您现在的位置:首页 > 新闻资讯 > 政策法规

政策法规

【中英文对照】WHO新版《数据完整性指南》-2019年10月!

作者:发表时间:2019-11-05 10:43:44来源:GMP办公室 浏览:

QAS/19.819


GUIDELINE ON DATA INTEGRITY

数据完整性指南 


(October 2019)  

2019 年 10 月 



1. INTRODUCTION AND BACKGROUND

前言与背景 


1.1. Data governance and data integrity (DI) are important elements in ensuring the reliability of data and information obtained in production and control of pharmaceutical products. The data and information should be complete as well as being attributable, legible, contemporaneous, original and accurate, commonly referred to as meeting “ALCOA” principles.

数据管理与数据完整性(DI)是确保药品生产和检测期间所获得的数据和信息可靠性的重要要素。这些数据和信息应完整,同时具有可追溯性、清晰、同步、原始和准确,一般称为符合“ALCOA”原则。 


1.2. In recent years, the number of observations made regarding the integrity of data, documentation and record management practices during inspections of good manufacturing practice (GMP), good clinical practice (GCP) and good laboratory practice (GLP) has been increasing. Possible causes for this may include (i) too much reliance on human practices; (ii) the use of computerized systems that are not appropriately managed and validated; and (iii) failure to adequately review and manage original data and records.

近年,在 GMP、GCP 和 GLP 检查中,数据完整性、文件记录管理规范性方面的缺陷数量大大上升。可能的原因大致包括(1)太过依赖人员操作,(2)使用了未进行恰当管理和验证的计算机化系统,以及(3)未充分审核和管理原始数据与记录。 


1.3. Quality risk management (QRM), control strategies and sound scientific principles are required to mitigate such risks.  Examples of controls may include, but are not limited to:

降低此类风险需要有质量风险管理(QRM)、控制策略和科学合理原则。控制实例可包括但不仅限于: 


• the establishment and implementation of a DI policy;

• 制订和实施 DI 方针; 

• the establishment and implementation of procedures that will facilitate compliance with DI requirements and expectations;

• 制订和实施有利于符合 DI 要求和预期的程序; 

• adoption of a quality culture within the company that encourages personnel to be transparent about failures which includes a reporting mechanism;

• 在公司内推行质量文化,鼓励员工坦白失败,包括报告机制; 

• application of QRM with identification of all areas of risk to DI through data integrity risk assessment (DIRA) and implementation of appropriate controls to eliminate or reduce risks to an acceptable level throughout the life cycle of the data;

• 应用 QRM,通过数据完整性风险评估(DIRA)识别所有领域的 DI 风险,在数据整个生命周期中实施适当控制消除或降低风险至可接受水平; 

• ensuring  sufficient  resources  to  monitor  compliance  with  DI  policies  and procedures and processes, and facilitate continuous improvement; 

• 确保有足够的资源监测 DI 方针以及程序和流程遵守情况,促进持续改进; 

• provision of necessary training for personnel in, for example, good practices (GXP), computerized systems and DI;

• 为员工提供必要的培训,如,优良规范(GXP)、计算机化系统和 DI; 

• implementation and validation of computerized systems appropriate for their intended use;

• 根据其既定用途实施和验证计算机化系统; 

• definition and management of appropriate roles and responsibilities for quality agreements and contracts entered into by contract givers and contract acceptors.

• 作为合同委托方或接受方签署的质量协议和合同中适当角色与职责的定义和管理。


 

2. SCOPE

范围 


2.1. This guideline provides information, guidance and recommendations to facilitate compliance with DI, GXP in documentation and record keeping requirements. 

本指南提供促进 DI、GXP 在文件和记录保存要求方面的合规性信息、指南和建议。 


2.2. The scope of this guideline is designated as ‘GXP’. It does not, however, cover medical devices. 

本指南的范围规定为“GXP”。但并不覆盖医疗器械。 


2.3. Where possible, this guideline has been harmonised with other published documents. The guideline should be read with other WHO GXP guidelines and publications.

如可能,本指南已与其它已发布文件保持统一。本指南应与其它 WHO GXP 指南和出版物联合解读。 


2.4. In line with the current approach in GMP, it recommends a risk-based approach over the life cycle of data.  DIRA should be carried out in order to identify and assess areas of risk.

根据 GMP 中的当前方法,建议对数据生命周期采取基于风险的方法。应执行 DIRA 以识别和评估风险领域。 


2.5. The  principles  of  this  guideline  apply  to  contract  givers  and  contract  acceptors. Contract givers are ultimately responsible for the integrity of data provided to them by contract acceptors. Contract givers should therefore ensure that contract acceptors comply with the principles contained in this guideline.

本指南的原则适用于合同委托方和合同接受方。合同委托方最终对合同接受方提交给他们的数据的完整性负责。委托方因此应确保合同接受方符合本指南所含原则。 


2.6. Efficient risk-based controls and review of data and documents should be identified and implemented.  The effectiveness of the controls should be verified.

应识别并实施对数据和记录的基于风险的有效控制与审核。控制的有效性应进行验证。 



3. GLOSSARY 术语 


(Note: This section will be updated)  

(注:本部分将进行更新) 


The definitions given below apply to the terms used in these guidelines. They may have different meanings in other contexts. 以下定义适用于本指南所述术语。可能与其它语境含义有所不同。 


ALCOA. 


A commonly used acronym for “attributable, legible, contemporaneous, original and

accurate”. 常用术语,代表“可追溯性、清晰、同步、原始和准确”。 


ALCOA+. 


A commonly used acronym for “attributable, legible, contemporaneous, original and accurate” which puts additional emphasis on the attributes of being complete, consistent, enduring and available – implicit basic ALCOA principles.

常用术语,代表可追溯性、清晰、同步、原始和准确”,加上对完整性、一致性、持久性和可及性等明确的 ALCOA 基本原则的补充强调。 


archiving, archival.归档 


Archiving is the process of storage and protecting records from the possibility of being accessed, further altered or deleted, and storing these records under the control of independent data management personnel throughout the required retention period. Archived records should include, for example, associated metadata and electronic signatures.

归档是存放和保护记录不被访问、进一步修改或删除,以及在所需保存周期内由独立的数据管理人员存贮和控制这些记录的过程。归档记录应包括例如相关元数据和电子签名。 


archivist. 档案保管员 


An independent individual designated in GLP who has been authorized by management to be responsible for the management of the archive, i.e. for the operations and procedures for archiving. 

在 GLP 内指定的独立个人,由管理人员批准负责档案管理,即归档操作和程序。


 audit trail.审计追踪  


The audit trail is a form of metadata containing information associated with actions that relate to the creation, modification or deletion of GXP records. An audit trail provides for secure recording of life cycle details such as creation, additions, deletions or alterations of information in a record, either paper or electronic, without obscuring or overwriting the original record. An audit trail facilitates the reconstruction of the history of such events relating to the record regardless of its medium, including the “who, what, when and why” of the action.

审计追踪是含有 GMP 记录创建、修改或删除相关动作信息的元数据表。审计追踪提供生命周期详细情况的安全记录,如电子或纸质记录中信息的创建、增加、删除或修改,而不会妨碍或改写原始记录。审计追踪有利于重建此类与记录(无论使用何种介质)有关事件的历史,包括动作的“何人何事何时及因何”。 


data governance.数据管理 


The arrangements to ensure that data, irrespective of the format in which they are generated, are recorded, processed, retained and used to ensure the record throughout the data life cycle.

确保数据(无论其以何种格式生成)在生命周期中被记录、处理、保存和使用的所有安排。 


data life cycle.数据生命周期 


All phases of the process by which data are created, recorded, processed, modified, transmitted, reviewed, reported, used, approved, archived and restored until destruction.

数据被创建、记录、处理、修改、传输、审核、报告、使用、批准、归档和恢复直到销毁的所有阶段。 


electronic signatures.电子签名 


A signature in digital form (bio-metric or non-biometric) that represents the signatory.  This should be equivalent in legal terms to the handwritten signature of the signatory.

代表签名人的数字形式签名(生物识别或非生物识别)。电子签名在法律上与手书签名具有同等效力。 


good practices (GXP).优良规范(GXP) 


Acronym for the group of good practice guides governing the preclinical, clinical, manufacturing, testing, storage, distribution and post-market activities for regulated pharmaceuticals, biologicals and medical devices, such as GLP, GCP, GMP, good pharmacovigilance practices (GPP) and good distribution practices (GDP).

指导受法规管制药品、生物制品和医疗器械临床前、临床、生产、检测、存贮、运输和上市后活动管理的优良规范,如 GLP、GCP、GMP、优良药物预警规范(GPP)和优良运输规范(GDP)。 


metadata.元数据 


Metadata are data that describe the attributes of other data and provide context and meaning and form an integral part of original records.  An audit trail record is an example of metadata.

元数据是描述其它数据属性的数据,它提供语境和含义,形成原始记录不可分割的一部分。审计追踪记录就是元数据例子。 


raw data (source data).原始数据(源数据) 


The original record (data) which can be described as the first-capture of information, whether recorded on paper or electronically. 

原始记录(数据)可描述为首次捕获的信息,可以是以纸质或电子记录的。 routine data review.日常数据审核 


Routine data review is a process where the raw data and metadata are reviewed for their integrity in an individual data set. 

日常数据审核是审核单个数据系列中原始数据和元数据完整性的过程。 


periodic data review.定期数据审核 


Periodic data review is a process where an audit of the data generated is done, on a periodic basis (e.g. monthly), where data are selected on a random basis to verify the effectiveness of existing control measures and identification of the possibility of unauthorised activity at all interfaces

定期数据审核是定期(例如每月)审计该周期中所生成的数据的过程,其中随机选择数据验证现有控制措施的有效性,找出所有界面下未授权活动的可能性。 



4. PRINCIPLES OF DATA INTEGRITY AND GOOD DOCUMENTATION PRACTICES 数据完整性原则与优良文件规范 


4.1. There should be a written DI policy. 

应制订书面 DI 方针。 


4.2. Senior management is responsible for the establishment and implementation of an effective quality system and a data governance system. This applies to paper and electronic generated data.

高级管理层有义务建立和实施有效的质量体系和数据管理体系。该要求适用于纸质和电子生成的数据。 


4.3. Data should be Attributable, Legible, Contemporaneous, Original, and Accurate (ALCOA) and be Complete, Consistent, Enduring, and Available (+). This is generally referred to as ALCOA+. (There is no difference in expectations regardless of which acronym is used).

数据应可追溯、清晰、同步、原始和准确(ALCOA)并且完整、一致、持久和可获得(+)。通常称为 ALCOA+。(无论使用何术语,要求没有差别) 


4.4. The quality system, including documentation such as procedures and formats for recording data, should be appropriately designed and implemented to provide assurance that records and data meet the principles contained in this guideline.

质量体系,包括文件记录如记录数据的方法和格式,均应适当设计和实施,以保障记录和数据符合本指南所含原则。 


4.5. Data governance should address data ownership and accountability throughout the life cycle and consider the design, operation and monitoring of processes/systems to comply with the principles of DI, including control over intentional and unintentional changes to data.

数据管理应说明数据在其整个生命周期中的所有权和职责,要考虑使流程/系统的设计、运行和监测符合 DI 原则,包括控制有意和无意的数据更改。 


4.6. Data governance systems should include: 数据管理系统应包括: 


  • training in the importance of DI principles;

  • DI 原则的重要性培训; 

  • the creation of an appropriate working environment; and

  • 创造适当的工作环境;以及 

  • active encouragement of the reporting of errors, omissions and undesirable results.

  • 主动鼓励报告失误、遗漏和不合意结果。 


4.7. Senior management should be accountable for the implementation of systems and procedures in order to minimise the potential risk to DI, and to identify the residual risk using  risk  management  techniques  such  as  the  principles  of  the  International Conference on Harmonisation (ICH) Q9.

高级管理人员应对系统和程序实施承担责任,以尽可能降低潜在 DI 风险,使用风险管理技术如 ICH Q9 中的原则识别出残留风险。 


4.8. The data governance programme should include policies and procedures addressing data management.  Elements of effective management governance should include:

数据管理程序应包括方针和程序用于解决数据管理问题。有效管理的要素应包括: 


• management oversight and commitment;

• 管理监督和承诺; 

• application of QRM;

• 应用 QRM; 

• good data management principles;

• 优良数据管理原则; 

• quality metrics and performance indicators;

• 质量量度和绩效指标; 

• validation;

• 验证; 

• change management;

• 变更管理; 

• security and access control;

• 安保和访问控制; 

• configuration control;

• 参数设置控制; 

• prevention of commercial, political, financial and other organizational pressures;

• 预防商业、政治、经济和其它组织压力; 

• prevention of incentives that may adversely affect the quality and integrity of work;

• 预防可能对工作质量和完整性产生不良影响的激励; 

• adequate resources, systems;

• 充足的资源、系统; 

• workload and facilities to facilitate the right environment that supports DI and effective controls;

• 工作量和设施有利于正确的环境,可支持 DI 和有效控制; 

• monitoring;

• 监测; 

• record keeping;

• 记录保存; 

• training; and

• 培训;以及 

• awareness of the importance of DI, product quality and patient safety.

• 明白 DI、产品质量和患者安全的重要性。 


4.9. There should be a system for the regular review of documents and data to identify any DI failures. This includes paper records and electronic records in day-to-day work, system and facility audits and self-inspections.

应制订一个体系对文件和数据进行常规审核,以发现任何 DI 问题。其中包括日常工作的纸质和电子记录、系统和设施审订以及自检。 


4.10. The effort and resources applied to assure the integrity of the data should be commensurate with the risk and impact of a DI failure. 

为确保数据完整性所付出的努力和资源应与 DI 失败的风险和影响相称。 


4.11. Where DI weaknesses are identified, appropriate corrective and preventive actions (CAPA) should be implemented across all relevant activities and systems and not in isolation.

如果发现 DI 弱点,应在所有相关活动和系统中实施适当的 CAPA,而不是独立处理。 


4.12. Significant DI lapses identified should be reported to the national medicine regulatory authority. 

发现严重的 DI 问题时应向国家药监机构报告。 


4.13. Changing from automated or computerised systems to paper-based manual systems or vice-versa will not in itself remove the need for appropriate DI controls.

从自动化或计算机化系统改为纸质人工系统或逆向改变时,改变本身并不能消除对适当 DI 控制的需求。 


4.14. Good  documentation practices should be followed to ensure that all records are complete. 

应遵守优良文件规范以确保所有记录是完整的。 


4.15. Records (paper and electronic) should be kept in a manner that ensures compliance with the principles of this guideline.  These include, but are not limited to:

记录(纸质和电子)保存方式应确保符合本指南的原则。其中包括但不仅限于: 


• restricting the ability to change dates and times for recording events;

• 限制对记录事件的日期和时间修改能力; 

• using controlled documents and forms for recording GXP data;

• 使用受控文件和表格记录 GXP 数据; 

• controlling the issuance of blank paper templates for data recording of GXP activities, with reconciliation;

• 控制发放用于记录 GXP 活动数据的空白纸张模板; 

• defining access and privilege rights to automated systems;

• 规定自动化系统的访问与权限; 

• enabling audit trails;

• 激活审计追踪; 

• having automated data capture systems and printers connected to equipment and instruments in production and quality control where possible; 

• 尽可能配备自动化数据采集系统和打印机,连接至生产和质量控制用设备与仪器; 

• ensuring proximity of printers to sites of relevant activities; and

• 确保打印机邻近相关活动场所;以及 

• ensuring  access  to  original  electronic  data  for  personnel  responsible  for reviewing and checking data.

• 确保负责审核和检查数据的人员可访问原始电子数据。 


4.16. Data and recorded media should be durable. Ink should be indelible. Temperature- sensitive or photosensitive inks and other erasable inks should not be used, or other means should be identified to ensure traceability of the data over their life cycle.

数据和记录介质应可持久。墨水应为不可擦除的。不应使用热敏或光敏墨水和其它可擦写墨水。应识别其它方法,以确保可数据在其生命周期的可追溯性。 


4.17. Paper should not be temperature-sensitive, photosensitive or easily oxidizable. If this is not feasible or limited, then true or certified copies should be available.

纸张不应为热敏、光敏或易于氧化。如果不现实或受到限制,则应获得其真实副本或认证副本。 


4.18. Systems, procedures and methodology used to record and store data should be periodically reviewed for effectiveness and updated, as necessary, in relation to new technology.

应定期审核用于记录和存贮数据的系统、程序和方法学的有效性并在必要时采用新技术进行更新。 



5. QUALITY RISK MANAGEMENT 质量风险管理 


5.1. The DIRA should be documented. This should cover systems and processes that produce data or, where data are obtained, data criticality and inherent risks.

应记录 DIRA。其中应包括生成数据(如得到数据)的系统和流程、数据关键程度和内在风险。 


5.2. The risk assessment should include, for example, computerised systems, supporting personnel, training and quality systems. 

风险评估应包括例如计算机化系统、支持性人员、培训以及质量体系。 


5.3. Record and DI risks should be assessed, mitigated, communicated and reviewed throughout the document and data life cycle. 

应在记录和数据生命周期中对记录和 DI 风险进行评估、缓解、沟通和审核。 


5.4. Where the DIRA has highlighted areas for remediation, prioritisation of actions (including acceptance of an appropriate level of residual risk) and controls should be documented and communicated. Where long-term remediation actions are identified, risk-reducing short-term measures should be implemented to provide acceptable data governance in the interim.

如果 DIRA 显示出需要补救的领域,应记录和沟通措施(包括残留风险的可接受水平)与控制的优先等级。如果需要采取长期补救措施,则应实施短期降低风险的措施临时提供可接受的数据管理。 


5.5. Controls identified may include organizational and functional controls such as procedures, processes, equipment, instruments and other systems to both prevent and detect situations that may impact on DI.  (Examples include appropriate content and design of procedures, formats for recording, access control, the use of computerized systems and other means).

所识别的控制可能包括组织和功能控制,如程序、工艺、设备、仪器和其它系统用于预防和发现可能影响 DI 的情形。(例子包括对在程序中包含适当的内容及进行适当设计、记录格式、访问控制、计算机化系统的使用及其它方式) 


5.6. Controls should cover risks to data. Risks include deletion of, changes to, and excluding data and results from data sets without written authorisation and detection of those activities and events.

控制应覆盖数据风险。风险包括未经书面授权从数据系列中删除、修改、排除数据和结果,以及发现这些活动和事件。


 

6. MANAGEMENT REVIEW 管理评审 


6.1. Compliance  with  DI  policy  and  procedures  should  be  reported  in  the  periodic management review meetings. 

应在定期管理评审会议中报告 DI 方针和程序符合情况。 


6.2. The effectiveness of the controls implemented should be measured against the quality metrics and performance indicators.  These should include for example:

所实施措施的有效性应采用质量量度和绩效指标进行测量。其中包括例如: 


• The tracking and trending of data;

• 数据追踪与趋势分析; 

• lapse in DI rates;

• DI 问题频次; 

• review of audit trails in, for example, production, quality control, GLP, case report forms and data processing;

• 审核审计追踪,如生产、质量控制、GLP、事件报告表和数据处理; 

• routine audits and/or self-inspections including DI and computerized systems; and

• 日常审计和/或自检,包括 DI 和计算机化系统;以及 

• DI lapses at outsourced facilities (contract acceptors).

• 外包设施内 DI 问题(受托方) 



7. OUTSOURCING 外包服务 


7.1. Outsourcing of activities and responsibilities of each party (contract giver and contract accepter) should be clearly described in written agreements.  Specific attention should be given to ensuring compliance with DI requirements. 

应在书面协议中清楚说明委外活动及各方职责(委托方和合同接受方)。特别要注意确保符合 DI 要求。 


7.2. Compliance with the principles and responsibilities should be verified during periodic site audits.  This should include the review of procedures and data (including raw data and metadata, paper records, electronic data, audit trails and other related data) held by the contracted organization that are relevant to the contract giver’s product or services.

在定期现场审计中应核查是否符合原则要求和职责规定。其中应包括审核程序和受托方持有的与委托方产品或服务有关的数据(包括原始数据和元数据、纸质记录、电子记录、审计追踪和其它相关数据)。 


7.3. Where data and document retention are contracted to a third party, particular attention should be paid to understanding the ownership and retrieval of data held under that agreement, as well as controls to ensure the integrity of data over their life cycle.

如果数据和文件保存委托给了第三方,要特别注意了解该协议下持有数据的所有权与检索情况,以及确保数据生命周期内完整性的控制措施。 


7.4. No activity, including outsourcing databases, should be sub-contracted to a third party without the prior approval of the contract giver. 

在委托方批准之前,不可将活动(包括委外数据库)转包给第三方。

 

7.5. All contracted parties should be aware of the requirements relating to data governance, DI and data management. 

所有受托方均应明白与数据管辖、DI 和数据管理有关的要求。 



8. TRAINING 培训 


8.1. Personnel should be trained in DI policies and procedures. 

应给员工培训 DI 方针和程序。 


8.2. Personnel should agree to abide by DI principles and should be made aware of the potential consequences in cases of non-compliance. 

员工应同意接受 DI 原则,应明白不符合时的可能后果。 


8.3. Personnel should be trained in good documentation practices and measures to prevent and detect DI issues. This may require specific training in evaluating the configuration settings and reviewing electronic data and metadata, such as audit trails, for individual computerized systems used in the generation, processing and reporting of data.

员工应接受优良文件规范和预防及发现 DI 问题的措施培训。其中可能需要针对用于生成、处理和报告数据的计算机化系统进行评估参数设置和审核电子数据与元数据,如审计追踪的特定培训。 



9. DATA 数据 


9.1. Data may be presented by manually recording an observation, result or other data and information on paper, or electronically recording thereof, by using equipment and instruments including those linked to computerised systems. A combination of manual and electronic systems may also be used.

数据形式可以是人工在纸上记录一项观察、结果或其它数据和信息,或采用仪器和设备包括连接至计算机化系统者使用电子方式记录这些内容。人工和电子系统亦可联合使用。 


9.2. The same considerations for DI apply for other data sets (such as photographs, videos, DVD, imagery and chromatography plates) as for the other data sets, together with any additional controls required for that format such as copying, photography or digitisation. There should be a documented rationale for the selection of such a method.

相同的 DI 考量适用于其它数据系列(如照片、录像、DVD、图像和色谱碟)。如采用其它数据系列,则应配有其它控制如复制、照相或数字化。选择此种方法应有书面记录的理由。 


9.3. Where possible, risk-reducing supervisory measures should be implemented. 

应尽可能采取降低风险的监督措施。 


9.4. Results and data sets require independent verification if deemed necessary from the DIRA or by another requirement. 

如果 DIRA 或其它要求认为有必要,则应对结果和数据进行独立核查。 



10. DATA INTEGRITY 数据完整性 


10.1. Data integrity (DI) is the degree to which data are complete, consistent, accurate, trustworthy and reliable. 

数据完整性(DI)是数据完整、一致、准确、值得信任和可靠的程度。 
 


10.2. Risk-based system design and controls should enable the detection of errors, lapses and omissions of results and data during the data life cycle. Controls may include procedural controls, organizational controls and functional controls.

基于风险的系统设计和控制应能够在数据生命周期发现结果和数据的错误、疏忽和遗漏。控制可包括程序控制、组织控制和功能控制。 


10.3. The DI policy should clearly define what constitutes raw data, source data, metadata and a “complete data set”.

DI 原则应清楚规定什么构成原始数据、源数据、元数据和“完整的数据系列”。

 

10.4. Data should be contemporaneously recorded, collected and maintained in a secure manner. Controls should ensure that they are attributable, legible, original (or a true copy) and accurate. Assuring DI requires appropriate QRM systems, including adherence to sound scientific principles and good documentation practices.

数据应以安全的方式同步记录、采集和保存。控制应确保其可追溯、清晰、原始(或真实副本)以及准确。确保 DI 要求有适当的 QRM 系统,包括遵守科学合理的原则以及优良文件规范。

 

10.5. Systems should be established and implemented to ensure that all data acquired, processed and reported are in accordance with the principles in this guideline. Data should be:

应制订并实施系统以确保采集、处理和报告的所有数据符合本指南所列原则。数据

应: 


A = 

attributable to the person generating the data 

可追溯至生成数据的人员 

L =  

legible and permanent 

清晰永久 

C =

contemporaneous

同步 

O =

original record (or certified true copy)

原始记录(或认证的真实副本) 

A =

accurate

准确 


10.6. Data governance measures  should also ensure that data are complete,  consistent, enduring and available throughout the life cycle, where:

数据管理措施亦应确保数据在生命周期的完整性、一致性、持久性和可及性,其中 :


• Complete = the data must be whole; a complete set.

• 完整性=数据必须是全部的数据,是完整的系列 

• Consistent = the data must be self-consistent.

• 一致性=数据必须自洽 

• Enduring = durable; lasting throughout the data life cycle.

• 持久性=耐久,在数据生命周期持续存在 

• Available = readily available for review or inspection purposes.

• 可及性=可供随时取得用于审核或检查 


10.7. Original data should be reviewed, retained, complete, enduring and readily retrievable and readable throughout the records retention period. 

原始数据应审核、保存、完整、持久,并在记录保存期间易于检索和可读取。 



11. GOOD DOCUMENTATION PRACTICES 优良文件规范 


11.1. The principles contained in this guideline are applicable to paper and electronic data.

本指南所述原则适用于纸质和电子数据。

 

11.2. Specific controls should be identified through DIRA, to ensure the integrity of data and results recorded on paper records.  These may include, but are not limited to:

应通过 DIRA 识别具体控制,以确保纸记录上所记录数据和结果的完整性。其中可包括但不仅限于: 


• the use of permanent, indelible ink;

• 使用永久不可擦除的墨水; 

• no use of pencil or erasers;

• 不使用铅笔或橡皮; 

• the use of single-line cross-outs to record changes with name, date and reason recorded (i.e. the paper equivalent to the audit trail);

• 使用单删除线记录修改,同时记录姓名、日期和理由(即等同纸质审计追踪); 

• no use of correction fluid or otherwise obscuring the record;

• 不使用修正液或其它方法遮盖记录; 

• controlled issuance of bound, paginated notebooks;

• 受控发放装订好、标好页码的笔记本; 

• controlled issuance of sequentially numbered copies of blank forms; and

• 受控发放有序编号的空白表格复印件;以及 

• archival of paper records by independent, designated personnel in secure and controlled archives.

• 由指定的独立人员以安全受控方式归档纸质记录。 



12. COMPUTERIZED SYSTEMS 计算机化系统 


 (Note. This section highlights some specific aspects relating to the use of computerized systems. It is not intended to repeat the information presented in the other WHO Guidelines here, such as the WHO Guideline on Computerized systems, WHO Guideline on Validation, and WHO Guideline on Good Chromatography Practices.  See references.)

(注:本部分强调的是与计算机化系统有关的特定问题。本部分无意重复其它 WHO 指南中的内容,如 WHO 计算机化系统指南,WHO 验证指南以及 WHO 优良色谱规范指南。参见参考文献)


12.1. The computerized system selected should suitable for its intended use. 所选计算机化系统应适合其既定用途。 


12.2. Where GXP systems are used to acquire, record, store or process data, management should have appropriate knowledge of the risks that the system and users may have on the data.

如果使用了 GXP 系统获得、记录、存贮或处理数据,管理人员应具备系统与用户可能产生的数据风险知识。 


12.3. Suitably configured and validated software should be used where instruments and equipment with computerised systems are used. The potential for manipulation of data should be eliminated during the data life cycle.

如果使用的是配有计算机化系统的仪器和设备,则应使用经过适当参数设置和验证的软件。应消除在数据生命周期中篡改数据的可能性。 


12.4. Where electronic systems with no configurable software and no electronic data retention (e.g. pH meters, balances and thermometers) are used, controls should be put in place to prevent manipulation of data and repeat testing to achieve the desired result.

如果所用电子系统没有可设置参数的软件,没有电子数据保存(例如 pH 计、天平和温度计),应有控制保护数据不被篡改,不会重新检测得到想要的结果。 


12.5. Appropriate means of detection for lapses in DI principles should be in place. Additional means should be implemented where stand-alone systems with a user- configurable output is used, for example, Fourier-transform infrared spectroscopy (FTIR) and UV spectrophotometers.

应具备适当手段可发现违反 DI 原则的问题。如果使用了需要用户进行参数设置输出的单机系统,则应施加额外措施,例如 FTIR 和 UV 光谱仪。 


12.6. All records that are defined by the data set should be reviewed and retained. Reduced effort and/or frequency may be justifiable.

所有被定义为数据系列的记录均应进行审核并保存。降低工作和/或频次可能情有可原。 



Access and privileges 访问与权限 


12.7. There should be a documented system in place that defines the access and privileges of users of computerized systems. The paper and electronic records should be in line with the electronic information including the creation and deletion of users.

应订有文件化系统规定计算机化系统的访问与权限。纸质与电子记录均应与电子信息一致,包括用户创建与删除。 


12.8. Access and privileges should be in accordance with the responsibility and functionality of the individual with appropriate controls to ensure DI (e.g. no modification, deletion or creation of data outside the application is possible).

访问与权限应根据个人职责与职能设置,配制适当的控制以确保 DI(例如,不能在应用软件以外修改、删除或创建数据)。 


12.9. A limited number of personnel, with no conflict of interest in data, should be appointed as system administrators. Certain privileges such as data deletion, database amendment or system configuration changes should not be assigned to administrators without justification - and such activities should only be done with documented evidence of authorization by another responsible person.  Records should be maintained.

应仅指定少数没有数据利益冲突的人员作为系统管理员。特定的权限如数据删除、数据库修改或系统参数修改不应在没有理由时即授予管理员—此类操作应仅由另一持有书面授权的负责人执行。应保存记录。 


12.10. Unique usernames and passwords should be used for systems as appropriate. 适当时系统应使用唯一用户名和密码。 


12.11. Programmes and methods (such as acquisition and processing methods) should ensure that data meet ALCOA principles. Where results or data are processed using a different method/parameters than the acquisition method should be recorded. Audit trails and details should allow reconstruction of all data processing activities.

程序和方法(例如采集和处理方法)应确保数据符合 ALCOA 原则。采用不同于采集方法的方法/参数处理结果或数据时应有记录。审计追踪和详细信息应允许重建所有数据处理活动。 


12.12. Data transfer should not result in any changes to the content or meaning of the data. The transfer should be tracked in the audit trail. 

数据转移不应改变数据的任何内容和含义。转移应可在审计追踪中被追踪到。 


12.13. Data transfer should be validated. 

数据转移应经过验证。 



Audit Trail 

审计追踪  


12.14. GXP systems should provide for the retention of audit trails. Audit trails should reflect, for example, users, dates, times, original data and results, changes and reasons for changes.

GXP 系统应保存有审计追踪。审计追踪应反映例如用户、日期、时间、原始数据和结果、修改及修改理由。 


12.15. Audit trails should be enabled when software is installed, and remain enabled all times. Proof of enabling and verification during the life cycle of data should be maintained.

软件安装时应激活审计追踪,并在所有时间保持其激活。应保存证据证明其激活,并在数据生命周期中有确认。 


12.16. Where add-on software or legacy systems are used (with no audit trail), mitigation measures may be taken for defined temporary periods. This should be addressed within defined timelines.

如果使用插件或遗留系统(无审计追踪),可能需要在指定的临时阶段采取缓解措施。此类问题应在指定时间段内解决, 


12.17. Routine data review should include a review of audit trails. Evidence should be maintained. 

日常数据审核应包括对审计追踪的审核。应保存审核证据。 



Electronic signatures 电子签名 


12.18. Each electronic signature should be appropriately controlled. An electronic signature should be:

每个电子签名应有适当控制。电子签名应: 

• validated;

• 经过验证; 

• attributable to an individual;

• 可追踪至个人; 

• free from alteration and manipulation; and

• 无篡改与捏造,以及 

• compliant with the requirements of international standards.

• 符合国际标准的要求 


12.19. An inserted image of a signature or a footnote indicating that the document has been electronically signed is not adequate. 

用插入签字图片或脚注的方式作为对文件进行电子签名是不够的。 



Data review and approval 数据审核和批准 


12.20. There should be a documented procedure for the routine and periodic review, as well as approval of data.

日常和定期审核以及数据批准应有书面程序。 


12.21. CAPAs should be recorded where errors, discrepancies or omissions are identified. 如果发现错误、差异或遗漏,应记录 CAPA。 


12.22. A conclusion following the review of original data, metadata and audit trail records should be documented, signed and dated. 

在审核原始数据、元数据和审计追踪记录之后,应记录结论并签名/日期。 



Data backup, retention, and restoration 

数据备份、保存和恢复 


12.23. Data  should  be  backed  up  and  archived  according  to  written  procedures. The validated procedures and controls should ensure the protection of data and records. 

应根据书面程序备份和归档数据。经过验证的程序和控制应确保能保护数据和记录。 


12.24. Data and records should be kept in a secure area which provides appropriate protection.  Access should be controlled. 

数据和记录应保存在可提供适当保护的安全地区。对其访问应有控制。 


12.25. Retention periods should be defined in authorized procedures. 

应在批准的程序中规定保存时长。 


12.26. Records  reflecting  documented  reasons  for  the  destruction  of  data  should  be maintained. 

应保存反映数据销毁的书面理由记录。 


12.27. Backup  and  restoration  processes  should  be  validated  and  periodically  tested, including verification of data size, completeness and accuracy of data and metadata.

备份和恢复过程应经过验证并定期测试,包括核查数据大小、数据和元数据完整性和准确性。 



13. CORRECTIVE AND PREVENTIVE ACTIONS 纠正与预防措施(CAPA) 


13.1. Where organizations use computerized systems (e.g. for GXP data acquisition, processing, interpretation, reporting) which do not meet current GMP requirements, a workplan towards upgrading such systems should be documented and implemented to ensure compliance with current GMP.

如果公司使用了不符合现行 GMP 要求的计算化系统(例如,用于 GXP 数据采集、处理、解释、报告),则应制订升级该类系统的书面工作计划并实施,以确保符合当前 GMP 要求。 


13.2. When GMP lapses in DI are identified, root cause analysis, impact and risk assessment should be carried out. Appropriate CAPAs should be established and implemented. Health authorities and other relevant organizations should be notified if the investigation identifies significant impact or risk to materials, products, patients, reported information or data in application dossiers, clinical trial reports, and so on..

如果发现 GMP 有 DI 问题,由应进行根本原因分析、影响性和风险评估。应制订并实施适当的 CAPA。如果调查发现对物料、药品、患者、在申报资料、临床试验报告等中所报告的信息或数据有严重影响,则应通知药监机构和其它相关组织。 

  


References and further reading 参考文献与扩展阅读  


 

 (Note: This section will be updated)

(注:本部分将更新) 


1. WHO Basic Principles in Good Manufacturing Practices

WHO GMP 基本原则 

2. WHO Guideline on Validation

WHO 验证指南 

3. WHO Guideline on Computerized Systems

WHO 计算机化系统指南 

4. WHO Guideline on Good Chromatography Practices

WHO 优良色谱规范指南 

5. Medicines and Healthcare Products Guideline 药品和卫生用品指南 

6. U.S. Food and Drug Administration Guideline 美国 FDA 指南 

7. Pharmaceutical Inspection Convention and Pharmaceutical Inspection Co-operation Scheme (PIC/S) Guideline

PIC/S 指南 

8. International Society for Pharmaceutical Engineering (ISPE) Baseline

ISPE 基准 

 

  

ANNEX 1 附录 1 



EXAMPLES IN DATA INTEGRITY MANAGEMENT

数据完整性管理举例 


This Annex reflects on some examples in data integrity (DI) management, to support the main text on DI. It should be noted that these are examples and are intended for the purpose of clarification only.

本附录举出一些数据完整性(DI)管理实例,用于支持 DI 正文内容。要注意这些只是例子,仅用于说明问题。 


Example 1: Quality risk management and data integrity risk assessment

例 1:质量风险管理和数据完整性风险评估 


Risk management is an important part of good manufacturing practices (GMP). Risks should be identified and assessed, control identified and implemented to assist manufacturers in preventing possible DI lapses.

风险管理是优良生产规范(GMP)的一个重要部分。应对风险进行识别和评估,并识别和实施控制帮助生产商预防可能的 DI 问题。 


As an example, a Failure Mode and Effects Analysis (FMEA) model (or any other tool) can be used to identify and assess the risks relating to any system where data are, for example, acquired, processed, recorded, saved and archived. Based on severity, occurrence and detection classification and an overall risk priority number or risk factor, corrective and preventive action (CAPA) should be identified, implemented and assessed for its effectiveness. 举例来说,FMEA 模式(或任何其它工具)可用于识别和评估与任何例如采集、处理、记录、保存和归档数据的系统有关的风险。根据严重程度、发生频次和检出可能性分级,以及总体风险优先度数字或风险因子,应制订并实施 CAPA,评估 CAPA 有效性。 



 

 

Severity


 


 

LOW

MEDIUM

HIGH

LOW


 

 

 

MEDIUM


 

 

 

HIGH


 

 

 

 

HIGH

MEDIUM

LOW


 

 

D e t e c t i o n


 

 


 

 

严重性 


 

发生可能性


 


 

低 

中 

高 

低 


 

 

 

中 


 

 

 

高 


 

 

 

 

高 

中 

低 


 

 

可检出性 


 

For example, if during the weighing of a sample, the entry of the date was not contemporaneously recorded on the worksheet but the date is available on the print-out from a weighing balance and log book for the balance for that particular activity, this is still considered DI. The risk is however different when there is no other means of traceability for the activity. When assessing the risk relating to the lapse in DI, the severity could be classified as “low” (the data is available on the print-out); it does not happen on a regular basis (occurrence is “low”), and it could easily be detected by the reviewer (detection is “high”) – therefore the overall risk factor may be considered low. The root cause as to why the record was not made in the analytical report at the time of weighing should still be identified and the appropriate action taken to prevent this from happening.

例如,如果在样品称重过程中,没有同步将日期记录在检验记录中,但在称重天平的打印条和天平日志里该活动日期是可以获得的,这样仍符合 DI 要求。但如果没有其它方法追踪到该活动,则风险就不同了。在评估与 DI 问题有关的风险时,严重程序可定为“低” (数据在打印条上可获取),并不经常发生(发生频次为“低”),易于被审核人员发现(可检出性为“高”)--因此总体风险因子可认为是低。为何在称重时没在分析报告上记录的根本原因仍需要进行识别,并且要采取适当措施防止重复发生。 



Example 2: Good documentation practices in data integrity

例 2:数据完整性中的优良文件规范 


Documentation should be managed with care. These should be appropriately designed to assist in eliminating erroneous entries, manipulation and human error.

文件记录应小心管理。该要求应适当进行适当设计,以帮助消除错误录入、篡改和人为失误。 


Paper systems 纸质系统 


Formats 格式  


Formats should be designed and prepared to enable personnel to record the correct information at the right time. Provision should be made for entries such as dates, time (start, finish), signatures, initials, results, batch numbers, equipment identification numbers andso on. The system should prompt the personnel to make the entries at the appropriate step.

格式设计和制作应使得员工在正确时间记录正确信息。应为录入数据制作好格式,如日期、时间(开始、结束)、签名、首字母、结果、批号、设备编号等。系统应使得员工可在适当步骤录入数据。 


Blank forms空白表格 


The use of blank forms is not encouraged. Where blank forms are used (e.g. to supplement worksheets, laboratory notebooks and master production and control records), appropriate controls have to be in place and may include, for example, a numbered set of blank forms issued which are reconciled upon completion. Similarly, bound paginated notebooks, stamped or formally issued by a document control group, allow the detection of unofficial notebooks and any gaps in notebook pages. Authorization may include two or three signatures with dates, for example, “prepared by” or “entered by”, “reviewed by” and “approved by”.

不鼓励使用空白表格。如果要使用空白表格(例如补充工作表、实验室笔记本和主生产和检验记录),则必须要有适当的控制措施,可包括例如发放有编号的空白表格,完成时进行数量平衡。类似的,由文件控制组装订好编制页码的笔记本、盖章或正式发放,可发现非正式笔记本和笔记本页码差错。批准可包括 2 个或 3 个签名加日期,例如“制作人”或“录入人”、“审核人”和“批准人”。 


Error in recording data 记录数据中的失误 


Entries of data and results (electronic and paper records) should be free from mistakes. Entries should be made with care. Where incorrect information had been recorded, this may be corrected provided that the reason for the error is documented, the original entry remains readable, and the correction is signed and dated.

数据和结果录入(电子和纸质记录)应无错误。录入数据应仔细。如果记录了不正确的信息,则可进行修正,但要记录下错误原因,保持原始录入数据可读,纠正动作应有签名和日期。 



Example 3: Data entry  例 3:数据录入 


Data entry includes examples such as sample receiving registration, sample analysis result recording, logbook entries, registers, batch manufacturing record entries, and information in case report forms. The recording of source data on paper records should be in indelible ink and free from errors. Direct entry into electronic records should be done by responsible, appropriately trained individuals. Entries should be traceable to an individual (in electronic records thus having a unique username and password) and traceable to the date (and time, where possible). Where appropriate, the entry should be verified by a second person or entered through technical means such as bar-coding, where possible, for the intended use of these data. Additional controls may include locking critical data entries after the data are verified and review of audit trails for critical data to detect if they have been altered.

数据录入包括例子有样品接收登记、样品分析结果记录、日志录入、登记、批生产记录录入,以及事件报告表中的信息。记录在纸质记录上的源数据应使用不可擦除的墨水,不应有错误。直接录入至电子记录时应由经过适当培训的负责该事务的人员操作。录入应可追溯至个人(在电子记录中要有唯一用户名和密码)以及日期(可能时还有时间)。适当时,录入数据应由第二人核对,或通过技术手段如这些数据专用条形码(如可能)录入。额外控制手段可包括在数据被核对之后锁定关键数据项,以及审核关键数据的审计追踪以发现是否被修改。 



Example 4: Dataset  例 4:数据系列 


All data should be included in the dataset unless there is a documented, justifiable, scientific explanation and procedure for the exclusion of any result or data. Whenever out of trend or atypical results are obtained, they should be investigated in accordance with written procedures. This includes investigating and determining CAPA for invalid runs, failures, repeats and other atypical data. The review of original electronic data should include checks of all locations where data may have been stored, including locations where voided, deleted, invalid or rejected data may have been stored. Data and metadata should not be found in other electronic folders or in other operating system logs. Electronic data should be archived in accordance with a standard operating procedure. It is important to ensure that associated metadata are archived with the relevant data set or securely traceable to the data set through relevant documentation. It should be possible to successfully retrieve data and datasets from the archives. This includes metadata. This should be done in accordance with a procedure and verified at defined intervals.

所有数据均应包括在数据系列中,另有书面、可论证的科学解释者以及结果或数据除外程序者除外。一经发现超趋势或异常结果,应根据书面程序进行调查。其中包括对无论运行、失败、重复和其它异常数据进行调查和确定 CAPA。对原始电子数据的审核应包括检查可能存贮数据的所有位置,包括作废、删除、宣布无效或被拒数据可能存贮的位置。在其它电子文件夹或其它操作系统日志中不应发现数据和元数据。电子数据应根据标准操作规程进行归档。确保相关元数据与相关数据系列一起归档,或者可通过相关文件记录安全追踪至该数据系列很重要。应可从档案中成功检索数据和数据系列。其中包括元数据。这可根据程序进行操作,并按指定时间间隔进行核查。 



Example 5: Enduring  例 5:持久 


Data and metadata should be readable during the life cycle of the data. Risks include the fading of microfilm records, the decreasing readability of the coatings of optical media such as compact disks (CDs) and digital versatile/video disks (DVDs), and the fact that these media may become brittle. Similarly, historical data stored on magnetic media will also become unreadable over time as a result of deterioration. Data and records should be stored in an appropriate manner, under the appropriate conditions.

数据和元数据在其生命周期中应可读。风险包括微胶卷记录消退、光学介质如压制光盘(CD)和数字多功能/视频光盘(DVD)涂层可读性降低,以及这些介质可能变得易折。类似的,存贮在磁性介质中的历史数据亦会随时间推移因消磁变得不可读。数据和记录应以适当方式在适当条件下保存。 



Example 6: Attributable  例 6:可追溯性 


Data should be attributable, thus being traceable to an individual. In paper records, this could be done through the use of initials, full handwritten signature or personal seal. In electronic records, this could be done through the use of unique user logons that link the user to actions that create, modify or delete data; or unique electronic signatures which can be either biometric or non-biometric. An audit trail that captures user identification (ID), date and time stamps, and the electronic signature must be securely and permanently linked to the signed record.

数据应可追溯,即追踪至个人。在纸质记录中,可通过使用首字母、手写全名签名或个人印章进行追踪。在电子记录中,可通过将用户与创建、修改或删除数据的动作的链接追踪到唯一用户登录,或通过生物识别或非生物识别的唯一电子签名进行追踪。捕获用户身份(ID)、日期和时间戳以及电子签名的审计追踪必须安全永久地链接至被签名的记录。 



Example 7: Contemporaneous  例 7:同步性 


Personnel should record data and information at the time these are generated and acquired. For example, when a sample is weighed or prepared, the weight of the sample (date, time, name of the person, balance identification number) should be recorded at that time and not before or at a later stage. In the case of electronic data, these should be automatically date and time stamped. The use of hybrid systems is discouraged but where legacy systems are awaiting replacement, documented mitigating controls should be in place. (Replacement of hybrid systems should be a priority with a documented CAPA plan). The use of a scribe to record an activity on behalf of another operator should be considered only on an exceptional basis and should only take place where, for example, the act of recording places the product or activity at risk, such as, documenting line interventions by aseptic area operators.

员工应在生成和采集数据和信息对其进行记录。例如,在称样或制备样品时,样品重量(日期、时间、人员姓名、天平编号)应在当时记录,而不是提前或滞后记录。如果是电子数据,则应自动生成时间和日期戳。不鼓励使用混合系统,但如果有等待替换的遗留系统,则应有书面的风险缓解控制措施。(混合系统的替换应为优先事件,具备书面 CAPA 计划)。只有在例外情况下,且例如记录动作会使得产品或活动处于风险中时方可使用抄写员代表另一操作人员记录一项活动,例如记录无菌区域操作员所执行的产线干扰。 



Example 8: Changes  例 8:修改 


When changes are made to any result or data, the change should be traceable to the person who made the change, the date, time and reason for the change. In electronic systems, this traceability should be documented via computer generated audit trails or in other metadata fields or system features that meet these requirements. Where an existing computerized system lacks computer-generated audit trails, personnel may use alternative means such as procedurally controlled use of log-books, change control, record version control or other combinations of paper and electronic records to meet GXP regulatory expectations for traceability to document the what, who, when and why of an action.

对任何结果或数据进行修改时,修改应可追溯至修改人、日期和修改原因。在电子系统中,此种追溯性应通过计算机生成的审计追踪或在其它元数据域或符合这些要求的其它系统特性中记录。对于缺少计算机生成的审计追踪的现有计算机化系统,员工可使用替代方法如程序控制的日志、变更控制、记录版本控制或其它纸质与电子记录联用,以符合 GXP 法规对动作何事何人何时为何的文件追溯性要求。 



Example 9: Original 例 9:原始性 


Original data include the first or source capture of data or information and all subsequent data required to fully reconstruct the conduct of the GXP activity (see the definition of raw data). In some cases, the electronic data (electronic chromatogram acquired through high- performance liquid chromatography (HPLC)) may be the original data, and in other cases, the recording of the temperature on a log sheet in a room - by reading the value on a data logger – may be considered the original data. Original data should be reviewed. Proof of review should be presented (e.g. as a signature (reviewed by:) and date of the review). For electronic records, this is typically signified by electronically signing the electronic data set that has been reviewed and approved. Written procedures for data review should clarify the meaning of the review and approval signatures to ensure that the personnel concerned understand their responsibility as reviewers and approvers to assure the integrity, accuracy, consistency and compliance with established standards of the electronic data and metadata subject to review and approval. Written procedures for data review should define the frequency, roles and responsibilities and approach to review of meaningful metadata, such as audit trails. These procedures should also describe how aberrant data are to be handled if found during the review.   Personnel who conduct such reviews should have adequate and appropriate training in the review process as well as in the software systems containing the data subject to review.

原始数据包括全面重构 GXP 活动所需数据或信息和全部子序数据的首次或源捕获(参见原始数据定义)。有些情况下,电子数据(通过 HPLC 采集的电子色谱图)可能是原始数据,在另一些情形中,在一个房间通过读取数据记录仪上的读数并记录在温度日志上可认为是原始数据。原始数据应经过审核。应有审核证据(例如审核人签名和审核日期)。对于电子数据,一般由对审核过的电子数据进行电子签名和批准。书面的数据审核程序应阐述审核的含义和批准签名,以确保相关员工理解其作为审核员和批准人的职责,以确保电子数据的完整性、准确性、一致性以及符合既定标准,元数据经过审核和批准。书面数据审核程序应规定有意义的元数据如审计追踪的审核频次、角色与职责和审核方法。这些程序亦应说明审核中发现异常数据时如何处理。执行此类审核的人员应经过充分和恰当的审核流程培训,以及含有待审核数据的软件系统培训。 



Example 10: Controls 例 10:受控 


Based on the outcome of the data integrity risk assessment (DIRA) (which should cover all areas of data governance and data management) – appropriate and effective controls should be identified and implemented to assure that all data, whether in paper records or electronic records, will meet ALCOA+ principles. Examples of controls may include, but are not limited to:

根据数据完整性风险评估(DIRA)的结果(应包括数据管辖和数据管理的所有领域),识别和实施适当的有效控制,确保所有数据(无论是纸质记录还是电子记录)符合 ALCOA+原则。控制例子可包括但不仅限于: 

  • qualification, calibration and maintenance of equipment, such as balances and pH meters, that generate printouts;

  • 生成打印件的设备确认、校正和维护,如天平和 pH 计; 

  • validation of computerized systems that acquire, process, generate, maintain, distribute or archive electronic records;

  • 采集、处理、生成、保存、分发或归档电子记录的计算机化系统的验证; 

  • validation of systems to ensure that the integrity of data will remain while transmitting between/among computerized systems;

  • 系统验证以确保计算机化系统之间传输数据的完整性; 

  • validation of analytical procedures;

  • 分析方法的验证; 

  • validation of production processes;

  • 生产工艺的验证; 

  • review of GXP records; and

  • GXP 记录的审核;以及 

  • investigation of deviations, doubtful, out of trend and out of specifications results.  

  • 偏差、可疑、超趋势和超标结果的调查。 

    Points to consider for assuring accurate GXP records:

    确保准确的 GXP 记录考虑要点: 

  • The entry of critical data into a computer by an authorized person (e.g. entry of a master processing formula) requires an additional check on the accuracy of the data entered manually. This check may be done by independent verification and release for use by a second authorized person or by validated electronic means. For example, to detect and manage risks associated with critical data, procedures would require verification by a second person, such as a member of the quality unit staff;

  • 关键数据由经授权人员录入计算机时(例如录入主处理公式)需要对人工录入数据准确性进行额外检查。该检查可由经授权的第二人或由经过验证的电子方式通过独立核对完成,然后放行使用。例如,为发现和管理与关键数据有关的风险,程序要求由第二人,如质量部门员工进行核对。 

  • formulae for calculations entered into spreadsheets;

  • 录入计算表的计算公式; 

  • master data entered into the laboratory information management system (LIMS) such as fields for specification ranges used to flag out of specification values on the certificate of analysis;

  • 录入实验室信息管理系统(LIMS)的主数据如用于在 COA 上标示 OOS 值的标准范围域; 

  • other critical master data, as appropriate. Once verified, these critical data fields should normally be locked to prevent further modification and only be modified through a formal change control process;

  • 其它关键主数据(适当时)。一旦通过核对,一般要将这些关键数据域锁定,以防止进一步修改,如需修改仅能通过正式变更控制流程执行; 

  • the process of data transfer between systems should be validated;

  • 系统间数据传输流程应经过验证; 

  • the migration of data into and exported from systems requires specific planned testing and control; and

  • 数据迁移至系统和从系统输出需要有具体规划的测试与控制;以及 

  • when the activity is time-critical, printed records should display the date and time stamp.

  • 如果活动时间是关键要素,则打印记录应显示日期与时间戳。

 

图文新闻
地址:北京市西城区北三环中路乙6号伦洋大厦306房间 邮编:100120
[携手共创 无痛世界] 京ICP备040245号 京公安网110102004956
网站邮箱:webmaster@withoutpain.net(建议使用1024*768分辨率)
本站网址:www.withoutpain.net 或 www.withoutpain.org 中文域名:www.无痛网.com

中国麻醉药品协会关于我们帮助指南版权说明法律条款电子邮箱网站地图

CorpyRight 2003-2010 by 中国麻醉药品协会 All Rights Reserved