed (on screen or print), the manifestation should include the full name of the user, the username, where applicable the role of the signer and the meaning of the signature, the date and time, and where needed the time zone, when the signature was applied.13.6. 顯示形式:當(dāng)電子簽名顯示(在屏幕上或打印件上)時���,顯示內(nèi)容應(yīng)包括用戶的全名、用戶名(如適用)���、簽名人的角色、簽名的含義���、簽名應(yīng)用的日期和時間���,以及需要時的時區(qū)���。
13.7.Indisputability. Electronic signatures should be indisputable and equivalent to hand-written signatures.13.7. 不可爭辯性:電子簽名應(yīng)具有不可爭辯性���,且與手寫簽名等效���。
13.8.Unbreakable link. Electronic signatures should be permanently linked to their respective records. Controls should be in place to ensure that a signed record cannot be modified or alternatively, that if a later change is made to a signed record, it will clearly appear as unsigned.13.8. 不可破解的關(guān)聯(lián):電子簽名應(yīng)與其各自的記錄永久關(guān)聯(lián)���。應(yīng)采取控制措施確保已簽名記錄無法被修改���,或者若后續(xù)對已簽名記錄進(jìn)行更改,能明顯顯示為未簽名狀態(tài)���。
13.9. Hybrid solution. If a wet-ink signature (on paper) is used to sign electronic records held in a computerised system (a hybrid solution), measures should be implemented to provide a high degree of certainty that any change to the electronic record will invalidate the signature. This may be implemented by calculating a hash code (check sum) of the electronic record and printing that on the signature page.13.9. 混合解決方案:若使用手寫墨水簽名(在紙上)對計算機(jī)化系統(tǒng)中保存的電子記錄進(jìn)行簽名(混合解決方案)���,應(yīng)采取措施確保電子記錄的任何更改都會使簽名失效���,且具有高度確定性?��?赏ㄟ^計算電子記錄的哈希碼(校驗(yàn)和)并將其打印在簽名頁上來實(shí)現(xiàn)。
14. Periodic Reviews14. 定期審核
14.1 Periodic reviews. After a system has been initially validated and is put into operation, periodic reviews should be conducted. This review should verify whether the system remains 'fit for intended use' and in 'a validated state', or whether changes should be made and re-validation (complete or in parts) is required. The reviews should be documented and findings analysed to identify any consequences on product quality, patient safety and data integrity, and to prevent recurrence.14.1. 定期審核:系統(tǒng)初步驗(yàn)證并投入運(yùn)行后,應(yīng)開展定期審核���。審核應(yīng)確認(rèn)系統(tǒng)是否仍“適合預(yù)期用途” 且處于 “驗(yàn)證狀態(tài)”���,或是否應(yīng)進(jìn)行變更及是否需要重新驗(yàn)證(全部或部分 )。審核應(yīng)形成文件記錄���,對發(fā)現(xiàn)的問題進(jìn)行分析���,以識別對產(chǎn)品質(zhì)量、患者安全和數(shù)據(jù)完整性的任何影響���,并防止問題再次發(fā)生。
14.2.Scope of review. Where applicable, periodic reviews should include, but may not be limited to:14.2. 審核范圍:在適用情況下���,定期審核應(yīng)包括但不限于:
Changes made since the previous review:自上次審核以來發(fā)生的變更
i.To the system’s hardware and software components, configuration, platform, infrastructure and interfaces.i. 系統(tǒng)硬件和軟件組件���、配置���、平臺���、基礎(chǔ)架構(gòu)及接口的變更。
ii.To the system documentation, e.g. requirements specifications, user guides and SOPs. This includes a verification that system changes are fully reflected in the system documentationii. 系統(tǒng)文件的變更���,如需求規(guī)范、用戶指南和標(biāo)準(zhǔn)操作程序(SOPs)���。這包括驗(yàn)證系統(tǒng)變更已完整反映在系統(tǒng)文件中
iii.The combined effect of multiple changes in this, and in other systems, should be assessed. Undocumented (unapproved) changes should be effectively identified, e.g.by means of configuration auditing.iii. 應(yīng)評估本系統(tǒng)及其他系統(tǒng)中多項(xiàng)變更的綜合影響。應(yīng)有效識別未記錄(未批準(zhǔn) )的變更���,如通過配置審核的方式���。
Follow-up on supporting processes:對支持流程的跟進(jìn)
iv.Actions from previous periodic reviews, audits and inspections, and corrective and preventive actions.iv. 以往定期審核���、審計和檢查所要求的行動���,以及糾正和預(yù)防措施���。
v.Conduct of, and actions from, audit trail reviews, access reviews, and risks assessments.v. 審計追蹤審核���、訪問審核和風(fēng)險評估的開展情況及所要求的行動���。
vi.Actions from incidents, problems and deviations, security incidents and new security threats.vi. 事件、問題和偏差���、安全事件及新安全威脅所要求的行動���。
vii.Maintenance, calibration, support contracts and service level agreements (SLA).vii. 維護(hù)���、校準(zhǔn)、支持合同及服務(wù)水平協(xié)議(SLA)���。
viii.Contracts and key performance indicators (KPI) with vendors and service providers.viii. 與供應(yīng)商和服務(wù)提供商簽訂的合同及關(guān)鍵績效指標(biāo)(KPI)���。
ix.Adequacy of backup procedures, restore tests and disaster recovery plans.ix. 備份程序、恢復(fù)測試及災(zāi)難恢復(fù)計劃的充分性���。
x.Adequacy and timeliness of archival.x. 歸檔的充分性和及時性���。
xi.Conduct and actions from data integrity assessments.xi. 數(shù)據(jù)完整性評估的開展情況及所要求的行動���。
xii.Changes to regulatory requirements.xii. 監(jiān)管要求的變更���。
14.3.Frequency. Periodic reviews should be conducted, approved and closed according to plan. The frequency of reviews should be established and justified based on the risk the system poses to product quality, patient safety and data integrity. A final review should be conducted when the system is taken out of use.14.3. 頻率:定期審核應(yīng)依據(jù)計劃開展���、批準(zhǔn)并收尾。審核頻率應(yīng)根據(jù)系統(tǒng)對產(chǎn)品質(zhì)量���、患者安全和數(shù)據(jù)完整性構(gòu)成的風(fēng)險來確定并說明合理性���。系統(tǒng)停用前應(yīng)開展最終審核���。
15. Security15. 安全
15.1.Security system. Regulated users should ensure an effective information security management system is implemented and maintained, which safeguards authorised access to, and detects and prevents unauthorised access to GMP, systems and data.15.1. 安全系統(tǒng):受監(jiān)管用戶應(yīng)確保實(shí)施并維護(hù)有效的信息安全管理系統(tǒng)���,保障對藥品GMP���、系統(tǒng)和數(shù)據(jù)的授權(quán)訪問,檢測并阻止未經(jīng)授權(quán)的訪問���。
15.2.Continuous improvement. Regulated users should keep updated about new security threats,and measures to protect GMP systems and data should be continuously improved as applicable to counter this development.15.2. 持續(xù)改進(jìn):受監(jiān)管用戶應(yīng)及時了解新的安全威脅,且保護(hù)藥品GMP系統(tǒng)和數(shù)據(jù)的措施應(yīng)持續(xù)改進(jìn)���,以應(yīng)對安全威脅的發(fā)展情況 ���。
15.3.Training and tests. Regulated users should undergo recurrent security awareness training, as relevant, to raise and maintain their understanding of cyber threats and safe behaviour. The effectiveness of the training should be evaluated, e.g. by means of simulated tests.15.3. 培訓(xùn)與測試:受監(jiān)管用戶應(yīng)按需求接受定期的安全意識培訓(xùn)���,以提升并保持其對網(wǎng)絡(luò)威脅和安全行為的認(rèn)知。培訓(xùn)的有效性應(yīng)進(jìn)行評估���,如通過模擬測試的方式。
15.4. Physical access. Servers, computers, devices, infrastructure and storage media used in GMP activities should be physically protected against unauthorised access, damage and loss. Physical access to server rooms and data centres should be limited to the necessary minimum and these should be securely locked, e.g. by means of multi-factor authentication. If unauthorised access is possible (e.g. `co-location´), access to individual servers should be protected.15.4. 物理訪問:用于 GMP 活動的服務(wù)器、計算機(jī)���、設(shè)備���、基礎(chǔ)設(shè)施和存儲介質(zhì)應(yīng)進(jìn)行物理防護(hù)���,防止未經(jīng)授權(quán)的訪問���、損壞和丟失。進(jìn)入服務(wù)器機(jī)房和數(shù)據(jù)中心的物理訪問應(yīng)限制在必要的最小范圍內(nèi)���,且這些區(qū)域應(yīng)安全鎖閉,如通過多因素認(rèn)證的方式。若存在未經(jīng)授權(quán)訪問的可能(如 “共址” )���,應(yīng)對單個服務(wù)器的訪問進(jìn)行防護(hù) 。
15.5.Disasters and disturbances. Data centres should be constructed to minimise the risk and impact of natural and manmade disasters and disturbances. This includes, but may not be limited to, storms, flooding, water leaks, earthquakes, fires, power outages, and network failures etc.15.5. 災(zāi)難與干擾:數(shù)據(jù)中心的建設(shè)應(yīng)將自然和人為災(zāi)難及干擾的風(fēng)險與影響降至最低。這包括但不限于風(fēng)暴���、洪水、漏水、地震���、火災(zāi)���、停電和網(wǎng)絡(luò)故障等情況���。
15.6.Replication. Where relevant, critical data should be replicated from a primary to a secondary data centre. The replication should take place automatically with a delay which is short enough to minimise the risk of loss of data. The secondary (failover) data centre should be located at a safe distance from the primary site to minimise the risk that the same incident destroys both data centres.15.6. 復(fù)制:在相關(guān)情況下���,關(guān)鍵數(shù)據(jù)應(yīng)從主數(shù)據(jù)中心復(fù)制到輔助數(shù)據(jù)中心。復(fù)制應(yīng)自動進(jìn)行���,且延遲時間應(yīng)足夠短���,以將數(shù)據(jù)丟失的風(fēng)險降至最低。輔助(故障轉(zhuǎn)移)數(shù)據(jù)中心應(yīng)與主站點(diǎn)保持安全距離���,以降低同一事件摧毀兩個數(shù)據(jù)中心的風(fēng)險。
15.7.Disaster recovery. A disaster recovery plan should be in place, tested and available during and after a disaster has affected a data centre, server, computer, infrastructure, or data. Where applicable, the plan should ensure the continuity of operation within a defined Recovery Time Objective (RTO).15.7. 災(zāi)難恢復(fù):應(yīng)制定災(zāi)難恢復(fù)計劃,該計劃應(yīng)在數(shù)據(jù)中心���、服務(wù)器���、計算機(jī)���、基礎(chǔ)設(shè)施或數(shù)據(jù)受到災(zāi)難影響期間及之后可用且經(jīng)過測試。在適用情況下,計劃應(yīng)確保在規(guī)定的恢復(fù)時間目標(biāo)(RTO)內(nèi)恢復(fù)運(yùn)營連續(xù)性 ���。
15.8.Segmentation and firewalls. Networks should be segmented, and effective firewalls implemented to provide barriers between networks, and control incoming and outgoing network traffic. Firewall rules (e.g. based on IP addresses, destinations, protocols, applications, or ports) should be defined as strict as practically feasible, only allowing necessary and permissible traffic.15.8. 分段與防火墻:網(wǎng)絡(luò)應(yīng)進(jìn)行分段,并實(shí)施有效的防火墻���,以在網(wǎng)絡(luò)之間設(shè)置屏障并控制進(jìn)出的網(wǎng)絡(luò)流量���。防火墻規(guī)則(如基于 IP 地址���、目標(biāo)地址���、協(xié)議���、應(yīng)用程序或端口 )應(yīng)在實(shí)際可行的情況下盡可能嚴(yán)格定義,僅允許必要且合規(guī)的流量 ���。
15.9.Review of firewalls. Firewall rules should be periodically reviewed as the rules tend to be changed or become insufficient over time (e.g. as ports are opened but never closed, or as new cyber threats evolve). This review should ensure that firewalls continue to be set as tight as possible.15.9. 防火墻審核:由于防火墻規(guī)則會隨時間發(fā)生變化或變得不足(如端口被打開但從未關(guān)閉���,或新的網(wǎng)絡(luò)威脅出現(xiàn))���,應(yīng)定期審核防火墻規(guī)則。此類審核應(yīng)確保防火墻繼續(xù)設(shè)置為盡可能嚴(yán)格的狀態(tài)���。
15.10.Updated platforms. Operating systems and platforms for applications should be updated in a timely manner according to vendor recommendations, to prevent their use in an unsupported state.15.10. 平臺更新:應(yīng)用程序的操作系統(tǒng)和平臺應(yīng)根據(jù)供應(yīng)商建議及時更新,以避免在無支持的狀態(tài)下使用���。
15.11.Validation and migration. Validation of applications on updated operating systems and platforms and migration of data should be planned and completed in due time prior to the expiry of the vendor’s support.15.11. 驗(yàn)證與遷移:在供應(yīng)商支持到期前���,應(yīng)規(guī)劃并及時完成在更新后的操作系統(tǒng)和平臺上對應(yīng)用程序的驗(yàn)證及數(shù)據(jù)遷移。
15.12. Unsupported platforms. Applications on operating systems and platforms, which are no longer supported by vendors, and for which threats are no longer monitored and applicable security patches released, are highly vulnerable and should be isolated from computer networks and the internet.15.12. 無支持的平臺:運(yùn)行在供應(yīng)商不再支持的操作系統(tǒng)和平臺上的應(yīng)用程序,由于不再對其威脅進(jìn)行監(jiān)控且不再發(fā)布適用的安全補(bǔ)丁���,極易受到攻擊���,應(yīng)與計算機(jī)網(wǎng)絡(luò)和互聯(lián)網(wǎng)隔離���。
15.13. Timely patching. While operating systems and platforms are under support, vendors typically release security patches to counter identified vulnerabilities, some of which (critical vulnerabilities) could otherwise be exploited to give unauthorised individuals privileged access to systems and allow code execution (e.g. ransomware attacks). Hence, relevant security patches released by vendors of operating systems and platforms should be deployed in a timely manner according to vendor recommendations. For critical vulnerabilities, this might be immediately.15.13. 及時打補(bǔ)?��。涸诓僮飨到y(tǒng)和平臺受支持期間,供應(yīng)商通常會發(fā)布安全補(bǔ)丁以應(yīng)對已識別的漏洞���,其中一些(關(guān)鍵漏洞)若不處理可能會被利用���,使未經(jīng)授權(quán)的人員獲得系統(tǒng)的特權(quán)訪問并執(zhí)行代碼(如勒索軟件攻擊)���。因此���,操作系統(tǒng)和平臺供應(yīng)商發(fā)布的相關(guān)安全補(bǔ)丁應(yīng)根據(jù)供應(yīng)商建議及時部署���。對于關(guān)鍵漏洞���,可能需要立即部署���。
15.14. Unpatched platforms. Applications on operating systems and platforms, which are not security patched in a timely manner (critical patches) according to vendor recommendations are highly vulnerable and constitute a major risk for loss of data integrity. Where relevant, such systems should be isolated from computer networks and the internet.15.14. 未打補(bǔ)丁的平臺:未根據(jù)供應(yīng)商建議及時進(jìn)行安全補(bǔ)?��。P(guān)鍵補(bǔ)?��。└碌牟僮飨到y(tǒng)和平臺上的應(yīng)用程序極易受到攻擊���,且會對數(shù)據(jù)完整性構(gòu)成重大丟失風(fēng)險���。在相關(guān)情況下���,此類系統(tǒng)應(yīng)與計算機(jī)網(wǎng)絡(luò)和互聯(lián)網(wǎng)隔離���。
15.15.Strict control. The use of bidirectional devices (e.g. USB) in servers and computers used in GMP activities should be strictly controlled within the organisation.15.15. 嚴(yán)格控制:在藥品GMP活動所用的服務(wù)器和計算機(jī)中,雙向設(shè)備(如 USB)的使用應(yīng)在組織內(nèi)部嚴(yán)格管控���。
15.16. Effective scan. If bidirectional devices (e.g. USB) may have been used outside the organisation (e.g. privately), they may intentionally or unintentionally introduce malware and cause code execution. Hence, they should not be used unless they have been effectively scanned and found to be harmless, and not compromise system and data integrity.15.16. 有效掃描:若雙向設(shè)備(如 USB)可能在組織外部使用過(如個人使用 )���,它們可能有意或無意地引入惡意軟件并導(dǎo)致代碼執(zhí)行。因此���,除非已對其進(jìn)行有效掃描并確認(rèn)無害,且不會損害系統(tǒng)和數(shù)據(jù)完整性���,否則不應(yīng)使用這些設(shè)備���。
15.17. Deactivated ports. Ports for bidirectional devices (e.g. USB) in critical servers and computers should be deactivated by default, blocked or even removed, unless they are used for devices necessary to operate the system (e.g. keyboard or mouse).15.17. 停用端口:關(guān)鍵服務(wù)器和計算機(jī)中雙向設(shè)備(如 USB)的端口默認(rèn)應(yīng)停用���、屏蔽甚至移除���,除非這些端口用于操作系統(tǒng)必需的設(shè)備(如鍵盤或鼠標(biāo) )���。
15.18.Anti-virus software. Anti-virus software should be installed and activated on systems used in GMP activities, especially those interfacing the internet. The anti-virus software should be continuously updated with the most recent virus definitions to identify, quarantine, and remove known computer viruses. The effectiveness of the process should be monitored.15.18. 防病毒軟件:應(yīng)在 GMP 活動所用的系統(tǒng)上安裝并激活防病毒軟件���,尤其是那些與互聯(lián)網(wǎng)連接的系統(tǒng)。防病毒軟件應(yīng)使用最新的病毒定義持續(xù)更新���,以識別���、隔離和清除已知計算機(jī)病毒。應(yīng)監(jiān)控該流程的有效性���。
15.19.Penetration testing. For critical systems facing the internet, penetration testing (ethical hacking) should be performed at regular intervals to evaluate the adequacy of security measures taken, and to identify vulnerabilities in system security. This should include the potential for unauthorised parties to gain access to and control the system and its data. The effectiveness of the process should be verified and monitored. Vulnerabilities identified, especially those related to a potential loss of data integrity, should be addressed and mitigated in a timely manner.15.19. 滲透測試:對于面向互聯(lián)網(wǎng)的關(guān)鍵系統(tǒng)���,應(yīng)定期進(jìn)行滲透測試(道德黑客測試)���,以評估所采取安全措施的充分性���,并識別系統(tǒng)安全中的漏洞���。這應(yīng)包括未經(jīng)授權(quán)方獲得系統(tǒng)及其數(shù)據(jù)的訪問和控制權(quán)限的可能性���。應(yīng)驗(yàn)證并監(jiān)控該流程的有效性。識別出的漏洞���,尤其是與數(shù)據(jù)完整性潛在丟失相關(guān)的漏洞,應(yīng)及時處理和緩解。
15.20.Encryption. When remotely connecting to systems over the internet, a secure and encrypted protocol should be used.15.20. 加密:通過互聯(lián)網(wǎng)遠(yuǎn)程連接到系統(tǒng)時���,應(yīng)使用安全且加密的協(xié)議���。
16. Backup16. 備份
16.1. Regular backup. Data and metadata should be regularly backed up following established Page 15 of 19 procedures to prevent the loss of data in case of accidental or deliberate change or deletion, loss as the result of a malfunction or corruption, e.g. as the result of a cyber-attack.16.1. 定期備份:應(yīng)按照既定程序定期備份數(shù)據(jù)和元數(shù)據(jù)���,以防止在意外或故意更改���、刪除���,或因故障���、損壞(如網(wǎng)絡(luò)攻擊導(dǎo)致的情況)而丟失數(shù)據(jù)時出現(xiàn)數(shù)據(jù)丟失。
16.2. Frequency and retention. The frequency, retention period and storage of backups is critically important to the effectiveness of the process to mitigate the loss of data. Backups should be made at suitable intervals (e.g. hourly, daily, weekly and monthly) and their retention determined through a risk-based approach (e.g. correspondingly a week, a month, a quarter, and years).16.2. 頻率與保留期限:備份的頻率���、保留期限和存儲方式對于減輕數(shù)據(jù)丟失影響的流程有效性至關(guān)重要。應(yīng)按合適的間隔(如每小時���、每天、每周���、每月)進(jìn)行備份���,并通過基于風(fēng)險的方法確定其保留期限(如相應(yīng)地為一周���、一個月���、一個季度���、數(shù)年)���。
16.3.Physical separation. Backups should be physically separated from the server or computer holding the original data and stored at a safe distance from this, to prevent that both would be impacted by the same incident.16.3. 物理隔離:備份應(yīng)與存儲原始數(shù)據(jù)的服務(wù)器或計算機(jī)進(jìn)行物理隔離���,并存儲在與其有安全距離的位置���,以防止兩者因同一事件受到影響。
16.4.Logical separation. Backups should not be stored at the same logical network as the original data to avoid simultaneous destruction or alteration.16.4. 邏輯隔離:備份不應(yīng)與原始數(shù)據(jù)存儲在同一邏輯網(wǎng)絡(luò)中���,以避免同時遭到破壞或篡改���。
16.5. Scope. Depending on the criticality and urgency for recovery after an incident, applications and system configurations may also need to be backed up.16.5. 范圍:根據(jù)事件發(fā)生后恢復(fù)的關(guān)鍵性和緊迫性���,應(yīng)用程序和系統(tǒng)配置可能也需要進(jìn)行備份���。
16.6. Restore test. Restore of data from backup should be tested and documented based on risk during system validation and after changes are made to the backup or restore processes and tools. Restore tests should be documented and include a verification that data is accessible on the system.16.6. 恢復(fù)測試:從備份中恢復(fù)數(shù)據(jù)的操作應(yīng)基于風(fēng)險進(jìn)行測試并形成文件記錄���,測試應(yīng)在系統(tǒng)驗(yàn)證期間以及備份或恢復(fù)流程���、工具發(fā)生變更后開展���?��;謴?fù)測試應(yīng)形成文件記錄���,且應(yīng)包含對系統(tǒng)上數(shù)據(jù)可訪問性的驗(yàn)證���。
17. Archiving17. 歸檔
17.1. Read only. After completion of a process, e.g. release of a product, GMP data and metadata (incl. audit trails) should be protected from deletion and changes throughout the retention period. This may be by changing its status to read-only in the system where the data was generated or captured, or by moving it to a dedicated archival system via a validated interface.17.1. 只讀:在流程完成后(如產(chǎn)品放行)���,藥品GMP數(shù)據(jù)和元數(shù)據(jù)(包括審計追蹤 )在整個保留期內(nèi)應(yīng)受到保護(hù)���,防止被刪除和更改?��?赏ㄟ^在生成或捕獲數(shù)據(jù)的系統(tǒng)中將其狀態(tài)改為只讀���,或通過經(jīng)驗(yàn)證的接口將其移至專用歸檔系統(tǒng)來實(shí)現(xiàn)。
17.2. Verification. When moving GMP data and metadata from one location to another in a system, or to a dedicated archival system, the integrity of the data should be verified by a high degree of certainty before any data is deleted, e.g. by means of a checksum. Where this is not possible, the completeness and integrity of the data should be verified manually. However, this verification does not alter the need for a validation of the archival and retrieval process, and of the systems and interfaces involved.17.2. 驗(yàn)證:當(dāng)在系統(tǒng)內(nèi)將 GMP 數(shù)據(jù)和元數(shù)據(jù)從一個位置移至另一個位置���,或移至專用歸檔系統(tǒng)時���,應(yīng)在刪除任何系統(tǒng)之前���,通過高度可靠的方式(如借助校驗(yàn)和 )驗(yàn)證數(shù)據(jù)的完整性。若無法采用這種方式���,應(yīng)手動驗(yàn)證數(shù)據(jù)的完整性和完備性。不過���,這種驗(yàn)證并不免除對歸檔和檢索流程以及所涉及系統(tǒng)和接口進(jìn)行驗(yàn)證的需求。
17.3. Backup. If data is archived on a server (disk), it should be regularly backed up following the same procedures as for live data (see 16 Backup). As for other backups, these should be physically and logically separated from the archived data.17.3. 備份:若數(shù)據(jù)歸檔在服務(wù)器(磁盤)上���,應(yīng)按照與實(shí)時數(shù)據(jù)相同的程序定期進(jìn)行備份(見 16 備份 )。與其他備份一樣���,這些備份應(yīng)在物理和邏輯上與歸檔數(shù)據(jù)隔離。
17.4.Durability. If data is archived long-term on volatile storage media with limited durability (e.g. CD), this should follow a validated process. It should ensure that data is stored only for a verified duration according to vendor recommendations, and if necessary, transferred to new media in secure manner (see 16 Backup).17.4. 耐久性:若數(shù)據(jù)長期歸檔在耐久性有限的易失性存儲介質(zhì)(如 CD )上���,應(yīng)遵循經(jīng)驗(yàn)證的流程。應(yīng)確保根據(jù)供應(yīng)商建議僅在經(jīng)過驗(yàn)證的期限內(nèi)存儲數(shù)據(jù)���,且如有必要���,以安全的方式轉(zhuǎn)移到新介質(zhì)上(見 16 備份 )���。
17.5. Retrieval. It should be possible to retrieve archived data and metadata in a format which allows searching and sorting of the data, or alternatively, to allow export of the data to a Page 16 of 19 tool where this is possible.17.5. 檢索:應(yīng)能夠以允許對數(shù)據(jù)進(jìn)行搜索和排序的格式檢索歸檔數(shù)據(jù)和元數(shù)據(jù)���,或者可將數(shù)據(jù)導(dǎo)出到具備該功能的工具中���。
Glossary術(shù)語
ALCOA+An acronym for “attributable, legible, contemporaneous, original and accurate”, which puts additional emphasis on the attributes of being complete, consistent, enduring and available – implicit basic ALCOA principles.ALCOA+是“可歸屬���、清晰���、及時、原始���、準(zhǔn)確(attributable, legible, contemporaneous, original and accurate)” 的首字母縮寫,額外強(qiáng)調(diào)了完整���、一致���、持久、可用這些屬性 —— 是基本 ALCOA 原則的延伸內(nèi)涵 ���。
Application應(yīng)用程序
Software installed on a defined platform/hardware providing specific functionality.用程序安裝在特定平臺 / 硬件上���、具備特定功能的軟件 ���。
Audit trail審計追蹤
In computerised systems, an audit trail is a secure, computer generated, time-stamped electronic record that allows reconstruction of the events relating to the creation, modification, or deletion of an electronic record.
在計算機(jī)化系統(tǒng)中���,審計追蹤是安全的���、由計算機(jī)生成并帶有時間戳的電子記錄,可用于還原與電子記錄的創(chuàng)建���、修改或刪除相關(guān)的事件過程���。
Backup備份
Provisions made for the recovery of data files or software, for the restart of processing, or for the use of alternative computer equipment after a system failure or disaster.為在系統(tǒng)故障或?yàn)?zāi)難發(fā)生后恢復(fù)數(shù)據(jù)文件、軟件���、重啟處理流程或使用備用計算機(jī)設(shè)備而做的準(zhǔn)備工作。
Change control變更控制
Ongoing evaluation and documentation of system operations and changes to determine whether the actual changes might affect a validated status of the computerised system. The intent is to determine the need for action that would ensure that the system is maintained in a validated state.對系統(tǒng)操作和變更進(jìn)行持續(xù)評估并記錄���,以確定實(shí)際變更是否可能影響計算機(jī)化系統(tǒng)的驗(yàn)證狀態(tài)。目的是確定是否需要采取行動���,確保系統(tǒng)維持在驗(yàn)證狀態(tài)。
Commercial off-the-shelf現(xiàn)成商用(產(chǎn)品)
Software or hardware is a commercial off-the-shelf (COTS) product if provided by a vendor to the general public, if available in multiple and identical copies, and if implemented by the test facility management without or with some customization.若軟件或硬件由供應(yīng)商提供給普通大眾���、有多個相同副本可用���,且由測試機(jī)構(gòu)管理方在無需定制或進(jìn)行一定定制的情況下實(shí)施���,則屬于現(xiàn)成商用(COTS)產(chǎn)品 ���。
Computerised System計算機(jī)化系統(tǒng)
A computerised system is a function (process or operation) integrated with a computer system and performed by trained personnel. The function is controlled by the computer system. The controlling computer system is comprised of hardware and software. The controlled function is comprised of equipment to be controlled and operating procedures performed by personnel.計算機(jī)化系統(tǒng)是與計算機(jī)系統(tǒng)集成���、由經(jīng)過培訓(xùn)的人員執(zhí)行的功能(流程或操作)���。該功能由計算機(jī)系統(tǒng)控制���?��?刂朴糜嬎銠C(jī)系統(tǒng)由硬件和軟件組成。被控制功能由待控制的設(shè)備和人員執(zhí)行的操作程序組成���。
Configuration配置
A configuration is an arrangement of functional units and pertains to the choice of hardware, software and documentation. It affects function and performance of the system.配置是功能單元的一種安排,涉及硬件���、軟件和文件的選擇。它會影響系統(tǒng)的功能和性能���。
Customisation定制
A computerised system individually designed to suit a specific business process.為適應(yīng)特定業(yè)務(wù)流程而單獨(dú)設(shè)計的計算機(jī)化系統(tǒng)。
Electronic record電子記錄
Any combination of text, graphics, data, audio, pictorial, or other information representation in digital form that is created, modified, maintained, archived, retrieved, or distributed by a computer system.由計算機(jī)系統(tǒng)創(chuàng)建���、修改、維護(hù)���、歸檔���、檢索或分發(fā)的���,以數(shù)字形式呈現(xiàn)的文本、圖形���、數(shù)據(jù)、音頻���、圖片或其他信息表示的任意組合���。
Infrastructure基礎(chǔ)設(shè)施
The hardware and software such as networking software and operation systems, which makes it possible for the application to function.使應(yīng)用程序能夠運(yùn)行的硬件和軟件���,如網(wǎng)絡(luò)軟件和操作系統(tǒng)���。
Migration遷移
Data migration is the activity of e.g. transporting electronic data from one computer system to another, transferring data between storage media or simply the transition of data from one state to another [e.g. conversion of data to a different format]. The term “data” refers to “raw data” as well as “metadata”.數(shù)據(jù)遷移是指諸如將電子數(shù)據(jù)從一個計算機(jī)系統(tǒng)傳輸?shù)搅硪粋€系統(tǒng)���、在存儲介質(zhì)之間傳輸數(shù)據(jù)���,或簡單地將數(shù)據(jù)從一種狀態(tài)轉(zhuǎn)換為另一種狀態(tài)(如將數(shù)據(jù)轉(zhuǎn)換為不同格式)的活動���。“數(shù)據(jù)” 一詞既指 “原始數(shù)據(jù)”���,也指 “元數(shù)據(jù)”。
Multifactor authentication (MFA)多因素認(rèn)證(MFA)
A combination of two of the three factors: something you know (e.g. a password), something you have (e.g. a phone or smartcard) or something you are (biometrics).以下三種因素中兩種的組合:你知道的東西(如密碼)���、你擁有的東西(如手機(jī)或智能卡)或你的生物特征(生物識別)。
Operating system操作系統(tǒng)
A program or collection of programs, routines and sub-routines that controls the operation of a computer. An operating system may provide services such as resource allocation, scheduling, input/output control, and data management.控制計算機(jī)操作的一個程序或一組程序���、例程和子例程。操作系統(tǒng)可提供資源分配���、調(diào)度、輸入 / 輸出控制和數(shù)據(jù)管理等服務(wù)���。
Qualification確認(rèn)
Action of verifying that the system (including hardware and software) is effectively designed, installed, commissioned, and operates correctly. Refer to Computer system Validation驗(yàn)證系統(tǒng)(包括硬件和軟件)經(jīng)過有效設(shè)計���、安裝���、調(diào)試且能正確運(yùn)行的活動。參考計算機(jī)系統(tǒng)驗(yàn)證���。
Regulated user受監(jiān)管用戶
A company regulated under GMP.受GMP監(jiān)管的公司。
Specification規(guī)范
A document that specifies, in a complete, precise, verifiable manner, the requirements, design, behaviour, or other characteristics of a system or component, and often, the procedures for determining whether these provisions have been satisfied.以完整、精確���、可驗(yàn)證的方式規(guī)定系統(tǒng)或組件的要求���、設(shè)計���、行為或其他特征的文件,通常還規(guī)定確定這些規(guī)定是否得到滿足的程序���。
Test case測試用例
A set of test inputs, execution conditions, and expected results developed for a particular objective, such as to exercise a particular program path or to verify compliance with a specific requirement.為特定目標(biāo)(如執(zhí)行特定程序路徑或驗(yàn)證是否符合特定要求)而編制的一組測試輸入���、執(zhí)行條件和預(yù)期結(jié)果���。
User用戶
An individual user at a company regulated under GMP.受GMP監(jiān)管的公司中的具體用戶���。
User requirement specifications (URS)用戶需求規(guī)范(URS)
User requirement specifications define in writing what the user expects the computerised system to be able to do.用戶需求規(guī)范以書面形式規(guī)定用戶期望計算機(jī)化系統(tǒng)具備的功能���。
Validation驗(yàn)證
Action of proving that a process leads to the expected results. Validation of a computerised system requires ensuring and demonstrating the fitness for its purpose.證明一個流程能產(chǎn)生預(yù)期結(jié)果的活動���。計算機(jī)化系統(tǒng)的驗(yàn)證需要確保并證明其適合預(yù)定用途���。
Verification確認(rèn)
Confirmation, through the provision of objective evidence that specified requirements have been fulfilled.通過提供客觀證據(jù)���,證實(shí)規(guī)定要求已得到滿足的活動���。
京公網(wǎng)安備11010802046783號