近日���,APIC發(fā)布了《數(shù)據(jù)完整性-常見問題解答(FAQ)》(2025年10月)�����,文件現(xiàn)已翻譯,分享給大家~
文件提及記錄表格和模板在使用前才從電子系統(tǒng)中打?����。ɡ纾嘤柡灥奖?、檢查表���、內(nèi)部檢查表等)���,是否需要對這些模板和表格進行受控發(fā)放�,并對打印活動進行系統(tǒng)性審計追蹤審查�����?表示:應明確記錄表格的重要性等級���,且控制措施需以重要性等級為依據(jù)�。可實施不同等級的控制措施以防范數(shù)據(jù)篡改�����。對于重要的記錄表格,提升數(shù)據(jù)完整性保障的措施包括:對這些文件的發(fā)放進行控制(包括打印權限控制���、重新打印的原因說明、原始副本認證�,如蓋章或簽字)�����、分發(fā)控制���、裝訂成冊�、雙人審核�、通過審計追蹤審查進行核對等���。無需對所有記錄表格均實施上述全部控制措施�,目的是將主要精力投入到最重要的表格上���。對于重要性較低的空白表格(如培訓簽到表)�����,僅需實施打印控制即可�����;對于檢查表�����,則需根據(jù)所收集數(shù)據(jù)的重要性等級設計相應的控制策略。
記錄表格的重要性等級可根據(jù)其將記錄數(shù)據(jù)的重要性來定義(例如�����,表格用于生產(chǎn)和放行活動���,還是用于支持性流程)�,也可根據(jù)數(shù)據(jù)篡改發(fā)生的可能性來定義(例如�����,在不同部門和人員間共享或由獨立部門打印的表格,比由同一部門���、少數(shù)人打印并使用的表格更不易被篡改);表格所采集數(shù)據(jù)的冗余程度(例如�,采集的是原始數(shù)據(jù)�,還是對其他地方已記錄數(shù)據(jù)的匯總或引用)也可納入表格重要性等級評估�。
關于混合簽名�,文件指出�,最佳做法是文檔要么完全使用手寫簽名,要么完全使用數(shù)字簽名�����。若沒有其他選擇�����,混合簽名應僅作為特例使用�。在這種情況下�����,必須先簽署手寫簽名�����,之后再為文檔準備數(shù)字簽名�����。這樣才能保留數(shù)字簽名 / 電子簽名的元數(shù)據(jù)�。經(jīng)完整簽署的電子文檔為正式的 GXP 文檔(打印件不包含元數(shù)據(jù)�����,無法對數(shù)字簽名 / 電子簽名進行驗證)�����。手寫簽名原件或其真實副本與電子簽名副本必須作為關聯(lián)文檔���,保存在安全且經(jīng)驗證符合預期用途的環(huán)境中,且符合公司的記錄管理政策�。
文件提及是否可以使用簽名的掃描圖像用作GXP(簽名)使用?(內(nèi)部使用)���,表示:只有在簽名掃描圖像是原始簽名的經(jīng)認證的真實副本�����,并且符合當?shù)胤珊捅O(jiān)管要求時才可接受�����。濕簽名或其真實副本必須在記錄保存期限內(nèi)可檢索���、可復制且未被篡改�����。
文件提及當對方(其他公司)發(fā)來需要我也簽名的文件掃描版���,如何保證合規(guī),表示:如果發(fā)送掃描文件的一方已建立真實副本流程�,并且掃描文件已認證并證明為真實副本,則可以使用該文件���。發(fā)送文件的一方應有符合所期望的文件保存政策���。
文件提及是否允許在互聯(lián)網(wǎng)瀏覽器中存儲GXP應用程序的密碼���?表示:不允許,理想情況下�,此功能應在所有用于GXP應用程序的瀏覽器中禁用。
文件提及是否可以為第三方支持人員(例如���,實驗室技術人員�����,在線支持SAP)使用通用賬戶�����? 表示:不可以。賬戶應可追溯至執(zhí)行操作的個人�,并且應有流程和系統(tǒng)來管理此操作�。
文件提及如何保護關鍵紙質(zhì)記錄�����?是否需要掃描所有記錄,還是物理保護(防火柜���,紙質(zhì)記錄檔案的位置)就足夠了?表示:記錄應得到保護�����,并在適當?shù)谋4嫫谙迌?nèi)可檢索�。在文件存儲在安全和受保護的環(huán)境中時�����,無需掃描�。
文件提及掃描記錄是否可以替換物理紙質(zhì)歸檔�?掃碼之后可以銷毀紙質(zhì)記錄嗎���?表示:如果數(shù)字副本是真實副本�����,則可以這樣做�,但需要符合當?shù)胤珊捅O(jiān)管要求,以決定是否可以銷毀紙質(zhì)記錄。
文件提及如果硬件和/或軟件包不再支持(Windows更新���,應用程序軟件)���,是否可以打印出電子數(shù)據(jù)�����,還是需要保持“舊”系統(tǒng)運行?(如果軟硬件出現(xiàn)錯誤���,可能無法再查看電子數(shù)據(jù))表示:只有在打印出的副本是包含所有原始數(shù)據(jù)和元數(shù)據(jù)的真實副本時�,才允許打印(不維持舊系統(tǒng))���。在實踐中���,這非常困難���。首選選項是將這些數(shù)據(jù)遷移到適當?shù)南到y(tǒng)。另一個選項是創(chuàng)建一個虛擬環(huán)境���,在其中可以通過經(jīng)驗證的狀態(tài)運行舊系統(tǒng)���,并可以檢索所有數(shù)據(jù)���。
文件提及是否允許在實驗室或生產(chǎn)環(huán)境中使用個人筆記?表示:不允許。執(zhí)行GXP環(huán)境中活動所需的所有信息都應描述在受控程序和工作規(guī)程中�����。支持GXP批次的任何數(shù)據(jù)都必須受控�����、維護和審核�。
Digital and electronic signatures:
數(shù)字簽名和電子簽名:
Q1: What is the difference between a digital and an e-signature?
問 1:數(shù)字簽名和電子簽名有什么區(qū)別?
A: A digital signature is attached to an electronic file and not maintained within an electronic system and stays with the data and moves with the data. The signature can be verified by the recipient. An e-signature is executed and maintained within a validated electronic system and stays in the electronic system. The e-signature can only be verified in the source system.
答:數(shù)字簽名附加在電子文件上���,不在電子系統(tǒng)內(nèi)維護,隨數(shù)據(jù)移動�,接收者可以驗證。電子簽名在經(jīng)過驗證的電子系統(tǒng)內(nèi)執(zhí)行和維護�,只能在源系統(tǒng)中驗證。
Q2: What is the best practice to handle hybrid signature? (Hybrid signature is mixing handwritten or ‘wet’ signatures and digital signatures/e-signature on the same document)
問 2:處理混合簽名的最佳做法是什么�����?(混合簽名指在同一文檔上同時使用手寫簽名(或 “濕簽名”)與數(shù)字簽名 / 電子簽名)
A: It is the preference to sign off documents fully wet or fully digital. Hybrid signature should be more exceptional if there are no other options. In that case the handwritten signature (s) must be applied first and afterwards the document can be prepared for digital signature (s). In that way the metadata for the digital signature (s)/e-signature (s) can be maintained. The fully signed electronic document is the official GXP document. (a printout doesn’t contain the metadata and verification of digital signatures/e-signatures can’t be done) The wet or a true copy of the wet signature and e-signed copy must be kept as a linked document in a secure, validated for intended use, environment, in line with the company’s record management policy.
答:最佳做法是文檔要么完全使用手寫簽名���,要么完全使用數(shù)字簽名�����。若沒有其他選擇�,混合簽名應僅作為特例使用。在這種情況下�����,必須先簽署手寫簽名�����,之后再為文檔準備數(shù)字簽名�����。這樣才能保留數(shù)字簽名 / 電子簽名的元數(shù)據(jù)�。經(jīng)完整簽署的電子文檔為正式的 GXP 文檔(打印件不包含元數(shù)據(jù)�����,無法對數(shù)字簽名 / 電子簽名進行驗證)�����。手寫簽名原件或其真實副本與電子簽名副本必須作為關聯(lián)文檔�,保存在安全且經(jīng)驗證符合預期用途的環(huán)境中,且符合公司的記錄管理政策�。
Q3: Is it acceptable to use a scanned image of a wet signed document as GXP? (internal use)
問 3:可以將手寫簽名文檔的掃描圖像用作 GXP 文檔嗎?(內(nèi)部使用)
A: It is only acceptable if the scanned image is a verified true copy of the original wet signed record and allowed by your local, legal and regulatory requirements. The wet or a true copy of the wet signature must be retrievable, reproducible and unaltered for the retention period of the record.
答:只有當掃描圖像是經(jīng)核實的手寫簽名原始記錄的真實副本�����,且符合當?shù)胤煞ㄒ?guī)要求時,才可以接受�。在記錄的保存期限內(nèi),手寫簽名原件或其真實副本必須可檢索���、可重現(xiàn)且未被篡改�����。
Q4: How do I need to handle a document with a scanned image of a wet signed document that I also need to sign? (external use, e.g. with third parties, working on different locations)
問 4:對于包含手寫簽名文檔掃描圖像且自己也需要簽署的文檔�����,應如何處理���?(外部使用,例如與第三方合作�、在不同地點工作時)
A: This document can be used if the party who’s sending this scanned document has an established true copy process in place and the scanned document is already verified and attested as a true copy. The sender should have and an established document retention policy in line with your expectations.
答:如果發(fā)送該掃描文檔的一方已建立真實副本流程,且該掃描文檔已被驗證并證明為真實副本���,則可以使用該文檔�。發(fā)送方應制定符合你方預期的文檔保留政策。
Q5: How do we handle digitally signed documents in an electronic document management system? (e.g. loading an Adobe digitally signed document into your document management systems without loosing the digital signature certificate)
問 5:在電子文檔管理系統(tǒng)中如何處理數(shù)字簽名文檔�����?(例如�,將 Adobe 數(shù)字簽名文檔加載到文檔管理系統(tǒng)中且不丟失數(shù)字簽名證書)
A: The document management system should be validated for this intended use, verifying that the digital signature is maintained in the system and that it is possible to retrieve it when necessary. This process should be defined and documented. If it is not possible to maintain this digital signature in the system, the digitally signed document should be stored in a secure validated environment.
答:文檔管理系統(tǒng)應針對此預期用途進行驗證,以確認數(shù)字簽名在系統(tǒng)中得到保留���,且在需要時可檢索�����。此流程應予以定義并形成文件。如果無法在系統(tǒng)中保留該數(shù)字簽名�����,則數(shù)字簽名文檔應存儲在安全且經(jīng)過驗證的環(huán)境中���。
Password management:
密碼管理:
Q1: When I logged into a system, do I need to re-authenticate myself for every data entry?
問 1:當我登錄系統(tǒng)后�����,每次輸入數(shù)據(jù)時都需要重新驗證身份嗎�?
A: No, it depends upon the criticality of the data/action. This criticality should be based upon process mapping and a risk assessment as explained in the guide. Criticality of the data and/or responsibility associated with the action should be taken into account when evaluating electronic signature requirements.
答:不需要,這取決于數(shù)據(jù) / 操作的重要性�����。此重要性應基于流程映射和指南中所述的風險評估�����。在評估電子簽名要求時�,應考慮數(shù)據(jù)的重要性和 / 或與該操作相關的責任。
Q2: What are the requirements for e-signature components?
問 2:電子簽名組成部分的要求是什么�����?
A: This practice is described in 21CFR11, chapter 11.200 ‘e-signature and components’:(i) When an individual executes a series of signings during a single, continuous period of controlled system access, the first signing shall be executed using all electronic signature components (= user ID and password or biometrics); subsequent signings shall be executed using at least one electronic signature component that is only executable by, and designed to be used only by, the individual.(ii) When an individual executes one or more signings not performed during a single, continuous period of controlled system access, each signing shall be executed using all of the electronic signature components
答:該操作在《聯(lián)邦法規(guī)匯編》第 21 篇第 11 部分(21CFR11)第 11.200 章 “電子簽名及組成部分” 中有規(guī)定:(i)當個人在一次連續(xù)的受控系統(tǒng)訪問期間執(zhí)行一系列簽名操作時�����,首次簽名應使用所有電子簽名組成部分(即用戶 ID 和密碼或生物識別信息)�����;后續(xù)簽名應使用至少一個僅可由該個人執(zhí)行且設計為僅供該個人使用的電子簽名組成部分�。(ii)當個人執(zhí)行的一次或多次簽名操作不是在一次連續(xù)的受控系統(tǒng)訪問期間進行時,每次簽名都應使用所有電子簽名組成部分�。
Q3: Is the storage of passwords in the internet browser allowed for GXP applications?
問 3:對于 GXP 應用程序���,允許在互聯(lián)網(wǎng)瀏覽器中存儲密碼嗎?
A: No, ideally this feature should be deactivated in all browsers used for GXP applications.
答:不允許���,理想情況下���,所有用于 GXP 應用程序的瀏覽器都應禁用此功能。
Access management:
訪問管理:
Q1: Can I use generic accounts for 3rd party support employees? (e.g. lab technicians, on-line support SAP)
問 1:可以為第三方支持人員使用通用賬戶嗎���?(例如���,實驗室技術人員、SAP 在線支持人員)
A: No. The account should be attributable to the person executing the actions and there should be processes and systems in place to manage this.
答:不可以���。賬戶應可追溯到執(zhí)行操作的個人,且應有相應的流程和系統(tǒng)來管理此事���。
Q2: Can we extend the time of a user session before this is automatically locked for inactivity because of a HSE (health-safety-environment) concern? (e.g people need to interact in case of emergency in a DCS-distributed control system in production)
問 2:出于健康�、安全與環(huán)境(HSE)方面的考慮�����,能否延長用戶會話因閑置而自動鎖定的時間?(例如�����,在生產(chǎn)中的分布式控制系統(tǒng)(DCS)出現(xiàn)緊急情況時�,人員需要進行操作)
A: The inactive time of a user session should be managed by the user locking their computer station when they move away for an extend period of time to prevent unauthorised actions been taken by other persons. The automatic lock is a security measure. A reasonable amount of time should be supported by a risk assessment.This type of HSE concern should be managed independently of the GXP system with an emergency stop button as an example. If this is approach is not feasible, the computerized system should be designed as such that a fast intervention is possible. It is best practice for a system like a DCS to be configured in such a way that the screen does not completely goes into operating system lock and actions can be taken by clicking on the valve or object and entering a password to confirm the action.
答:當用戶需要長時間離開時,應通過手動鎖定電腦來管理用戶會話的閑置時間�,以防止他人進行未授權操作。自動鎖定是一項安全措施�。合理的自動鎖定時間應基于風險評估確定。此類 HSE 相關問題應獨立于 GXP 系統(tǒng)進行管理���,例如可設置緊急停止按鈕�����。如果這種方法不可行���,則計算機化系統(tǒng)應設計為允許快速干預。對于像 DCS 這樣的系統(tǒng)���,最佳做法是進行如下配置:屏幕不會完全進入操作系統(tǒng)鎖定狀態(tài)���,通過點擊閥門或相關對象并輸入密碼確認操作���,即可執(zhí)行相應動作。
Record life cycle management:
記錄生命周期管理:
Q1: How to protect critical paper records? Is it necessary to scan all records or is physical protection (fire protected cabinets, location of the paper record archive (s)) sufficient?
問 1:如何保護重要紙質(zhì)記錄���?是否需要掃描所有記錄���,還是物理防護(防火柜、紙質(zhì)記錄檔案存放位置)就足夠了���?
A: Records should be protected and retrievable for the appropriate retention period. There is no need to scan under the condition that the documents are stored in a safe and secure environment.
答:記錄應在規(guī)定的保存期限內(nèi)得到保護且可檢索���。若文檔存放在安全可靠的環(huán)境中,則無需進行掃描�����。
Q2: Is it allowed to replace a physical paper archive if your scan your records? Can the paper records be destroyed afterwards?
問 2:若對記錄進行掃描�,是否可以用掃描件替代紙質(zhì)檔案�����?之后能否銷毀紙質(zhì)記錄�����?
A: In practice this is possible if the digital copy is a true copy, however you need to comply with local legal and regulatory requirements to decide if you can destroy the paper records or not.
答:實際上,若數(shù)字副本為真實副本���,則可用其替代紙質(zhì)檔案�,但需遵守當?shù)胤煞ㄒ?guī)要求���,以確定是否可銷毀紙質(zhì)記錄�����。
Q3: If hardware and/or software packages are not supported anymore (Windows updates, application software), is it possible to print out the electronic data or do you need to keep the ‘old’ systems up and running? (with the risk that you’re not able to see the electronic data anymore in case of soft and hardware errors)
問 3:若硬件和 / 或軟件不再受支持(如 Windows 系統(tǒng)更新�、應用程序停止支持)�,是否可以將電子數(shù)據(jù)打印出來,還是需要維持 “舊” 系統(tǒng)正常運行�����?(存在軟硬件故障后無法查看電子數(shù)據(jù)的風險)
A: A print-out is only allowed if it is a true copy with all raw data and meta-data. In practice this is very difficult. The first option is to migrate those data to an appropriate system. Another option is to create a virtual environment where you can run the legacy system in a validated state and where all data can be retrieved.
答:僅當打印件包含所有原始數(shù)據(jù)和元數(shù)據(jù)且為真實副本時���,才允許打印�。實際上�����,這一點很難實現(xiàn)。首選方案是將這些數(shù)據(jù)遷移到合適的系統(tǒng)中�。另一種方案是創(chuàng)建虛擬環(huán)境,在經(jīng)驗證的狀態(tài)下運行舊系統(tǒng)�����,確保所有數(shù)據(jù)均可檢索���。
Q4: If approved forms and templates that are part of a procedure are printed out of an electronic system just before use (e.g. training attendees sheets, checklists, housekeeping checklists, …), is it necessary to have controlled issuance of those templates and forms, and to have a systematic audit trail review of those printing activities?
問 4:若作為流程組成部分的已批準記錄表格和模板在使用前才從電子系統(tǒng)中打?��。ɡ纾嘤柡灥奖?、檢查表、內(nèi)部檢查表等)���,是否需要對這些模板和表格進行受控發(fā)放�,并對打印活動進行系統(tǒng)性審計追蹤審查�����?
A: The term “FORM” should be used to refer to the controlled copies (blank forms) obtained from approved TEMPLATES stored as paper or through and electronic system.
答:“記錄表格“FORM”一詞應用于指代從批準的模板(以紙質(zhì)或電子系統(tǒng)存儲)中獲取的受控副本(空白表格)�����。
If the form is printed and data is collected on paper, various provisions are to be taken to assure proper adherence to ALCOA+ principles; paper may not fully effective to prevent falsification. When the data are collected with electronic means, the controls has to be provided by the electronic system itself.
若記錄表格經(jīng)打印后以紙質(zhì)形式收集數(shù)據(jù)���,需采取各類措施確保嚴格遵守 ALCOA + 原則(數(shù)據(jù)完整性原則�,涵蓋可歸因性�����、清晰性���、同時性�����、原始性���、準確性及額外的完整性、一致性���、持久性�����、可用性)�����;紙質(zhì)形式可能無法完全有效防止數(shù)據(jù)篡改���。若以電子方式收集數(shù)據(jù)�,則需由電子系統(tǒng)本身提供相應控制措施���。
The criticality of forms should be defined, and controls should be based on criticality
應明確記錄表格的重要性等級���,且控制措施需以重要性等級為依據(jù)。
A. Different levels of controls can be put in place to discourage falsification. For critical forms means to increase data integrity assurance include control the issuance of those documents, including controlled access for printing, reasoning for reprint, authentication of the original copy (e.g with stamps or signatures), control of distribution, binding in logbooks, second person review, reconciliation also through the audit trail review.
A. 可實施不同等級的控制措施以防范數(shù)據(jù)篡改���。對于重要的記錄表格���,提升數(shù)據(jù)完整性保障的措施包括:對這些文件的發(fā)放進行控制(包括打印權限控制、重新打印的原因說明�、原始副本認證,如蓋章或簽字)�、分發(fā)控制、裝訂成冊、雙人審核���、通過審計追蹤審查進行核對等。
Not all the above controls have to be put in place for all forms, in order to put the highest effort on most critical forms.
無需對所有記錄表格均實施上述全部控制措施���,目的是將主要精力投入到最重要的表格上�。
B. The criticality of forms can be defined based on the criticality of data they will record (i.e if they are used for production and release activities or for supporting processes), but also based on the probability that a falsification takes place (e.g. a printed form that is shared between different departments and personnel or printed by an independent department is less prone to falsification than a form that is printed and used by the same department and by a limited number of people); the level of redundancy of the data that the form will capture (i.e. if it captures primary raw data or it summarizes or refer to data recorded also elsewhere) can also be considered in the form criticality assessment.
B. 記錄表格的重要性等級可根據(jù)其將記錄數(shù)據(jù)的重要性來定義(例如�,表格用于生產(chǎn)和放行活動,還是用于支持性流程)�,也可根據(jù)數(shù)據(jù)篡改發(fā)生的可能性來定義(例如,在不同部門和人員間共享或由獨立部門打印的表格���,比由同一部門�����、少數(shù)人打印并使用的表格更不易被篡改)�����;表格所采集數(shù)據(jù)的冗余程度(例如�����,采集的是原始數(shù)據(jù)�����,還是對其他地方已記錄數(shù)據(jù)的匯總或引用)也可納入表格重要性等級評估�。
As per the example in the question, for the lower criticality blank forms (e.g. training attendees sheets), controlled printing only can be applied; for checklists, the control strategy should be designed based on the criticality of the data being collected.
結合問題中的示例,對于重要性較低的空白表格(如培訓簽到表)�,僅需實施打印控制即可;對于檢查表�,則需根據(jù)所收集數(shù)據(jù)的重要性等級設計相應的控制策略。
Finally, forms should carefully designed to avoid potentials for data integrity issue including
最后���,表格設計應嚴謹�,以避免潛在的數(shù)據(jù)完整性問題���,具體包括:
• Clearly defined fields to record data that allows the operator to understand how the datashould be entered including specification limits and/or exempla
• 明確定義數(shù)據(jù)記錄字段�,確保操作人員理解數(shù)據(jù)錄入方式(包括規(guī)格限值和 / 或示例)
• Instructions on what to do if data do not fit the expectations
• 說明數(shù)據(jù)不符合預期時的處理方法
• Logic time sequencing
•符合邏輯的時間順序
•Company Recognizable and standardized pattern/frame
•具有公司可識別的標準化格式 / 框架
• Archiving rules
•明確歸檔規(guī)則
Various:
其他事項:
Q1: How to deal with analytical testing where data is a visual check? (appearance, insoluble matter testing, TLC, …)
問 1:對于數(shù)據(jù)需通過目視檢查獲取的分析測試(如外觀檢查�、不溶性物質(zhì)檢測、薄層色譜分析等)���,應如何處理�?
A: See table 1 ‘Minimum system requirements based on categories’ in the guide.
答:請參考指南中的表 1 “基于類別劃分的最低系統(tǒng)要求”�����。
注:表格中“X¹” 表示 “Access control only for securing time and date settings(僅用于保護時間和日期設置的訪問控制)”。
Q2: Is it allowed to use a personal notes in a lab or production environment? (personal notes: containing training info/attention points you documented during training or during discussions with colleagues, …)
問 2:在實驗室或生產(chǎn)環(huán)境中是否允許使用個人筆記�?(個人筆記:包含培訓信息、你在培訓期間或與同事討論時記錄的注意事項等)
A: No. All information needed to perform activities in a GXP environment should be described in controlled procedures and work instructions. Any data supporting a GXP batch must be controlled, maintained and reviewed.
答:不允許�����。在 GXP 環(huán)境中執(zhí)行操作所需的所有信息���,均應在受控的規(guī)程和作業(yè)指導書中明確說明�����。任何支持 GXP 批次的相關數(shù)據(jù)�,都必須經(jīng)過控制�、保存和審核。
京公網(wǎng)安備11010802046783號