您现在的位置:首页 > 新闻资讯 > 政策法规



作者:发表时间:2019-11-05 10:43:44来源:GMP办公室 浏览:




(October 2019)  

2019 年 10 月 



1.1. Data governance and data integrity (DI) are important elements in ensuring the reliability of data and information obtained in production and control of pharmaceutical products. The data and information should be complete as well as being attributable, legible, contemporaneous, original and accurate, commonly referred to as meeting “ALCOA” principles.


1.2. In recent years, the number of observations made regarding the integrity of data, documentation and record management practices during inspections of good manufacturing practice (GMP), good clinical practice (GCP) and good laboratory practice (GLP) has been increasing. Possible causes for this may include (i) too much reliance on human practices; (ii) the use of computerized systems that are not appropriately managed and validated; and (iii) failure to adequately review and manage original data and records.

近年,在 GMP、GCP 和 GLP 检查中,数据完整性、文件记录管理规范性方面的缺陷数量大大上升。可能的原因大致包括(1)太过依赖人员操作,(2)使用了未进行恰当管理和验证的计算机化系统,以及(3)未充分审核和管理原始数据与记录。 

1.3. Quality risk management (QRM), control strategies and sound scientific principles are required to mitigate such risks.  Examples of controls may include, but are not limited to:


• the establishment and implementation of a DI policy;

• 制订和实施 DI 方针; 

• the establishment and implementation of procedures that will facilitate compliance with DI requirements and expectations;

• 制订和实施有利于符合 DI 要求和预期的程序; 

• adoption of a quality culture within the company that encourages personnel to be transparent about failures which includes a reporting mechanism;

• 在公司内推行质量文化,鼓励员工坦白失败,包括报告机制; 

• application of QRM with identification of all areas of risk to DI through data integrity risk assessment (DIRA) and implementation of appropriate controls to eliminate or reduce risks to an acceptable level throughout the life cycle of the data;

• 应用 QRM,通过数据完整性风险评估(DIRA)识别所有领域的 DI 风险,在数据整个生命周期中实施适当控制消除或降低风险至可接受水平; 

• ensuring  sufficient  resources  to  monitor  compliance  with  DI  policies  and procedures and processes, and facilitate continuous improvement; 

• 确保有足够的资源监测 DI 方针以及程序和流程遵守情况,促进持续改进; 

• provision of necessary training for personnel in, for example, good practices (GXP), computerized systems and DI;

• 为员工提供必要的培训,如,优良规范(GXP)、计算机化系统和 DI; 

• implementation and validation of computerized systems appropriate for their intended use;

• 根据其既定用途实施和验证计算机化系统; 

• definition and management of appropriate roles and responsibilities for quality agreements and contracts entered into by contract givers and contract acceptors.

• 作为合同委托方或接受方签署的质量协议和合同中适当角色与职责的定义和管理。




2.1. This guideline provides information, guidance and recommendations to facilitate compliance with DI, GXP in documentation and record keeping requirements. 

本指南提供促进 DI、GXP 在文件和记录保存要求方面的合规性信息、指南和建议。 

2.2. The scope of this guideline is designated as ‘GXP’. It does not, however, cover medical devices. 


2.3. Where possible, this guideline has been harmonised with other published documents. The guideline should be read with other WHO GXP guidelines and publications.

如可能,本指南已与其它已发布文件保持统一。本指南应与其它 WHO GXP 指南和出版物联合解读。 

2.4. In line with the current approach in GMP, it recommends a risk-based approach over the life cycle of data.  DIRA should be carried out in order to identify and assess areas of risk.

根据 GMP 中的当前方法,建议对数据生命周期采取基于风险的方法。应执行 DIRA 以识别和评估风险领域。 

2.5. The  principles  of  this  guideline  apply  to  contract  givers  and  contract  acceptors. Contract givers are ultimately responsible for the integrity of data provided to them by contract acceptors. Contract givers should therefore ensure that contract acceptors comply with the principles contained in this guideline.


2.6. Efficient risk-based controls and review of data and documents should be identified and implemented.  The effectiveness of the controls should be verified.



(Note: This section will be updated)  


The definitions given below apply to the terms used in these guidelines. They may have different meanings in other contexts. 以下定义适用于本指南所述术语。可能与其它语境含义有所不同。 


A commonly used acronym for “attributable, legible, contemporaneous, original and

accurate”. 常用术语,代表“可追溯性、清晰、同步、原始和准确”。 


A commonly used acronym for “attributable, legible, contemporaneous, original and accurate” which puts additional emphasis on the attributes of being complete, consistent, enduring and available – implicit basic ALCOA principles.

常用术语,代表可追溯性、清晰、同步、原始和准确”,加上对完整性、一致性、持久性和可及性等明确的 ALCOA 基本原则的补充强调。 

archiving, archival.归档 

Archiving is the process of storage and protecting records from the possibility of being accessed, further altered or deleted, and storing these records under the control of independent data management personnel throughout the required retention period. Archived records should include, for example, associated metadata and electronic signatures.


archivist. 档案保管员 

An independent individual designated in GLP who has been authorized by management to be responsible for the management of the archive, i.e. for the operations and procedures for archiving. 

在 GLP 内指定的独立个人,由管理人员批准负责档案管理,即归档操作和程序。

 audit trail.审计追踪  

The audit trail is a form of metadata containing information associated with actions that relate to the creation, modification or deletion of GXP records. An audit trail provides for secure recording of life cycle details such as creation, additions, deletions or alterations of information in a record, either paper or electronic, without obscuring or overwriting the original record. An audit trail facilitates the reconstruction of the history of such events relating to the record regardless of its medium, including the “who, what, when and why” of the action.

审计追踪是含有 GMP 记录创建、修改或删除相关动作信息的元数据表。审计追踪提供生命周期详细情况的安全记录,如电子或纸质记录中信息的创建、增加、删除或修改,而不会妨碍或改写原始记录。审计追踪有利于重建此类与记录(无论使用何种介质)有关事件的历史,包括动作的“何人何事何时及因何”。 

data governance.数据管理 

The arrangements to ensure that data, irrespective of the format in which they are generated, are recorded, processed, retained and used to ensure the record throughout the data life cycle.


data life cycle.数据生命周期 

All phases of the process by which data are created, recorded, processed, modified, transmitted, reviewed, reported, used, approved, archived and restored until destruction.


electronic signatures.电子签名 

A signature in digital form (bio-metric or non-biometric) that represents the signatory.  This should be equivalent in legal terms to the handwritten signature of the signatory.


good practices (GXP).优良规范(GXP) 

Acronym for the group of good practice guides governing the preclinical, clinical, manufacturing, testing, storage, distribution and post-market activities for regulated pharmaceuticals, biologicals and medical devices, such as GLP, GCP, GMP, good pharmacovigilance practices (GPP) and good distribution practices (GDP).

指导受法规管制药品、生物制品和医疗器械临床前、临床、生产、检测、存贮、运输和上市后活动管理的优良规范,如 GLP、GCP、GMP、优良药物预警规范(GPP)和优良运输规范(GDP)。 


Metadata are data that describe the attributes of other data and provide context and meaning and form an integral part of original records.  An audit trail record is an example of metadata.


raw data (source data).原始数据(源数据) 

The original record (data) which can be described as the first-capture of information, whether recorded on paper or electronically. 

原始记录(数据)可描述为首次捕获的信息,可以是以纸质或电子记录的。 routine data review.日常数据审核 

Routine data review is a process where the raw data and metadata are reviewed for their integrity in an individual data set. 


periodic data review.定期数据审核 

Periodic data review is a process where an audit of the data generated is done, on a periodic basis (e.g. monthly), where data are selected on a random basis to verify the effectiveness of existing control measures and identification of the possibility of unauthorised activity at all interfaces



4.1. There should be a written DI policy. 

应制订书面 DI 方针。 

4.2. Senior management is responsible for the establishment and implementation of an effective quality system and a data governance system. This applies to paper and electronic generated data.


4.3. Data should be Attributable, Legible, Contemporaneous, Original, and Accurate (ALCOA) and be Complete, Consistent, Enduring, and Available (+). This is generally referred to as ALCOA+. (There is no difference in expectations regardless of which acronym is used).

数据应可追溯、清晰、同步、原始和准确(ALCOA)并且完整、一致、持久和可获得(+)。通常称为 ALCOA+。(无论使用何术语,要求没有差别) 

4.4. The quality system, including documentation such as procedures and formats for recording data, should be appropriately designed and implemented to provide assurance that records and data meet the principles contained in this guideline.


4.5. Data governance should address data ownership and accountability throughout the life cycle and consider the design, operation and monitoring of processes/systems to comply with the principles of DI, including control over intentional and unintentional changes to data.

数据管理应说明数据在其整个生命周期中的所有权和职责,要考虑使流程/系统的设计、运行和监测符合 DI 原则,包括控制有意和无意的数据更改。 

4.6. Data governance systems should include: 数据管理系统应包括: 

  • training in the importance of DI principles;

  • DI 原则的重要性培训; 

  • the creation of an appropriate working environment; and

  • 创造适当的工作环境;以及 

  • active encouragement of the reporting of errors, omissions and undesirable results.

  • 主动鼓励报告失误、遗漏和不合意结果。 

4.7. Senior management should be accountable for the implementation of systems and procedures in order to minimise the potential risk to DI, and to identify the residual risk using  risk  management  techniques  such  as  the  principles  of  the  International Conference on Harmonisation (ICH) Q9.

高级管理人员应对系统和程序实施承担责任,以尽可能降低潜在 DI 风险,使用风险管理技术如 ICH Q9 中的原则识别出残留风险。 

4.8. The data governance programme should include policies and procedures addressing data management.  Elements of effective management governance should include:


• management oversight and commitment;

• 管理监督和承诺; 

• application of QRM;

• 应用 QRM; 

• good data management principles;

• 优良数据管理原则; 

• quality metrics and performance indicators;

• 质量量度和绩效指标; 

• validation;

• 验证; 

• change management;

• 变更管理; 

• security and access control;

• 安保和访问控制; 

• configuration control;

• 参数设置控制; 

• prevention of commercial, political, financial and other organizational pressures;

• 预防商业、政治、经济和其它组织压力; 

• prevention of incentives that may adversely affect the quality and integrity of work;

• 预防可能对工作质量和完整性产生不良影响的激励; 

• adequate resources, systems;

• 充足的资源、系统; 

• workload and facilities to facilitate the right environment that supports DI and effective controls;

• 工作量和设施有利于正确的环境,可支持 DI 和有效控制; 

• monitoring;

• 监测; 

• record keeping;

• 记录保存; 

• training; and

• 培训;以及 

• awareness of the importance of DI, product quality and patient safety.

• 明白 DI、产品质量和患者安全的重要性。 

4.9. There should be a system for the regular review of documents and data to identify any DI failures. This includes paper records and electronic records in day-to-day work, system and facility audits and self-inspections.

应制订一个体系对文件和数据进行常规审核,以发现任何 DI 问题。其中包括日常工作的纸质和电子记录、系统和设施审订以及自检。 

4.10. The effort and resources applied to assure the integrity of the data should be commensurate with the risk and impact of a DI failure. 

为确保数据完整性所付出的努力和资源应与 DI 失败的风险和影响相称。 

4.11. Where DI weaknesses are identified, appropriate corrective and preventive actions (CAPA) should be implemented across all relevant activities and systems and not in isolation.

如果发现 DI 弱点,应在所有相关活动和系统中实施适当的 CAPA,而不是独立处理。 

4.12. Significant DI lapses identified should be reported to the national medicine regulatory authority. 

发现严重的 DI 问题时应向国家药监机构报告。 

4.13. Changing from automated or computerised systems to paper-based manual systems or vice-versa will not in itself remove the need for appropriate DI controls.

从自动化或计算机化系统改为纸质人工系统或逆向改变时,改变本身并不能消除对适当 DI 控制的需求。 

4.14. Good  documentation practices should be followed to ensure that all records are complete. 


4.15. Records (paper and electronic) should be kept in a manner that ensures compliance with the principles of this guideline.  These include, but are not limited to:


• restricting the ability to change dates and times for recording events;

• 限制对记录事件的日期和时间修改能力; 

• using controlled documents and forms for recording GXP data;

• 使用受控文件和表格记录 GXP 数据; 

• controlling the issuance of blank paper templates for data recording of GXP activities, with reconciliation;

• 控制发放用于记录 GXP 活动数据的空白纸张模板; 

• defining access and privilege rights to automated systems;

• 规定自动化系统的访问与权限; 

• enabling audit trails;

• 激活审计追踪; 

• having automated data capture systems and printers connected to equipment and instruments in production and quality control where possible; 

• 尽可能配备自动化数据采集系统和打印机,连接至生产和质量控制用设备与仪器; 

• ensuring proximity of printers to sites of relevant activities; and

• 确保打印机邻近相关活动场所;以及 

• ensuring  access  to  original  electronic  data  for  personnel  responsible  for reviewing and checking data.

• 确保负责审核和检查数据的人员可访问原始电子数据。 

4.16. Data and recorded media should be durable. Ink should be indelible. Temperature- sensitive or photosensitive inks and other erasable inks should not be used, or other means should be identified to ensure traceability of the data over their life cycle.


4.17. Paper should not be temperature-sensitive, photosensitive or easily oxidizable. If this is not feasible or limited, then true or certified copies should be available.


4.18. Systems, procedures and methodology used to record and store data should be periodically reviewed for effectiveness and updated, as necessary, in relation to new technology.



5.1. The DIRA should be documented. This should cover systems and processes that produce data or, where data are obtained, data criticality and inherent risks.

应记录 DIRA。其中应包括生成数据(如得到数据)的系统和流程、数据关键程度和内在风险。 

5.2. The risk assessment should include, for example, computerised systems, supporting personnel, training and quality systems. 


5.3. Record and DI risks should be assessed, mitigated, communicated and reviewed throughout the document and data life cycle. 

应在记录和数据生命周期中对记录和 DI 风险进行评估、缓解、沟通和审核。 

5.4. Where the DIRA has highlighted areas for remediation, prioritisation of actions (including acceptance of an appropriate level of residual risk) and controls should be documented and communicated. Where long-term remediation actions are identified, risk-reducing short-term measures should be implemented to provide acceptable data governance in the interim.

如果 DIRA 显示出需要补救的领域,应记录和沟通措施(包括残留风险的可接受水平)与控制的优先等级。如果需要采取长期补救措施,则应实施短期降低风险的措施临时提供可接受的数据管理。 

5.5. Controls identified may include organizational and functional controls such as procedures, processes, equipment, instruments and other systems to both prevent and detect situations that may impact on DI.  (Examples include appropriate content and design of procedures, formats for recording, access control, the use of computerized systems and other means).

所识别的控制可能包括组织和功能控制,如程序、工艺、设备、仪器和其它系统用于预防和发现可能影响 DI 的情形。(例子包括对在程序中包含适当的内容及进行适当设计、记录格式、访问控制、计算机化系统的使用及其它方式) 

5.6. Controls should cover risks to data. Risks include deletion of, changes to, and excluding data and results from data sets without written authorisation and detection of those activities and events.




6.1. Compliance  with  DI  policy  and  procedures  should  be  reported  in  the  periodic management review meetings. 

应在定期管理评审会议中报告 DI 方针和程序符合情况。 

6.2. The effectiveness of the controls implemented should be measured against the quality metrics and performance indicators.  These should include for example:


• The tracking and trending of data;

• 数据追踪与趋势分析; 

• lapse in DI rates;

• DI 问题频次; 

• review of audit trails in, for example, production, quality control, GLP, case report forms and data processing;

• 审核审计追踪,如生产、质量控制、GLP、事件报告表和数据处理; 

• routine audits and/or self-inspections including DI and computerized systems; and

• 日常审计和/或自检,包括 DI 和计算机化系统;以及 

• DI lapses at outsourced facilities (contract acceptors).

• 外包设施内 DI 问题(受托方) 


7.1. Outsourcing of activities and responsibilities of each party (contract giver and contract accepter) should be clearly described in written agreements.  Specific attention should be given to ensuring compliance with DI requirements. 

应在书面协议中清楚说明委外活动及各方职责(委托方和合同接受方)。特别要注意确保符合 DI 要求。 

7.2. Compliance with the principles and responsibilities should be verified during periodic site audits.  This should include the review of procedures and data (including raw data and metadata, paper records, electronic data, audit trails and other related data) held by the contracted organization that are relevant to the contract giver’s product or services.


7.3. Where data and document retention are contracted to a third party, particular attention should be paid to understanding the ownership and retrieval of data held under that agreement, as well as controls to ensure the integrity of data over their life cycle.


7.4. No activity, including outsourcing databases, should be sub-contracted to a third party without the prior approval of the contract giver. 



7.5. All contracted parties should be aware of the requirements relating to data governance, DI and data management. 

所有受托方均应明白与数据管辖、DI 和数据管理有关的要求。 


8.1. Personnel should be trained in DI policies and procedures. 

应给员工培训 DI 方针和程序。 

8.2. Personnel should agree to abide by DI principles and should be made aware of the potential consequences in cases of non-compliance. 

员工应同意接受 DI 原则,应明白不符合时的可能后果。 

8.3. Personnel should be trained in good documentation practices and measures to prevent and detect DI issues. This may require specific training in evaluating the configuration settings and reviewing electronic data and metadata, such as audit trails, for individual computerized systems used in the generation, processing and reporting of data.

员工应接受优良文件规范和预防及发现 DI 问题的措施培训。其中可能需要针对用于生成、处理和报告数据的计算机化系统进行评估参数设置和审核电子数据与元数据,如审计追踪的特定培训。 

9. DATA 数据 

9.1. Data may be presented by manually recording an observation, result or other data and information on paper, or electronically recording thereof, by using equipment and instruments including those linked to computerised systems. A combination of manual and electronic systems may also be used.


9.2. The same considerations for DI apply for other data sets (such as photographs, videos, DVD, imagery and chromatography plates) as for the other data sets, together with any additional controls required for that format such as copying, photography or digitisation. There should be a documented rationale for the selection of such a method.

相同的 DI 考量适用于其它数据系列(如照片、录像、DVD、图像和色谱碟)。如采用其它数据系列,则应配有其它控制如复制、照相或数字化。选择此种方法应有书面记录的理由。 

9.3. Where possible, risk-reducing supervisory measures should be implemented. 


9.4. Results and data sets require independent verification if deemed necessary from the DIRA or by another requirement. 

如果 DIRA 或其它要求认为有必要,则应对结果和数据进行独立核查。 


10.1. Data integrity (DI) is the degree to which data are complete, consistent, accurate, trustworthy and reliable. 


10.2. Risk-based system design and controls should enable the detection of errors, lapses and omissions of results and data during the data life cycle. Controls may include procedural controls, organizational controls and functional controls.


10.3. The DI policy should clearly define what constitutes raw data, source data, metadata and a “complete data set”.

DI 原则应清楚规定什么构成原始数据、源数据、元数据和“完整的数据系列”。


10.4. Data should be contemporaneously recorded, collected and maintained in a secure manner. Controls should ensure that they are attributable, legible, original (or a true copy) and accurate. Assuring DI requires appropriate QRM systems, including adherence to sound scientific principles and good documentation practices.

数据应以安全的方式同步记录、采集和保存。控制应确保其可追溯、清晰、原始(或真实副本)以及准确。确保 DI 要求有适当的 QRM 系统,包括遵守科学合理的原则以及优良文件规范。


10.5. Systems should be established and implemented to ensure that all data acquired, processed and reported are in accordance with the principles in this guideline. Data should be:



A = 

attributable to the person generating the data 


L =  

legible and permanent 


C =



O =

original record (or certified true copy)


A =



10.6. Data governance measures  should also ensure that data are complete,  consistent, enduring and available throughout the life cycle, where:

数据管理措施亦应确保数据在生命周期的完整性、一致性、持久性和可及性,其中 :

• Complete = the data must be whole; a complete set.

• 完整性=数据必须是全部的数据,是完整的系列 

• Consistent = the data must be self-consistent.

• 一致性=数据必须自洽 

• Enduring = durable; lasting throughout the data life cycle.

• 持久性=耐久,在数据生命周期持续存在 

• Available = readily available for review or inspection purposes.

• 可及性=可供随时取得用于审核或检查 

10.7. Original data should be reviewed, retained, complete, enduring and readily retrievable and readable throughout the records retention period. 



11.1. The principles contained in this guideline are applicable to paper and electronic data.



11.2. Specific controls should be identified through DIRA, to ensure the integrity of data and results recorded on paper records.  These may include, but are not limited to:

应通过 DIRA 识别具体控制,以确保纸记录上所记录数据和结果的完整性。其中可包括但不仅限于: 

• the use of permanent, indelible ink;

• 使用永久不可擦除的墨水; 

• no use of pencil or erasers;

• 不使用铅笔或橡皮; 

• the use of single-line cross-outs to record changes with name, date and reason recorded (i.e. the paper equivalent to the audit trail);

• 使用单删除线记录修改,同时记录姓名、日期和理由(即等同纸质审计追踪); 

• no use of correction fluid or otherwise obscuring the record;

• 不使用修正液或其它方法遮盖记录; 

• controlled issuance of bound, paginated notebooks;

• 受控发放装订好、标好页码的笔记本; 

• controlled issuance of sequentially numbered copies of blank forms; and

• 受控发放有序编号的空白表格复印件;以及 

• archival of paper records by independent, designated personnel in secure and controlled archives.

• 由指定的独立人员以安全受控方式归档纸质记录。 


 (Note. This section highlights some specific aspects relating to the use of computerized systems. It is not intended to repeat the information presented in the other WHO Guidelines here, such as the WHO Guideline on Computerized systems, WHO Guideline on Validation, and WHO Guideline on Good Chromatography Practices.  See references.)

(注:本部分强调的是与计算机化系统有关的特定问题。本部分无意重复其它 WHO 指南中的内容,如 WHO 计算机化系统指南,WHO 验证指南以及 WHO 优良色谱规范指南。参见参考文献)

12.1. The computerized system selected should suitable for its intended use. 所选计算机化系统应适合其既定用途。 

12.2. Where GXP systems are used to acquire, record, store or process data, management should have appropriate knowledge of the risks that the system and users may have on the data.

如果使用了 GXP 系统获得、记录、存贮或处理数据,管理人员应具备系统与用户可能产生的数据风险知识。 

12.3. Suitably configured and validated software should be used where instruments and equipment with computerised systems are used. The potential for manipulation of data should be eliminated during the data life cycle.


12.4. Where electronic systems with no configurable software and no electronic data retention (e.g. pH meters, balances and thermometers) are used, controls should be put in place to prevent manipulation of data and repeat testing to achieve the desired result.

如果所用电子系统没有可设置参数的软件,没有电子数据保存(例如 pH 计、天平和温度计),应有控制保护数据不被篡改,不会重新检测得到想要的结果。 

12.5. Appropriate means of detection for lapses in DI principles should be in place. Additional means should be implemented where stand-alone systems with a user- configurable output is used, for example, Fourier-transform infrared spectroscopy (FTIR) and UV spectrophotometers.

应具备适当手段可发现违反 DI 原则的问题。如果使用了需要用户进行参数设置输出的单机系统,则应施加额外措施,例如 FTIR 和 UV 光谱仪。 

12.6. All records that are defined by the data set should be reviewed and retained. Reduced effort and/or frequency may be justifiable.


Access and privileges 访问与权限 

12.7. There should be a documented system in place that defines the access and privileges of users of computerized systems. The paper and electronic records should be in line with the electronic information including the creation and deletion of users.


12.8. Access and privileges should be in accordance with the responsibility and functionality of the individual with appropriate controls to ensure DI (e.g. no modification, deletion or creation of data outside the application is possible).

访问与权限应根据个人职责与职能设置,配制适当的控制以确保 DI(例如,不能在应用软件以外修改、删除或创建数据)。 

12.9. A limited number of personnel, with no conflict of interest in data, should be appointed as system administrators. Certain privileges such as data deletion, database amendment or system configuration changes should not be assigned to administrators without justification - and such activities should only be done with documented evidence of authorization by another responsible person.  Records should be maintained.


12.10. Unique usernames and passwords should be used for systems as appropriate. 适当时系统应使用唯一用户名和密码。 

12.11. Programmes and methods (such as acquisition and processing methods) should ensure that data meet ALCOA principles. Where results or data are processed using a different method/parameters than the acquisition method should be recorded. Audit trails and details should allow reconstruction of all data processing activities.

程序和方法(例如采集和处理方法)应确保数据符合 ALCOA 原则。采用不同于采集方法的方法/参数处理结果或数据时应有记录。审计追踪和详细信息应允许重建所有数据处理活动。 

12.12. Data transfer should not result in any changes to the content or meaning of the data. The transfer should be tracked in the audit trail. 


12.13. Data transfer should be validated. 


Audit Trail 


12.14. GXP systems should provide for the retention of audit trails. Audit trails should reflect, for example, users, dates, times, original data and results, changes and reasons for changes.

GXP 系统应保存有审计追踪。审计追踪应反映例如用户、日期、时间、原始数据和结果、修改及修改理由。 

12.15. Audit trails should be enabled when software is installed, and remain enabled all times. Proof of enabling and verification during the life cycle of data should be maintained.


12.16. Where add-on software or legacy systems are used (with no audit trail), mitigation measures may be taken for defined temporary periods. This should be addressed within defined timelines.


12.17. Routine data review should include a review of audit trails. Evidence should be maintained. 


Electronic signatures 电子签名 

12.18. Each electronic signature should be appropriately controlled. An electronic signature should be:


• validated;

• 经过验证; 

• attributable to an individual;

• 可追踪至个人; 

• free from alteration and manipulation; and

• 无篡改与捏造,以及 

• compliant with the requirements of international standards.

• 符合国际标准的要求 

12.19. An inserted image of a signature or a footnote indicating that the document has been electronically signed is not adequate. 


Data review and approval 数据审核和批准 

12.20. There should be a documented procedure for the routine and periodic review, as well as approval of data.


12.21. CAPAs should be recorded where errors, discrepancies or omissions are identified. 如果发现错误、差异或遗漏,应记录 CAPA。 

12.22. A conclusion following the review of original data, metadata and audit trail records should be documented, signed and dated. 


Data backup, retention, and restoration 


12.23. Data  should  be  backed  up  and  archived  according  to  written  procedures. The validated procedures and controls should ensure the protection of data and records. 


12.24. Data and records should be kept in a secure area which provides appropriate protection.  Access should be controlled. 


12.25. Retention periods should be defined in authorized procedures. 


12.26. Records  reflecting  documented  reasons  for  the  destruction  of  data  should  be maintained. 


12.27. Backup  and  restoration  processes  should  be  validated  and  periodically  tested, including verification of data size, completeness and accuracy of data and metadata.



13.1. Where organizations use computerized systems (e.g. for GXP data acquisition, processing, interpretation, reporting) which do not meet current GMP requirements, a workplan towards upgrading such systems should be documented and implemented to ensure compliance with current GMP.

如果公司使用了不符合现行 GMP 要求的计算化系统(例如,用于 GXP 数据采集、处理、解释、报告),则应制订升级该类系统的书面工作计划并实施,以确保符合当前 GMP 要求。 

13.2. When GMP lapses in DI are identified, root cause analysis, impact and risk assessment should be carried out. Appropriate CAPAs should be established and implemented. Health authorities and other relevant organizations should be notified if the investigation identifies significant impact or risk to materials, products, patients, reported information or data in application dossiers, clinical trial reports, and so on..

如果发现 GMP 有 DI 问题,由应进行根本原因分析、影响性和风险评估。应制订并实施适当的 CAPA。如果调查发现对物料、药品、患者、在申报资料、临床试验报告等中所报告的信息或数据有严重影响,则应通知药监机构和其它相关组织。 


References and further reading 参考文献与扩展阅读  


 (Note: This section will be updated)


1. WHO Basic Principles in Good Manufacturing Practices

WHO GMP 基本原则 

2. WHO Guideline on Validation

WHO 验证指南 

3. WHO Guideline on Computerized Systems

WHO 计算机化系统指南 

4. WHO Guideline on Good Chromatography Practices

WHO 优良色谱规范指南 

5. Medicines and Healthcare Products Guideline 药品和卫生用品指南 

6. U.S. Food and Drug Administration Guideline 美国 FDA 指南 

7. Pharmaceutical Inspection Convention and Pharmaceutical Inspection Co-operation Scheme (PIC/S) Guideline

PIC/S 指南 

8. International Society for Pharmaceutical Engineering (ISPE) Baseline

ISPE 基准 



ANNEX 1 附录 1 



This Annex reflects on some examples in data integrity (DI) management, to support the main text on DI. It should be noted that these are examples and are intended for the purpose of clarification only.

本附录举出一些数据完整性(DI)管理实例,用于支持 DI 正文内容。要注意这些只是例子,仅用于说明问题。 

Example 1: Quality risk management and data integrity risk assessment

例 1:质量风险管理和数据完整性风险评估 

Risk management is an important part of good manufacturing practices (GMP). Risks should be identified and assessed, control identified and implemented to assist manufacturers in preventing possible DI lapses.

风险管理是优良生产规范(GMP)的一个重要部分。应对风险进行识别和评估,并识别和实施控制帮助生产商预防可能的 DI 问题。 

As an example, a Failure Mode and Effects Analysis (FMEA) model (or any other tool) can be used to identify and assess the risks relating to any system where data are, for example, acquired, processed, recorded, saved and archived. Based on severity, occurrence and detection classification and an overall risk priority number or risk factor, corrective and preventive action (CAPA) should be identified, implemented and assessed for its effectiveness. 举例来说,FMEA 模式(或任何其它工具)可用于识别和评估与任何例如采集、处理、记录、保存和归档数据的系统有关的风险。根据严重程度、发生频次和检出可能性分级,以及总体风险优先度数字或风险因子,应制订并实施 CAPA,评估 CAPA 有效性。 



























D e t e c t i o n

































For example, if during the weighing of a sample, the entry of the date was not contemporaneously recorded on the worksheet but the date is available on the print-out from a weighing balance and log book for the balance for that particular activity, this is still considered DI. The risk is however different when there is no other means of traceability for the activity. When assessing the risk relating to the lapse in DI, the severity could be classified as “low” (the data is available on the print-out); it does not happen on a regular basis (occurrence is “low”), and it could easily be detected by the reviewer (detection is “high”) – therefore the overall risk factor may be considered low. The root cause as to why the record was not made in the analytical report at the time of weighing should still be identified and the appropriate action taken to prevent this from happening.

例如,如果在样品称重过程中,没有同步将日期记录在检验记录中,但在称重天平的打印条和天平日志里该活动日期是可以获得的,这样仍符合 DI 要求。但如果没有其它方法追踪到该活动,则风险就不同了。在评估与 DI 问题有关的风险时,严重程序可定为“低” (数据在打印条上可获取),并不经常发生(发生频次为“低”),易于被审核人员发现(可检出性为“高”)--因此总体风险因子可认为是低。为何在称重时没在分析报告上记录的根本原因仍需要进行识别,并且要采取适当措施防止重复发生。 

Example 2: Good documentation practices in data integrity

例 2:数据完整性中的优良文件规范 

Documentation should be managed with care. These should be appropriately designed to assist in eliminating erroneous entries, manipulation and human error.


Paper systems 纸质系统 

Formats 格式  

Formats should be designed and prepared to enable personnel to record the correct information at the right time. Provision should be made for entries such as dates, time (start, finish), signatures, initials, results, batch numbers, equipment identification numbers andso on. The system should prompt the personnel to make the entries at the appropriate step.


Blank forms空白表格 

The use of blank forms is not encouraged. Where blank forms are used (e.g. to supplement worksheets, laboratory notebooks and master production and control records), appropriate controls have to be in place and may include, for example, a numbered set of blank forms issued which are reconciled upon completion. Similarly, bound paginated notebooks, stamped or formally issued by a document control group, allow the detection of unofficial notebooks and any gaps in notebook pages. Authorization may include two or three signatures with dates, for example, “prepared by” or “entered by”, “reviewed by” and “approved by”.

不鼓励使用空白表格。如果要使用空白表格(例如补充工作表、实验室笔记本和主生产和检验记录),则必须要有适当的控制措施,可包括例如发放有编号的空白表格,完成时进行数量平衡。类似的,由文件控制组装订好编制页码的笔记本、盖章或正式发放,可发现非正式笔记本和笔记本页码差错。批准可包括 2 个或 3 个签名加日期,例如“制作人”或“录入人”、“审核人”和“批准人”。 

Error in recording data 记录数据中的失误 

Entries of data and results (electronic and paper records) should be free from mistakes. Entries should be made with care. Where incorrect information had been recorded, this may be corrected provided that the reason for the error is documented, the original entry remains readable, and the correction is signed and dated.


Example 3: Data entry  例 3:数据录入 

Data entry includes examples such as sample receiving registration, sample analysis result recording, logbook entries, registers, batch manufacturing record entries, and information in case report forms. The recording of source data on paper records should be in indelible ink and free from errors. Direct entry into electronic records should be done by responsible, appropriately trained individuals. Entries should be traceable to an individual (in electronic records thus having a unique username and password) and traceable to the date (and time, where possible). Where appropriate, the entry should be verified by a second person or entered through technical means such as bar-coding, where possible, for the intended use of these data. Additional controls may include locking critical data entries after the data are verified and review of audit trails for critical data to detect if they have been altered.


Example 4: Dataset  例 4:数据系列 

All data should be included in the dataset unless there is a documented, justifiable, scientific explanation and procedure for the exclusion of any result or data. Whenever out of trend or atypical results are obtained, they should be investigated in accordance with written procedures. This includes investigating and determining CAPA for invalid runs, failures, repeats and other atypical data. The review of original electronic data should include checks of all locations where data may have been stored, including locations where voided, deleted, invalid or rejected data may have been stored. Data and metadata should not be found in other electronic folders or in other operating system logs. Electronic data should be archived in accordance with a standard operating procedure. It is important to ensure that associated metadata are archived with the relevant data set or securely traceable to the data set through relevant documentation. It should be possible to successfully retrieve data and datasets from the archives. This includes metadata. This should be done in accordance with a procedure and verified at defined intervals.

所有数据均应包括在数据系列中,另有书面、可论证的科学解释者以及结果或数据除外程序者除外。一经发现超趋势或异常结果,应根据书面程序进行调查。其中包括对无论运行、失败、重复和其它异常数据进行调查和确定 CAPA。对原始电子数据的审核应包括检查可能存贮数据的所有位置,包括作废、删除、宣布无效或被拒数据可能存贮的位置。在其它电子文件夹或其它操作系统日志中不应发现数据和元数据。电子数据应根据标准操作规程进行归档。确保相关元数据与相关数据系列一起归档,或者可通过相关文件记录安全追踪至该数据系列很重要。应可从档案中成功检索数据和数据系列。其中包括元数据。这可根据程序进行操作,并按指定时间间隔进行核查。 

Example 5: Enduring  例 5:持久 

Data and metadata should be readable during the life cycle of the data. Risks include the fading of microfilm records, the decreasing readability of the coatings of optical media such as compact disks (CDs) and digital versatile/video disks (DVDs), and the fact that these media may become brittle. Similarly, historical data stored on magnetic media will also become unreadable over time as a result of deterioration. Data and records should be stored in an appropriate manner, under the appropriate conditions.


Example 6: Attributable  例 6:可追溯性 

Data should be attributable, thus being traceable to an individual. In paper records, this could be done through the use of initials, full handwritten signature or personal seal. In electronic records, this could be done through the use of unique user logons that link the user to actions that create, modify or delete data; or unique electronic signatures which can be either biometric or non-biometric. An audit trail that captures user identification (ID), date and time stamps, and the electronic signature must be securely and permanently linked to the signed record.


Example 7: Contemporaneous  例 7:同步性 

Personnel should record data and information at the time these are generated and acquired. For example, when a sample is weighed or prepared, the weight of the sample (date, time, name of the person, balance identification number) should be recorded at that time and not before or at a later stage. In the case of electronic data, these should be automatically date and time stamped. The use of hybrid systems is discouraged but where legacy systems are awaiting replacement, documented mitigating controls should be in place. (Replacement of hybrid systems should be a priority with a documented CAPA plan). The use of a scribe to record an activity on behalf of another operator should be considered only on an exceptional basis and should only take place where, for example, the act of recording places the product or activity at risk, such as, documenting line interventions by aseptic area operators.

员工应在生成和采集数据和信息对其进行记录。例如,在称样或制备样品时,样品重量(日期、时间、人员姓名、天平编号)应在当时记录,而不是提前或滞后记录。如果是电子数据,则应自动生成时间和日期戳。不鼓励使用混合系统,但如果有等待替换的遗留系统,则应有书面的风险缓解控制措施。(混合系统的替换应为优先事件,具备书面 CAPA 计划)。只有在例外情况下,且例如记录动作会使得产品或活动处于风险中时方可使用抄写员代表另一操作人员记录一项活动,例如记录无菌区域操作员所执行的产线干扰。 

Example 8: Changes  例 8:修改 

When changes are made to any result or data, the change should be traceable to the person who made the change, the date, time and reason for the change. In electronic systems, this traceability should be documented via computer generated audit trails or in other metadata fields or system features that meet these requirements. Where an existing computerized system lacks computer-generated audit trails, personnel may use alternative means such as procedurally controlled use of log-books, change control, record version control or other combinations of paper and electronic records to meet GXP regulatory expectations for traceability to document the what, who, when and why of an action.

对任何结果或数据进行修改时,修改应可追溯至修改人、日期和修改原因。在电子系统中,此种追溯性应通过计算机生成的审计追踪或在其它元数据域或符合这些要求的其它系统特性中记录。对于缺少计算机生成的审计追踪的现有计算机化系统,员工可使用替代方法如程序控制的日志、变更控制、记录版本控制或其它纸质与电子记录联用,以符合 GXP 法规对动作何事何人何时为何的文件追溯性要求。 

Example 9: Original 例 9:原始性 

Original data include the first or source capture of data or information and all subsequent data required to fully reconstruct the conduct of the GXP activity (see the definition of raw data). In some cases, the electronic data (electronic chromatogram acquired through high- performance liquid chromatography (HPLC)) may be the original data, and in other cases, the recording of the temperature on a log sheet in a room - by reading the value on a data logger – may be considered the original data. Original data should be reviewed. Proof of review should be presented (e.g. as a signature (reviewed by:) and date of the review). For electronic records, this is typically signified by electronically signing the electronic data set that has been reviewed and approved. Written procedures for data review should clarify the meaning of the review and approval signatures to ensure that the personnel concerned understand their responsibility as reviewers and approvers to assure the integrity, accuracy, consistency and compliance with established standards of the electronic data and metadata subject to review and approval. Written procedures for data review should define the frequency, roles and responsibilities and approach to review of meaningful metadata, such as audit trails. These procedures should also describe how aberrant data are to be handled if found during the review.   Personnel who conduct such reviews should have adequate and appropriate training in the review process as well as in the software systems containing the data subject to review.

原始数据包括全面重构 GXP 活动所需数据或信息和全部子序数据的首次或源捕获(参见原始数据定义)。有些情况下,电子数据(通过 HPLC 采集的电子色谱图)可能是原始数据,在另一些情形中,在一个房间通过读取数据记录仪上的读数并记录在温度日志上可认为是原始数据。原始数据应经过审核。应有审核证据(例如审核人签名和审核日期)。对于电子数据,一般由对审核过的电子数据进行电子签名和批准。书面的数据审核程序应阐述审核的含义和批准签名,以确保相关员工理解其作为审核员和批准人的职责,以确保电子数据的完整性、准确性、一致性以及符合既定标准,元数据经过审核和批准。书面数据审核程序应规定有意义的元数据如审计追踪的审核频次、角色与职责和审核方法。这些程序亦应说明审核中发现异常数据时如何处理。执行此类审核的人员应经过充分和恰当的审核流程培训,以及含有待审核数据的软件系统培训。 

Example 10: Controls 例 10:受控 

Based on the outcome of the data integrity risk assessment (DIRA) (which should cover all areas of data governance and data management) – appropriate and effective controls should be identified and implemented to assure that all data, whether in paper records or electronic records, will meet ALCOA+ principles. Examples of controls may include, but are not limited to:

根据数据完整性风险评估(DIRA)的结果(应包括数据管辖和数据管理的所有领域),识别和实施适当的有效控制,确保所有数据(无论是纸质记录还是电子记录)符合 ALCOA+原则。控制例子可包括但不仅限于: 

  • qualification, calibration and maintenance of equipment, such as balances and pH meters, that generate printouts;

  • 生成打印件的设备确认、校正和维护,如天平和 pH 计; 

  • validation of computerized systems that acquire, process, generate, maintain, distribute or archive electronic records;

  • 采集、处理、生成、保存、分发或归档电子记录的计算机化系统的验证; 

  • validation of systems to ensure that the integrity of data will remain while transmitting between/among computerized systems;

  • 系统验证以确保计算机化系统之间传输数据的完整性; 

  • validation of analytical procedures;

  • 分析方法的验证; 

  • validation of production processes;

  • 生产工艺的验证; 

  • review of GXP records; and

  • GXP 记录的审核;以及 

  • investigation of deviations, doubtful, out of trend and out of specifications results.  

  • 偏差、可疑、超趋势和超标结果的调查。 

    Points to consider for assuring accurate GXP records:

    确保准确的 GXP 记录考虑要点: 

  • The entry of critical data into a computer by an authorized person (e.g. entry of a master processing formula) requires an additional check on the accuracy of the data entered manually. This check may be done by independent verification and release for use by a second authorized person or by validated electronic means. For example, to detect and manage risks associated with critical data, procedures would require verification by a second person, such as a member of the quality unit staff;

  • 关键数据由经授权人员录入计算机时(例如录入主处理公式)需要对人工录入数据准确性进行额外检查。该检查可由经授权的第二人或由经过验证的电子方式通过独立核对完成,然后放行使用。例如,为发现和管理与关键数据有关的风险,程序要求由第二人,如质量部门员工进行核对。 

  • formulae for calculations entered into spreadsheets;

  • 录入计算表的计算公式; 

  • master data entered into the laboratory information management system (LIMS) such as fields for specification ranges used to flag out of specification values on the certificate of analysis;

  • 录入实验室信息管理系统(LIMS)的主数据如用于在 COA 上标示 OOS 值的标准范围域; 

  • other critical master data, as appropriate. Once verified, these critical data fields should normally be locked to prevent further modification and only be modified through a formal change control process;

  • 其它关键主数据(适当时)。一旦通过核对,一般要将这些关键数据域锁定,以防止进一步修改,如需修改仅能通过正式变更控制流程执行; 

  • the process of data transfer between systems should be validated;

  • 系统间数据传输流程应经过验证; 

  • the migration of data into and exported from systems requires specific planned testing and control; and

  • 数据迁移至系统和从系统输出需要有具体规划的测试与控制;以及 

  • when the activity is time-critical, printed records should display the date and time stamp.

  • 如果活动时间是关键要素,则打印记录应显示日期与时间戳。


地址:北京市西城区北三环中路乙6号伦洋大厦306房间 邮编:100120
[携手共创 无痛世界] 京ICP备040245号 京公安网110102004956
本站网址:www.withoutpain.net 或 www.withoutpain.org 中文域名:www.无痛网.com


CorpyRight 2003-2010 by 中国麻醉药品协会 All Rights Reserved