MHRA GMP Data Integrity 中英文

简述:

Data integrity is fundamental in a pharmaceutical quality system which ensures that medicines are of the required quality. This document provides MHRA guidance on GMP data integrity expectations for the pharmaceutical industry. This guidance is intended to complement existing EU GMP, and should be readin conjunction with national medicines legislation and the GMP standards published in Eudralex volume4. 数据完整性是制药质量体系确保药品质量的基石。本文提供了MHRA 对制药行业GMP 数据完整性的指导原则。本指导原则旨在对现有EU GMP 进行补充说明，需结合国家药品法规及GMP 标准内Eudralex 第四册进行阅读理解。

The data governance system should be integral to the pharmaceutical quality system described in EU GMP chapter 1. The effort and resource assigned to data governance should be commensurate with the risk to product quality, and should also be balanced with other quality assurance resource demands. As such, manufacturers and analytical laboratories are not expected to implement a forensic approach to data checking, but instead design and operate a system which provides an acceptable state of control based on the data integrity risk, and which is fully documented with supporting rationale.

数据管理体系需要结合在EU GMP 第一章描所述的质量体系中。投入到数据管理的精力和资源应与对应产品质量风险相称，同时也应权衡其他质量保证工作的资源需求，从而进行合理分配。因此，生产企业和分析实验室不是对数据进行刻板的核对，而是要设计并运行一个对数据完整性风险可控的管理体系，并完整地记载这样设计和运行的支持性理由。

Data integrity requirements apply equally to manual (paper) and electronic data. Manufacturers and analytical laboratories should be aware that reverting from

automated / computerised to manual /paper-based systems will not in itself remove the need for data integrity controls. This may also constitute a failure to comply with Article 23 of Directive 2001/83/EC, which requires an authorization holder to take account of scientific and technical progress and enable the medicinal product to be manufactured and checked by means of generally accepted scientific methods.

数据完整性的要求同时适用于手工（纸质）数据和电子数据。生产企业和分析实验室要意识到从自动/电脑系统回归到手动/纸质记录体系，其本身并不会消除对数据完整性进行控制的要求。而且这也可能造成不符合条款2001/83 / EC 第23 条需要考虑科学和技术发展程度的要求，因为该要求企业确保药品能够以普遍接受的科学方法进行生产和检验。

Throughout this guidance, associated definitions are shown as hyperlinks. 本指导原则所涉及的相关定义以超级链接连接的方式出现。

Establishing data criticality and inherent integrity risk: 建立数据的关键程度和内在的完整性风险：

In addition to an overarching data governance system, which should include relevant policies and staff training in the importance of data integrity, consideration should be given to the organisational (e.g.procedures) and technical (e.g. computer system access) controls applied to different areas of the quality system. The degree of effort and resource applied to the organisational and technical control of data lifecycle elements should be commensurate with its criticality in terms of impact to product quality attributes.

除了一个包括对确保数据完整性至关重要的相应和人员培训的总体数据管理体系，同时应考虑在不同质量体系领域对构建性（如操作程序）和技术性（如计算机系统访问权限）控制手段的应用。对数据生命周期中各要素进行构建性和技术性控制的程度，要与其对产品质量属性影响关键程度相对应

Data may be generated by (i) a paper-based record of a manual observation, or (ii) in terms of equipment,a spectrum of simple machines through to complex highly configurable computerised systems. The inherent risks to data integrity may differ depending upon the degree to which data (or the system generating or using the data) can be configured, and therefore potentially manipulated (see figure 1)

数据可由以下几种情况产生：（i）人工观测的纸质记录，（ii）对于设备，由简单设备或复杂的高度可配置计算机系统产生的图谱。数据完整性的内在风险程度会有所不同，这取决于数据（或系统生成、使用数据）的可配置程度， 即被潜在处理的可能性（见图1）。

Figure 1: Diagram to illustrate the spectrum of simple machine (left) to complex computerized system (right), and relevance of printouts as ‘original data’

图1：图示说明简单设备图谱（左）到复杂的计算机系统图谱（右），及将打印数据作为“初始数据”的对应关系

With reference to figure 1 above, simple systems (such as pH meters and balances) may only require calibration, whereas complex systems require ‘validation for

intended purpose’. Validation effort increases from left to right in the diagram above. However, it is common for companies to overlook systems of apparent lower

complexity. Within these systems it may be possible to manipulate data or repeat testing to achieve a desired outcome with limited opportunity of detection (e.g. stand-alone systems with a user configurable output such as FT-IR, UV spectrophotometers).

参考图1，简单系统（诸如pH 计和天平）可能只需要校准，而复杂的系统需要“对预期用途进行验证”。验证活动在上图中从左到右相应加强。但是，企业常常容易忽视一些貌似并不复杂的系统。在此类系统中，有可能通过处理数据或重复检测以获取期望的结果，并且不容易被发现（例如带有用户可配置输出功能单机版设备，如FT-IR，UV 分光光度计）。

Designing systems to assure data quality and integrity 系统化设计以确保数据质量和完整性

Systems should be designed in a way that encourages compliance with the principles of data integrity. Examples include:

系统的设计应遵循数据完整性的原则 包括以下：

• Access to clocks for recording timed events 对用作记录以时间为顺序事件的计时器

进行权限控制

• Accessibility of batch records at locations where activities take place so that ad hoc datarecording and later transcription to official records is not necessary 将记录放置在生产现场，避免不必要的临时记录数据然后事后誊成正式记录 • Control over blank paper templates for data recording 对用于数据记录的纸质空白模板进行控制

• User access rights which prevent (or audit trail) data amendments 用户权限控制以防止（或审计追踪）数据篡改

• Automated data capture or printers attached to equipment such as balances 采用数据自动采集方式或将打印机连接到设备，例如天平 • Proximity of printers to relevant activities 打印机设置在靠近相关活动的位置

• Access to sampling points (e.g. for water systems)

取样位置所在区域（例如水系统的取样位置）的权限控制

• Access to raw data for staff performing data checking activities. 对原始数据核对的区域进行权限控制

The use of scribes to record activity on behalf of another operator should be considered ‘exceptional’,and only take place where:

用笔录员替另一个操作人员进行活动记录是“特例/非常规流程”，仅在以下情况下采

用：

• The act of recording places the product or activity at risk e.g. documenting line interventions by sterile operators.

记录活动会使产品或行动有风险，例如无菌操作人员记录生产线的干扰活动

• To accommodate cultural or staff literacy / language limitations, for instance where an activity is performed by an operator, but witnessed and recorded by a Supervisor or Officer.

用于解决文化或员工书写/语言能力不足，例如由主管或办公室人员见证并记录。

In both situations, the supervisory recording must be contemporaneous with the task being performed,and must identify both the person performing the observed task and the person completing the record.The person performing the observed task should countersign the record wherever possible, although it is accepted that this countersigning step will be retrospective. The process for supervisory (scribe) documentation completion should be described in an approved procedure, which should also specify the activities to which the process applies.

在这两种情况下，监督记录必须与正在执行的操作任务同时完成，并对执行任务和完成记录的两人进行明确识别。虽然大家都接受回顾性会签，操作任务执行者仍然需要尽可能及时会签记录。应在批准的规程中规定用监督（笔录）方式完成记录的流程，并明确指明该流程的适用范围。 Term 术语 Data 数据 Information derived or obtained from raw data 由初始数据衍生或取得的信息 (e.g. a reported analytical result 例如报告的分析结果) Definition 定义 Expectation / guidance (where relevant) 要求/指导原则 Data must be:数据必须符合以下原则： A - attributable to the person generating the data 明确数据由谁生成 L – legible and permanent 清晰并持久 C – contemporaneous 同步记录 O – original (or ‘true copy’)初始的 （或正确的复制） A – accurate 准确性 Raw data 原始数据 Original records and documentation, retained in the formatin which they were originally generated (i.e. paper or electronic), or as a ‘true copy’. Raw data must be contemporaneously and accurately recorded by permanent means. In the case of basic electronic equipment which does not store electronic data, or provides only a printed data output (e.g. balance or pH meter), the printout constitutes the Raw data must:原始数据必须： • Be legible and accessible throughout the data lifecycle. 在整个数据生命周期过程都清晰可辨并能够及时获取 • Permit the full reconstruction of the activities resulting in thegeneration of the data 允许完全重现数据生成的活动 raw data. 初始的记录和文档，以初始生成的格式或以正确的复制方式进行留存。 原始数据必须是同步和准确的永久记录。对于一些不保存电子数据或仅有数据打印输出的简单电子设备 （例如天平或pH 计），打印数据视为原始数据 In the following definitions, the term 'data' includes raw data.在以下定义中，术语“数据”包括原始数据 Metadata: 元数据（属性Metadata is data that describe the attributes of other data,and provide context and meaning. Typically, these are data that describe the interrelationships and other characteristics of data. It also permits data to be attributable to an individual. Example: data (bold text)例如数据 （黑体）3.5 and metadata, giving context and meaning, (italic text) are: 元数据（属性数据）给出了背景和含义，（斜体） sodium chloride batch 1234, 3.5mg. J Smith 01/07/14 Metadata forms an integral part of the original record. Without metadata, the data has no meaning. 元数据（属性数据）与初始记录密不可分，如果没有元数据，则该数据是无意义的。 数据） structure, data elements, 元数据（属性数据）是解释其它数据的属性数据，并提供背景信息和含义。通常元数据（属性数据）用于描述数据结构，数据要素，内在关系和其它数据特征。它也可以用于描述单一数据的属性。 Data Integrity 数据完整性 Data gover数据管理 The extent to which all data are complete, consistent andaccurate throughout the data lifecycle. 数据完整性的范畴包括数据在整个数据生命周期过程的完整性，一致性和准确性 The sum total of arrangements to ensure that data,irrespective of the recorded, processed, retained and used to ensure a complete, consistent and accurate record throughout the data lifecycle. 指所有约定的总成：不论数据的生成格式、记录方式、处理过程、保留和使用的方式，这些约定确保了整个数据生命周期过程中记录的完整性、一致性和准确性 Data governance should address data ownership throughout the lifecycle, and consider the design, operation and monitoring of processes / systems in order to comply with the principles of data integrity including control over intentional and unintentional changes to information. 数据管理应解决/界定在整个生命周期中数据的归属问题，并考虑对流程/系统的设计、运行和监控，以便遵循数据完整性原则，包括完全控制有意或无意的的信息修改。 Data Governance systems should include nance format in which it is generated, is staff training in the importance of data integrity principles and the creation of a working environment that encourages an open reporting culture for errors,omissions and aberrant results. 数据管理体系应该包括针对数据完整性原则的重要性对员工进行培训，以及营造鼓励公开汇报错误、数据遗漏和结果异常的文化。 Senior management is responsible for the implementation of systems and procedures to minimise the potential risk to data integrity, and for identifying the residual risk, using the principles of ICH Q9. Contract Givers should perform a similar review as part of their vendor assurance programme 运用ICH Q9 风险管理原理，高级管理团队负责系统和规程的实施，以降低潜在的数据完整性风险，并识别剩余风险。有合同外包的企业应进行类似的审核，以作为供应商监管项目的一部分。 Data Lifecycle 数据生All phases in the life of the data (including raw data) from initial generation and recording through processing (including data retention, archive / retrieval and destruction. 数据生命周期的的各个阶段，包括数据的初始生成和记录、处理（包括转移和整合）、使用、数据保存，归档/恢复和销毁 The procedures for destruction of data should consider data criticality and legislative retention requirements. Archival arrangements should be in place for long term retention (in some cases, periods up to 30 years) for records such as batch documents, marketing authorization application data, traceability data for human-derived starting materials (not an exhaustive list). Additionally, at least 2 years of data must be retrievable in a timely manner for the purposes of trend analysis and inspection. 命周期 transformation or migration), use, 销毁数据的规程应该考虑数据的关键性和法规对保存的要求。对需要长期保留的记录应进行归档（在某些情况下，保存期长达30 年），例如批次文件，上市许可申请数据，来源于人体的起始原料的可追溯数据（非详尽的清单）。此外，必须能够及时恢复至少2 年的数据，用于趋势分析和检查。 Primary Record The record which takes primacy in cases where data collected or retained concurrently by more than one method fail to concur. In situations where the same information is recorded concurrently by more than one system, the data owner should define which system generates and retains the primary record, in case of discrepancy. The ‘primary 主记录 当用多于一种方法同步收集或保存的数据发生不一致时，该记录作为首要判断依据。 record’ attribute should be defined in the quality system, and should not be changed on a case by case basis. 当相同信息同时被一个以上系统进行记录时，数据拥有者应界定由哪个系统生成并保留主记录，以防数据不一致时可以进行判决。“主记录”属性应在质量体系中进行明确定义，并且不得因个例而变化。 Original record / True 初始记录/正确的复Original record: Data as the file or format in which it was originally generated, preserving the integrity (accuracy,completeness, content and meaning) of the record, observation, or electronic raw data file from a computerised system True Copy: An exact copy of an retained in the same or different format in which it was originally generated, e.g. a paper copy of a paper record, or a paper record of electronically generated data 初始记录：数据作为文件或以初始生成的格式，维持记录的完整性（准确性、完全性、有内容和有含义）。例如，人工观测的初始纸张记录，或计算机系统的初始电子数据文件。正确的复制记录：与初始记录完全一致的复制件，可以与初始生成记录以相同或不同格式保存。例如纸张记录的纸质复印件，纸张记录的电子扫描件，或电子数据的纸质记录。 Original records must preserve the integrity (accuracy, completeness, content and meaning) of the record. Exact (true) copies of original records may be retained in place of the original record (e.g. scan of a paper record), provided that a documented system is in place to verify and record the integrity of the copy. 初始记录必须维持记录的完整性（准确性、完全性、有内容和含义）。初始记录完全正确的复制件可以和初始记录放置在一起（例如纸质记录的扫描件），并建立文件记录体系来核对和记录复制记录的完整性 electronic means to be retained in an acceptable paper or pdf format. However, the data retention process must be shown to include verified copies of all raw data, metadata, relevant audit trail and result files, software / system configuration settings specific to each analytical run*, and all data processing runs (including methods and audit trails) necessary for reconstruction of a given raw data set. It would also require a documented means to verify that the printed records were an accurate representation. This approach is likely to be onerous in its administration to enable a GMP compliant record. 对于电子方式生成的原始数据可用被接受的纸质或PDF 格式进行留存，但是数据保存流程必须体现以下各个内容：包括核对过的所有原始数据、元数据（属性数据）、相应审计追踪（系统日志）和结果文档，具体到每一个分析测试运行的软件/系统配置，以及对一套给定原始数据进行复原所必须的所有数据处理运行过程Copy: e.g.original paper record of manual 制记录 original record, which may be paper record,an electronic scan of a It is conceivable for raw data generated by （包括方法和审计追踪/系统日志）。对打印记录准确性和有效性进行的核对工作需进行记录。 通过负责任的管理方法，比较容易使记录符合GMP 要求。 * Computerized system configuration settings should be defined,tested and ‘locked’ as part of computer system validation. Only those variable settings which relate to an analytical run would be considered as electronic raw data 对计算机系统配置参数设定应作为计算机系统验证的一部分进行定义，测试和“锁定“。只有关于一个分析方法运行的可变设定参数才被认作电子原始数据。 Computer system transactions:计算机系 A computer system transaction is a single operation or sequence of operations performed as a single logical ‘unit of work’. The operation(s) that make up a transaction are not saved as a permanent record on durable storage until the user commits the (e.g. pressing a save button).The metadata (i.e., user name, date, and time) is not captured in the system audit trail until the user commits the transaction. In Manufacturing Execution Systems (MES), an electronic signature is often required by the system in order for the record to be saved and become permanent. 计算机系统的处理是一个单一运作或作为一个单一逻辑“工作单元”完成的一系列运作。这些运作组成了一次处理， 直 到用户通过一个仔细考虑后的操作（例如按下保存键）对这个处理认可后， 它们才被作为可以长期存储的永久记录保存下来。直到用户认可了此处理后，元数据（属性数据）才被保留在系统的审计追踪（系统日志）中。 Computer systems should be designed to ensure that the execution of critical operations are recorded contemporaneously by the user and are not combined into a single computer system transaction with other operations. A critical processing step is a parameter that must be within an appropriate limit, range, or distribution to ensure the desired product quality. These should be reflected in the process control strategy. 计算机系统设计应确保用户对关键操作进行同步记录，并且不得与其它操作合并成一个单一的计算机系统处理。关键工艺步骤是指某个参数必须在合适的限度，范围，分布之内，以确保预期的产品质量。 Examples of 'units of work':“单元操作“的例子 •Weighing of individual materials 对单个物料的称量 •Entry of process critical manufacturing / analytical parameters 数量生产/分析过程关键参数 •Verification of the identity of each component or material that will be used in a batch 用于一批生产中每个部件或物料标识信息的核对 •Verification of the addition of each individual raw material to a batch (e.g. when the sequence of addition is considered critical to process control – see figure 2) 对一个初始物统处理 transaction through a deliberate act 在生产执行计算机系统MES，系统会定期要求电子签名来认可记录，使之成为永久记录并进行保存。 料添加过程的核对（例如加料过程的顺序对工艺控制有关键影响-参见图表2） •Addition of multiple pre-weighed raw materials to bulk vessel when required as a single manufacturing step (e.g. when the sequence of addition is not considered critical to process control – see figure 3)对于多个预先称量好的初始物料需要作为一个生产步骤，以完成添加的操作（例如加料顺序对工艺控制没有关键影响） Figure 2: Logical design permitting contemporaneous recording of addition of a single material in a manufacturing ‘unit of work’. This record is permanently recorded(step2),with audit trail, before progressing to next ‘unit of work’. 图 2 是一个逻辑设计，它允许在一个制造“工作单元”中加入单一物料的同步记录。在处理下一个“工作单元”之前，这个记录会被永久记录（步骤2）并有审计追踪，允许操作者和复核者同时记录物料的添加。 Figure 3: Logical design permitting the addition of multiple materials in a manufacturing ‘unit of work’ before committing the record to durable media. Steps 1,3 and5 are contemporaneous entries (bar code),but are not permanently recorded with audit trail until 图3 是一个逻辑设计，在记录提交给持久介质（durable media）前，它允许在一个制造“工作单元”中加入多种物料。步骤1，3，5 是同时输入的（条形码），但在步骤6 执行前，并没有被永久性记录及生成相应的审计追踪。 不允许操作者和复核者同时记录物料的添加。 GMP audit trails are metadata that Trail are a record of GMP critical 审计追information (for example the change 踪 or deletion of GMP relevant data). GMP 审计追踪是元数据（Metadata），记录了GMP关键信息（例如对于GMP 相关数据的变更和删除） Audit Where computerized systems are used to capture, process, report or store raw data electronically, system design should always provide for the retention of full audit trails to show all changes to the data while retaining previous and original data. It should be possible to associate all changes to data with the persons making those changes, and changes should be time stamped and a reason given. Users should not have the ability to amend or switch off the audit trail.当计算机化系统用于电子化采集、处理、报告或储存原始数据时，系统设计应始终提供具有保留全套审计追踪的功能来体现所有的数据更改情况,并保留修改前和初始的数据。数据的所有改变应该可以关联到数据修改者，应记录更改的时间并给出原因。用户应该没有权限修改或关闭审计追踪功能。 The relevance of data retained in audit trails should be considered by the company to permit robust data review/ verification. The items included in audit trail should be those of relevance to permit reconstruction of the process or activity. It is not necessary for audit trail review to include every system activity(e.g. user log on/off, keystrokes etc.),and maybe achieved by review of designed and validated system reports. 公司应该考虑保留在审计追踪中数据的相关性，以便进行可靠的的数据回顾/确认。包含在审计追踪中的条目应该是那些与允许过程或活动进行复原的相关信息。没有必要对系统的每一个活动进行审计追踪的回顾（例如用户的登入和登出，键盘输入等），可以仅对设计并且验证过的系统报告进行审核(就符合要求了). Audit trail review should be part of the routine data review /approval process, usually performed by the operational area which has generated the data (e.g. laboratory).There should be a mechanism to confirm that a review of the audit trail has taken place. When designing a system for review of audit trails, this maybe limited to those with GMP relevance(e.g. relating to data creation, processing, modification and deletion etc).Audit trails maybe reviewed as a list of relevant data, or by a validated ‘exception reporting’process.QA should also review a sample of relevant audit trails, raw data and metadata as part of self‐inspection to ensure on‐going compliance with the data governance policy/procedures. 对审计追踪的审查应该是日常数据审核/Data Review 数据审核 批准的流程的一部分，通常在产生数据的操作区域（例如实验室）进行审查。应该建立机制确认审计追踪已经被审核。当设计一个用于审计追踪审核的系统时，可把它限定在与GMP 相关的范畴内（例如，与数据产生、处理、修改和删除有关）。可以将审计追踪作为一个相关数据列表进行审核，或由一个经过验证的异常报告流程执行审核。为了确保持续符合数据管理与规程，QA 在自检过程应该抽样审核相关审计追踪，原始数据和元数据 (metadata)。 If no audit trailed system exists, a paper based audit trail to demonstrate changes to data will be permitted until a fully audit trailed (integrated system or independent audit software using a validated interface) system becomes available. These hybrid systems are currently permitted, where they achieve equivalence to integrated audit trail described in Annex 11 of the GMP Guide. If such equivalence cannot be demonstrated, it is expected that facilities should upgrade to an audit trailed system by the end of 2017. 如果没有现成的带审计追踪功能的系统,允许采用纸质的审计跟踪来证明数据的修改，直到一个能充分执行审计追踪的系统可以采用（集成系统或使用验证过的界面连接的审计软件）。这些混合审计追踪系统目前是允许的，因为它们达到了GMP 指南附录11 描述的集成审计跟踪要求的等同效果。如果这种等效性不能被证明，那么在2017 年底前设施就要求升级为一个带审计追踪功能的系统。 There should be a procedure which describes the process for the review and approval of data, including raw data. Data review must also include a review of relevant metadata, including audit trail. 应该建立规程描述包括原始数据在内的数据审核和批准流程，。数据的审核必须包括相关元数据、审计跟踪的审核。 Data review must be documented. 数据审核必须记录。 A procedure should describe the actions to be taken if data review identifies an error or omission. This procedure should enable data corrections or clarifications to be made in a GMP compliant manner, providing visibility of the original record, and audit trailed traceability of the correction, using ALCOA principles (see ‘data’ definition). 该规程应描述如果数据审核发现错误或遗漏时所需采取的行动。此规程应规定以下内容:如何以GMP 合规的方式进行数据更正或作出解释，确保初始记录的清晰度，纠正过程有审计追逐确保可追溯性，使用ALCOA 原则（参见“数据”的定义）。 ComFull use should be made of access levels to ensure that people have access only to puterfunctionality that is appropriate for their job role. Facilities must be able to ised demonstrate the access levels granted to individual staff members and ensure that systehistorical information regarding user access level is available. 要充分利用访问权限级别设置来保证员工只能拥有适合他们的工作角色的权限m user 功能。设施必须能够显示授权的个体用户访问权限级别，并保留关于用户访问acce权限的历史信息。 Shared logins are not acceptable. Where the computerised system design supports ss / systeindividual user access, this function must be used. This may require the purchase of additional licences. madminis共享登录是不可接受的。当计算机系统的设计支持单个用户访问时，该功能必trator 须被使用。这可能需要购买额外的许可。 roles It is acknowledged that some computerised systems support only a single user login or limited numbers of user logins. Where alternative computerised systems 计算have the ability to provide the required number of unique logins, facilities should 机系upgrade to an appropriate system by the end of 2017. Where no suitable 统的alternative computerised system is available,a paper based method of providing 用户traceability will be permitted. The lack of suitability of alternative systems should 访问权限/be justified based on a review of system design, and documented. 系统众所周知,一些计算机化系统只支持单用户登录或有限数量的用户登录。当其它管理替代计算机化系统具备提供所需数量非共享登录能力，到2017 年底设施应该员角升级到一个适当的系统。在没有合适的替代计算机化系统可用的情况下，允许色 使用纸质记录方法提供可追溯性。应根据系统设计的审核来证明缺乏合适的替代系统的结论的合理性，并进行相应记录。 System administrator access should be restricted to the minimum number of people possible taking account of the size and nature of the organisation. 根据组织的规模和性质，尽可能将系统管理员权限到最少的人数。 System Administrator rights (permitting activities such as data deletion, database amendment or system configuration changes) should not be assigned to individuals with a direct interest in the data (data generation, data review or approval). Where this is unavoidable in the organisational structure, a similar level of control may be achieved by the use of dual user accounts with different privileges. All changes performed under system administrator access must be visible to, and approved within, the quality system. 不得将系统管理员权限（授权的操作，如数据删除、数据库修改或系统配置的修改）分配给数据的直接利益方（数据生成、数据审核或批准）。当由于组织结构原因不可避免时，类似水平的控制可通过使用不同权限的双用户帐户来实现。使用系统管理员权限进行的所有更改必须受质量体系监督和批准。 Data retention 数据保存 The individual should log in using the account with the appropriate access rights for the given task e.g. a laboratory manager performing data checking should not log in as system administrator where a more appropriate level of access exists for that task. 用户应使用与实施任务相适应的访问权限进行账户登录, 例如, 实验室经理在进行数据复核时不应以系统管理员的账户登录,对于数据复核而言有一个更合适的访问级别存在。 Raw data (or a true copy thereof) generated in paper format may be retained for example by scanning, provided that there is a process in place to ensure that the copy is verified to ensure its completeness. 如果已经建立程序来确保对复印件进行核对,以确保完整性，那么纸质的原始数据（或它的正确副本）可以通过例如扫描的方式来保存。 Data retention may be classified as archive or backup 数据保存可以分为归档和备份 Data and document retention arrangements should ensure the protection of records from deliberate or inadvertent alteration or loss. 数据和文件的保存方式应能确保记录不被蓄意或无意的更改或丢失 Secure controls must be in place to ensure the data integrity of the record throughout the retention period, and validated where appropriate. 必须建立安全控制措施,确保在保存期间内记录的数据完整性，必要时确认控制措施的有效性。 Where data and document retention is contracted to a third party, particular attention should be paid to understanding the ownership and retrieval of data held under this arrangement. The physical location in which the data is held, including impact of any laws applicable to that geographic location should also be considered. The responsibilities of the contract giver and acceptor must be defined in a contract as described in Archive 归档 Backup 备份 File structure 文件结构 Flat files: 单层Chapter 7 of the GMP Guide 当采用第三方外包服务的方式保存数据和文件时，应充分理解这种协议下的规定的权利关系和取回保存的数据的方法。对存放这些数据的实际位置，包括任何适用于那个地理位置的法律影响都应该予以考虑。委托方和受托方的职责必须根据GMP 规范第7 章中的要求在合同中明确定义。 Long term, permanent retention of Archive records should be locked such completed data and relevant that they cannot be altered or deleted metadata in its final form for the without detection and audit trail. purposes of reconstruction of the 归档记录应被锁定，以免记录的更改或process or activity. 删除未被察觉和没有审计追踪记录。 为了能重现过程或活动，对完整的数The archive arrangements must be designed to permit recovery and 据和相关元数据以最终格式进行长readability of the data and metadata 期,永久的保存. throughout the required retention period. 归档方式的设计必须允许在整个要求的保存期限内进行数据和元数据的恢复和读取。 A copy of current (editable) data, Backup and recovery processes must be metadata and system configuration validated. settings (variable settings which relate 备份和恢复流程必须经过验证 to an analytical run) maintained for the purpose of disaster recovery. 为了灾难性破坏后恢复,保存的现有（可编辑）数据，元数据和系统设置（与一次分析运行相关的可变参数设置）） File structure has a significant impact on the inherent data integrity risks. The ability to manipulate or delete flat files requires a higher level of logical and procedural control over data generation, review and storage. 文件结构对其内在的数据完整性风险有显著的影响。由于单层文件的篡改和删除可能性, 需要制定一个更高层次的逻辑和程序控制手, 控制数据的生成，审核和储存过程.。 A 'flat file' is an individual record Flat files may carry basic metadata which may not carry with it all relating to file creation and date of last relevant metadata (e.g. pdf, dat,doc ). amendment,but cannot audit trail the 文件 Relational database: 关系型数据库 Validation ‐ for intended purpose (See also type and sequence of amendments. When creating flat file reports from electronic data, the metadata and audit trails relating to the generation of the raw data is also lost, unless these are retained as a ‘true copy’. 单层文件可能携带与文件创建和数据最后一次修改日期相关的基础元数据，但不能审计追踪每次修改的类型和顺序。当从电子数据创建单层文件报告时，生成原始数据的相关的元数据和审计追踪也丢失了，除非它们已被保存为“正确的副本”。 There is an inherently greater data integrity risk with flat files (e.g. when compared to data contained within a relational database), in that these are easier to manipulate and delete as a single file. 单层文件有很大的内在的数据完整性风险 （例如：与包含在关系型数据库中的数据相比时），因此，单层文件很容易被作为一个单个文件进行篡改和删除。 A relational database stores different This file structure is inherently more components of associated data and secure, as the data does not exist in a metadata in different places. Each single file. individual record is created and 这个文件结构自然更具安全性，因为数retrieved by compiling the data and 据并不只存在单个文件中。 metadata for review. Retrieval of information from a relational database requires a database search tool, 关系型数据库在不同的地方存放与数据和元数据相关的不同组成部分。or the original application which created the record. 每个单独记录的创建和检索都是通过编辑数据和元数据来完成,以供审从关系型数据库检索信息，需要使用一核. 个数据库检索工具，或利用创建记录的原始应用。 Computerised systems should comply with the requirements of EU GMP Annex 11 and be validated for their intended purpose. This requires an understanding of the computerised system's function within a process. For this reason, the acceptance of vendor‐supplied validation data in isolation of system configuration and intended use is not acceptable. In 单层文件是没有携带任何相关元 数据的一个单独记录(例如: pdf,dat, dot) Annex 15 and GAMP 5) 验证‐用于预定目的（参考附录15 和GAMP5） isolation from the intended process or end user IT infrastructure, vendor testing is likely to be limited to functional verification only, and may not fulfil the requirements for performance qualification. 计算机化系统应但符合EU GMP 附录11 的要求，并需验证其符合预期的用途。这就需要充分理解计算机化系统在一个流程中的功能。因为这个原因，采纳供应商提供的于系统配置和预期用途的验证数据是不被接受的。离开了预期流程或最终用户的IT 基础设施，供应商测试只局限于功能性测试，可能不能满足性能确认的要求。 For example ‐ validation of computerised system audit trail 例如‐ 验证计算机化系统的审计追踪功能 A custom report generated from a relational database may be used as a GMP system audit trail. SOPs should be drafted during OQ to describe the process for audit trail verification, including definition of the data to be reviewed. 'Validation for intended use' would include testing during PQ to confirm that the required data is correctly extracted by the custom report, and presented in a manner which is aligned with the data review process described in the SOP. 关系型数据库产生的定制报告可能被用作GMP 系统的审计追踪。在运行确认过程中应编写SOP 描述审计追踪确认的过程，包括对被审核数据的定义。符合预期用途的验证应包括在性能确认过程进行的测试，用于确认定制报告能否正确的获取需要的数据，并以与SOP 中描述的数据审核流程一致的方式呈现出来。