Pics 数据完整性指南
Uploaded by
243025432Pics 数据完整性指南
Uploaded by
243025432PIC/S GUIDANCE/GOOD PRACTICES FOR DATA MANAGEMENT AND INTEGRITY IN REGULATED GMP/GDP Page 1 / 56
ENVIRONMENTS (draft)
PIC/S GUIDANCE
PIC/S指南
GOOD PRACTICES FOR DATA MANAGEMENT AND INTEGRITY IN REGULATED
GMP/GDP ENVIRONMENTS
受法规约束的GMP/GDP环境下数据管理和完整性优良规范
© PIC/S August 2016
2016年8月
Reproduction prohibited for commercial purposes.
Reproduction for internal use is authorised, provided that the source is acknowledged.
Editor: PIC/S Secretariat
e-mail: [email protected]
web site: http://www.picscheme.org
PIC/S 在受法规约束的 GMP/GDP 环境下数据管理和完整性优良规范(草案) 翻译:Julia
PIC/S GUIDANCE/GOOD PRACTICES FOR DATA MANAGEMENT AND INTEGRITY IN REGULATED GMP/GDP Page 2 / 56
ENVIRONMENTS (draft)
TABLE OF CONTENTS 目录
1. Document history 文件历史
2. Introduction 引言
3. Purpose 目的
4. Scope 范围
5. Data governance system 数据管理系统
5.1 What is data governance 什么是数据管理
5.2 Data governance systems 数据管理系统
5.3 Risk management approach to data governance 数据管理的风险管理方法
5.4 Data criticality 数据关键度
5.5 Data risk 数据风险
5.6 Data governance system review 数据管理体系审核
6. Organisational influences on successful data integrity 公司对数据完整性管理成功与否的影
management 响
6.1 General 概述
6.2 Code of ethics and policies 道德和方针准则
6.3 Quality culture 质量文化
6.4 Modernising the Pharmaceutical Quality Management 药物质量管理体系现代化
System
6.5 Regular management review of quality metrics 质量尺度的定期管理评审
6.6 Resource allocation 资源配置
6.7 Dealing with data integrity issues found internally 内部发现的数据完整性问题处理
7. General data integrity principles and enablers 一般数据完整性原则和推进者
8. Specific data integrity considerations for paper-based 纸质系统特定数据完整性考虑
systems
8.1 Structure of QMS and control of blank QMS结构和空白表格/模板/记录的控
forms/templates/records 制
8.2 Why is the control of records important? 为什么记录的控制如此重要?
8.3 Generation, distribution and control of template records 模板式记录的产生、分发和控制
8.4 Expectations for the generation, distribution and control 产生、分发和控制记录的要求
of records
8.5 Use and control of records within production areas 生产区域内记录的使用和控制
8.6 Filling out records 记录填写
8.7 Making corrections on records 记录更正
8.8 Verification of records 记录核查
8.9 Maintaining records 记录维护
8.10 Direct print-outs from electronic systems 从电子系统中直接打印出的记录
8.11 True copies 真实备份
8.12 Limitations of remote review of summary reports 远程审核报告摘要的局限性
8.13 Document retention 文件保存
8.14 Disposal of original records 原始记录的废弃
9. Specific data integrity considerations for computerised 计算机化系统特定数据完整性考虑
systems
9.1 Structure of QMS and control of computerised systems QMS结果和计算机化系统的控制
PIC/S 在受法规约束的 GMP/GDP 环境下数据管理和完整性优良规范(草案) 翻译:Julia
PIC/S GUIDANCE/GOOD PRACTICES FOR DATA MANAGEMENT AND INTEGRITY IN REGULATED GMP/GDP Page 3 / 56
ENVIRONMENTS (draft)
TABLE OF CONTENTS 目录
9.2 Qualification and validation of computerised systems 计算机化系统的确认和验证
9.3 System security for computerised systems 计算机化系统的系统安全
9.4 Audit trails for computerised systems 计算机化系统的审计追踪
9.5 Data capture/entry for computerised systems 计算机化系统的数据捕获/输入
9.6 Review of data within computerised systems 计算机化系统内的数据审核
9.7 Storage, archival and disposal of electronic data 电子数据的存贮、归档和废弃
10. Data integrity considerations for outsourced activities 外包活动的数据完整性考虑
10.1 General supply chain considerations 一般供应链考虑
10.2 Routine document verification 日常文件核查
10.3 Strategies for assessing data integrity in the supply 供应链中数据完整性评估策略
chain
11. Regulatory actions in response to data integrity findings 数据完整性缺陷引发的法规行动
11.1 Deficiency references 缺陷参考
11.2 Classification of deficiencies 缺陷分类
12. Remediation of data integrity failures 数据完整性失败时的弥补方法
12.1 Responding to significant data integrity issues 对重大数据完整性问题响应
12.2 Indicators of improvement 改善指标
13. Definitions 定义
14. Revision history 版本历史
PIC/S 在受法规约束的 GMP/GDP 环境下数据管理和完整性优良规范(草案) 翻译:Julia
PIC/S GUIDANCE/GOOD PRACTICES FOR DATA MANAGEMENT AND INTEGRITY IN REGULATED GMP/GDP Page 4 / 56
ENVIRONMENTS (draft)
1 DOCUMENT HISTORY 文件历史
Draft 1 of PI 041-1 presented to the PIC/S Committee at its
4-5 July 2016
meeting in Manchester
曼彻斯特会议期间PI 041-1草案提交给PIC/S委员会 2016年7月4-5日
Consultation of PIC/S Participating Authorities on publication of
18 July – 31 July 2016
the Good Practices as a draft and implementation on a trial basis
公布PIC/S草案征求参与药监机构意见及试行 2016年7月18日—31日
Minor edits to Draft 1 1 – 9 August 2016
第1版本草案轻微修订 2016年8月1-9日
Publication of Draft 2 on the PIC/S website 10 August 2016
第2版本草案在PIC/S网站上公布 2016年8月10日
Implementation of the draft on a trial basis and comment period 10 August 2016 – 28
for PIC/S Participating Authorities February 2017
2016年8月10日-
试验实施和征求PIC/S参与药监机构意见阶段
2017年2月28日
Review of comments by PIC/S Participating Authorities …
PIC/S参与药监机构审核所收到的意见
Finalisation of draft …
草稿定稿
Adoption by Committee of PI 041-1 [Date]
PI 041-1被委员会采纳
Entry into force of PI 041-1 [Date]
PI 041-1 生效
2 INTRODUCTION 引言
2.1 PIC/S Participating Authorities regularly undertake inspections of manufacturers and distributors of
API and medicinal products in order to determine the level of compliance with GMP/GDP principles.
These inspections are commonly performed on-site however may be performed through the remote
or off-site evaluation of documentary evidence, in which case the limitations of remote review of
data should be considered.
PIC/S参与药监机构定期对原料药和制剂生产商和销售商进行检查,以确定其GMP/GDP符合性水平。这些
检查通常是在现场实施,但也可以通过远程或离厂文件证据评估进行,这时要考虑远程数据审核的局
限性。
2.2 The effectiveness of these inspection processes is determined by the veracity of the evidence
PIC/S 在受法规约束的 GMP/GDP 环境下数据管理和完整性优良规范(草案) 翻译:Julia
PIC/S GUIDANCE/GOOD PRACTICES FOR DATA MANAGEMENT AND INTEGRITY IN REGULATED GMP/GDP Page 5 / 56
ENVIRONMENTS (draft)
provided to the inspector and ultimately the integrity of the underlying data. It is critical to the
inspection process that inspectors can determine and fully rely on the accuracy and completeness
of evidence and records presented to them.
这些检查流程的有效性是由提供给检查员的证据的真实性所决定的,并最终决定于数据背后的完整性。检
查员可以确定并完全依赖呈交给他们的证据和记录的完整性和准确性对于检查过程来说非常关键。
2.3 Good data management practices influence the integrity of all data generated and recorded by a
manufacturer and these practices should ensure that data is accurate, complete and reliable. While
the main focus of this document is in relation to data integrity expectations, the principles herein
should also be considered in the wider context of good data management.
优良数据管理规范影响生产商所产生和记录的所有数据,这些做法应能保证数据是准确的、完整的和可靠
的。尽管此文件主要关注的是数据完整性要求,在更广的优良数据管理环境下也应考虑此指南所述原
则。
2.4 Data Integrity is defined as ―the extent to which all data are complete, consistent and accurate,
throughout the data lifecycle‖11 and is fundamental in a pharmaceutical quality system which
ensures that medicines are of the required quality. Poor data integrity practices and vulnerabilities
undermine the quality of records and evidence, and may ultimately undermine the quality of
medicinal products.
数据完整性定义为“所有数据在整个生命周期均完整、一致和准确的程度”,它在药物质量体系中是基本
的要求,它确保药品具备所需的质量。不良的数据完整性做法和弱点会削弱记录和证据的质量,并最
终可能破坏药品质量。
2.5 Data integrity applies to all elements of the Quality Management System and the principles herein
apply equally to data generated by electronic and paper-based systems.
数据完整性适用于质量管理体系的所有要素,此中原则等同适用于电子和纸质系统产生的数据。
2.6 The responsibility for good practices regarding data management and integrity lies with the
manufacturer or distributor undergoing inspection. They have full responsibility and a duty to assess
their data management systems for potential vulnerabilities and take steps to design and implement
good data governance practices to ensure data integrity is maintained.
数据管理和完整性优良规范的职责由接受检查的生产商或销售商承担。他们负有全部职责和义务来评估其
数据管理体系,发现潜在弱点,设计和实施优良数据管理规范来确保数据完整性得到维护。
3 PURPOSE 目的
3.1 This document was written with the aim of:
本文件编制的目的是:
3.1.1 Providing guidance for inspectorates in the interpretation of GMP/GDP requirements in relation to
data integrity and the conduct of inspections.
为检查员提供与数据完整性相关的GMP/GDP要求诠释及实施检查相关指南。
3.1.2 Providing consolidated, illustrative guidance on risk-based control strategies which enable the
1
MHRA GMP Data Integrity Definitions and Guidance for Industry March 2015
MHRA GMP 数据完整性定义和行业指南,2015 年 3 月
PIC/S 在受法规约束的 GMP/GDP 环境下数据管理和完整性优良规范(草案) 翻译:Julia
PIC/S GUIDANCE/GOOD PRACTICES FOR DATA MANAGEMENT AND INTEGRITY IN REGULATED GMP/GDP Page 6 / 56
ENVIRONMENTS (draft)
existing requirements for data integrity and reliability as described in PIC/S Guides for GMP2 and
GDP3 to be implemented in the context of modern industry practices and globalised supply chains.
对基于风险的控制策略提供详细解说的整合指南,促使GMP和GDP的PIC/S指南中所述的现有数据完整性
要求和可靠性在现代化工业做法和全球化供应链的环境下得到实施。
3.1.3 Facilitating the effective implementation of data integrity elements into the routine planning and
conduct of GMP/GDP inspections; to provide a tool to harmonise GMP/GDP inspections and to
ensure the quality of inspections with regards to data integrity expectations.
促进数据完整性要素在日常规划和实施GMP/GDP检查中有效实施,提供一个工具让GMP/GDP检查保持
一致,保证数据完整性要求方面的检查质量。
3.2 This guidance, together with inspectorate resources such as aide memoire (for future development)
should enable the inspector to make an optimal use of the inspection time and an optimal evaluation
of data integrity elements during an inspection.
本指南与检查团资源,例如备忘录(用于进一步展开)一起让检查员优化使用检查时间,在检查中更好地
评估数据完整性要素。
3.3 Guidance herein should assist the inspectorate in planning a risk-based inspection relating to data
integrity.
本指南应协助检查组织规划基于风险的数据完整性相关检查。
3.4 This guide is not intended to impose additional regulatory burden upon regulated entities, rather it is
intended to provide guidance on the interpretation of existing PIC/S GMP/GDP requirements
relating to current industry practice.
本指南无意对受法规规范的主体形成强制的法规责任,它意在为目前行业规范相关的已有PIC/S
GMP/GDP要求提供诠释。
3.5 The principles of data integrity apply equally to both manual and computerized systems and should
not place any restraint upon the development or adoption of new concepts or technologies. In
accordance with ICH Q10 principles, this guide should facilitate the adoption of innovative
technologies through continual improvement.
数据完整性原则等同适用于手动和计算机化系统,不应该对发展和采用新概念或技术形成限制。根据ICH
Q10原则,本指南应有助于通过持续改进采纳创新技术。
3.6 This version of the guidance is intended to provide a basic overview of key principles regarding data
management and integrity. The PIC/S Data Integrity Working Group will periodically update, amend
and review this guidance in light of inspectorate feedback, experience in using the guide and any
other developments.
本版本指南意在为数据管理和完整性核心原则提供基本概貌。PIC/S数据完整性工作组将定期进行更新,
根据检查团的反馈、使用本指南的经验以及任何其它发展修订和审核本指南。
2
PIC/S PE 009 Guide to Good Manufacting Practice for Medicinal Products, specifically Part I chapters 4, 5, 6, Part II chapters 5, 6 &
Annex 11
PIC/S PE009 药品 GMP 指南,具体为第一部分第 4、5、6 章,第二部分第 5、6 章和附录 11.
3
PIC/S PE 011 Guide to Good Distribution Practice for Medicinal Products, specifically sections 3, 4, 5 & 6
PIC/S PE 011 药品 GDP 指南,具体为第 3、4、5 和 6 部分。
PIC/S 在受法规约束的 GMP/GDP 环境下数据管理和完整性优良规范(草案) 翻译:Julia
PIC/S GUIDANCE/GOOD PRACTICES FOR DATA MANAGEMENT AND INTEGRITY IN REGULATED GMP/GDP Page 7 / 56
ENVIRONMENTS (draft)
4 SCOPE 范围
4.1 The guidance has been written to apply to both on-site and remote (desktop) inspections of those
sites performing manufacturing (GMP) and distribution (GDP) activities. The guide should be
considered as a non-exhaustive list of areas to be considered during inspection.
本指南适用于现场和远程(桌面)检查那些实施生产(GMP)和销售(GDP)活动的场所。本指南应作
为检查期间要考虑领域的未尽清单。
4.2 Whilst this document has been written with the above scope, many principles regarding good data
management practices described herein have applications for other areas of the regulated
pharmaceutical and healthcare industry.
尽管此文件写就时覆盖上述范围,但其中许多关于优良数据管理规范的原则亦可应用于受法规规范的药品
和保健行业的其它领域。
4.3 This guide is not intended to provide specific guidance for ―for-cause‖ inspections following detection
of significant data integrity vulnerabilities where forensic expertise may be required.
本指南无意为重大数据完整性漏洞引起的“有因”检查提供特定指南。在有因检查中,可能需要具有调查
技巧的专家。
5 DATA GOVERNANCE SYSTEM 数据管理体系
5.1 What is data governance? 什么是数据管理?
5.1.1 Data governance is the sum total of arrangements which provide assurance of data integrity.
These arrangements ensure that data, irrespective of the process, format or technology in which it is
generated, recorded, processed, retained, retrieved and used will ensure a complete, consistent
and accurate record throughout the data lifecycle.
数据管理是为数据完整性提供保障的所有安排的总和。这些安排保证数据,不管其产生、记录、处理、保
存、恢复和使用的过程、格式或技术如何,均能在数据的整个生命周期中保证完整、一致和准确的记
录。
5.1.2 The data lifecycle refers to how data is generated, processed, reported, checked, used for
decision-making, stored and finally discarded at the end of the retention period. Data relating to a
product or process may cross various boundaries within the lifecycle. This may include data transfer
between manual and IT systems, or between different organisational boundaries; both internal (e.g.
between production, QC and QA) and external (e.g. between service providers or contract givers
and acceptors).
数据生命周期指数据如何产生、处理、报告、检查、用于决策、存贮和在保存期结束后最终废弃。与一个
药品或工艺相关的数据可能在其生命周期内会穿越不同边界。这可能包括手工和IT系统之间的数据转
移,不同公司界限之间的数据转移,内部(例如生产、QC和QA之间)和外部(例如,服务提供商或
合同发包方和接受方之间)的数据转移。
5.2 Data governance systems 数据管理系统
5.2.1 Data governance systems should be integral to the pharmaceutical quality system described in
PIC/S GMP/GDP. It should address data ownership throughout the lifecycle, and consider the
design, operation and monitoring of processes / systems in order to comply with the principles of
PIC/S 在受法规约束的 GMP/GDP 环境下数据管理和完整性优良规范(草案) 翻译:Julia
PIC/S GUIDANCE/GOOD PRACTICES FOR DATA MANAGEMENT AND INTEGRITY IN REGULATED GMP/GDP Page 8 / 56
ENVIRONMENTS (draft)
data integrity, including control over intentional and unintentional changes to, and deletion of
information.
数据管理系统应整合于PIC/S GMP/GDP所述的药物质量体系中。它应该说明数据在其生命周期中的所有
者身份,考虑对过程/系统进行设计、运行和监测,以符合数据完整性原则,包括对有意和无意修改和
删除信息的控制。
5.2.2 The data governance system should ensure controls over data lifecycle which are commensurate
with the principles of quality risk management. These controls may be:
数据管理系统应保证在数据生命周期进行控制。控制应与质量风险管理原则相称。这些控制可以是:
Organisational 从公司角度
procedures, e.g. instructions for completion of records and retention of completed paper
records;
程序,例如,记录完整的指令和完整纸质记录的保存;
training of staff and documented authorisation for data generation and approval;
培训人员和记录数据产生权限并批准;
data governance system design, considering how data is generated recorded, processed
retained and used, and risks or vulnerabilities are controlled effectively;
数据管理系统的设计应考虑数据是如何产生、记录、处理、存贮和使用的,应对风险和漏洞进行
有效控制;
routine data verification;
日常数据核查;
periodic surveillance, e.g. self-inspection processes seek to verifiy the effectiveness of the data
governance policy.
定期监管,例如自检过程中核查数据管理方针的有效性。
Technical 技术角度
computerised system control,
计算机化系统控制
Automation
自动化
5.2.3 An effective data governance system will demonstrate Management‘s understanding and
commitment to effective data governance practices including the necessity for a combination of
appropriate organisational culture and behaviours (section 6) and an understanding of data
criticality, data risk and data lifecycle. There should also be evidence of communication of
expectations to personnel at all levels within the organisation in a manner which ensures
empowerment to report failures and opportunities for improvement. This reduces the incentive to
falsify, alter or delete data.
一个有效的数据管理系统将证明管理者对有效数据管理规范的了解和承诺,包括适当的公司文化和行为
PIC/S 在受法规约束的 GMP/GDP 环境下数据管理和完整性优良规范(草案) 翻译:Julia
PIC/S GUIDANCE/GOOD PRACTICES FOR DATA MANAGEMENT AND INTEGRITY IN REGULATED GMP/GDP Page 9 / 56
ENVIRONMENTS (draft)
(第6部分)和对数据关键程度、数据风险和数据生命周期的了解。还应有证据证明在公司内以一定
方式将要求沟通传达至各层次人员,保证更大的权力来报告失败和改进机会。如此可以减少伪造、篡
改和删除数据的诱因。
5.2.4 The organisation‘s arrangements for data governance should be documented within their Quality
Management System and regularly reviewed.
公司对数据管理的安排应记录在其质量管理体系内,并定期审核。
5.3 Risk management approach to data governance 数据管理的风险管理方法
5.3.1 Senior management is responsible for the implementation of systems and procedures to minimise
the potential risk to data integrity, and for identifying the residual risk, using the principles of ICH Q9.
Contract Givers should perform a similar review as part of their vendor assurance programme,
(refer section 10)
高级管理层对实施系统和程序以降低数据完整性潜在风险,识别残留风险,使用ICH Q9原则承担责任。合
同发包方应实施类似的审核,作为其供应商保证计划的一部分(参见第10部分)。
5.3.2 The effort and resource assigned to data governance should be commensurate with the risk to
product quality, and should also be balanced with other quality resource demands. Manufacturers
and analytical laboratories should design and operate a system which provides an acceptable state
of control based on the data integrity risk, and which is fully documented with supporting rationale.
为数据管理所做的工作和所配置的资源应与产品质量风险相称,同时也要与其它质量资源需求相平衡。生
产商和分析化验室应设计和运行一个体系,为数据完整性风险提供可接受的控制状态,并全面记录支
持性原理。
5.3.3 Where long term measures are identified in order to achieve the desired state of control, interim
measures should be implemented to mitigate risk, and should be monitored for effectiveness.
Where interim measures or risk prioritisation are required, residual data integrity risk should be
communicated to senior management, and kept under review. Reverting from automated /
computerised to paper-based systems will not remove the need for data governance. Such
retrograde approaches are likely to increase administrative burden and data risk, and prevent the
continuous improvement initiatives referred to in paragraph 3.5.
如果认为需要采取长期措施,以达到想要的控制状态,则应实施临时措施来将缓解风险,并监测其有效性。
如果需要采取临时措施或者是提高风险优先度,则应与高级管理层沟通所残留的数据完整性风险,保
持审核。从自动化/计算机化转化为纸质系统不能解除对数据管理的需求。此种降解方式可能会增加行
政负担和数据风险,阻止第3.5段中提提出的持续改进倡议。
5.3.4 Not all data or processing steps have the same importance to product quality and patient safety.
Risk management should be utilised to determine the importance of each data/processing step. An
effective risk management approach to data governance will consider:
不是所有数据和处理步骤都对药品质量和患者安全具有等同的重要性。应使用风险管理来确定每个数据/
处理步骤的重要性。对数据管理的有效风险管理方法应考虑:
Data criticality (impact to decision making and product quality) and
数据关键程度(对制订决策和产品质量的影响)以及
Data risk (opportunity for data alteration and deletion, and likelihood of detection / visibility of
PIC/S 在受法规约束的 GMP/GDP 环境下数据管理和完整性优良规范(草案) 翻译:Julia
PIC/S GUIDANCE/GOOD PRACTICES FOR DATA MANAGEMENT AND INTEGRITY IN REGULATED GMP/GDP Page 10 / 56
ENVIRONMENTS (draft)
changes by the manufacturer‘s routine review processes).
数据篡改和删除的数据风险(机会),修改被生产商的日常审核流程所发现/可见的可能性)
From this information, risk proportionate control measures can be implemented.
从此信息中可知,可以实施与风险相当的控制措施。
5.4 Data criticality 数据关键程度
5.4.1 The decision that data influences may differ in importance, and the impact of the data to a decision
may also vary. Points to consider regarding data criticality include:
受数据影响的决策可能会在重要程度上有所有不同,数据对决策的影响度可能也不同。关于数据关键程度
要考虑的要素包括:
数据影响了什么决策?
For example: when making a batch release decision, data which determines compliance with critical
quality attributes is of greater importance than warehouse cleaning records.
例如,当作出批放行决策时,确定符合关键质量属性的数据比仓库清洁记录要重要。
数据对药品质量或安全有什么影
响?
For example: for an oral tablet, active substance assay data is of generally greater impact to product
quality and safety than tablet friability data.
例如,对于口服特此证明,活性物质含量数据一般要比脆碎度数据对药品质量和安全影响更大。
5.5 Data risk 数据风险
5.5.1 Data risk assessment should consider the vulnerability of data to involuntary or deliberate
alteration, falsification, deletion, loss or re-creation, and the likelihood of detection of such actions.
Consideration should also be given to ensuring complete data recovery in the event of a disaster.
Control measures which prevent unauthorised activity, and increase visibility / detectability can be
used as risk mitigating actions.
数据完整性应考虑数据在有意和无意修改、伪造、删除、丢失或重新创建,以及被察觉可能性方面的弱点。
还要考虑保证在灾难发生时恢复完整数据。防止未经授权的活动,增加可视性/检出能力的控制措施可
以用作风险降低措施。
5.5.2 Examples of factors which can increase risk of data integrity failure include complex, inconsistent
processes with open ended and subjective outcomes. Simple tasks which are consistent, well
defined and objective lead to reduced risk.
可能会增加数据完整性失败的风险的因素例子包括复杂的不一致的工艺,有开放型结果和主观结果。定义
明确、客观、一致的简单任务则会降低风险。
5.5.3 Risk assessments should focus on a business process (e.g. production, QC), evaluate data flows
and the methods of generating data, and not just consider IT system functionality or complexity.
Factors to consider include:
PIC/S 在受法规约束的 GMP/GDP 环境下数据管理和完整性优良规范(草案) 翻译:Julia
PIC/S GUIDANCE/GOOD PRACTICES FOR DATA MANAGEMENT AND INTEGRITY IN REGULATED GMP/GDP Page 11 / 56
ENVIRONMENTS (draft)
风险评估应关注一个业务流程(例如,生产、QC),评估数据流和数据产生方法,而不仅是评估IT系统功
能和复杂性。要考虑的因素包括:
Process complexity;
工艺复杂性;
Methods of generating, storing and retiring data and their ability to ensure data accuracy, legibility,
indelibility;
数据生成、存贮和退役的方法以及其保证数据准确性、清晰、不能消除的能力;
Process consistency and degree of automation / human interaction;
工艺一致性和自动/人工互动程度;
Subjectivity of outcome / result (i.e. is the process open-ended or well defined?); and
结果的主观性(即工艺是开放式的还是明确定义的;以及
The outcome of a comparison between of electronic system data and manually recorded events
could be indicative for malpractices (e.g. apparent discrepancies between analytical reports and
raw-data acquisition times).
电子系统数据和人工记录事件之间比较的结果可能对于不良规范来说具有指示性(例如,分析报告和
原始数据获得时长之间有明显的差距)。
5.5.4 For computerised systems, manual interfaces with IT systems should be considered in the risk
assessment process. Computerised system validation in isolation may not result in low data integrity
risk, in particular when the user is able to influence the reporting of data from the validated system.
对于计算机化系统,在风险评估过程中应考虑人工与IT系统的界面。计算机化系统验证单独可能不会导致
较低的数据完整性风险,尤其是当用户可以影响来自经过验证的系统中的数据报告时。
5.5.5 Critical thinking skills should be used by inspectors to determine whether control and review
procedures effectively achieve their desired outcomes. An indicator of data governance maturity is
an organisational understanding and acceptance of residual risk, which prioritises actions. An
organisation which believes that there is ‗no risk‘ of data integrity failure is unlikely to have made an
adequate assessment of inherent risks in the data lifecycle. The approach to assessment of data
lifecycle, criticality and risk should therefore be examined in detail. This may indicate potential
failure modes which can be investigated during an inspection.
检查人员应使用批判性思维技巧来确定控制和审核程序是否能有效地得到其所要的结果。数据管理成熟度
的一个指标就是公司对残留风险的了解和接受,它使得措施按优先顺序排列。一个相信数据“没有风
险”的公司不可能对数据生命周期中内在的风险进行充分地评估。因此数据生命周期、关键程度和风
险的评估方法应进行详细检查。这样可能会发现潜在的失效模式,在检查期间可以对此进行调查。
5.6 Data governance system review 数据管理系统审核
5.6.1 The effectiveness of data integrity control measures should be assessed periodically as part of
self-inspection (internal audit) or other periodic review processes. This should ensure that controls
over the data lifecycle are operating as intended.
数据完整性控制措施的有效性应作为自检(内审)或其它定期审核流程的一部分进行定期评估。这样才能
PIC/S 在受法规约束的 GMP/GDP 环境下数据管理和完整性优良规范(草案) 翻译:Julia
PIC/S GUIDANCE/GOOD PRACTICES FOR DATA MANAGEMENT AND INTEGRITY IN REGULATED GMP/GDP Page 12 / 56
ENVIRONMENTS (draft)
保证对数据生命周期的控制按既定要求运作。
5.6.2 In addition to routine data verification checks, self-inspection activities should be extended to a
wider review of control measures, including:
除了日常数据核查外,自检活动还应延伸到更宽的控制措施审核,包括:
A check of continued personnel understanding of data integrity in the context of protecting of the
patient, and ensuring the maintenance of a working environment which is focussed on quality and
open reporting of issues, e.g. by review of continued training in data integrity principles and
expectations.
检查人员对保护患者环境下数据完整性意义的持续理解,确保维护工作环境是关注质量的,敞开接受
问题报告,例如,通过审核员工在数据完整性原则和要求方面的持续培训。
A review for consistency of reported data/outcomes against raw data entries.
对所报告数据/结果对比原始数据输入进行一致性审核。
In situations where routine computerised system data is reviewed by a validated ‗exception report‘4,
a risk-based sample of computerized system logs / audit trails to ensure that information of
relevance to GMP activity is reported as expected
如果计算机化系统数据已通过经验证的“异常报告”方式进行日常审核,则对计算机化系统日志/审计
追踪基于风险抽样,以确保GMP活动相关的信息按预定要求进行报告
5.6.3 An effective review process will demonstrate understanding regarding importance of interaction of
company behaviours with organisational and technical controls. The outcome of data governance
system review should be communicated to senior management, and be used in the assessment of
residual data integrity risk.
有效的审核流程将证明对公司行为与公司和技术两方面的控制互动重要性的了解。数据管理系统审核的结
果应与高级管理层进行沟通,可以用于残留数据完整性风险的评估。
6 ORGANISATIONAL INFLUENCES ON SUCCESSFUL DATA INTEGRITY MANAGEMENT 公司对
成功的数据完整性管理的影响
6.1 General 通则
6.1.1 It may not be appropriate or possible to report an inspection citation relating to organisational
behaviour. An understanding of how behaviour influences (i) the incentive to amend, delete or falsify
data and (ii) the effectiveness of procedural controls designed to ensure data integrity, can provide
the inspector with useful indicators of risk which can be investigated further.
检查报告中表扬公司行为可能不现实或者并不恰当。了解公司行为如何影响(1)什么诱使员工修订、删
除或伪造数据(2)设计来确保数据完整性的程序控制的有效性,可以让检查人员获得可以进一步调
查的有用风险指标。
4
An ‗exception report‘ is a validated search tool that identifies and documents predetermined ‗abnormal‘ data or actions, which requires
further attention or investigation by the data reviewer
“异常报告”是一种经过验证的搜索工具,它识别出并记录下预定为“异常”的数据或行为,这些数据和行为需要数据审核人员进行进一
步关注或调查。
PIC/S 在受法规约束的 GMP/GDP 环境下数据管理和完整性优良规范(草案) 翻译:Julia
PIC/S GUIDANCE/GOOD PRACTICES FOR DATA MANAGEMENT AND INTEGRITY IN REGULATED GMP/GDP Page 13 / 56
ENVIRONMENTS (draft)
6.1.2 Inspectors should be sensitive to the influence of culture on organizational behaviour, and apply
the principles described in this section of the guidance in an appropriate way. An effective ‗quality
culture‘ and data governance may be different in its implementation from one location to another.
Depending on culture, an organisation‘s control measures may be:
检查人员应对于文化对公司行为的影响很敏感,并适当应用本指南本部分所述的原则。一个有效的“质量
文化”和数据管理可能在其实施时会因公司有差异。根据文化的不同,一个公司的控制措施可能会是:
‗open‘ (where hierarchy can be challenged by subordinates, and full reporting of a systemic or
individual failure is a business expectation)
“开放的”(这种情况下下级可以挑战等级,全面报告系统或个人失败是业务要求)
‗closed‘ (where reporting failure or challenging a hierarchy is culturally more difficult)
“封闭的”(这种情况下报告失败或挑战等级从文化角度来讲更困难)
6.1.3 Good data governance in ‗open‘ cultures may be facilitated by employee empowerment to identify
and report issues through the quality system. In ‗closed‘ cultures, a greater emphasis on oversight
and secondary review may be required to achieve an equivalent level of control due to the social
barrier of communicating undesirable information. The availability of anonymous escalation to
senior management may also be of greater importance in this situation.
在“开放的”文化中,优良数据管理可能会由于员工受到鼓励而有助于识别并报告整个质量体系中的问题。
而在“封闭的”文化中,更强调监管,因为社交障碍而无法沟通非期望信息,则需要有第二层闪的审
核来达到同等水平的控制。在这种情况下,匿名向高级管理层越级报告的方法也可能会更重要。
6.1.4 The extent of Management‘s knowledge and understanding of data integrity can influence the
organisation‘s success of data integrity management. Management must know their legal and moral
obligation (i.e., duty and power) to prevent data integrity lapses from occurring and to detect them, if
they should occur.
管理层在数据完整性方面的知识和了解程度可能会影响公司成功地进行数据完整性管理。管理层必须知道
其防止数据完整性失误发生,并在发生时发现这些失误的法定和道德义务(即责任和权力)。
6.1.5 Lapses in data integrity are not limited to fraud or falsification, they can be unintentional and still
pose risk. Any potential for compromising the reliability of data is a risk that should be identified and
understood in order for appropriate controls to be put in place, (refer sections 5.3 - 5.5). Direct
controls usually take the form of written policies and procedures, but indirect influences on
employee behaviour (such as incentives for productivity in excess of process capability) should be
understood and addressed as well.
数据完整性失误不仅局限于欺诈或伪造,他们可能是无意的,但仍具有风险。任何让数据可靠性受到损害
的可能均是风险,应该识别并了解,以进行适当控制(参见第5.3-5.5部分)。直接控制通常是书面方
针和程序,但对员工行为的非直接影响(例如,超出产能的生产率诱因)也需要了解和说明。
6.1.6 Data integrity breaches can occur at any time, by any employee, so management needs to be
vigilant in detecting issues and understand reasons behind lapses, when found, to enable
investigation of the issue and implementation of corrective and preventative actions.
数据完整性被破坏可能会发生在任何时间,来自于任何员工,因此管理层需要保持警警惕,发现问题并在
发现后了解问题后面的原因,以促进问题的调查和CAPA的实施。
6.1.7 There are consequences of data integrity lapses that affect the various stakeholders (patients,
PIC/S 在受法规约束的 GMP/GDP 环境下数据管理和完整性优良规范(草案) 翻译:Julia
PIC/S GUIDANCE/GOOD PRACTICES FOR DATA MANAGEMENT AND INTEGRITY IN REGULATED GMP/GDP Page 14 / 56
ENVIRONMENTS (draft)
regulators, customers) including directly impacting patient safety and undermining confidence in the
organisation and its products. Employee awareness and understanding of these consequences can
be helpful in fostering an environment in which quality is a priority.
数据完整性发生问题会产生不良后果,影响大量的利益相关方(患者、法规管理方、客户),包括直接影
响患者安全,动摇公司及其产品的可信度。员工明白和理解这些不良后果有助于培育质量优先的环境。
6.1.8 Management should establish controls to prevent, detect and correct data integrity breaches, as
well as verify those controls are performing as intended to assure data integrity. To achieve success
with data integrity, Management should address the following:
管理层应建立控制来防止、发现和纠正数据完整性偏离情况,以及核查那些意在保证数据完整性实施的控
制。为了成功达到数据完整性要求,管理层应强调以下要求:
6.2 Code of ethics and policies 道德准则和方针
6.2.1 A Code of Values & Ethics should reflect Management‘s philosophy on quality, achieved through
policies (ie. a Code of Conduct) that are aligned to the quality culture and develop an environment of
trust, where all individuals are responsible and accountable for ensuring patient safety and product
quality.
价值观和道德准则应反映管理层的质量理念,通过方针来达成(即行为准则)。方针应与质量文化一致,
建立一种信任的环境,在其中所有员工均承担保证患者安全和药品质量的职责。
6.2.2 The company‘s general ethics and integrity standards need to be established and known to each
employee and these expectations should be communicated frequently and consistently.
公司应建立基本道德和完整性标准,让每位员工知晓,并且持续频繁地就这些要求进行沟通。
6.2.3 Management should make personnel aware of the importance of their role in ensuring data
integrity and the implication of their activities to assuring product quality and protecting patient
safety.
管理层应让员工明白其职责在保证数据完整性上的重要性,暗示其活动将确保药品质量和保护患者安全。
6.2.4 Code of Conduct policies should clearly define the expectation of ethical behaviour, such as
honesty. This should be communicated to and be well understood by all personnel. The
communication should not be limited only to knowing the requirements, but also why they were
established and the consequences of failing to fulfill the requirements.
行为准则方针应清楚定义道德行为的要求,例如诚实。所有员工均应该沟通并理解。沟通不应仅仅局限于
知道该要求,还要知道为什么要建立方针,如果不能满足要求后果会是什么。
6.2.5 Unwanted behaviours, such as deliberate data falsification, unauthorised changes, destruction of
data, or other conduct that compromises data integrity should be addressed promptly. Disciplinary
action may be taken, when warranted. Similarly, conforming behaviours should be recognised
appropriately.
有害的行为,如蓄意篡改、未经授权更改、毁坏数据,或其它损害数据完整性的行为均应及时说明。必要
时应采取处分措施。类似地,应恰当认可符合性行为。
6.2.6 There should be a confidential escalation program supported by company policy and procedures
whereby it encourages personnel to bring instances of possible breaches to the Code of Conduct to
PIC/S 在受法规约束的 GMP/GDP 环境下数据管理和完整性优良规范(草案) 翻译:Julia
PIC/S GUIDANCE/GOOD PRACTICES FOR DATA MANAGEMENT AND INTEGRITY IN REGULATED GMP/GDP Page 15 / 56
ENVIRONMENTS (draft)
the attention of management without consequence.
公司方针应支持机密升级计划和程序,它能鼓励员工将可能会打破行为准则的事件报告给管理层知道而不
会受到处罚。
6.3 Quality culture 质量文化
6.3.1 Management should aim to create a work environment (ie. quality culture) that is transparent and
open, one in which personnel are encouraged to freely communicate failures and mistakes,
including potential data reliability issues, so that corrective and preventative actions can be taken.
Organisational reporting structure should permit the information flow between personnel at all
levels.
管理层应致力于创建一个透明公开的工作环境(即质量文化)。在这样的环境下,员工被鼓励自由沟通失
败情况和所犯错误,包括潜在的数据可靠性问题,这样能够采取纠正和预防措施。公司报告结构应允
许所有层级之间的信息流。
6.3.2 It is the collection of values, beliefs, thinking, and behaviours demonstrated consistently by
management, team leaders, quality personnel and all personnel that contribute to creating a quality
culture to assure data integrity.
它是价值观、信仰、思维和行为的集合,由管理层、团队领导、质量人员和所有涉及创造质量文化确保数
据完整性的人员一致遵守。
6.3.3 Management can foster quality culture:
管理层可以培养以下质量文化:
Ensure awareness and understanding of expectations (eg. Code of Ethics and Code of Conduct);
确保员工明白和理解要求(例如,道德准则和行为准则);
Lead by example, management should demonstrate the behaviours they expect to see ;
以身作则,管理层应自身实践他们所期望看到的行为;
Ensure accountability for actions and decisions;
保证行为和决策职责;
Stay continuously and actively involved;
保持持续主动参与;
Set realistic expectations, consider the limitations that place pressures on employees;
设定可行的要求,考虑员工所受到的局限性;
Allocate resources to meet expectations;
配置资源以达成目标;
Implement fair and just consequences and rewards; and
实施公平公正奖罚;并且
Be aware of regulatory trends to apply lessons learned to your organisation.
PIC/S 在受法规约束的 GMP/GDP 环境下数据管理和完整性优良规范(草案) 翻译:Julia
PIC/S GUIDANCE/GOOD PRACTICES FOR DATA MANAGEMENT AND INTEGRITY IN REGULATED GMP/GDP Page 16 / 56
ENVIRONMENTS (draft)
明白法规趋势,将现有案例和教训在公司内部应用。
6.4 Modernising the Pharmaceutical Quality Management System 药品质量管理体系现代化
6.4.1 The application of modern quality risk management principles and good data management
practices to the current pharmaceutical quality management system serves to modernize the
System to meet the challenges that come with the generation of complex data.
现代化质量风险管理原则和优良数据管理规范在当前药物质量管理体系中的应用是为了将系统现代化,以
应对复杂数据产生所带来的挑战。
6.4.2 The company‘s Quality Management System should be able to prevent, detect and correct
weaknesses in the system or their processes that may lead to data integrity lapses. The company
should know their data life cycle and integrate the appropriate controls and procedures such that the
data generated will be valid, complete and reliable. Specifically, such control and procedural
changes may be in the following areas:
公司的质量管理体系应能够防止、发现和纠正系统或流程中的弱点,这些弱点可能会导致数据完整性问题。
公司应知晓其数据的生命周期,在其中包括适当的控制和程序,这样所产生的数据才能有效、完整和
可靠。具体来说,这类控制和程序的变化可能会是在以下领域:
Risk assessment and management,
风险评估和管理;
Investigation programs,
调查计划;
Data review practices (section 9),
数据审核规范(第9部分);
Computer software validation,
计算机软件验证;
Vendor/contractor management ,
供方/合同方管理;
Training program to include company‘s data integrity policy and data integrity SOPs ,
培训计划包括公司的数据完整性方针和数据完整性SOP;
Self-inspection program to include data integrity, and
自检计划包括数据完整性;并且
Quality metrics and reporting to senior management.
质量量度并向高级管理层报告。
6.5 Regular management review of quality metrics 质量量度日常管理评审
6.5.1 There should be regular management reviews of quality metrics, including those related to data
PIC/S 在受法规约束的 GMP/GDP 环境下数据管理和完整性优良规范(草案) 翻译:Julia
PIC/S GUIDANCE/GOOD PRACTICES FOR DATA MANAGEMENT AND INTEGRITY IN REGULATED GMP/GDP Page 17 / 56
ENVIRONMENTS (draft)
integrity, such that significant issues are identified, escalated and addressed in a timely manner.
Caution should be taken when key performance indicators are selected so as not to inadvertently
result in a culture in which data integrity is lower in priority.
应该对质量量度进行定期管理评审,包括那些与数据完整性有关的内容,这样才能及明发现、升级和处理
重大问题。在选择关键性能指标时要谨慎,不致疏忽地成就了将数据完整性优先程度降低的文化。
6.5.2 The head of the Quality unit should have direct access to the highest level of management in order
to directly communicate risks so that senior management is aware and can allocate resources to
address any issues.
质量部门领导应可以直接接触到最高层级的管理人员,以便直接沟通风险,这样高级管理层就能明白并可
以配置资源来解决所有问题。
6.5.3 Management can have an independent expert periodically verify the effectiveness of their systems
and controls.
管理层可以有一个独立的专家来定期核查其系统和控制有效性。
6.6 Resource allocation 资源配置
6.6.1 Management should allocate appropriate resources to support and sustain good data integrity
management such that the workload and pressures on those responsible for data generation and
record keeping do not increase the likelihood of errors or the opportunity to deliberately compromise
data integrity.
管理层应配置适当的资源来支持和保持优良数据完整性管理,这样负责数据产生和记录保存的工作量和工
作压力应不会增加错误和蓄意破坏数据完整性机会的可能性。
6.6.2 There should be sufficient number of personnel for quality and management oversight, IT support,
conduct of investigations, and management of training program that are commensurate with the
operations of the organisation. There should be provisions to purchase equipment, software and
hardware that are appropriate for their needs, based on the criticality of the data in question.
应该有足够数量的人员负责质量和管理监督、IT支持、调查实施,以及培训计划管理,使其与公司的运营
相称。应该有条款规定设备、软件和硬件的采购,它应该基于所讨论数据的关键程度,并使其与其需
求相适当。
6.6.3 Personnel must be qualified and trained for their specific duties, with appropriate segregation of
duties, including the importance of good documentation practices. There should be evidence of the
effectiveness of training on critical procedures, such as electronic data review. The concept of data
integrity applies to all functional departments that play a role in GMP, including areas such as IT and
engineering.
人员必须具备资质,经过其特定任务方面的培训,有适当的职责分工,包括优良文件记录规范的重要性。
应该有证据证明关键程度培训的有效性,如电子数据审核。数据完整性的概念适用于所有在GMP中起
作用的职能部门,包括如IT和工程领域。
6.6.4 Data integrity should be familiar to all, but data integrity experts from various levels (SMEs,
supervisors, team leaders) may be called upon to work together to conduct/support investigations,
identify system gaps and drive implementation of improvements.
所有人均应熟悉数据完整性,但来自不同层面的数据完整性专家(SME、主管、团队领导)可能会被召唤
PIC/S 在受法规约束的 GMP/GDP 环境下数据管理和完整性优良规范(草案) 翻译:Julia
PIC/S GUIDANCE/GOOD PRACTICES FOR DATA MANAGEMENT AND INTEGRITY IN REGULATED GMP/GDP Page 18 / 56
ENVIRONMENTS (draft)
到一起,协作实施/支持调查、识别系统差距并推进实施改进。
6.6.5 Introduction of new roles in an organisation relating to data integrity such as a data custodian or
Chief Compliance Officer might be considered.
可能需要考虑在公司内引入与数据完整性相关的新职位,例如数据监管员或首席符合性管理员。
6.7 Dealing with data integrity issues found internally 处理内部发现的数据完整性问题
6.7.1 In the event that data integrity lapses are found, they should be handled as any deviation would be
according to the Quality Management System. It is important to determine the extent of the problem
as well as its root cause, then correcting the issue to its full extent and implement preventative
measures. This may include the use of a third party for additional expertise or perspective, which
may involve a gap assessment to identify weaknesses in the system.
如果发现数据完整性问题,首先应根据质量管理体系作为偏差处理。确定问题的深度和其根本原因很重要,
然后全面纠正该问题,并实施预防措施。这可能包括使用第三方来获得额外的专业知识和观点,可能
需要进行差距评估来识别出系统里的弱点。
6.7.2 When considering the impact on product, any conclusions drawn should be supported by sound
scientific evidence.
在考虑对产品的影响时,所做出的任何结论均应是基于科学合理的证据。
6.7.3 Corrective actions may include product recall, client notification and reporting to regulatory
authorities.
纠正措施可以包括召回产品、通知客户和向法规当局报告。
6.7.4 Further guidance may be found in section 12 of this guide.
更多指南可以在本指南第12部分找到。
7 GENERAL DATA INTEGRITY PRINCIPLES AND ENABLERS 基本数据完整性原则和应用工具
7.1 The Pharmaceutical Quality Management System (QMS) should be implemented throughout the
different stages of the life cycle of the Active Pharmaceutical Ingredients and medicinal products
and should encourage the use of science and risk-based approaches.
药物质量管理体系(QMS)应在原料药和制剂整个生命周期的不同阶段实施,应鼓励使用基于风险的科学
方法。
7.2 To ensure that decision making is well informed and to verify that the information is reliable, the
events or actions that informed those decisions should be well documented. As such, Good
Documentation Practices (GDocPs) are key to ensuring data integrity, and a fundamental part of a
well designed Pharmaceutical Quality Management System (discussed in section 6).
为保证决策有良好沟通,也为了核查信息是否可靠,告知这些决策的事件或行动应记录完好。因而,优良
文件记录规范(GdocPs)对于保证数据完整性非常关键,并且成为设计良好的药物质量管理系统的
一个基本部分(在第6部分讨论)。
7.3 The application of GdocPs may vary depending on the medium used to record the data (ie. Physical
vs. electronic records), but the principles are applicable to both. This section will introduce those key
principles and following sections (8 & 9) will explore these principles relative to documentation in
PIC/S 在受法规约束的 GMP/GDP 环境下数据管理和完整性优良规范(草案) 翻译:Julia
PIC/S GUIDANCE/GOOD PRACTICES FOR DATA MANAGEMENT AND INTEGRITY IN REGULATED GMP/GDP Page 19 / 56
ENVIRONMENTS (draft)
both paper-based and electronic-based recordkeeping.
GdocPs的应用可能会根据用于记录数据的介质有所不同(即物理VS电子记录),但这些原则适用于两者。
本部分会介绍关键原则,后面的部分(8和9)则会展开这些原则,分别针对纸质文件和电子记录保存。
7.4 Some key concepts of GdocPs are 19ummarized by the acronym ALCOA: Attributable, Legible,
Contemporaneous, Original, Accurate. To this list can be added the following: Complete,
Consisitent, Enduring and Available (ALCOA+55). Together, these expectations ensure that events
are properly documented and the data can be used to support informed decisions.
一些GdocPs的关键概念用术语ALCOA进行了总结:可追溯性、清晰、同步、原始、准确。此清单可以增
加:完整、一致、持久和可获得(ALCOA+)。它们合在一起组成的要求确保事件被恰当记录,数据
可以用来支持所做决策。
7.5 Basic DI principles applicable to both paper and electronic systems (ALCOA +):
适用于纸质和电子系统的基本DI原则(ALCOA+)
Data Integrity Requirement
Attribute
数据完整性属性 要求
Attributable It should be possible to identify the individual who performed the recorded task. The need to
document who performed the task / function, is in part to demonstrate that the function was
performed by trained and qualified personnel. This applies to changes made to records as
well: corrections, deletions, changes, etc.
可追溯性 应该可以识别出实施了记录的任务的个人。记录下谁实施了任务/职责的需求是证明该职责是
由经过培训有资质的人员实施的一部分。这也适用于对记录进行修正时:修正、删除、变更
等。
Legible All records must be legible – the information must be readable in order for it to be of any
use. This applies to all information that would be required to be considered Complete,
including all Original records or entries. Where the ‗dynamic‘ nature of electronic data (the
ability to search, query, trend, etc) is important to the content and meaning of the record, the
ability to interact with the data using a suitable application is important to the ‗availability‘ of
the record.
清晰 所有记录均应清晰---信息必须可以读出以便任何用途。这适用于要求完整的所有信息,包括
所有原始记录或输入。如果电子数据的“动态”属性(能够搜索、查询、做趋势分析等)对
于记录的内容和含义很重要,则使用适当的软件与数据互动的能力对于记录的“可获得性”
就很重要。
Contemporaneous The evidence of actions, events or decisions should be recorded as they take place. This
documentation should serve as an accurate attestation of what was done, or what was
decided and why, i.e. what influenced the decision at that time.
同步 动作、事件或决策的证据应在其发生时记录。此记录应作为做了什么、决定了什么以及为什
么的准确证明,即在当时是什么影响了决策。
Original The original record can be described as the first-capture of information, whether recorded
on paper (static) or electronically (usually dynamic, depending on the complexity of the
system). Information that is originally captured in a dynamic state should remain available in
that state.
原始 原始记录可以在信息首次被捕获时描述,可以是记录在纸上(静态),也可以是电子的(通
常是动态的,取决于系统的复杂性)。原始以动态状态捕获的信息应保持在该状态可获得。
Accurate Ensuring results and records are accurate is achieved through many elements of a robust
Pharmaceutical Quality Management System. This can be comprised of:
- equipment-related factors such as qualification, calibration, maintenance and computer
validation.
- policies and procedures to control actions and behaviours, including data review
procedures to verify adherence to procedural requirements
- deviation management including root cause analysis, impact assessments and CAPA
- trained and qualified personnel who understand the importance of following established
procedures and documenting their actions and decisions.
Together, these elements aim to ensure the accuracy of information, including scientific
data, that is used to make critical decisions about the quality of products.
准确 通过稳健的药物质量管理体系许多元素来保证结果和记录是准确的。这可以包括:
5
EMA guidance for GCP inspections conducted in the context of the Centralised Procedure
PIC/S 在受法规约束的 GMP/GDP 环境下数据管理和完整性优良规范(草案) 翻译:Julia
PIC/S GUIDANCE/GOOD PRACTICES FOR DATA MANAGEMENT AND INTEGRITY IN REGULATED GMP/GDP Page 20 / 56
ENVIRONMENTS (draft)
- 与设备相关的因素,如确认、校正维护和计算机验证
- 控制措施和行为的方针和程序,包括数据审核程序用以核查是否符合程序要求
- 偏差管理,包括根本原因分析,影响分析和CAPA
- 受过培训的有资质的人员了解遵守既定程序和记录其活动和决策的重要性
这些要素一起保证信息的准确性,包括用于做出关于产品质量关键决策的科学数据。
Complete All information that would be critical to recreating an event is important when trying to
understand the event. The level of detail required for an information set to be considered
complete would depend on the criticality of the information. (see section 5.4 Data criticality).
A complete record of data generated electronically includes relevant metadata.
完整 当试图了解一件事情时,所有在还原该事件时关键的信息都是重要的。一个信息需要考虑成
为完成时所需的详细程度取决于信息的关键程度(参见第5.4部分数据关键程度)。一个由电
子方式产生的数据的完整记录包括相关的元数据。
Consistent Good Documentation Practices should be applied throughout any process, without
exception, including deviations that may occur during the process. This includes capturing
all changes made to data.
一致 优良文件记录规范应适用于所有过程,没有例外,包括在过程中发生的偏差。这包括了捕获
对数据所做的所有变更。
Enduring Part of ensuring records are available is making sure they exist for the entire period during
which they might be needed. This means they need to remain intact and accessible as an
indelible/durable record.
持久 保证记录可以获得的一部分内容是确保其在可能需要的整个时间段都存在。这表示他们需要
用为一份清晰/持久的记录保持完好无损并且可以获取。
Available Records must be available for review at any time during the required retention period,
accessible in a readable format to all applicable personnel who are responsible for their
review whether for routine release decisions, investigations, trending, annual reports, audits
or inspections.
可获得 记录必须在其所要求的保存期间随时可以获得用于审核,负责其日常放行决策、调查、趋势
分析、年报、审核或检查中审核的所有适合的人员都能可读格式获得。
7.6 If these elements are appropriately applied to all applicable areas of GMP and GDP-related activities,
along with other supporting elements of a Pharmaceutical Quality Management System, the
reliability of the information used to make critical decisions regarding drug products should be
adequately ensured.
如果这些要素恰当应用于所有GMP和GDP相关活动领域,与其它PQMS的支持要素一起,用于做出药品关
键决策的信息的可靠信就能得到充分保证。
8 SPECIFIC DI CONSIDERATIONS FOR PAPER-BASED SYSTEMS 纸质系统特定 DI 考
虑
8.1 Structure of quality management system (QMS) and control of blank forms/templates/records QMS
结构和空白格式/模板/记录控制
8.1.1 The effective management of paper based documents is a key element of GMP/GDP. Accordingly
the documentation system should be designed to meet GMP/GDP requirements and ensure that
documents and records are effectively controlled to maintain their integrity.
纸质文件的有效管理是GMP/GDP的关键要素。因而,文件记录系统的设计应符合GMP/GDP要求,确保
文件和记录有效受控,以保持其完整性。
8.1.2 Paper records must be controlled and must remain attributable, legible, indelible/durable,
contemporaneous, original and accurate (ALCOA) throughout the data lifecycle.
纸质记录必须受控,必须在数据生命周期中保留其ALCOA属性。
8.1.3 Procedures outlining good documentation practices and arrangements for document control
PIC/S 在受法规约束的 GMP/GDP 环境下数据管理和完整性优良规范(草案) 翻译:Julia
PIC/S GUIDANCE/GOOD PRACTICES FOR DATA MANAGEMENT AND INTEGRITY IN REGULATED GMP/GDP Page 21 / 56
ENVIRONMENTS (draft)
should be available within the QMS. These procedures should specify:
QMS内应该有文件控制程序列出优良文件记录规范和安排。这些程序应指定:
How master documents and procedures are created, reviewed and approved for use;
主记录和程序如何创建、审核和批准使用;
Generation, distribution and control of templates used to record data (master , logs, etc.);
用于记录数据的模板的生成、发放和控制(主文件、日志等);
Retrieval and disaster recovery processes regarding records.
记录恢复和灾难恢复过程;
The process for generation of working copies of documents for routine use, with specific emphasis
on ensuring copies of documents, e.g. SOPs and blank forms are issued and reconciled for use in a
controlled and traceable manner.
生成日常使用的工作记录的流程,具体强调保证文件的副本,例如,SOP和空白表格应使用受控和可
追溯方式发放和平衡数量;
Guidance for the completion of paper based documents, specifying how individual operators are
identified, data entry formats and amendments to documents are recorded.
纸质文件填写指南,说明各操作人员如何识别记录,说明数据输入格式以及如何增补更正文件;
How completed documents are routinely reviewed for accuracy, authenticity and completeness;
填写完成的记录日常如何审核其准确性、可信性和完整性;
Processes for the filing, retrieval, retention, archival and disposal of records.
记录的填写、恢复、保存、归档和废弃流程;
How data integrity is maintained throughout the lifecycle of the data.
在整个数据的生命周期维护数据完整性。
8.2 Why is the control of records important? 记录控制为什么很重要?
Evidence of activities performed;
活动实施的证据;
Evidence of compliance with GMP requirements and company policies, procedures and work
instructions;
符合GMP要求和公司方针、程序和工作指令的证据;
Effectiveness of Pharmaceutical QMS;
药物QMS有效性;
Traceability;
可追溯性;
PIC/S 在受法规约束的 GMP/GDP 环境下数据管理和完整性优良规范(草案) 翻译:Julia
PIC/S GUIDANCE/GOOD PRACTICES FOR DATA MANAGEMENT AND INTEGRITY IN REGULATED GMP/GDP Page 22 / 56
ENVIRONMENTS (draft)
Process authenticity and consistency ;
工艺真实性和一致性;
Evidence of the good quality attributes of the medicinal products manufactured; and
所生产的药品具有优良质量属性的证据;以及
In case of complaints, records could be used for investigational purposes.
如果有客户投诉,记录可以用于调查。
8.3 Generation, distribution and control of template records 模板记录的生成、发放和控制
8.3.1 Why is managing and controlling master records necessary? 为什么要管理和控制母版记录?
Managing and controlling master records is necessary to ensure that the risk of someone inappropriately
using and/or falsifying a record ‗by ordinary means‘ (i.e. not requiring the use of specialist fraud skills) is
reduced to an acceptable level.
管理和控制母版记录对于保证将人们“通过常规方法”(即不需要使用专家级造假技巧)不恰当使用和/
或伪造记录的风险降至可接受水平是必须的。
The following expectations should be implemented using a quality risk management approach,
considering the risk and criticality of data recorded (see section 5.4, 5.5).
以下要求应使用质量风险管理方式实施,同时考虑数据记录的风险和关键程度(参见第5.4,5.5部分)。
8.4 Expectations for the generation, distribution and control of records 记录生成、发放和控制要求
Expectations 要求 Potential risk of not meeting expectations/items to
be checked 不符合要求时需要检查的潜在风险
Item: Generation 产生
1 All documents should have a unique identification Uncontrolled documents increase the potential for
number (including the version number) and should omission or loss of critical data as these documents may
be checked, approved, signed and dated. not be designed to correctly record critical data.
The use of uncontrolled documents should be It may be easier to falsify uncontrolled records.
prohibited by local procedures. The use of
temporary recording practices, e.g. scraps of paper Risk of using superseded forms if there is no version
should be prohibited. control or controls for issuance.
所有文件均应有唯一的识别号(包括版本号),应进 非受控文件记录增加了关键数据丢失或忽略的可能性,因
行检查、批准、签名并签署日期。 为这些文件记录的设计不利于正确记录关键数据。
应通过程序禁止使用非受控文件。应禁止使用临时记 伪造非受控的记录可能会更容易一点。
录的做法,例如刮擦纸张。
如果没有版本控制和发放控制,则会产生使用失效的格式
的风险。
2 The document design should provide sufficient Handwriting data may not be clear and legible if the
space for manual data entries. spaces provided for data entry are not sufficiently sized.
If additional pages of the documents are added to allow
complete documentation, the number of, and reference
to any pages added should be clearly documented on
the main record page and signed.
记录设计应留出足够的空白让员工书写数据。 如果没有留出足够的空白,手书记录可能会不清楚,无法
阅读。
PIC/S 在受法规约束的 GMP/GDP 环境下数据管理和完整性优良规范(草案) 翻译:Julia
PIC/S GUIDANCE/GOOD PRACTICES FOR DATA MANAGEMENT AND INTEGRITY IN REGULATED GMP/GDP Page 23 / 56
ENVIRONMENTS (draft)
如果给记录附加了页,使得员工可以写完记录内容,则每
页应该加编号和索引号,并记录在主记录页中,并在加页
上签字。
3 The document design should make it clear what Ambiguous instructions may lead to
data is to be provided in entries. inconsistent/incorrect recording of data.
Ensures clear, contemporaneous and indelible/durable
completion of entries.
文件设计时应写清楚在输入中要提供什么数据。 指令不清可能会导致数据记录不一致/不正确。
保证书写内容清楚、同步、可读/持久及完整。
4 Documents should be stored in a manner which Inappropriate storage conditions can allow unauthorised
ensures appropriate version control. modification, use of expired and/or draft documents or
cause the loss of master documents.
Master copy (in soft copy) should be prevented
from unauthorised or inadvertent changes. E.g.: The processes of implementation and the effective
For the template records stored electronically, the communication are just as important as the document.
following precautions should be in place:
Master copies should contain distinctive marking so to
- Access to master templates should be distinguish the master from a copy, e.g. use of colored
controlled; papers or inks so as to prevent inadvertent use.
- process controls for creating and updating
versions should be clear and practically
applied/verified;
- master documents should be stored in a manner
which prevents unauthorised changes;
文件记录存贮方式应保证受到恰当的版本控制。 不恰当的存贮条件可能会发生未经授权的修改、使用过期
的和/或草稿文件或导致主文件丢失。
主文件(软复本)应保护不会被未经授权或不经意地
修改。例如,对于以电子方式存贮的模板式记录,应 实施流程和有效沟通与文件一样重要。
有以下注意事项:
主件应有清楚标识,与副本相区别,例如,使用有颜色的
- 应控制接触模板母本的权限 纸张或墨水,这样防止不经意误用。
- 版本创建和更新过程控制应清楚,并实际可操作/
核查
- 主文件存贮方式应能防止未经授权的修改
Item: Distribution and Control 分发和控制
1 Updated versions should be distributed in a timely There may be a risk that obsolete versions can be used
manner. by mistake if available for use.
Obsolete master documents and files should be
archived and their access restricted.
Any issued and unused physical documents
retrieved and destroyed accordingly.
更新后的版本应及时分发。 如果过期版本能够被拿到,则有被误用的风险。
过期母版文件记录应归档,接受它们的权限应进行限
制。
所有已发放但未使用的纸质文件应相应收回和销毁。
2 Issue should be controlled by written procedures Without the use of security measures, there is a risk that
that include the following controls: rewriting or falsification of data may be made after
photocopying or scanning the template record (which
- using of a secure stamp, or paper color code not gives the user another template copy to use).
available in the working areas or another
appropriate system. Obsolete version can be used intentionally or by error.
- ensuring that only the current approved version A filled record with an anomalous data entry could be
is available for use. replaced by a new rewritten template.
- allocating a unique identifier to each blank All unused forms should be accounted for, and either
PIC/S 在受法规约束的 GMP/GDP 环境下数据管理和完整性优良规范(草案) 翻译:Julia
PIC/S GUIDANCE/GOOD PRACTICES FOR DATA MANAGEMENT AND INTEGRITY IN REGULATED GMP/GDP Page 24 / 56
ENVIRONMENTS (draft)
document issued and recording the issue of defaced and destroyed, or returned for secure filing.
each document in a register.
- numbering every distributed copy (e.g.: copy 2 of
2) and sequential numbering of issued pages in
bound books.
- Where the re-issue of additional copies of the
blank template is necessary, a controlled
process regarding re-issue should be followed.
All distributed copies should be maintained and
a justification and approval for the need of an
extra copy should be recorded, e.g.: ―the original
template record was damaged‖.
- All issued records should be reconciled following
use to ensure the accuracy and completeness of
records.
应有书面程序控制记录分发,包括以下控制: 如果不使用安全措施,则会存在影印或扫描模板记录(当
发给用户一个模板使用时)后重新书写或伪造数据的见险。
- 使用工作区域无法获得的安全保存的印章或有色
纸,或者使用其它合适的系统 过期版本可能会被有意或无意使用。
- 保证只能获得批准的现行版本供使用 填写好的记录如果有反常数据输入,可能会被使用新的重
写过的模板替换。
- 为发放的每份空白记录给定一个唯一识别标志,
并在登记册上记录每份文件的发放 所有未使用的表格均应计数,要么划掉并销毁,要么退回
安全归档。
- 为每个分发的副本编号(例如,副本2,共有2),
对装订成册的记录每页均给定连续编号
- 如果需要多次发放空白模板副本,则应遵守多次
发放的受控程序。所有发放的副本均应维护,需
要额外副本的时应说明和批准并记录,例如“原
模板记录受损”。
- 所有发放的记录在使用后应计数平衡,以保证记
录的准确性和完整性。
8.4.1 An index of all the template records should be maintained by QA organisation. This index should
mention for each type of template record at least the following information: title, reference number
including version number, location (e.g., documentation data base, effective date, next review date,
etc.
QA部门应维护一份所有模板记录的清单。此索引清单应至少提到各类模板记录中的以下信息:标题、索
引号包括版本号、位置(例如,文件记录数据库)、有效日期、下次审核日期等。
8.5 Use and control of records within production areas 生产区域记录使用和控制
8.5.1 Records should be appropriately controlled in the production areas by designated persons or
processes. These controls should be carried out to minimize the risk of damage or loss of the
records and ensure data integrity. Where necessary, measures must be taken to protect records
from being soiled (e.g. getting wet or stained by materials, etc).
在生产区域的记录应由指定人员或流程进行恰当控制。应实施这些控制来减少记录受损或丢失的风险,保
证数据完整性。必要时,必须采取措施保护记录不被污损(例如,弄湿或被物料弄脏等)。
8.6 Filling out records 记录填写
8.6.1 The items listed in the table below should be controlled to assure that a record is properly filled out.
PIC/S 在受法规约束的 GMP/GDP 环境下数据管理和完整性优良规范(草案) 翻译:Julia
PIC/S GUIDANCE/GOOD PRACTICES FOR DATA MANAGEMENT AND INTEGRITY IN REGULATED GMP/GDP Page 25 / 56
ENVIRONMENTS (draft)
下表中列出的项目应进行控制,以保证记录填写符合要求。
Expectations 要求 Specific elements that should be checked /
Potential risk of not meeting expectations
应检查的具体要素/不符合要求的潜在风险
Item项目 Completion of records 记录完成
1 Handwritten entries must be made by the Check that handwriting is consistent for entries made
person who executed the task. by the same person.
Unused, blank fields within documents should Check the entry is legible and clear (i.e.
be crossed-out, dated and signed. unambiguous; and does not include the use of
unknown symbols / abbreviation, e.g. use of ditto (―)
Handwritten entries should be made in clear marks.
and legible writing.
Check for completeness of data recorded.
The completion of date fields should be done in
the format defined for the site. E.g. dd/mm/yyyy Check correct pagination of the records and are all
or mm/dd/yyyy. pages present.
手书记录必须是执行任务的人书写。 检查同一员工填写的记录笔迹一致。
文件中未经使用的空白格应划掉、签名并书写日 检查书写内容清晰可读(即,没有不清楚,不包括使用
期。 未知符合/缩写,例如使用表示重复内容的两点。
手书记录应清晰可读。 检查所记录数据是否完整。
日期格式应按工厂要求填写完整,例如:2位日 检查记录页编号是否正确,是否无缺失页。
+2位月+4位年,或者是2位月+2位日+4位年
2 Filling out operations should be Verify that records are available within the immediate
contemporaneous6. areas in which they are used, i.e Inspectors should
expect that sequential recording can be performed at
the site of operations. If the form is not available at the
point of use, this will not allow operators to fill in
records at the time of occurrence.
操作内容的填写必须同步。 核查记录是否在其使用区域可以获得,即,检查员应要
求在操作现场就地完成记录。如果在使用点找不到记
录,则操作员不可能在操作同时填写记录。
3 Records should be indelible. Check that written entries are in ink, which is not
erasable and/or will not smudge or fade (during the
retention period).
Check that the records were not filled out using pencil
prior to use of pen (overwriting).
Note that some paper printouts from systems may
fade over time, e.g. thermal paper.
记录应可读。 检查书写内容是否用墨水写就,应不可擦除和/或模糊褪
色(在保存期间)。
6
The use of scribes to record activity on behalf of another operator should be considered ‗exceptional‘, and only take
place where:
The act of recording places the product or activity at risk e.g. documenting line interventions by sterile operators.
To accommodate cultural or staff literacy / language limitations, for instance where an activity is performed by an
operator, but witnessed and recorded by a Supervisor or Officer.
In both situations, the supervisory recording must be contemporaneous with the task being performed, and must identify
both the person performing the observed task and the person completing the record. The person performing the observed
task should countersign the record wherever possible, although it is accepted that this countersigning step will be
retrospective. The process for supervisory (scribe) documentation completion should be described in an approved
procedure, which should also specify the activities to which the process applies.
使用记录员来代替另一人记录所操作事件应作为“例外情况”,只有在以下情况可以使用:
记录活动会让产品或活动处于风险之中,例如,记录无菌操作人员对生产线的人工干预情况
适应文化或员工文化水平/语言限制,例如,一个操作工实施活动,主管或管理员在现场查看并记录。
在两种情形下,监管式记录都必须与所实施的任务同步,必须写明完成该任务和完成记录的人员姓名。实施所观察任务的人
员应在可能时就对记录进行会签,这时的会签是回顾式的,是可以接受的。监管(记录)记录完成的过程应一个批准的程序
中描述,还应该指定该程序适用的活动。
PIC/S 在受法规约束的 GMP/GDP 环境下数据管理和完整性优良规范(草案) 翻译:Julia
PIC/S GUIDANCE/GOOD PRACTICES FOR DATA MANAGEMENT AND INTEGRITY IN REGULATED GMP/GDP Page 26 / 56
ENVIRONMENTS (draft)
Expectations 要求 Specific elements that should be checked /
Potential risk of not meeting expectations
应检查的具体要素/不符合要求的潜在风险
Item项目 Completion of records 记录完成
检查记录是否在用铅笔书写之前用铅笔写过(套写)。
注意一些从系统里打印的纸质打印件可能会在一定时
长后褪色,例如热敏纸。
4 Records should be signed and dated using a Check that there are signature and initials logs, that
unique identifier that is attributable to the are controlled and current and that demonstrate the
author. use of unique examples, not just standardized printed
letters.
Ensure that all key entries are signed & dated,
particularly if steps occur over time, i.e. not just signed
at the end of the page and/or process.
The use of personal seals is generally not
encouraged; however, where used, seals must be
controlled for access.
There should be a log which clearly shows traceability
between an individual and their personal seal. Use of
personal seals must be dated (by the owner), to be
deemed acceptable.
记录的签名和日期应有唯一的识别标志,可以追 检查是否有签名和首字母名清单。清单应该受控并且是
溯到书写人。 现行的,它证明使用了唯一的样子,而不只是标准化印
刷的字母。
保证所有关键的书写内容都有签字和日期,尤其是如果
步骤发生在一定时长内,即不止是在页尾和/或工艺结束
时签字。
应该有一份清单,在其中显示个人及其名鉴之间的可追
溯性。使用个人名鉴必须要有日期(持有人书写),这
样是可以接受的。
8.7 Making corrections on records 记录更正
Corrections to the records must be made in such way that full traceability is maintained.
对记录进行更正必须保持全面可追溯性。
Item How should records be corrected? Specific elements that should be checked when
项目 记录要如何更正? reviewing records:
在审核记录时要检查的具体要素:
1 Cross out what is to be changed with a single Check that the original data is readable not obscured
line. (e.g.: not obscured by use of liquid paper; overwriting
is not permitted)
Where appropriate, the reason for the correction
must be clearly recorded and verified if critical. If changes have been made to critical data entries,
verify that a valid reason for the change has been
Initial and date the change made. recorded and that supporting evidence for the change
is available.
Check for unexplained symbols or entries in records
用单删除线划掉要更正的部分。 检查原始记录是否被遮盖,是否仍可读(例如,没有使
用修正液遮盖,不允许重叠书写)。
适当时必须清楚记下更正的理由,关键的话还要核
查。 如果是对关键数据进行更正,则要核查是否记录了有效
的更正理由,以及是否有支持变更的证据。
更正人签名首字母和日期。
检查记录中没有解释的符合或内容。
PIC/S 在受法规约束的 GMP/GDP 环境下数据管理和完整性优良规范(草案) 翻译:Julia
PIC/S GUIDANCE/GOOD PRACTICES FOR DATA MANAGEMENT AND INTEGRITY IN REGULATED GMP/GDP Page 27 / 56
ENVIRONMENTS (draft)
Corrections must be made in indelible ink. Check that written entries are in ink, which is not
erasable and/or will not smudge or fade (during the
retention period).
Check that the records were not filled out using pencil
prior to use of pen (overwriting).
更正必须采用不可擦除的墨水。 检查书写是否使用的墨水,是否不能擦除和/或模糊或褪
色(在存贮期间)。
检查记录填写是否在用铅笔之前用铅笔打底(套写)。
8.8 Verification of records (secondary checks) 记录核查(第二人检查)
Item When and who should verify the records? Specific elements that should be checked
项目 什么人什么时间要对记录进行核查? when reviewing records:
在审核记录时要检查哪些具体要素:
1 A- Batch production records of critical process steps Verify the process for the handling of production
should be: records within processing areas to ensure they are
readily available to the correct personnel at the
- reviewed/witnessed by designated personnel time of performing the activity to which the record
(e.g.: production supervisor) at the time of relates.
operations occurring; and
Verify that any secondary checks performed
- reviewed by an authorised person within during processing were performed by
production before sending them to the QC appropriately qualified and independent
department; and - reviewed and approved by the personnel, e.g. production supervisor or QA.
Quality Assurance Unit (e.g. Authorised Person /
Qualified Person) before release or distribution of Check that documents were reviewed by
the batch produced. production and then quality personnel following
completion of operational activities.
B- Batch production records of non-critical process
steps is generally reviewed by production personnel
according to an approved procedure.
This verification must be conducted after performing
production-related tasks and activities. This
verification must be signed or initialed and dated by
the appropriate persons.
Local SOPs must be in place to describe the process
for review of written documents.
A-关键工艺步骤的批生产记录应: 核查生产区域内处理生产记录的程序以保证正确的
人员在实施记录相关操作时可以很容易获取该记
- 由指定人员(例如生产主管)在操作发生时进行审 录。
核/现场查看;并且
核查是否在工艺期间由适当资质和独立的人员,例
- 由生产部门内经过授权的人员在将记录送交QC部 如生产主管或QA进行第二人检查。
门前进行审核,并且由QA部门(例如授权人/QP)
进行审核和批准,然后放行或销售所生产的批次 检查文件记录是否在操作活动完成之后由生产部审
核,然后由质量人员审核。
B-非关键工艺步骤的批生产记录通常由生产部人员根
据批准的程序进行审核。
此核查必须在生产相关任务和活动实施之后再执行。
此核查必须由适当的人员签字或签首写字母并签署日
期。
必须有SOP描述书面文件记录的审核流程。
How should records be double checked? Specific elements that should be checked
如何对记录进行双重检查? when reviewing records:
在审核记录时要检查哪些具体要素:
2 Check that all the fields have been completed Inspectors should review company procedures for
correctly using the current (approved) templates, the review of manual data to determine the
and that the data was critically compared to the adequacy of processes.
acceptance criteria.
Check that the secondary reviews of data include
Check items 1, 2, 3, and 4 of section 8.5 and Items 1
PIC/S 在受法规约束的 GMP/GDP 环境下数据管理和完整性优良规范(草案) 翻译:Julia
PIC/S GUIDANCE/GOOD PRACTICES FOR DATA MANAGEMENT AND INTEGRITY IN REGULATED GMP/GDP Page 28 / 56
ENVIRONMENTS (draft)
and 2 of section 8.6. a verification of any calculations used.
View original data (where possible) to confirm that
the correct data was transcribed for the
calculation.
检查是否所有空格都使用现行(批准的)模板填写完 检查员应审核公司审核人工数据的程序以确定程序
整正确,相比于可接受标准此数据是否关键。 的充分性。
检查第8.5部分的项目1、2、3和第8.6部分的项目1和 检查对数据是否有第二人审核,包括对所用计算方
2. 法的核查。
查看原始数据(如可能)以确认转抄用于计算的数
据是正确的。
8.9 Maintaining Records 记录维护
Item How should records be maintained? Specific elements that should be checked when
项目 记录应如何维护? reviewing records:
审核记录时应检查的特定要素:
1 Companies should implement a defined system(s) Check if the records are stored in an orderly manner
for storage and recovery of records. and are easily identifiable.
All records must be stored in the specified location
in a traceable and accessible manner.
Systems should ensure that all GMP/GDP relevant
records are stored for periods that meet GMP/GDP
requirements7.
公司应定义并实施记录存贮和恢复系统。 检查记录存贮方式是否有序,易于识别。
所有记录必须存贮在指定的位置,可以追踪并可以
获得。
系统应确保所有GMP/GDP相关记录存贮时长符合
GMP/GDP要求的时长。
2 All records should be protected from damage or Check if there are systems in place to protect records
destruction by: (e.g. pest control and sprinklers).
- fire; Note: Sprinkler systems can be implemented provided
that they are designed to prevent damage documents,
- liquids (e.g. water, solvents and buffer solution); e.g. documents are protected from water (e.g. by
covering them with plastic film).
- rodents;
- hygrometry etc.
- unauthorised personnel access, who may
attempt to amend, destroy or replace records
所有记录应受到保证,不会受到以下操作或毁坏: 检查是否存在有系统保护记录(例如,虫鼠控制和自动
喷淋灭火装置)。
- 火
注:如果自动喷淋系统是设计来保护文件的,例如,文
- 液体(例如,水、溶剂和缓冲液) 件是防水的(例如,文件已用塑料膜覆盖),则可以实
- 啮齿动物 施自动喷淋系统
- 湿度测定等
- 未经授权的人员进入,该人可能试图修改、损毁
或替换记录
7
Note that storage periods for some documents may be dictated by other local or national legislation.
注意有些文件记录的存贮期限可能是有当地或国家法律规定的。
PIC/S 在受法规约束的 GMP/GDP 环境下数据管理和完整性优良规范(草案) 翻译:Julia
PIC/S GUIDANCE/GOOD PRACTICES FOR DATA MANAGEMENT AND INTEGRITY IN REGULATED GMP/GDP Page 29 / 56
ENVIRONMENTS (draft)
3 Strategy for disaster recovery Check for system is in place for the recovery of
records in a disaster situation
灾难恢复策略 检查是否具备灾难情形下恢复记录的系统。
8.10 Direct print-outs from electronic systems 从电子系统直接打印出的打印件
8.10.1 Paper records generated by very simple electronic systems, e.g. balances, pH meters or simple
processing equipment which do not store data provide limited opportunity to influence the
presentation of data by (re-)processing, changing of electronic date/time stamps. In these
circumstances, the original record should be signed and dated by the person generating the record
and the original should be attached to batch processing records.
从不存贮数据的非常简单的电子系统,如天平、pH计或简单工艺设备中产生的纸质记录,其通过对数据进
行再处理、改变电子日期/时间戳的方式影响数据呈现的机会受到限制,则可以由生成记录的人对原始
记录签名日期,并将原始记录附入批处理记录。
8.11 True copies 真实备份
8.11.1 Copies of original paper records (e.g. analytical summary reports, validation reports etc.) are
generally very useful for communication purposes, e.g. between companies operating at different
locations. These records must be controlled during their life cycle to ensure that the data received
from another site (sister company, contractor etc.) are maintained as ―true copies‖ where
appropriate, or used as a ―summary report‖ where the requirements of a ―true copy‖ are not met (e.g.
summary of complex analytical data).
原始纸质记录(例如,分析汇总报告,验证报告等)的副本一般在交流时非常有用,例如,当公司在不同
地方操作时。这些记录必须在其生命周期中受控,以确保从另一场所(兄弟公司,合同商等)收集来
的数据在适当时作为“真实备份”得到维护,或者是在不符合“真实备份”要求(例如,复杂的分析
数据的汇总)时用作“总结报告”。
8.11.2 It is conceivable for raw data generated by electronic means to be retained in an acceptable
paper or pdf format, where it can be justified that a static record maintains the integrity of the original
data. However, the data retention process must be shown to include verified copies of all raw data,
metadata, relevant audit trail and result files, software / system configuration settings specific to
each analytical run, and all data processing runs (including methods and audit trails) necessary for
reconstruction of a given raw data set. It would also require a documented means to verify that the
printed records were an accurate representation. This approach is likely to be onerous in its
administration to enable a GMP compliant record.
可以想象,对于电子方式产生的原始数据会以可接受的纸质方式或PDF格式保存,这时可以论证静态的记
录维持了原始数据的完整性。但是,数据保存流程必须包括对经过核对的所有原始数据、元数据、相
关审核追踪和结果文件、每次分析运行时的软件/系统参数设置、以及所有过程运行数据(包括方法和
审核追踪),这是重新构建指定的原始数据系列时所需要的内容。这也要求有书面方法来核查所打印
的记录是一份准确的表达。这种方法可能会太麻烦,难以管理让其符合GMP记录要求。
8.11.3 Many electronic records are important to retain in their dynamic (electronic) format, to enable
interaction with the data. Data must be retained in a dynamic form where this is critical to its integrity
or later verification. This should be justified based on risk.
PIC/S 在受法规约束的 GMP/GDP 环境下数据管理和完整性优良规范(草案) 翻译:Julia
PIC/S GUIDANCE/GOOD PRACTICES FOR DATA MANAGEMENT AND INTEGRITY IN REGULATED GMP/GDP Page 30 / 56
ENVIRONMENTS (draft)
许多电子记录要保存在其动态(电子)格式,使得可以与数据互动。数据必须以对其完整性至为关键的形
式保存,并要在保存后进行核查。应基于风险来论证此方式。
8.11.4 At the receiving site, these records (true copies) may either be managed in a paper or electronic
format (e.g., PDF) and should be controlled according to an approved QA procedure.
在接收场所,这些记录(真实副本)可以以纸质方式或电子格式(例如PDF)保存,应根据批准的QA程
序受控。
8.11.5 Care should be taken to ensure that documents are appropriately authenticated as ―true copies‖
either through the use of handwritten or digital signatures.
应小心确保文件经过适当的“真实副本”认证,可以是通过手书或数字签名达到此目的。
Item How should the “true copy” be issued and Specific elements that should be checked
项目 controlled? when reviewing records:
“真实备份”应如何签发和受控? 在审核记录时要检查的具体要素:
1 Creating a ―true copy‖ of a paper document. Verify the procedure for the generation of true
copies.
At the company who issues the true copy:
Check that true copies issued are identical
- Obtain the original of the document to be copied (complete and accurate) to original records.
Copied records should be checked against the
- Photocopy the original document ensuring that no
original document records to make sure there is
information from the original copy is lost;
no tampering of the scanned image.
- Verify the authenticity of the copied document and
Check that scanned or saved records are
sign and date the new hardcopy as a ―true copy‖;
protected to ensure data integrity.
The ―True Copy‖ may now be sent to the intended
After scanning paper records and verifying
recipient.
creation of a ‗true copy‘, it may be possible to
Creating a ―true copy‖ of a electronic document. permit destruction of the original documents
from which the scanned images have been
A ‗true copy‘ of an electronic record should be created created.
by electronic means (electronic file copy), including all
required metadata. Creating pdf versions of electronic There should be a documented approval
data should be discouraged, as this is equivalent to a process for this destruction.
printout from the electronic system, which risks loss of
metadata.
The ―True Copy‖ may now be sent to the intended
recipient.
A distribution list of all issued ―true copies‖ (soft/hard)
should be maintained.
创建一份纸质文件的“真实备份”。 核查真实备份的生成流程。
在签发真实备份的公司: 检查所签发的真实备份是否与原始记录相同(完
整准确)。备份记录应和原始文件记录对比检查,
- 获得要备份的文件原件 确认没有篡改扫描影像。
- 对原始文件进行影印,确保没有遗漏原件上任何信息 检查扫描或保存的记录受到保护,能保证数据完
- 核对复印件的真实性,在复印件上签名/日期,将新 整性。
的复印件作为“真实备份” 在扫描了纸质记录和核对“真实备份”的创建后,
“真实备份”现在可以发送给接收方。 可以允许销毁已经扫描创建过“真实备份”的原
始文件。
创建一份电子文件的“真实备份”。
此销毁过程应有书面批准的程序。
电子记录的“真实备份”应采用电子方式创建(电子文
件备份),包括所有所需的元数据。不鼓励创建电子数
据的PDF版本,因为这等于从电子系统打印出一份打印
件,这时有丢失元数据的风险。
“真实备份”现在可以发送给接受方。
要维护所有签发的“真实备份”(软备份/硬备份)的发
PIC/S 在受法规约束的 GMP/GDP 环境下数据管理和完整性优良规范(草案) 翻译:Julia
PIC/S GUIDANCE/GOOD PRACTICES FOR DATA MANAGEMENT AND INTEGRITY IN REGULATED GMP/GDP Page 31 / 56
ENVIRONMENTS (draft)
放清单。
2 At the company who receives the true copy: Check that received records are checked and
retained appropriately.
- The paper version, scanned copy or electronic file
should be reviewed and filed according to good A system should be in place to verify the
document management processes. authenticity of ―true copies‖ e.g. through
verification of the correct signatories.
The document should clearly indicate that it is a true
copy and not an original record.
收到真实备份的公司: 检查所收到的记录是否经过适当的检查和保存。
- 纸质版本、扫描备份或电子文件应根据优良文件记录 应该有一个系统核对“真实备份”的正被性,例
管理流程进行审核和存档。 如,通过验证其正确签名。
文件记录应清楚显示其是真实备份,而不是原始记录。
8.11.6 A quality agreement should be in place to address the responsibilities for the generation and
transfer of ―true copies‖ and data integrity controls. The system for the issuance and control of ―true
copies‖ should be audited by the contract giver and receiver to ensure the process is robust and
meets data integrity principles.
应有质量协议说明“真实备份”产生和转移的职责以及数据完整性控制。签发和控制“真实备份”的系统
应由合同发包方和合同接受方进行审计,以确保流程稳健,符合数据完整性原则。
8.12 Limitations of remote review of summary reports 对汇总报告进行远程审核的局限性
8.12.1 The remote review of data within summary reports is a common necessity; however, the
limitations of remote data review must be fully understood to enable adequate control of data
integrity.
对汇总报告中的数据进行远程审核通常是必须的。但是,必须全面了解远程数据审核的局限性,以对数据
完整性进行充分控制。
8.12.2 Summary reports of data are often supplied between physically remote manufacturing sites,
Market Authorisation Holders and other interested parties. However, it must be acknowledged that
summary reports are essentially limited in their nature, in that critical supporting data and metadata
is often not included and therefore original data cannot be reviewed.
数据汇总报告通常会在物理距离上比较远的生产场所、上市许可持有人和其它利益相关方之间传递。但是,
必须知道汇总报告从根本上来说受限于其特性,其中通常并不包括关键支持性数据和元数据,因此无
法对原始数据进行审核。
8.12.3 It is therefore essential that summary reports are viewed as but one element of the process for
the transfer of data and that interested parties and inspectorates do not place sole reliance on
summary report data.
因此有必要仅是将审核汇总报告作为数据转移过程中的一个环节,利益相关方和检查组织并不仅仅依赖于
汇总报告的数据。
8.12.4 Prior to acceptance of summary data, an evaluation of the supplier‘s quality system and
compliance with data integrity principles should be established through on-site inspection when
considered important in the context of quality risk management.
在接受汇总数据之前,考虑到质量风险管理环境下其重要性,应通过现场检查对供应商的质量体系和数据
完整性原则符合性进行评估。
PIC/S 在受法规约束的 GMP/GDP 环境下数据管理和完整性优良规范(草案) 翻译:Julia
PIC/S GUIDANCE/GOOD PRACTICES FOR DATA MANAGEMENT AND INTEGRITY IN REGULATED GMP/GDP Page 32 / 56
ENVIRONMENTS (draft)
The inspection should ensure the veracity of data generated by the company, and include a review of the
mechanisms used to generate and distribute summary data and reports.
检查应确保公司所产生的数据的真实性,包括对用来产生和分发汇总数据和报告体制的审核。
8.13 Document retention (Identifying record retention requirements and archiving records) 文件记录保
存(识别记录保存要求和归档记录)
8.13.1 The retention period of each type of records should (at a minimum) meet those periods specified
by GMP/GDP requirements. Consideration should be given to other local or national legislation that
may stipulate longer storage periods.
每类记录的保存时长应(至少)符合GMP/GDP要求中指定的时长。应考虑其它可能规定了更长保存期限
的当地或国家法规。
8.13.2 The records can be retained internally or by using an outside storage service subject to quality
agreements. A risk assessment should be available to demonstrate retention
systems/facilities/services are suitable and that the residual risks are understood.
记录可以内部保存,也可以使用外部保存服务,但要签订质量协议。应进行风险评估证明保存系统/设施/
服务是适当的,并了解残留风险。
Item Where and how should records be archived? Specific elements that should be checked
项目 在哪儿如何归档记录? when reviewing records:
审核记录时要检查的具体要素
1 A system should be in place describing the different Check that the system implemented for retrieving
steps for archiving records (identification of archive archived records is effective and traceable.
boxes, list of records by box, retention period,
archiving location etc.). Check that access to archived documents is
restricted to authorized personnel ensuring
integrity of the stored records.
The storage methods used should permit efficient
retrieval of documents when required.
1 应有一个系统描述归档记录的不同步骤(档案盒识别、 检查归档记录恢复实施系统是否有效和可追踪。
盒中记录清单、保存期限、存档位置等)。
检查归档文件接触权限是否仅限于被授权的人员,
能确保所存贮记录的完整性。
所用保存方法应能在必要时对文件进行有效恢复。
2 All hardcopy quality records should be archived in: Check for the outsourced archived operations if
there is a quality agreement in place and if the
- secure locations to prevent damage or loss; storage location was audited.
- such a manner that it is easy retrievable. Ensure there is some assessment of ensuring that
documents will still be legible/available for the
- Ensure that records are likely durable for their
entire archival period.
archived life
Check that access to archived documents is
restricted to authorized personnel ensuring
integrity of the stored records.
The storage methods used should permit efficient
retrieval of documents when required.
2 所有纸质质量记录应存档在: 检查外包操作是否有质量协议,是否对存放位置进
行了审核。
- 安全的位置,防止损坏或物超所值
确保有一些评估,保证文件在整个归档周期都清晰.
- 其保存方式应易于恢复; 可以获得。
PIC/S 在受法规约束的 GMP/GDP 环境下数据管理和完整性优良规范(草案) 翻译:Julia
PIC/S GUIDANCE/GOOD PRACTICES FOR DATA MANAGEMENT AND INTEGRITY IN REGULATED GMP/GDP Page 33 / 56
ENVIRONMENTS (draft)
- 确保记录能持久保存达到其生命周期。 检查归档文件的进入权限是否仅限于被授权的人
员,能确保所存贮记录的完整性。
所用存贮方法应能保证必要时有效恢复文件。
8.14 Disposal of original records 原始记录的废弃
8.14.1 A documented process for the disposal of records should be in place to ensure that the correct
original records are disposed of after the defined retention period. The system should ensure that
current records are not destroyed by accident and that historical records do not inadvertently make
their way back into the current record stream (eg. Historical records confused/mixed with existing
records.)
记录废弃处理应有书面程序,以确保销毁的是超过既定保留时长的正确的原始记录。系统应保证现行记录
不会被错误销毁,历史记录不会阴差阳错回到现行记录流(例如,历史记录与现有记录混淆/混合)。
8.14.2 A record/register should be available to demonstrate appropriate and timely destruction of retired
records.
应该能提供记录/登记册证明对退役的记录进行了适当及时的销毁。
8.14.3 Measures should be in place to reduce the risk of deleting the wrong documents. The access
rights allowing deletion of records should be limited to few persons.
应该的措施降低删除错误文件的风险。进入删除文件权限应限制授权给很少数人。
8.14.4 In case of printouts which are not permanent (e.g. thermo transfer paper) a verified (‗true‘) copy
may retained, and it is possible to discard the non- permanent original
如果打印件不是永久的(例如,热敏纸),则应保存经过验证(真实)的副本,可以废弃非永久性记录原
件。
8.14.5 Paper records may be replaced by Scans provided that the principles of ‗true copy‘ are addressed
(see section 8.11.5)
如果“真实备份”的原则有进行说明,则可以采用扫描件替代纸质文件来保存(参见第8.11.5部分)。
9 SPECIFIC DATA INTEGRITY CONSIDERATIONS FOR COMPUTERISED SYSTEMS
计算机化系统具体数据完整性考虑
9.1 Structure of the QMS and control of computerised systems QMS 结构和计算机化系统的控制
9.1.1 A large variety of computerised systems are used by companies to assist in a significant number of
operational activities. These range from the simple standalone to large integrated and complex
systems, many of which have an impact on the quality of products manufactured. It is the
responsibility of each regulated entity to fully evaluate and control all computerised systems and
manage them in accordance with GMP8 and GDP9 requirements.
8
PIC/S PE 009 Guide to Good Manufacting Practice for Medicinal Products, specifically Part I chapters 4, Part II chapters
5, & Annex 11
PIC/S PE 009 药品 GMP 指南,具体为第一部分第 4 章,第二部分第 5 章和附录 11.
9
PIC/S PE 011 GDP Guide to Good Distribution Practice for Medicinal Products, specifically section 3.5 XXX
PIC/S PE 011 药品优良运输 GDP 指南,具体参见第 3.5 部分。
PIC/S 在受法规约束的 GMP/GDP 环境下数据管理和完整性优良规范(草案) 翻译:Julia
PIC/S GUIDANCE/GOOD PRACTICES FOR DATA MANAGEMENT AND INTEGRITY IN REGULATED GMP/GDP Page 34 / 56
ENVIRONMENTS (draft)
公司使用大量不同的计算机化系统来辅助大量的操作活动。其范围从简单的单机到大型集成复杂系统,其
中许多对所生产的药品质量产生影响。各受法规约束的主体有责任全面评估和控制所有计算机化系统,
以及根据GMP和GDP要求对其进行管理。
9.1.2 Organisations should be fully aware of the nature and extent of computerized systems utilised, and
assessments should be in place that describe each system, its intended use and function, and any
data integrity risks or vulnerabilities that may be susceptible to manipulation. Particular emphasis
should be placed on determining the criticality of computerised systems and any associated data, in
respect of product quality.
公司应深刻了解其所采用的计算机化系统的属性和深度,应进行评估描述每个系统,其既定用途以及功能,
和所有数据完整性风险,或易被篡改的脆弱点。尤其应强调要确定计算机化系统及所有相关数据 在
药品质量方面的关键程度。
9.1.3 All computerised systems with potential for impact on product quality should be effectively
managed under a mature quality management system which is designed to ensure that systems are
protected from acts of accidental or deliberate manipulation, modification or any other activity that
may impact on data integrity.
所有对药品质量有潜在影响的计算机化系统均应在成熟的质量管理体系里进行有效管理。质量管理体系设
计应保系统受到保护,不会被事故或有意篡改、修订,或受到任何可能影响数据完整性的活动的侵害。
9.1.4 When determining data vulnerability and risk, it is important that the computerized system is
considered in the context of its use within the business process. For example, data integrity of an
analytical method with computerised interface is affected by sample preparation, entry of sample
weights into the computerized system, use of the computerised system to generate data, and
processing /recording of the final result using that data.
在确定数据弱点和风险时,很重要的一点是要在业务流程内其使用环境下考虑计算机化系统。例如,一个
有计算机化界面的分析方法的数据完整性会受到样品制备、将样品重要输入计算机化系统、使用计算
机化系统产生数据,以及使用这些数据处理/记录最终结果的影响。
9.1.5 The guidance herein is intended to provide specific considerations for data integrity in the context
of computerised systems. Further guidance regarding good practices for computerised systems
may be found in the PIC/S Good Practices for Computerised Systems in Regulated ―GxP‖
Environments (PI 011).
指南此处旨在提供计算机化系统环境下数据完整性的具体考虑。关于优良计算机化系统的规范可以在
PIC/S在受法规约束的GXP环境下计算机化系统优良规范(PI 011)中找到。
9.2 Qualification and validation of computerised systems 计算机化系统的确认和验证
9.2.1 The qualification and validation of computerised systems should be performed in accordance with
the relevant GMP/GDP guidelines; the tables below provide clarification regarding specific
expectations for ensuring good data governance practices for computerised systems.
计算机化系统的确认和验证应根据相关的GMP/GDP指南实施,下表提供了关于保证计算机化系统优良数
据管理规范的具体要求。
Expectations Potential risk of not meeting
要求 expectations/items to be checked
潜在不符合要求风险/要检查的项目
Item: Validation Documentation 验证文件记录
PIC/S 在受法规约束的 GMP/GDP 环境下数据管理和完整性优良规范(草案) 翻译:Julia
PIC/S GUIDANCE/GOOD PRACTICES FOR DATA MANAGEMENT AND INTEGRITY IN REGULATED GMP/GDP Page 35 / 56
ENVIRONMENTS (draft)
项目
1 Regulated users should have an inventory of all Companies that do not have adequate
computerised systems in use. This list should include visibility of all computerised systems in place
reference to: may overlook the criticality of systems and
may thus create vulnerabilities within the
- The name, location and primary function of each data lifecycle.
computerized system;
An inventory list serves to clearly
- Assessments of the function and criticality of the communicate all systems in place and their
system and associated data; (e.g. direct GMP/GDP criticality, ensuring that any changes or
impact, indirect impact, none) modifications to these systems are
controlled.
- The current validation status of each system and
reference to existing validation documents. Verify that risk assessments are in place for
critical processing equipment and data
Risk assessments should be in place for each system,
acquisition systems. A lack of thorough
specifically assessing the necessary controls to ensure
assessment of system impact may lead to a
data integrity. The level and extent of validation for data
lack of appropriate validation and system
integrity should be determined based on the criticality of
control. Examples of critical systems to
the system and process and potential risk to product
review include:
quality, e.g. processes or systems that generate or control
batch release data would generally require greater control - Systems used to control the purchasing
than those systems managing less critical data or and status of products and materials;
processes.
- Systems for the control and data
Consideration should also be given to those systems with acquisition for critical manufacturing
higher potential for disaster, malfunction or situations in processes;
which the system becomes inoperative.
- Systems that generate, store or process
Assessments should also review the vulnerability of the data that is used to determine batch
system to inadvertent or unauthorised changes to critical quality;
configuration settings or manipulation of data. All controls
should be documented and their effectiveness verified. - Systems that generate data that is
included in the Batch processing or
packaging records;
- Systems used in the decision process for
the release of products.
受法规约束的用户应对所有在用计算机化系统有一个清单。 计算机化系统没有充分可见性的公司可能会
该清单包括以下内容: 忽视系统的关键程度,从而在数据生命周期内
产生弱点。
- 每个计算机化系统的名称、位置和基本功能
清单是为了明了所有已有系统及其关键程度,
- 对系统的功能和关键程度及相关数据进行评估,(例如, 确保这些系统所有变更或修改均受到控制。
直接GMP/GDP影响,间接影响,无影响)
核查关键工艺设备和数据获取系统是否有风
- 每个系统当前的验证状态,对现有文件的引用 险评估。系统影响缺乏全面评估可能会导致缺
对每个系统均应有风险评估,尤其要评估控制的必要性,以 乏适当的验证和系统控制。要审核的关键系统
保证数据完整性。数据完整性验证的水平和深度应根据系统 例子包括:
和流程的关键程度,以及对药品质量的潜在风险确定,例如, - 用于控制采购和产品和物料状态的系统;
产生或控制批放行数据的流程或系统需要的控制比管理较
不关键数据的系统或流程更高。 - 关键生产工艺控制和数据获取系统;
还要考虑那些会导致系统无法运行的灾难、故障或情形可能 - 产生、存贮或处理用于决定批质量的系统;
性。
- 产生包括在批加工或批包装记录里的数据
评估还应该审核系统被无意或未经授权修改关键参数设置 的系统;
或数据篡改的弱点。所有控制均应记录,并核查其有效性。
- 用于产品放行决策流程的系统。
2 A Validation Summary Report for each computerised Check that validation systems and reports
system written by the Quality Unit should be in place and specifically address data integrity
state at least the following items: requirements following GMP/GDP
requirements and considering ALCOA
- Critical system configuration details and controls for principles.
restricting access to configuration and any changes
(change control). System configuration and segregation of
duties (e.g. authorisation to generate data
- A list of currently approved users, specifying the users should be separate to authorisation to verify
name and surname, and any specific usernames. data) should be defined prior to validation,
PIC/S 在受法规约束的 GMP/GDP 环境下数据管理和完整性优良规范(草案) 翻译:Julia
PIC/S GUIDANCE/GOOD PRACTICES FOR DATA MANAGEMENT AND INTEGRITY IN REGULATED GMP/GDP Page 36 / 56
ENVIRONMENTS (draft)
- Identity and permitted activities (privileges) for each and verified as effective during testing.
user of the system.
Check the procedures for system access to
- Identity and role of the System Administrator. ensure modifications or changes to systems
are restricted and subject to change control
- Frequency of review of audit trails and system logs. management.
- Procedures for: Ensure that system administrator access is
restricted to authorised persons and is not
how a new system user is created;
used for routine operations.
the process for the modification (change of
Check the procedures for granting, modifying
privileges) for an existing user;
and removing access to computerised
the process of deleting users; systems to ensure these activities are
controlled. Check the currency of user
arrangements for backup and frequency; access logs and privilege levels, there
should be no unauthorized users to the
A description of the recovery process in case of an system and access accounts should be kept
incident; up to date. There should also be restrictions
to prevent users from amending audit trail
Process and responsibilities for data archiving;
functions.
Approved locations for data storage.
- It should be clearly stated that the original data are
retained with relevant metadata in a form that permits
the reconstruction of the manufacturing process or the
analytical activity.
质量部门应为每个计算机化系统制订验证摘要报告,其中至 检查验证系统和报告,特别要强调遵守GMP/
少要声明以下项目: GDP要求,考虑ALCOA的数据完整性要求。
- 关键系统参数设置细节,限制参数修改和任何变更的控 系统参数设置和职责划分(例如,产生数据的
制(变更控制)。 权限应与核查数据的权限分开)应在验证之前
进行界定,并在测试中核对其是否生效。
- 目前已批准用户的清单,说明用户姓名以及具体的用户
名。 检查系统登录控制程序,确保对系统的修订或
变更受到限制,要受到变更控制管理。
- 系统每个用户的身份及所允许的权限(授权)。
保证系统管理员权限只授予有权限的人员,不
- 系统管理员的身份和职责。 会用于日常操作。
- 对审计追踪和系统日志审核的频次。 检查认证、修订和取消计算机化系统权限的程
- 以下操作的流程: 序,保证这些活动受到控制。检查用户登录日
志和权限水平情况,应该没有未经授权的用户
如何创建新的系统用户; 登入系统,登录帐号应该及时更新与现状相
符。这些限制也应防止用户修改审核追踪功
修改已有用户的流程(变更权限); 能。
删除用户的流程;
备份安排和备份频次;
有事故发生时的恢复流程描述;
数据归档流程和职责;
批准的数据存贮位置。
- 应清楚说明原始数据与相关元数据保留的形式允许对生
产工艺或分析活动进行重新构建。
3 Companies should have a Validation Master Plan in place Check that validation documents include
that includes specific policies and validation requirements specific provisions for data integrity;
for computerised systems and the integrity of such validation reports should specifically address
systems and associated data. data integrity principles and demonstrate
through design and testing that adequate
The extent of validation for computerized systems should controls are in place.
be determined based on risk. Further guidance regarding
assessing validation requirements for computerised Unvalidated systems may present a
systems may be found in PI 011. significant vulnerability regarding data
integrity as user access and system
Before a system is put into routine use, it should be
PIC/S 在受法规约束的 GMP/GDP 环境下数据管理和完整性优良规范(草案) 翻译:Julia
PIC/S GUIDANCE/GOOD PRACTICES FOR DATA MANAGEMENT AND INTEGRITY IN REGULATED GMP/GDP Page 37 / 56
ENVIRONMENTS (draft)
challenged with defined tests for conformance with the configuration may allow data amendment.
acceptance criteria.
Check that end-user testing includes test
It would be normally expected that a prospective scripts designed to demonstrate that
validation for computerized systems is conducted; software not only meets the requirements of
however, for systems already installed, it may be the vendor, but is fit for its intended use.
acceptable to perform retrospective validation based on
an assessment of all historical records for the existing
computerised system.
In case of a retrospective qualification, a documented
evaluation of system history i.e. error logs, changes
made, evaluation of user manuals and SOPs would be
expected to have taken place.
IT validation should be designed according to GMP Annex
15 with URS, FAT, SAT, IQ, OQ and PQ tests.
Qualification testing includes Design Qualification (DQ);
Installation qualification (IQ); Operational Qualification
(OQ); and Performance Qualification (PQ). In particular,
specific tests should be designed in order to challenge
those areas where data integrity is at risk.
Companies should ensure that computerised systems are
qualified for their intended use. Companies should
therefore not place sole reliance on vendor qualification
packages; validation exercises should include specific
tests to ensure data integrity is maintained during
operations that reflect normal and intended use.
The number of tests should be guided by a risk
assessment but the critical functionalities should be at
least identified and tested, e.g., certain PLCs and systems
based on basic algorithms or logic sets, the functional
testing may provide adequate assurance of reliability of
the computerised system. For critical and/or more
complex systems, detailed verification testing is required
during IQ, OQ & PQ stages.
公司应有验证主计划,其中包括针对计算机化系统及此类系 检查验证文件,包括数据完整性特定条款,验
统和相关数据完整性的专用方针和验证要求。 证报告应特别说明数据完整性原则,通过设计
和测试证明具有充分的控制。
计算机化系统验证的深度应根据其风险决定。更多关于评估
计算机化系统验证要求的指南参见PI 011。 未经验证的系统可能会有数据完整性方面的
重大缺陷,因为用户权限和系统参数设置可能
在系统投入日常使用之前,应采用指定的测试来挑战其性能 允许对数据进行修改。
是否符合可接受标准。
检查最终用户测试,包括设计用以证明软件不
一般要求对计算机化系统实施前瞻式验证。但是,对于已经 仅仅符合供应商标准,也符合其既定用途的测
安装的系统,可以接受根据对现在计算机化系统的所有历史 试脚本。
记录的评估进行回顾性验证。
如果是采用了回顾性确认,应有书面记录的系统历史,即错
误日志、所做的变更、用户手册评估和SOP。
IT验证应根据GMP附录15设计,包括URS、FAT、SAT、IQ、
OQ和PQ测试。
确认测试包括设计确认(DQ)、安装确认(IQ)、运行确
认(OQ)和性能确认(PQ)。尤其是,应设计特定测试以
挑战数据完整性有风险的区域。
公司应确保计算机化系统经根据其既定用途进行确认,因此
公司不能仅依赖于供应商的确认包,验证应包括特定测试来
保证数据完整性在能反映正常既定使用情形下的运行期间
得到维护。
测试的数量应根据风险评估制订,但关键功能应至少要进行
识别和测试,例如,特定的PLC和基于基本乍当和逻辑系列
的系统,功能性测试可以充分保证计算机化系统的可靠性。
PIC/S 在受法规约束的 GMP/GDP 环境下数据管理和完整性优良规范(草案) 翻译:Julia
PIC/S GUIDANCE/GOOD PRACTICES FOR DATA MANAGEMENT AND INTEGRITY IN REGULATED GMP/GDP Page 38 / 56
ENVIRONMENTS (draft)
对于关键和/或更复杂的系统,在IQ、OQ和PQ阶段则需要
详细的核查测试。
4 Periodic Evaluation Check that re-validation reviews for
computerised systems are outlined within
Computerised systems should be evaluated periodically in validation schedules.
order to confirm they maintain the validated status and are
GMP compliant. The evaluation should include deviations, Verify that systems have been subject to
changes, upgrade history, performance and maintenance. periodic review, particularly with respect to
any potential vulnerabilities regarding data
The frequency of the re-evaluation should be based on a integrity.
risk assessment depending on the criticality of the
computerised systems. The assessment performed Any issues identified, such as limitations of
should be documented. current software/hardware should be
addressed in a timely manner and corrective
and preventative actions, and interim
controls should be available and
implemented to manage any identified risks.
产品评估 检查计算机系统的再验证审核是否列在验证
计划中。
计算机化系统应定期评估以确认其维持在经过验证的状态,
并且符合GMP要求。评估应包括偏差、变更、更新历史、 核查经过定期审核的系统,尤其是数据完整性
性能和维护。 的可能弱点。
再评估的频次应基于计算机化系统的关键程度所做的风险 所有识别出的问题,如现行软件/硬件的局限性
评估确定。所实施的评估应记录。 应及时说明,并制订CAPA和临时控制并实施
以管理所有识别出的风险。
Item: Data transfer between systems
项目 系统间的数据转移
1 Interfaces should be assessed and addressed during Interfaces between computerised systems
validation to ensure the correct and complete transfer of present a risk whereby data may be
data. inadvertently lost, amended transcripted
incorrectly during the transfer process.
在验证期间,要对系统间接口进行评估和说明,以确保数据 计算机化系统之间的接口如果有风险,则数据
的转移正常完整。 可能会在转移过程中不可逆地丢失、不正确地
修改转序。
2 Where system software is installed or updated, the user It is important that data is readable in its
should ensure that archived data can be read by the new original form throughout the data lifecycle,
software. Where necessary this may require conversion of and therefore users must maintain both the
existing archived data to the new format. readability of data and access to superseded
software.
Where conversion to the new data format of the new
software is not possible, the old software should be
maintained installed in one PC and also available as a
hard copy (e.g. installation CD) in order to have the
opportunity to read the archived data in case of an
investigation.
如果系统软件进行了安装和更新,则用户应确保被归档的数 数据以其原始格式在其生命周期中都可读是
据可以用新的软件读取。必要时,可能需要将现有存档数据 很重要的,因此用户必须维护数据的可读性和
转换成新格式。 对被替代的软件的登录使用。
9.3 System security for computerised systems 计算机化系统的系统安全
Expectations Potential risk of not meeting expectations
要求 / items to be checked
不符合要求潜在风险/要检查的项目
Item: System security 系统安全
1 User access controls, both physical and electronic, shall Check that the company has taken all
be configured and enforced to prohibit unauthorised reasonable steps to ensure that the
access to, changes to and deletion of data. For example: computerised system in use is secured, and
protected from deliberate or inadvertent
- Individual Login IDs and passwords should be set up
PIC/S 在受法规约束的 GMP/GDP 环境下数据管理和完整性优良规范(草案) 翻译:Julia
PIC/S GUIDANCE/GOOD PRACTICES FOR DATA MANAGEMENT AND INTEGRITY IN REGULATED GMP/GDP Page 39 / 56
ENVIRONMENTS (draft)
and assigned for all staff needing to access and utilise changes.
the specific electronic system. Shared login credentials
do not allow for traceability to the individual who Systems that are not physically and
performed the activity. For this reason, shared administratively secured are vulnerable to
passwords, even for reasons of financial savings, must data integrity issues. Inspectorates should
be prohibited. verify that verified procedures exist that
manage system security, ensuring that
- Input of data and changes to computerised records computerised systems are maintained in
must be made only by authorized personnel. their validated state and protected from
Companies should maintain a list of authorized manipulation.
individuals and their access privileges for each
electronic system in use. It is acknowledged that some computerised
systems support only a single user login or
- Administrator access to computer systems used to run limited numbers of user logins. Where no
applications should be controlled. General users suitable alternative computerised system is
should not have access to critical aspects of the available, equivalent control may be
software, e.g. system clocks, file deletion functions, provided by third party software, or a paper
etc. based method of providing traceability (with
version control).
- System administrators should normally be independent
from users performing the task, and have no The suitability of alternative systems should
involvement or interest in the outcome of the data be justified and documented. Increased data
generated or available in the electronic system. For review is likely to be required for hybrid
example, QC supervisors and managers should not be systems.
assigned as the system administrators for electronic
systems in their laboratories (e.g., HPLC, GC, UV-Vis).
Typically, individuals outside of the quality and
production organisations (e.g., Information Technology
administrators) should serve as the system
administrators and have enhanced permission levels.
- For smaller organisations, it may be permissable for a
nominated person to hold access as the system
administrator; however, in these cases the
administrator access should not be used for performing
routine operations and the user should hold a second
and restricted access for performing routine
operations.
- Any request for new users, new privileges of users
should be forwarded to the IT administrator in a
tracebeable way in accordance with a standard
procedure.
用户权限控制,物理的和电子的,均应进行参数设置,禁止 检查公司是否采取合理措施来保证在用计算
未经授权进入修改和删除数据。例如: 机化系统受到安全保护,可以防止有意或无意
改变。
- 应为所有需要进入和使用该电子系统的员工设置个人登
录ID和密码并进行分配。共用登录名无法追溯到实施活 无法进行物理和行政安全保护的系统有数据
动的个人。因此,必须禁止共用密码,即使是财务存款 完整性弱点。检查组应核对是否有经过核查的
原因也一样。 程序来管理系统安全,保证计算机化系统维持
在其经过验证的状态,保护不受篡改。
- 计算机化记录的数据输入和变更必须仅由经过授权的人
员操作。公司应为每个在用电子系统维护一份被授权人 我们知道有些计算机化系统仅支持单用户登
员的名单,及其操作权限。 录,或者是有限数量用户登录。如果没有适当
的替代用计算机化系统,则应由第三方软件提
- 用于运行软件的计算机系统管理员账号应受控。一般用 供等同的控制,或者是采用纸质方式来提供可
户不应该具备对软件的关键方面进行操作的权限,例如, 追溯性(带版本控制)。
系统时钟、文件删除功能等。
替代系统的适用性应进行论证并记录。混合系
- 系统管理员一般应独立于实施任务的用户,不参与该电 统可能会要求更多的数据审核。
子系统中所产生或可获得数据的结果,或与之无利益关
系。例如,QC主管和经理不应被赋予化验室内电子系统
(例如,HPLC、GC、UV-可见光)的系统管理员权限。
一般来说,质量部门和生部门以外的人员(例如,IT管
理员)应作为系统管理员,具有超级权限。
- 对于较小的公司,可以允许让相关人员具有 系统管理员
权限。但是,在这种情形下,管理员的权限不应该用于
实施日常操作,用户应该有另一个权限受限的登录方式
PIC/S 在受法规约束的 GMP/GDP 环境下数据管理和完整性优良规范(草案) 翻译:Julia
PIC/S GUIDANCE/GOOD PRACTICES FOR DATA MANAGEMENT AND INTEGRITY IN REGULATED GMP/GDP Page 40 / 56
ENVIRONMENTS (draft)
来实施日期操作。
- 如需增加新用户、为已有用户增加新权限,应根据标准
规程以可追溯方式提交申请至IT管理员。
2 Computerised systems must be protected from accidental
changes or deliberate manipulation. Companies should
assess systems and their design to prevent unauthorised
changes to validated settings that may ultimately affect
data integrity. Consideration should be given to:
- The physical security of computerised system
hardware:
Location of and access to servers;
Restricting access to PLC nodules, e.g. by locking
access panels.
- Vulnerability of networked systems from local and
external attack;
- Remote network updates, e.g. automated updating of
networked systems by the vendor.
计算机化系统必须保护不会被有意或无意篡改。公司应对系
统及其设计进行评估,防止未经授权地修改经过验证的可能
会最终影响数据完整性的设置。应考虑以下:
- 计算机化系统硬件的物理安全;
服务器的位置和进入方式;
限制进入PLC节点,例如,通过锁定登录面板。
- 有网络连接的系统会受到当地和外来攻击;
- 远程网络更新,例如,由供应商通过网络连接系统进行
自动更新。
3 Electronic signatures used in the place of handwritten Check that electronic signatures are
signatures must have appropriate controls to ensure their appropriately validated, their issue to staff is
authenticity and traceability to the specific person who controlled and that at all times, electronic
electronically signed the record(s). signatures are readily attributable to an
individual.
The use of advanced forms of electronic signatures is
becoming more common, e.g., the use of biometrics is Any changes to data after an electronic
becoming more prevalent by firms. The use of advanced signature has been assigned should
forms of electronic signatures should be encouraged. invalidate the signature until the data has
been reviewed again and re-signed.
手书签名的地方如使用电子签名则必须有适当的控制,确保 检查电子签名是否经过适当验证,分发给员工
其真实性和可追溯至对记录进行电子签名的特定个人。 的过程是否受控,电子签名在所有时间都易于
追溯到个人。
使用先进的电子签名形式已经越来越普遍,例如,公司使用
生物特征识别越来越流行。应鼓励使用先进的电子签名。 数据进行电子签名之后,对其进行的所有变更
会让签名失效,直到数据经过重新审核重新签
名。
9.4 Audit trails for computerised systems 计算机化系统的审核追踪
Expectations 要求 Potential risk of not meeting expectations
/ items to be checked
不符合要求潜在风险/要检查的项目
Item: Audit Trails 审计追踪
1 Companies should endeavor to purchase and upgrade Validation documentation should
software that includes electronic audit trail functionality. demonstrate that audit trails are functional,
and that all activities, changes and other
Where available, audit trail functionalities for transactions within the systems are
PIC/S 在受法规约束的 GMP/GDP 环境下数据管理和完整性优良规范(草案) 翻译:Julia
PIC/S GUIDANCE/GOOD PRACTICES FOR DATA MANAGEMENT AND INTEGRITY IN REGULATED GMP/GDP Page 41 / 56
ENVIRONMENTS (draft)
electronic-based systems should be configured properly to recorded, together with all metadata.
capture general system events as well as any activities
relating to the acquisition, deletion, overwriting of and Verify that audit trails are regularly reviewed
changes to data for audit purposes. (in accordance with quality risk management
principles) and that discrepancies are
It is acknowledged that some simple systems lack investigated.
appropriate audit trails; however, alternative arrangements
to verify the veracity of data must be implemented, e.g. If no electronic audit trail system exists a
administrative procedures, secondary checks and controls. paper based record to demonstrate changes
to data may be acceptable until a fully audit
Audit trails should be verified during validation of the trailed (integrated system or independent
system. audit software using a validated interface)
system becomes available. These hybrid
Audit trail functionalities must be enabled and locked at all systems are permitted, where they achieve
times. For example, an individual involved in the input of equivalence to integrated audit trail, such as
and changes to HPLC data must not have access to enable described in Annex 11 of the PIC/S GMP
and disable the audit trail as they desire. Guide.
Companies should implement procedures that outline their Failure to adequately review audit trails may
policy and processes for the review of audit trails in allow manipulated or erroneous data to be
accordance with risk management principles. Audit trails inadvertently accepted by the Quality Unit
related to the production of each batch should be and/or Authorised Person.
independently reviewed with all other records related to the
batch and prior to the batch‘s release, so as to ensure that
critical data and changes to it are acceptable. This review
should be performed by the originating department, and
where necessary verified by the quality unit, e.g. during
self-inspection or investigative activities.
公司应尽力购买和更新软件,使其包括电子审订追踪功能。 验证文件应证明审订追踪起到作用,所有活
动、修改和系统内其它交易与所有元数据一起
如果可以,应对基于电子的系统的审核追踪功能进行适当参 被记录。
数设置,使其能捕获常规系统事件,以及所有与数据获取、
删除、覆盖和修改相关的活动供审计用。 核查审核追踪是否有定期审核(根据质量风险
管理原则),不符合处是否有进行调查。
我们知道一些简单的系统缺乏适当的审计追踪,这时必须实
施替代的方案来核查数据的真实性,例如,行政程序、辅助 如果没有电子审计追踪系统,在可以获得全面
检查和控制。 审计追踪系统(集成系统或使用经过验证的接
口的独立审计软件)之前使用纸质记录来证明
审核追踪在系统的验证期间要进行核查。 对数据的修改是可以接受的。如果达到与集成
审核追踪功能必须全程激活并锁定。例如,一位参与HPLC数 审计追踪同样的功能,这种混合系统是允许
据的输入和修改的员工不可以具备权限按其意愿来激活和关 的,例如PIC/S GMP指南附录11中所述的类
闭审计追踪。 型。
公司应实施程序列出其对审计追踪的审核方针和流程,应该 未能对审计追踪进行充分审核可能会导致篡
符合风险管理原则。与每批生产相关的审核追踪应在批放行 改数据或错误数据被质量部门和/或授权人疏
之前与其它批相关记录一起进行独立审核,这样才能保证关 忽之下接受。
键数据和对这些数据的修改是可以接受的。此审核应由原始
操作部门实施,必要时由质量部门核查,例如,在自检期间
或调查活动期间。
2 The company‘s quality unit should establish a program and Verify that self-inspection programs
schedule to conduct ongoing reviews of audit trails based incorporate both random and targeted
upon their criticality and the system‘s complexity. checks of audit trails, with the intent to verify
the effectiveness of existing controls and
Procedures should be in place to address and investigate compliance with internal procedures
any audit trail discrepancies, including escalation processes regarding the review of data.
for the notification of senior management and national
authorities where necessary.
公司的质量部门应建立一个计划和时间表,根据其关键程度 核查自检计划是否包括随机和有目标的检查
和系统复杂性对审计追踪实施持续审核。 审计追踪,目的是验证现有控制的有效性,以
及内部数据审核程序的符合性。
应有程序处理和调查所有审计追踪不符合情况,包括通知高
级管理层和国家药监(必要时)的升级处理流程。
PIC/S 在受法规约束的 GMP/GDP 环境下数据管理和完整性优良规范(草案) 翻译:Julia
PIC/S GUIDANCE/GOOD PRACTICES FOR DATA MANAGEMENT AND INTEGRITY IN REGULATED GMP/GDP Page 42 / 56
ENVIRONMENTS (draft)
9.5 Data capture/entry for computerised systems 计算机化系统的数据捕获/输入
Expectations Potential risk of not meeting expectations
要求 / items to be checked
不符合要求潜在风险/要检查的项目
Item: Data capture/entry 数据捕获/输入
1 Systems should be designed for the correct capture of Ensure that manual entries made into
data whether acquired through manual or automated computerised systems are subject to an
means. appropriate secondary check.
For manual entry: Validation records should be reviewed for
systems using automated data capture to
- The entry of data should only be made by authorised ensure that data verification and integrity
individuals and the system should record details of the measures are implemented and effective.
entry, the individual making the entry and when the
entry was made.
- Data should be entered in a specified format that is
controlled by the software, validation activities should
verify that invalid data formats are not accepted by the
system.
- All manual data entries should be verified, either by a
second operator, or by a validated computerised
means.
- Changes to entries should be captured in the audit trail
and reviewed by an appropriately authorised and
independent person.
For automated data capture:
- The interface between the originating system, data
acquisition and recording systems should be validated
to ensure the accuracy of data.
- Data captured by the system should be saved into
memory in a format that is not vulnerable to
manipulation, loss or change.
- The system software should incorporate validated
checks to ensure the completeness of data acquired,
as well as any metadata associated with the data.
不管是通过手动还是自动方式获得数据,系统设计应能正确 确保人工输入计算机化系统数据会经过第二
捕获数据, 次核对。
对于人工输入: 应审核验证记录,看使用自动化数据捕获的系
统是否能保证实施数据核对和完整性措施,并
- 数据应仅由经过授权的人员输入,系统应记录输入的细 有效。
节,人员在输入时系统即行记录。
- 数据输入应有指定格式,格式受到软件控制。验证活动
应核查是否无效数据格式不会被系统接受。
- 所有人工数据输入均应进行核对,可以是由第二个操作
人员核对,也可以是由经过验证的计算机化方式。
- 对输入的修改应被审计追踪捕捉,并由适当授权的独立
人员进行审核。
对于自动化数据捕获:
- 产生数据的系统、数据获取和记录的系统之间的界面应
经过验证,确保数据的准确性。
- 由系统捕获的数据应存贮在记忆存储内,其格式应不易
伪造、丢失或修改。
- 系统软件应包括经过验证的检查,以确保所获得的数据,
PIC/S 在受法规约束的 GMP/GDP 环境下数据管理和完整性优良规范(草案) 翻译:Julia
PIC/S GUIDANCE/GOOD PRACTICES FOR DATA MANAGEMENT AND INTEGRITY IN REGULATED GMP/GDP Page 43 / 56
ENVIRONMENTS (draft)
以及与数据相关的所有元数据的完整性。
2 Any necessary changes to data must be authorised and Verify that appropriate procedures exist to
controlled in accordance with approved procedures. control any amendments or re-processing of
data. Evidence should demonstrate an
For example, manual integrations and reprocessing of appropriate process of formal approval for
laboratory results must be performed in an approved and the proposed change,
controlled manner. The firm‘s quality unit must establish controlled/restricted/defined changes and
measures that ensure that changes to data are performed formal review of the changes made.
only when necessary and by designated individuals.
Any and all changes and modifications to original data
must be fully documented and should be reviewed and
approved by at least one appropriately trained and
qualified individual.
对数据所做的必要的修改必须根据批准的程序进行授权和 核查是否有适当的程序对数据修改和再处理
控制。 进行控制。现有证据应能证明对于提议的变
更、受控/受限/界定的变更有正式的批准流程,
例如,手动积分和处理化验室结果必须以批准和受控的方式 并且对所做的变更有正式的审核。
进行。公司的质量部门必须建立措施,确保对数据的修改只
在必要时并且由指定的人员实施。
所有和任何对原始数据人修改必须全部记录,并至少由一个
经过适当培训具备资质的人员进行审核和批准。
9.6 Review of data within computerised systems 计算机化系统中数据的审核
Expectations Potential risk of not meeting expectations
要求 / items to be checked
不符合要求潜在风险/要检查的项目
Item: Review of electronic data 电子数据审核
1 The regulated user should perform a risk assessment in Check local procedures to ensure that
order to identify all the GMP/GDP relevant electronic data electronica data is reviewed based on its
generated by the computerised systems. criticality (impact to product quality and/or
decision making). Evidence of each review
Once identified, this critical data should be audited by the should be recorded and available to the
regulated user and verified to determine that operations inspector.
were performed correctly and whether any change
(modification, deletion or overwriting) have been made to Where data summaries are used for internal
original information in electronic records. All changes must or external reporting, evidence should be
be duly authorised. available to demonstrate that such
summaries have been verified in accordance
The review of data-related audit trails should be part of the with raw data.
routine data review within the approval process.
Audit trails records should be in an intelligible form and
have at least the following information:
- Name of the person who made the change to the data;
- Description of the change;
- Time and date of the change;
- Justification for the change;
- Name of any person authorizing the change.
The frequency, roles and responsibilities of audit trails
review should be based on a risk assessment according to
the GMP/GDP relevant value of the data recorded in the
computerised system.
For example, for changes of electronic data that can have a
direct impact on the quality of the medicinal products, it
would be expected to review at each and every time the
data is generated.
The regulated user should establish a SOP that describes
PIC/S 在受法规约束的 GMP/GDP 环境下数据管理和完整性优良规范(草案) 翻译:Julia
PIC/S GUIDANCE/GOOD PRACTICES FOR DATA MANAGEMENT AND INTEGRITY IN REGULATED GMP/GDP Page 44 / 56
ENVIRONMENTS (draft)
in detail how to review audit trails. The procedure should
determine in detail the process that the person in charge for
the audit trail review should follow. The audit trail activity
should be documented and recorded.
The records should be maintained together with the other
GMP/GDP relevant documents.
Any significant variation from the expected outcome found
during the audit trail review should be fully investigated and
recorded. A procedure should describe the actions to be
taken if a review of audit trails identifies serious issues that
can impact the quality of the medicinal products.
The company‘s Quality Unit (QU) should also review a
sample of the audit trails records during the routine
selfinspection.
受法规约束的用户应实施风险评估,以识别所有由计算机化 检查现场程序是否能确保电子数据根据其关
系统产生的GMP/GDP相关的电子数据。 键程度(对产品质量和/或决策的影响)受到审
核。每次审核的证据应记录,并可以提供给检
一旦识别,此关键数据应由受法规约束的用户进行审订并核 查。
查,以确定操作能正确实施,确定在电子记录里的原始信息
是否经过任何修改(修订、删除或改写)。所有变更都应经 如果数据摘要用于内部或外部报告,应有证据
过适当授权。 用以证明此类摘要根据原始数据进行了核查。
对数据相关的审计追踪进行的审核应该是批准流程中日常数
据审核的一部分。
审订追踪记录应该采用明白易懂的格式,至少含有以下信息:
- 修改数据的人员姓名;
- 修改描述;
- 修改时间和日期;
- 修改论证;
- 授权修改的人员姓名。
审计追踪审核的频次、人员和职责应根据计算机化系统里所
记录的数据的GMP/GDP相关值,基于风险评估确定。
例如,对药品质量有直接影响的电子数据的修订应该在每次
和每个数据生产的时候进行审核。
受法规约束的用户应建立一个SOP,详细描述如何审核审计
追踪。程序应详细确定审计追踪审核负责人员应该遵守的流
程。审计依依惜别动应文件化并记录。
记录应与其它GMP/GDP相关文件一起维护。
所有在审计追踪审核中发现严重偏离预期结果的变化均应进
行全面调查和记录。应有一个程序描述当审订追踪审核发现
可能对药品质量有影响的严重问题时要采取的措施。
公司的质量部门(QU)也应在日常自检中抽样审核审计追踪
记录。
9.7 Storage, archival and disposal of electronica data 电子数据的存贮、归档和销毁
Expectations Potential risk of not meeting
要求 expectations / items to be checked
不符合要求潜在风险/要检查的项目
Item: Storage, archival and disposal of electronica data 电子数据的存贮、归档和销售
1 Storage of data must include the entire original data and Check that data storage, back up and
metadata, including audit trails, using a secure and validated archival systems are designed to
PIC/S 在受法规约束的 GMP/GDP 环境下数据管理和完整性优良规范(草案) 翻译:Julia
PIC/S GUIDANCE/GOOD PRACTICES FOR DATA MANAGEMENT AND INTEGRITY IN REGULATED GMP/GDP Page 45 / 56
ENVIRONMENTS (draft)
process. capture all data and metadata. There
should be documented evidence that
If the data is backed up, or copies of it are made, then the backup these systems have been validated
and copies must also have the same appropriate levels of and verified.
controls so as to prohibit unauthorised access to, changes to and
deletion of data or their alteration. For example, a firm that backs
up data onto portable hard drives must prohibit the ability to
delete data from the hard drive. Some additional considerations
for the storage and backup of data include:
True copies of dynamic electronic records can be made,
with the expectation that the entire content (i.e., all data and
metadata is included) and meaning of the original records
are preserved.
Suitable software and hardware needs to be readily
available for accessing data backups or copies.
Routine backup copies should be stored in a remote location
(physically separated) in the event of disasters.
- Back-up data should be readable for all the period of the
defined regulatory retention period, even if a new version of
the software has been updated or substituted for one with
better performance.
数据的存贮必须包括整个原始数据和元数据,包括审计追踪。应使 检查数据存贮、备份和归档系统的设计
用经过验证的安全程序。 是否可以白葡萄所有数据和元数据。应
有书面证据证明这些系统经过验证和核
如果数据经过了备份,或者复制,则备份和副本也应该受到相同水 查。
平的控制,这样防止未经授权进入、修改和删除数据,或对数据进
行替换。例如,一个公司将数据备份发到移动硬盘上,则必须禁用
该硬盘的数据删除功能。数据存贮和备份中一些额外的考虑包括:
可以制作动态电子记录的真实副本,要求保存全部的内容(即
包括所有数据和元数据)和原始记录的含义。
读取数据备份和副本所需的适当的软件和硬件应易于获取。
日常备份副本应存贮在一个较远的位置(物理隔离)以防灾难。
备份数据应在界定的法规保存期限内可以读取,即使软件更新
为新版本,或者被具有更好性能的其它软件所取代。
2 The record retention procedures must include provisions for
retaining the metadata. This allows for future queries or
investigations to reconstruct the activities that occurred related to
a batch.
记录保存程序必须包括元数据保留条款。这样使得将来查询或调查
时能够重新构建所发生与批次相关的活动。
3 Data should be archived periodically in accordance with written There is a risk with archived data that
procedures. Archive copies should be physically secured in a access and readability of the data may
separate and remote location from where back up data are be lost due to software application
stored. updates or superseded equipment.
Verify that the company has access to
The data should be accessible and readable and its integrity archived data, and that they maintain
maintained for all the period of archiving. access to the necessary software to
enable review of the archived data.
There should be in place a procedure for restoring archived data
in case an investigation is needed. The procedure in place for Where external or third party facilities
restoring archived data should be regularly tested. are utilised for the archiving of data,
these service providers should be
If a facility is needed for the archiving process then specific
subject to assessment, and all
environmental controls and only authorised personnel access
responsibilities recorded in a quality
should be implemented in order to ensure the protection of
technical agreement. Check
records from deliberate or inadvertent alteration or loss. When a
agreements and assessment records
system in the facility has to be retired because problems with long
to verify that due consideration has
term access to data are envisaged, procedures should assure the
been given to ensuring the integrity of
continued readability of the data archived. For example, it could
archived records.
be established to transfer the data to another system.
PIC/S 在受法规约束的 GMP/GDP 环境下数据管理和完整性优良规范(草案) 翻译:Julia
PIC/S GUIDANCE/GOOD PRACTICES FOR DATA MANAGEMENT AND INTEGRITY IN REGULATED GMP/GDP Page 46 / 56
ENVIRONMENTS (draft)
数据应根据书面程序进行定期归档。归档的副本应有物理安全保护 由于应用软件的更新或设备替换,已归
措施,放在一个独立的较远的位置,远离备份数据存贮的位置。 档数据的可读性和使用可能会有丢失的
风险。核查公司是否能够进入已归档的
数据应在整个归档周期内可以获取并读出,并保持其完整性。 数据,公司是否维持可以进入所需软件
应该有一个程序说明如果需要进行调查应如何恢复归档的数据。恢 来对已归档数据进行审核。
复归档数据的程序应定期进行测试。 如果需要使用外部或第三方设施来归档
如果归档程序需要一个场所,则应实施特定的环境控制,只有经过 数据,应对这些服务提供商进行评估,
授权的人员才可以进入,以确保保护记录不会被有意和无意的篡改 在质量技术协议中记录所有职责。检查
或丢失。如果场所内的系统由于长期调用数据而必须退役,则程序 协议和评估记录,核查在确保归档记录
应确保所归档数据的持续可读性。例如,转移数据至另一系统。 的完整性中是否尽职。
4 It should be possible to print out a legible and meaningful record Check validation documentation for
of all the data generated by a computerised system (including systems to ensure that systems have
metadata). been validated for the generation of
legible and complete records.
If a change is performed to records, it should be possible to also
print out the change of the record, indicating when and how the Samples of print-outs may be verified.
original data was changed.
应该可以打印出计算机化系统产生的所有数据(包括元数据)的清 检查系统的验证文件,确保系统经过验
晰有含义的记录。 证,可以产生出清晰完整的记录。
如果对记录进行了修订,应该也可以打印出对记录的修订内容,显 可以核查打印件的样本。
示出何时如何对原始数据进行了修订。
5 Procedures should be in place that describe the process for the Check that the procedures clearly
disposal of electronically stored data. These procedures should stipulate the conditions for the disposal
provide guidance for the assessment of data and allocation of of data, and that care is taken to avoid
retention periods, and describe the manner in which data that is the inadvertent disposal of required
no longer required is disposed of. data during its lifecycle.
应该的程序描述电子存贮数据的销毁流程。这些流程应提供数据评 检查程序是否清楚规定数据销毁的条
估指南,指定保存期限,描述不再需要的数据如何销售。 件,是否小心处理避免无意看销毁了尚
在生命周期的数据。
10 DATA INTEGRITY CONSIDERATIONS FOR OUTSOURCED ACTIVITIES 外包活动中
数据完整性考虑
10.1 General supply chain considerations 一般供应链考虑
10.1.1 Data integrity plays a key part in ensuring the security and integrity of supply chains. Data
governance measures by a contract giver may be significantly weakened by unreliable or falsified
data or materials provided by supply chain partners. This principle applies to all outsourced
activities, including suppliers of raw materials or contract manufacture / analytical services.
数据完整性在保证供应链的安全和完整性中扮演着重要的角色。合同发包方的数据管理措施可能会被供应
链伙伴所提供的不可靠或伪造数据或材料大大削弱。此原则适用于所有外包活动,包括原料供应商,
合同生产商/分析服务提供商。
10.1.2 Initial and periodic re-qualification of supply chain partners and outsourced activities should
include consideration of data integrity risks and appropriate control measures.
对供应链伙伴和外包活动的初始和定期再确认应包括对数据完整性风险和适当的控制措施的考虑。
10.1.3 It is important for an organisation to understand the data integrity limitations of information
obtained from the supply chain (e.g. summary records and copies /printouts), and the challenges of
remote supervision. These limitations are similar to those discused in section 8.11 of this guidance
This will help to focus resources towards data integrity verification and supervision using a qualiity
PIC/S 在受法规约束的 GMP/GDP 环境下数据管理和完整性优良规范(草案) 翻译:Julia
PIC/S GUIDANCE/GOOD PRACTICES FOR DATA MANAGEMENT AND INTEGRITY IN REGULATED GMP/GDP Page 47 / 56
ENVIRONMENTS (draft)
risk management approach.
很重要的一点是公司应了解从供应链所获得的数据(例如,摘要记录和副本/打印件)完整性局限性,以及
远程监督的挑战。这些局限性与本指南第8.11中所讨论的内容相类似。这会有助于采用质量风险管理
方法,集中资源用于数据完整性核查和监管。
10.2 Routine document verification 日常文件核查
The supply chain relies upon the use of documentation and data passed from one organisation to
another. It is often not practical for the contract giver to review all raw data relating to reported
results. Emphasis should be placed upon robust supplier and contractor qualification, using the
principles of quality risk management.
供应链依赖于从一个公司传送到另一个公司的文件记录和数据的使用。通常合同发包方去审核所有与报告
结果相关的原始数据并不现实。应使用质量风险管理原则,重点关注供应商的稳健程度和合同方确认。
10.3 Strategies for assessing data integrity in the supply chain 供应链中数据完整性评估策略
10.3.1 Companies should conduct regular risk reviews of supply chains and outsourced activity that
evaluate the extent of data integrity controls required. Information considered during risk reviews
may include:
公司应对供应链和外包活动实施定期风险评审,评估所需数据完整性控制的程度。在风险评审中要考虑的
信息可以包括:
The outcome of site audits, with focus on data governance measures
对审核的结果,关注数据管理措施
Review of data submitted in routine reports, for example:
审核日常报告中所提交的数据,例如:
Area for review Rationale
审核领域 合理性
Comparison of analytical data reported by the To look for discrepant data which may be an
contractor or supplier vs in-house data from indicator of falsification
analysis of the same material
将合同方或供应商所报告的分析数据与公司内对 寻找有差异的数据,这可能是做假的征兆
相同物料进行分析的数据进行比较
10.3.2 Quality agreements should be in place in place between manufacturers and suppliers/contract
manufacturing organisations (CMOs) with specific provisions for ensuring data integrity across the
supply chain. This may be achieved by setting out expectations for data governance, and
transparent error/deviation reporting by the contract acceptor to the contract giver. There should
also be a requirement to notify the contract giver of any data integrity failures identified at the
contract acceptor site.
生产商和供应商/合同生产组织(CMO)之间应签署质量协议,协议应有特定条款确保供应链中的数据完
整性。这可以通过设定数据管理要求,要求合同接受方向合同发包方提交透明的错误/偏差报告来实现。
PIC/S 在受法规约束的 GMP/GDP 环境下数据管理和完整性优良规范(草案) 翻译:Julia
PIC/S GUIDANCE/GOOD PRACTICES FOR DATA MANAGEMENT AND INTEGRITY IN REGULATED GMP/GDP Page 48 / 56
ENVIRONMENTS (draft)
还应该要求合同接受方通知合同发包方在其场所内识别出的所有数据完整性失败情况。
10.3.3 Audits of suppliers and manufacturers of APIs, critical intermediate suppliers and service
providers conducted by the manufacturer (or by a third party on their behalf) should include a
verification of data integrity measures at the contract organisation.
生产商(或委派第三方)对原料药供应商和生产商、关键中间体供应商和服务提供商实施的审计应包括对
合同组织内数据完整性措施的核查。
10.3.4 Audits and routine surveillance should include adequate verification of the source electronic data
and metadata by the Quality Unit of the contract giver using a quality risk management approach.
This may be achieved by measures such as:
审计和日常监管应包括合同发包方质量部门采用质量风险管理方法对源电子数据和元数据的充分核查。可
以通过如下一些方法达成目标:
Site audit Review the contract acceptors organisational behaviour, and understanding
of data governance, data lifecycle, risk and criticality.
现场审核 审核合同接受方的组织行为,了解数据管理、数据生命周期、风险和关键程度。
Material testing vs Compare the results of analytical testing vs suppliers reported CoA. Examine
CoA discrepancies in accuracy, precision or purity results. This may be performed
on a routine basis, periodically, or unannounced, depending on material and
supplier risks.
物料测试VS检验报 将分析测试的结果与供应商提交的COA进行比较。检查准确度、精确度或纯度
告书 结果之间的差异。这可以日常、定期或以飞行检查的方式实施,具体取决于物
料和供应商的风险。
Remote data review The contract giver may consider offering the Contracted Facility/Supplier use
of their own hardware and software system (deployed over a Wide Area
Network) to use in batch manufacture and testing. The contract giver may
monitor the quality and integrity of the data generated by the Contracted
Facility personnel in real time. In this situation, there should be segregation
of duties to ensure that contract giver monitoring of data does not give
provision for amendment of data generated by the contract acceptor.
远程数据审核 合同发包方可以考虑向合同工厂/供应商提供使用其自己的硬件和软件体系(通
过宽域网实现),在批生产和批检验中使用。合同发包方可以实时监测合同工
厂人员所产生的数据的质量和定速性。在此情形下,应该有明确的职责划分,
确保合同发包商对数据的监测不会修改合同接受方产所生的数据。
Quality monitoring Quality and performance monitoring may indicate incentive for data
falsification (e.g. raw materials which marginally comply with specification on
a frequent basis.
质量监测 质量和表现监测可以显示出数据做假的诱因(例如,原料刚刚符合质量标准的
情况频繁发生)。
10.3.5 Contract givers may work with the contract acceptor to ensure that all client confidential
information is encoded to de-identify clients. This would facilitate review of source electronic data
and metadata at the contract giver‘s site, without breaking confidentiality obligations to other clients.
PIC/S 在受法规约束的 GMP/GDP 环境下数据管理和完整性优良规范(草案) 翻译:Julia
PIC/S GUIDANCE/GOOD PRACTICES FOR DATA MANAGEMENT AND INTEGRITY IN REGULATED GMP/GDP Page 49 / 56
ENVIRONMENTS (draft)
By reviewing a larger data set, this enables a more robust assessment of the contract givers data
governance measures. It also permits a search for indicators of data integrity failure, such as
repeated data sets or data which does not demonstrate the expected variability.
合同发包商可能与合同接受方合作来确保对所有客户机密信息进行加密,使得无法识别用户身份。这样能
方便对合同发包方场所的源电子数据和元数据进行初核,而不会破坏对其它客户的保密义务。通过对
更大的数据系列进行审核,能对合同发包方的数据管理措施进行更为稳定的评估。它还能搜索数据完
整性失败指征,如重复的数据系列或不符合预期变化的数据。
10.3.6 Care should be taken to ensure the authenticity and accuracy of supplied documentation, (refer
section 8.11). The difference in data integrity and traceability risks between ‗true copy‘ and
‗summary report‘ data should be considered when making contractor and supply chain qualification
decisions.
应注意确保所提供文件记录的真实性和准确性,
(参见第8.11部分)。在做出合同方和供应链确认决策时,
应考虑“真实备份”和“总结报告”数据之间的数据完整性和可追溯性风险差异。
11 REGULATORY ACTIONS IN RESPONSE TO DATA INTEGRITY FINDINGS 数据完整
性缺陷所引发的官方行动
11.1 Deficiency references 缺陷依据
11.1.1 The integrity of data is fundamental to good manufacturing practice and the requirements for
good data management are embedded in the current PIC/S Guides to GMP/GDP for Medicinal
products. The following table provides a reference point highlighting some of these existing
requirements.
数据完整性对GMP是基本要求,优良数据管理的要求是嵌入现行的PIC/S药品GMP/GDP指南。以下表格
提供了参考点,特别是一些已有要求。
ALCOA principle PIC/S Guide to PIC/S Guide to Annex 11 PIC/S Guide to
Good Good (Computerised Good
Manufacturing Manufacturing Systems) Distribution
Practice for Practice for Practice for
Medicinal Medicinal Medicinal
products, PE009 products, PE009 products, PE011:
(Part I): (Part II):
ALCOA原则 PIC/S药品GMP指 PIC/S药品GMP指 附录11(计算机化 PIC/S药品GDP指
南,PE009(第一 南,PE009(第二 系统) 南,PE011
部分) 部分)
Attributable [4.20, c & f], [6.14], [6.18], [2], [12.4], [15] [4.2.4], [4.2.5]
可追溯性 [4.21, c & i], [4.29, [6.52]
e]
Legible [4.1], [4.2], [4.7], [5.43] [6.11], [7.1], [9], [10], [17] [4.2.3], [4.2.9]
清晰 [4.8], [4.9], [4.10] [6.14], [6.15],
[6.50]
Contemporaneous [4.8] [6.14] [12.4], [14] [4.1], [4.2.9]
同步
Original [4.9], [4.27], [6.14], [6.15], [8.2], [9] [4.2.5]
原始 [Paragraph [6.16]
"Record"]
Accurate [4.1], [6.17] [5.40], [5.45], [Paragraph [4.2.3]
准确 [6.6] "Principles"] [5],
[6], [10], [11]
PIC/S 在受法规约束的 GMP/GDP 环境下数据管理和完整性优良规范(草案) 翻译:Julia
PIC/S GUIDANCE/GOOD PRACTICES FOR DATA MANAGEMENT AND INTEGRITY IN REGULATED GMP/GDP Page 50 / 56
ENVIRONMENTS (draft)
11.2 Classification of deficiencies 缺陷分类
Note: The following guidance is intended to aid consistency in reporting and classification of
data integrity deficiencies, and is not intended to affect the inspecting authority’s ability to
act according to national legal frameworks.
注:以下指南意在帮助数据完整性缺陷采用一致的方式进行报告和分级,无意影响检查当局根据国家法律
框架采取行动的能力。
11.2.1 Deficiencies relating to data integrity failure may have varying impact to product quality.
Prevalence of the failure may also vary between the action of a single employee to an endemic
failure throughout the inspected organisation.
与数据完整性失败相关的缺陷可能会根据其对药品质量的影响不同而不同。失败的普遍程度可能也有很大
差异,从单个员工的动作到在整个受检公司内的常见失败。
11.2.2 The draft PIC/S guidance10 on classification of deficiencies states:
PIC/S缺陷分级指南草案声明:
―A critical deficiency is a practice or process that has produced, or leads to a significant risk of producing
either a product which is harmful to the human or veterinary patient or a product which could result
in a harmful residue in a food producing animal. A critical deficiency also occurs when it is observed
that the manufacturer has engaged in fraud, misrepresentation or falsification of products or data”.
“关键缺陷是已产生,或将导致对药品对人兽患者产生伤害,或可能导致食用动物中有害残留的重大风险。
当发现生产商进行欺骗、歪曲或假造药品或数据时,也构成关键缺陷。”
11.2.3 Notwithstanding the ―critical‖ classification of deficiencies relating to fraud, misrepresentation or
falsification, it is understood that data integrity deficiencies can also relate to:
尽管缺陷的“关键”分级与欺骗、歪曲或造假相关,但要了解数据完整性缺陷也可能是关于:
- Data integrity failure resulting from bad practice,
- 由于不良做法导致的数据完整性失败;
- Opportunity for failure (without evidence of actual failure) due to absence of the required data control
measures.
- 由于缺乏所需的数据控制措施而导致的失败机会(没有实际失败证据)。
11.2.4 In these cases, it may be appropriate to assign classification of deficiencies by taking into account
the following (indicative list only):
在这种情形下,考虑到以下原因,可能将缺陷进行如下归类(只是指示性清单):
Impact to product with risk to patient health: Critical deficiency:
对产品的影响导致对患者健康有风险:关键缺陷
- Product failing to meet specification at release or within shelf life.
- 产品不符合放行质量标准或货架期内质量标准。
10
This draft guidance has not been published yet. 该指南草案尚未发布。
PIC/S 在受法规约束的 GMP/GDP 环境下数据管理和完整性优良规范(草案) 翻译:Julia
PIC/S GUIDANCE/GOOD PRACTICES FOR DATA MANAGEMENT AND INTEGRITY IN REGULATED GMP/GDP Page 51 / 56
ENVIRONMENTS (draft)
- Reporting of a ‗desired‘ result rather than an actual out of specification result when reporting of QC
tests, critical product or process parameters.
- 在报告QC检测、关键产品或工艺参数时,报告“所需”结果,而不是实际超标结果。
Impact to product with no risk to patient health: Major deficiency:
对产品的影响没有患者健康风险:主要缺陷
- Data being miss-reported, e.g. original results ‗in specification‘, but altered to give a more favourable
trend.
- 数据漏报,例如原始结果“符合质量标准”,但进行修改给出更好的趋势。
- Reporting of a ‗desired‘ result rather than an actual out of specification result when reporting of data
which does not relate to QC tests, critical product or process parameters.
- 在报告非QC检测、关键产品或工艺参数数据时,报告“所需”结果,而不是报告实际的OOS结果
- Failures arising from poorly designed data capture systems (e.g. using scraps of paper to record info
for later transcription).
- 设计不良的数据捕获系统产生的失败(例如,使用废弃的纸记录信息,事后再转抄)。
No impact to product; evidence of widespread failure: Major deficiency:
对产品没有影响;有发现广泛的失败证据:主要缺陷
- Bad practices and poorly designed systems which may result in opportunities for data integrity issues
or loss of traceability across a number of functional areas (QA, production, QC etc). Each in its own
right has no direct impact to product quality.
- 可能会导致数据完整性问题或大量功能性领域(QA、生产、QC等)可追溯性缺失机会的不良做法和设
计不良的系统。
No impact to product; limited evidence of failure: Other deficiency:
对产品没有影响;失败证据有限:其它缺陷
- Bad practice or poorly designed system which result in opportunities for data integrity issues or loss of
traceability in a discrete area.
- 不良做法或设计不良的系统,会导致数据完整性问题或零散领域内可追溯性缺失的机会。
- Limited failure in an otherwise acceptable system.
- 其它可接受系统里有限的失败。
11.2.5 It is important to build an overall picture of the adequacy of the key elements (data governance
process, design of systems to facilitate compliant data recording, use and verification of audit trails
and IT user access etc.) to make a robust assessment as to whether there is a company-wide
failure, or a deficiency of limited scope/ impact.
很重要的一点是要建立关键要素(数据管理流程、系统设计促进符合性数据记录、使用和核对审核追踪和
IT用户权限等)充分性的整体画面,以做出稳健的评估,确定是否在公司范围内都存在失败,还是在
有限的范围/影响的缺陷。
11.2.6 Individual circumstances (exacerbating / mitigating factors) may also affect final classification or
PIC/S 在受法规约束的 GMP/GDP 环境下数据管理和完整性优良规范(草案) 翻译:Julia
PIC/S GUIDANCE/GOOD PRACTICES FOR DATA MANAGEMENT AND INTEGRITY IN REGULATED GMP/GDP Page 52 / 56
ENVIRONMENTS (draft)
regulatory action. Further guidance on the classification of deficiencies and intra-authority reporting
of compliance issues will be available in the PIC/S guidance on the classification of deficiencies,
once it has been published.
个别环境(加剧/缓解因素)可能也会影响分级和法规行动。关于缺陷分级和药监局内报告符合性问题的更
多指南将能够在PIC/S缺陷分级指南(发布之后)中可以找到。
12 REMEDIATION OF DATA INTEGRITY FAILURES 数据完整性失败的弥补措施
12.1 Responding to Significant Data Integrity issues 对重大数据完整性问题的响应
12.1.1 Consideration should be primarily given to resolving the immediate issues identified and
assessing the risks associated with the data integrity issues. The response by the company in
question should outline the actions taken. Responses should include:
首先应考虑解决所识别的紧急问题,评估与数据完整性相关的风险。公司的回复应列出所采取的行动。回
复应包括:
12.1.1.1 A comprehensive investigation into the extent of the inaccuracies in data records and reporting,
to include:
对数据记录和报告不准确的深度的全面调查,其中包括:
- A detailed investigation protocol and methodology; a summary of all laboratories, manufacturing
operations, and systems to be covered by the assessment; and a justification for any part of the
operation that the regulated user proposes to exclude;
- 详细的调查方案和方法学;所有化验室、生产操作和评估所包括的系统的总结;受法规约束的用户要排
除的所有操作;
- Interviews of current and former employees to identify the nature, scope, and root cause of data
inaccuracies. These interviews may be conducted by a qualified third party;
- 与现有和离职员工面谈,识别出数据不准确的情况、范围和根本原因。这些面谈可能由有资质的第三方
实施;
- An assessment of the extent of data integrity deficiencies at the facility. Identify omissions, alterations,
deletions, record destruction, noncontemporaneous record completion, and other deficiencies;
- 对设施内数据完整性程度的评估。识别忽略、篡改、删除、记录销毁、不同步记录完整性和其它缺陷;
- determination of the scope and extent and timeframe for the incident, with justification for the
time-boundaries applied;
- 确定违规事件的范围和程度及时间段,以及对时间段认定的论证;
- data, products, processes and specific batches implicated in any investigations;
- 在所有调查中涉及的数据、产品、工艺和特定批次;
- A description of all parts of the operations in which data integrity lapses occur, additional
consideration should be given to global corrective actions for multinational companies or those that
operate across multiple differing sites;
- 描述所有发生数据完整性问题的操作部分,跨国公司和在多个不同地域运营的公司还要考虑全球性纠正
PIC/S 在受法规约束的 GMP/GDP 环境下数据管理和完整性优良规范(草案) 翻译:Julia
PIC/S GUIDANCE/GOOD PRACTICES FOR DATA MANAGEMENT AND INTEGRITY IN REGULATED GMP/GDP Page 53 / 56
ENVIRONMENTS (draft)
措施;
- A comprehensive retrospective evaluation of the nature of the testing and manufacturing data integrity
deficiencies, and the potential root cause(s). The services of a qualified third-party consultant with
specific expertise in the areas where potential breaches were identified may be necessary;
- 对检验和生产数据完整性缺陷的情况进行全面回顾评估,并找出可能的根本原因;如果识别出潜在的问
题,可能需要使用擅长此领域的有资质的第三方顾问提供服务;
- A risk assessment of the potential effects of the observed failures on the quality of the drugs involved.
The assessment should include analyses of the risks to patients caused by the release of drugs
affected by a lapse of data integrity, risks posed by ongoing operations, and any impact on the
veracity of data submitted to regulatory agencies, including data relatedto product registration
dossiers;
- 对所发现的失败对所涉及的药品质量的潜在影响进行风险评估。评估应包括放行受数据完整性问题影响
的药品所引起的对患者的风险的分析,持续运营所具有的风险,以及对于提交给法规机构的数据的真实
性的影响,包括与药品注册文件相关的数据。
12.1.1.2 Corrective and preventative actions taken to address the data integrity vulnerabilities and
timeframe for implementation, and including:
所采取的解决数据完整性弱点的CAPA和实施的时间表,还要包括:
- Interim measures describing the actions to protect patients and to ensure the quality of the
medicinal products, such as notifying customers, recalling product, conducting additional
testing, adding lots to the stability program to assure stability, drug application actions, and
enhanced complaint monitoring.
- 临时措施,说明保护患者的措施以及确保药品质量的措施,例如,通知客户、召回药品、实施附
加测试、增加稳定性试验计划的批次以保证稳定性、药品申报措施和加强投诉监管。
- Long-term measures describing any remediation efforts and enhancements to procedures,
processes, methods, controls, systems, management oversight, and human resources (e.g.,
training, staffing improvements) designed to ensure the data integrity.
- 长期措施,说明为确保数据完整性,所设计的对程序、工艺、方法、控制、系统、管理、监管和
人力资源(例如,培训、员工提升)采取的所有弥补努力和加强措施,
12.1.2 Whenever possible, inspectorates should meet with senior representatives from the implicated
companies to convey the nature of the deficiencies identified and seek written confirmation that the
company commits to full disclosure of issues and their prompt resolution. A management strategy
should be submitted to the regulatory authority that includes the details of the global corrective
action and preventive action plan. The strategy should include:
检查组应尽可能会见牵涉其中的公司的高级管理代表,传达所发现的缺陷的情况,寻求公司出具书面承诺,
保证全面公开问题并及时解决问题。应向法规当局提交管理策略,在其中包括全球CAPA计划的详细
内容。策略应包括:
- A detailed corrective action plan that describes how the regulated user intends to ensure the
reliability and completeness of all of the data generated, including analytical data,
manufacturing records, and all data submitted to the Competent Authority.
- 详细的纠正计划,其中描述受法规约束的用户如何力保所有产生的数据的可靠性和完整性,包括
PIC/S 在受法规约束的 GMP/GDP 环境下数据管理和完整性优良规范(草案) 翻译:Julia
PIC/S GUIDANCE/GOOD PRACTICES FOR DATA MANAGEMENT AND INTEGRITY IN REGULATED GMP/GDP Page 54 / 56
ENVIRONMENTS (draft)
分析数据、生产记录和所有提交给药监当局的数据。
- A comprehensive description of the root causes of your data integrity lapses, including
evidence that the scope and depth of the current action plan is commensurate with the findings
of the investigation and risk assessment. This must indicate if individuals responsible for data
integrity lapses remain able to influence GMP/GDP-related or drug application data.
- 你们数据完整性问题根本原因的全面描述,包括证明当前所采取的措施计划的范围和深度与调查
结果和风险评估结果相称的证据。它必须显示出对数据完整性问题承担责任的人员是否还有能力
对GMP/GDP相关数据或药品申报数据产生影响。
12.1.3 Inspectorates should implement policies for the management of significant data integrity issues
identified at inspection in order to manage and contain risks associated with the data integrity
breach.
检查组应针对检查期间发现的重大数据完整性问题实施管理方针,以管理和控制与数据完整性受破坏而带
来的风险。
12.2 Indicators of improvement 改进指标
12.2.1 An on-site inspection is required to verify the effectiveness of actions taken to address data
integrity issues. Some indicators of improvement are:
要进行现场检查以核查所采取的解决数据完整性问题的措施的有效性。一些改进指标如:
12.2.1.1 Evidence of a thorough and open evaluation of the identified issue and timely implementation of
effective corrective and preventative actions;
对所识别的问题进行彻底开放的评估,及时实施有效的CAPA。
12.2.1.2 Evidence of open communication of issues with clients and other regulators. Transparent
communication should be maintained throughout the investigation and remediation stages.
Regulators should be aware that further data integrity failures may be reported as a result of the
detailed investigation. Any additional reaction to these notifications should be proportionate to public
health risks, to encourage continued reporting;
与客户和其它法规管理人员公开沟通问题的证据。在调查和缺陷弥补阶段应维持透明的沟通。法规管理人
员应明白在详细调查中可能会报告更多数据完整性失败。对这些通知所采用的额外行动应与公众健康
风险成比例,以鼓励持续报告行为。
12.2.1.3 Evidence of communication of data integrity expectations across the organisation, incorporating
processes for open reporting of potential issues and opportunities for improvement without
repercussions;
组织内数据完整性要求沟通的证据,包括公开报告潜在问题和改进机会而不产生不良后果的流程,
12.2.1.4 The regulated user should ensure that an appropriate evaluation of the vulnerability of any
sophisticated electronic systems to data manipulation takes place to ensure that follow-up actions
have fully resolved all the violations, third party expertise may be required;
受法规约束的用户应确保对所有复杂电子系统的可能发生数据篡改的弱点进行适当的评估,确保跟踪措施
能全面解决所有违规情况,可以利用第三方专家。
12.2.1.5 Implementation of data integrity policies in line with the principles of this guide;
PIC/S 在受法规约束的 GMP/GDP 环境下数据管理和完整性优良规范(草案) 翻译:Julia
PIC/S GUIDANCE/GOOD PRACTICES FOR DATA MANAGEMENT AND INTEGRITY IN REGULATED GMP/GDP Page 55 / 56
ENVIRONMENTS (draft)
实施数据完整性方针,符合本指南中的原则。
12.2.1.6 Implementation of routine data verification practices.
实施日常数据核查规范。
13 DEFINITIONS 定义
13.1 Archive 归档
Long term, permanent retention of completed data and relevant metadata in its final form for the
purposes of reconstruction of the process or activity.
完整数据和相关元数据以其最终可以重新构建过程和活动的形式被长期永久保存。
13.2 Audit Trail 审计追踪
GMP/GDP audit trails are metadata that are a record of GMP/GDP critical information (for example the
change or deletion of GMP/GDP relevant data), which permit the reconstruction of GMP/GDP
activities.
GMP/GDP审计追踪是GMP/GDP关键信息(例如,GMP/GDP相关数据的修改和删除)记录的元数据,它
使得可以重新构建GMP/GDP活动。
13.3 Back-up 备份
A copy of current (editable) data, metadata and system configuration settings (e.g. variable settings
which relate to an analytical run) maintained for the purpose of disaster recovery.
现行(可编辑)数据、元数据和系统参数设置(例如,与分析运行有关的可变设置)为保证灾难后恢复而
保存的副本。
13.4 Data 数据
Facts, figures and statistics collected together for reference or analysis.
所收集用于参考或分析的事实、数值和统计结果。
13.5 Data Governanace 数据管理
The sum total of arrangements to ensure that data, irrespective of the format in which it is generated, is
recorded, processed, retained and used to ensure a complete, consistent and accurate record
throughout the data lifecycle.
保证数据(不管其格式如何、如何生成)的记录、处理、保存和使用过程的一系列安排的总和,用以确保
整个数据生命周期中其完整性、一致性和准确性。
13.6 Data Integrity 数据完整性
The extent to which all data are complete, consistent and accurate throughout the data lifecycle.
PIC/S 在受法规约束的 GMP/GDP 环境下数据管理和完整性优良规范(草案) 翻译:Julia
PIC/S GUIDANCE/GOOD PRACTICES FOR DATA MANAGEMENT AND INTEGRITY IN REGULATED GMP/GDP Page 56 / 56
ENVIRONMENTS (draft)
所有数据在其生命周期内的完整、一致和准确程度。
13.7 Data Lifecycle 数据生命周期
All phases in the life of the data (including raw data) from initial generation and recording through
processing (including transformation or migration), use, data retention, archive / retrieval and
destruction.
数据(包括原始数据)生命中所有阶段,从最初产生和记录到处理(包括转化或迁移)、使用、数据保存、
归档、恢复和销毁。
13.8 Exception report 异常报告
A validated search tool that identifies and documents predetermined ‗abnormal‘ data or actions, which
requires further attention or investigation by the data reviewer.
一个经过验证的搜索工具,它识别并记录预定为“异常”的数据或行为,需要数据审核员更多关注或进一
步调查。
13.9 Flat file 平面文件
A ‗flat file‘ is an individual record which may not carry any additional metadata with it, other than that
which is included in the file itself.
“平面文件”指除了文件本身包括的内容外,不带有任何额外元数据的单个记录。
13.10 Meta-data 元数据
data that describe the attributes of other data, and provide context and meaning.
描述其它数据属性,提供环境和含义的数据。
14 REVISION HISTORY 修订历史
Date 日期 Version Number 版本号 Reasons for revision修订理由
PIC/S 在受法规约束的 GMP/GDP 环境下数据管理和完整性优良规范(草案) 翻译:Julia
You might also like
- Pics 受监管gmp Gdp 环境下数据管理和完整性良好规范-20210701(中英文对照版)No ratings yetPics 受监管gmp Gdp 环境下数据管理和完整性良好规范-20210701(中英文对照版)84 pages
- PI 041 1 Draft 2 Guidance On Data Integrity100% (1)PI 041 1 Draft 2 Guidance On Data Integrity41 pages
- Pics Pe009-10 (Annexes) 20130101 药品gmp指南附件11 计算机系统 中英文No ratings yetPics Pe009-10 (Annexes) 20130101 药品gmp指南附件11 计算机系统 中英文10 pages
- Data Integrity and CGMP Compliance GuideNo ratings yetData Integrity and CGMP Compliance Guide58 pages
- TGA Data Management Integrity GuidelinesNo ratings yetTGA Data Management Integrity Guidelines5 pages
- 27 Pi 011 3 Recommendation On Computerised SystemsNo ratings yet27 Pi 011 3 Recommendation On Computerised Systems54 pages
- Chaat GPT Di Systems Audit QuestionnaireNo ratings yetChaat GPT Di Systems Audit Questionnaire1 page
- Good Data Manaqgement, G Data Integrity1No ratings yetGood Data Manaqgement, G Data Integrity1126 pages
- Schmitt Regulatory Handbook Final Jan 2015No ratings yetSchmitt Regulatory Handbook Final Jan 20159 pages
- Lighthouse Environmental Monitoring Systems and Regulatory ComplianceNo ratings yetLighthouse Environmental Monitoring Systems and Regulatory Compliance40 pages
- New GAMP Data Integrity Good Practice Guidance and Experience From The Field - PPT - 31 May 2019 (FINAL)No ratings yetNew GAMP Data Integrity Good Practice Guidance and Experience From The Field - PPT - 31 May 2019 (FINAL)46 pages
- MHRA GXP Data Integrity Guide March Edited Final PDFNo ratings yetMHRA GXP Data Integrity Guide March Edited Final PDF21 pages
- Data Integrity Issues and Concerns 1699244466No ratings yetData Integrity Issues and Concerns 169924446627 pages
- Annex 11 To The Good Manufacturing Practices Guide Computerized Systems (GUI 0050) ENGNo ratings yetAnnex 11 To The Good Manufacturing Practices Guide Computerized Systems (GUI 0050) ENG16 pages
- European Medicines Agency - GMP - GDP Compliance - Questions and Answers - Good Manufacturing Practice Data Integrity August 2016No ratings yetEuropean Medicines Agency - GMP - GDP Compliance - Questions and Answers - Good Manufacturing Practice Data Integrity August 20168 pages
- EU Annex 11 & US FDA Guidelines OverviewNo ratings yetEU Annex 11 & US FDA Guidelines Overview15 pages
- MP Vol4 Chap4 Annex11 Consultation Guideline enNo ratings yetMP Vol4 Chap4 Annex11 Consultation Guideline en19 pages
- GAMP Services-CSV Validation and Data Integrity SolutionNo ratings yetGAMP Services-CSV Validation and Data Integrity Solution5 pages
- Data Integrity Basics in Pharma ComplianceNo ratings yetData Integrity Basics in Pharma Compliance13 pages
- E.U. Annex 11 and FDA Compliance CrosswalkNo ratings yetE.U. Annex 11 and FDA Compliance Crosswalk35 pages
- Data Integrity White Paper PharmAllies FINAL 03.29.24No ratings yetData Integrity White Paper PharmAllies FINAL 03.29.2415 pages
- Guidelines Data Integrity & Computer System Validation: AcknowledgementsNo ratings yetGuidelines Data Integrity & Computer System Validation: Acknowledgements40 pages
- ECA Raw Data Data Integrity Masterclass Live Online TrainingNo ratings yetECA Raw Data Data Integrity Masterclass Live Online Training6 pages
- 03 - McDowall - FDA Approaches To Laboratory Data IntegrityNo ratings yet03 - McDowall - FDA Approaches To Laboratory Data Integrity13 pages
- Pics Pi-028-2 Gmp Inspection Related to Packing 中英No ratings yetPics Pi-028-2 Gmp Inspection Related to Packing 中英8 pages
- Validation of Aseptic Processes: Recommendation On The100% (1)Validation of Aseptic Processes: Recommendation On The20 pages
- Pics Pi-024-3 Inspection of Biotechnology Manufacture 中英No ratings yetPics Pi-024-3 Inspection of Biotechnology Manufacture 中英17 pages
- ASEAN Cosmetics Definition and GuidelinesNo ratings yetASEAN Cosmetics Definition and Guidelines129 pages
- API Mix - Quality-Working-Party-Questions-Answers-Api-Mix - enNo ratings yetAPI Mix - Quality-Working-Party-Questions-Answers-Api-Mix - en3 pages
- 2912 - Validation Engineer Job Description Aug 2024No ratings yet2912 - Validation Engineer Job Description Aug 20245 pages
- Understanding Standard Operating ProceduresNo ratings yetUnderstanding Standard Operating Procedures26 pages
- SOP Compliance Assessment for Drug PackagingNo ratings yetSOP Compliance Assessment for Drug Packaging42 pages
- Decree 155: Amendments to Health RegulationsNo ratings yetDecree 155: Amendments to Health Regulations50 pages
- WHO Prequalification for Reproductive Health Medicines FAQNo ratings yetWHO Prequalification for Reproductive Health Medicines FAQ9 pages
- URS For Pure Steam Generation and Distribution System80% (5)URS For Pure Steam Generation and Distribution System14 pages
