7月7日�����,歐盟委員會和PIC/S均發布了新的GMP修訂:包括正文第4章《文件記錄》��、附錄11《計算機化系統》和一個新的附錄——附錄22《人工智能》���,如下:
翻譯如下:
Annex 11: Computerised Systems
附錄 11:計算機化系統
Reasons for changes: The GMP GDP Inspectors Working Group and the PIC/S Committee jointly recommended that the current version of Annex 11 on Computerised Systems be revised to reflect changes in regulatory and manufacturing environments. The revised guideline should clarify requirements and expectations from regulatory authorities, and remove ambiguity and inconsistencies.Reasons for changes:
變更原因:藥品GMP / GDP檢查員工作組與 PIC/S 委員會(藥品檢查合作計劃委員會 )共同建議����,對現行關于計算機化系統的附錄 11 進行修訂,以反映監管和生產環境的變化。經修訂的指南應明確監管機構的要求和期望,消除模糊不清和不一致之處 ����。
Document map
文件目錄
1. Scope
1. 范圍
2. Principles2. 原則
3. Pharmaceutical Quality System3. 藥品質量體系
4. Risk Management4. 風險管理
5. Personnel and Training5. 人員與培訓
6. System Requirements6. 系統要求
7. Supplier and Service Management7. 供應商與服務管理
8. Alarms8. 報警
9. Qualification and Validation9. 確認與驗證
10. Handling of Data10. 數據處理
11. Identity and Access Management11. 身份與訪問管理
12. Audit Trails12. 審計追蹤13. Electronic Signatures13. 電子簽名
14. Periodic Review14. 定期審查
15. Security15. 安全性
16. Backup16. 備份
17. Archiving17. 歸檔Glossary術語
Introduction引言
With an ever-evolving IT landscape, increased use of cloud services, and introduction of new technologies in computerised systems used in GMP activities, there is a growing need for updated guidance on regulatory requirements, and for adopting a common approach between member states of the European Union (EU) and the Pharmaceutical Inspection Co-operation Scheme (PIC/S). The updated Annex 11 outlines the requirements for the use of computerised systems in GMP-regulated activities, thereby ensuring product quality, patient safety and data integrity.隨著信息技術環境不斷演變�、云服務使用日益增加,以及藥品GMP活動所用計算機化系統中新技術的引入,對于監管要求方面更新的指導,以及歐盟(EU)成員國與藥品檢查合作計劃(PIC/S)成員國之間采用統一方法的需求日益增長����。新版附錄 11 闡明了在受 GMP 監管的活動中使用計算機化系統的要求���,從而確保產品質量�、患者安全和數據完整性 ���。
1. Scope1. 范圍
This annex applies to all types of computerised systems used in the manufacturing of medicinal products and active substances.本附錄適用于藥品和活性物質生產中使用的所有類型的計算機化系統����。
2. Principles2. 原則
2.1.Lifecycle management. Computerised systems should be validated before use and maintained in a validated state throughout their lifecycle.2.1. 生命周期管理:計算機化系統應在使用前進行驗證,并在其整個生命周期內保持驗證狀態����。
2.2.Quality Risk Management. Quality Risk Management (QRM) should be applied throughout all lifecycle phases of a computerised system used in GMP activities. The approach should consider the complexity of processes, the level of automation, and the impact on product quality, patient safety and data integrity.2.2. 質量風險管理:質量風險管理(QRM)應應用于 GMP 活動中所用計算機化系統的所有生命周期階段��。考慮流程的復雜性�����、自動化程度和新穎性���,以及對產品質量���、患者安全和數據完整性的影響�。
2.3.Alternative practices. Practices which constitute alternatives to the activities required in this document may be used, if they have been proven and documented to provide the same or higher level of control.2.3. 替代方法:若某些方法可作為本文件要求活動的替代方式����,且已被證明并記錄可提供相同或更高級別的控制,則可采用這些方法 �����。
2.4.Data integrity. It is critically important that data captured, analysed and reported by systems used in GMP activities are trustworthy. As defined by the ALCOA+ principles, data integrity covers many topics including but not limited to requirements defined in the sections Handling of Data, Identity and Access Management, Audit Trails, Electronic Signatures, and Security.2.4. 數據完整性:GMP 活動所用系統捕獲��、分析和報告的數據應可靠��,這至關重要。如 ALCOA + 原則所定義,數據完整性涵蓋眾多主題���,包括但不限于 “數據處理”“身份與訪問管理”“審計追蹤”“電子簽名” 和 “安全性” 章節中規定的要求 。
2.5. System requirements. System requirements which describe the functionality the regulated user has automated and is relying on when performing GMP activities, should be documented and kept updated to fully reflect the implemented system and its intended use. The requirements should serve as the very basis for system qualification and validation.2.5. 系統要求:描述受監管用戶在開展 GMP 活動時已自動化且依賴的功能的系統要求,應形成文件并持續更新�����,以充分反映已實施的系統及其預期用途����。這些要求應作為系統確認和驗證的根本依據 。
2.6.Outsourced activities. When using outsourced activities, the regulated user remains fully responsible for adherence to the requirements included in this document, for maintaining the evidence for it, and for providing it for regulatory review.2.6. 外包活動:當使用外包活動時����,受監管用戶仍需對遵守本文件包含的要求��、留存相關證據以及為監管審查提供證據負全部責任。
2.7.Security. Regulated users should keep updated about new security threats to GMP systems, and measures to protect these should be implemented and improved in a timely manner, where needed.2.7. 安全性:受監管用戶應及時了解針對 GMP 系統的新安全威脅����,并且在有需要時,應及時實施和改進保護這些系統的措施 ���。
2.8.No risk increase. Where a computerised system replaces another system or a manual operation, there should be no resultant decrease in product quality, patient safety or data integrity. There should be no increase in the overall risk of the process.2.8. 風險不增加:當計算機化系統取代另一系統或人工操作時,產品質量�����、患者安全或數據完整性不應因此降低���。流程的總體風險不應增加�����。
3. Pharmaceutical Quality System3. 藥品質量體系
3.1. Pharmaceutical quality system. A regulated user should implement a pharmaceutical quality system (PQS), which covers all computerised systems used in GMP activities and personnel involved with these. It should include all activities required in this document and in addition, it should be ensured that:3.1. 藥品質量體系:受監管用戶應實施藥品質量體系(PQS)��,該體系涵蓋藥品GMP活動中使用的所有計算機化系統以及參與這些系統相關工作的人員�。它應包含本文件要求的所有活動����,此外,還應確保:
i.All deviations occurring during validation or operation of computerised systems are recorded and any significant deviations investigated with the objective of determining the root cause and any impact on product quality, patient safety or data integrity. Suitable corrective and preventive actions (CAPA) should be identified and implemented, and the effectiveness of these should be verified.i. 計算機化系統在驗證或運行期間出現的所有偏差均應記錄�,任何重大偏差均應開展調查�����,目的是確定根本原因以及對產品質量、患者安全或數據完整性的任何影響��。應識別并實施適當的糾正和預防措施(CAPA)��,且應驗證這些措施的有效性�����。
ii.Any change to a computerised system including but not limited to its configuration, its hardware and software components, and its platform and operating system, are made in a controlled manner and in accordance with defined procedures. Any significant change which may impact product quality, patient safety or data integrity, should be subject to re-qualification and validation.ii. 對計算機化系統的任何變更���,包括但不限于其配置��、硬件和軟件組件���、平臺及操作系統的變更��,均應通過受控方式并依照既定程序進行。任何可能影響產品質量�����、患者安全或數據完整性的重大變更�,均應重新進行確認和驗證。
iii.Internal audits are planned, conducted, reported and followed up on to detect procedural deviations and ensure product quality, patient safety and data integrity.iii. 應規劃���、實施、報告內部審計并開展后續跟進工作��,以發現程序偏差�,確保產品質量、患者安全和數據完整性����。
iv.Regular management reviews cover relevant performance indicators for the computerised system and the process it is used in (quality metrics) and ensure that adequate action is taken.iv. 定期管理評審應涵蓋計算機化系統及其所應用流程的相關績效指標(質量指標 )����,并確保采取適當的行動���。
v.Senior management effectively oversee the state of control throughout the system lifecycle, allocate appropriate resources, and implement a culture that promotes data integrity, security and a timely and effective handling of deviations.v. 高級管理層應有效監督系統整個生命周期內的控制狀態�,分配適當資源,并營造一種促進數據完整性、安全性以及及時有效處理偏差的文化��。
4. Risk Management4. 風險管理
4.1.Lifecycle. Quality Risk Management (QRM) should be applied throughout the lifecycle of a computerised system considering any possible impact on product quality, patient safety or data integrity.4.1. 生命周期:考慮到對產品質量��、患者安全或數據完整性的任何可能影響,質量風險管理(QRM)應貫穿計算機化系統的整個生命周期���。
4.2.Identification and analysis. Risks associated with the use of computerised systems in GMP activities should be identified and analysed according to an established procedure. Examples of risk management methods and tools can be found in ICH Q9 (R1).4.2. 識別與分析:與藥品GMP活動中使用計算機化系統相關的風險,應按照既定程序進行識別和分析��。風險管理方法和工具的示例可參見 ICH Q9(R1)��。
4.3.Appropriate validation. The validation strategy and effort should be determined based on the intended use of the system and potential risks to product quality, patient safety and data integrity.4.3. 適當的驗證�����。驗證策略和投入應根據系統的預期用途以及對產品質量、患者安全和數據完整性的潛在風險來確定。
4.4.Mitigation. Where applicable, risks associated with the use of computerised systems in GMP activities should be mitigated and brought down to an acceptable level, if possible, by modifying processes or system design. The outcome of the risk management process should result in the choice of an appropriate computerised system architecture and functionality.4.4. 緩解措施:在適用情況下,與 GMP 活動中使用計算機化系統相關的風險應盡可能通過修改流程或系統設計來緩解�,并降低到可接受的水平�。風險管理過程的結果應是選擇合適的計算機化系統架構和功能�����。
4.5.Data integrity. Quality risk management principles should be used to assess the criticality of data to product quality, patient safety and data integrity, the vulnerability of data to deliberate or indeliberate alteration, deletion or loss, and the likelihood of detection of such actions.4.5.數據完整性:應運用質量風險管理原則����,評估數據對產品質量����、患者安全和數據完整性的關鍵程度��、數據遭受蓄意或非蓄意更改、刪除或丟失的脆弱性,以及檢測到此類行為的可能性。
5. Personnel and Training5. 人員與培訓
5.1.Cooperation. When conducting the activities required in this document, there should be, where applicable, close cooperation between all relevant parties. This includes process owner, system owner, users, subject matter experts (SME), QA, QP, the internal IT department, vendors, and service providers.5.1. 協作:在開展本文件要求的活動時����,在適用情況下����,所有相關方之間應密切協作��。這包括流程負責人、系統負責人���、用戶、主題專家(SME)、QA�、QP�����、內部IT部門、供應商和服務提供商。
5.2.Training. All parties involved with computerised systems used in GMP activities should have adequate system specific training, and appropriate qualifications and experience, corresponding to their assigned responsibilities, duties and access privileges.5.2. 培訓:參與藥品GMP活動所用計算機化系統的所有相關方�,應接受充分的針對該系統的培訓����,且應具備與其被分配的職責��、任務和訪問權限相匹配的適當資質和經驗���。
6. System Requirements6. 系統要求
6.1.GMP functionality. A regulated user should establish and approve a set of system requirements (e.g. a User Requirements Specification, URS), which accurately describe GMP functionality the regulated user has automated and is relying on when performing GMP activities. This principle should be applied regardless of whether a system is developed in - house, is a commercial off - the - shelf product, or is provided as - a - service, and independently on whether it is developed following a linear or iterative software development process.6.1. GMP 功能:受監管用戶應建立并批準一套系統要求(如用戶需求規范��,URS),其應準確描述受監管用戶在開展藥品GMP活動時已自動化且所依賴的功能��。無論系統是內部開發���、商用現成產品�����,還是以服務形式提供��,也無論其是遵循線性還是迭代軟件開發流程進行開發,都應遵循這一原則�。
6.2.Extent and detail. The extent and detail of defined requirements should be commensurate with the risk, complexity and novelty of a system, and the description should be sufficient to support subsequent risk analysis, specification, design, purchase, configuration, qualification and validation. It should include, but may not be limited to, operational, functional, data integrity, technical, interface, performance, availability, security, and regulatory requirements. Where relevant, requirements should include process maps and data flow diagrams, and use cases may be applied.6.2. 范圍與詳細程度:已界定要求的范圍和詳細程度應與系統的風險�����、復雜性和新穎性相匹配���,且描述應足以支持后續的風險分析�、規范制定、設計�����、采購����、配置、確認和驗證���。應包括但不限于操作、功能���、數據完整性、技術���、接口、性能��、可用性����、安全性和監管要求。在相關情況下���,要求應包含流程圖和數據流程圖,也可應用用例��。
6.3.Ownership. If a system is purchased or consists of software - as - a - service, a requirements specification may be provided by the vendor. However, the regulated user should carefully review and approve the document and consider whether the system fulfils GMP requirements and company processes as is, or whether it should be configured or customised. The regulated user should take ownership of the document covering the implemented version of the system and formally approve and control it after making any necessary changes.6.3. 所有權:若系統是采購的或由軟件即服務(SaaS)構成����,供應商可能會提供需求規范�。然而�,受監管用戶應仔細審核并批準該文件�����,并考慮系統是否按現狀滿足 GMP 要求和公司流程���,或者是否應進行配置或定制��。受監管用戶應取得涵蓋系統已實施版本的文件的所有權,并在進行任何必要變更后���,正式批準并管控該文件。
6.4.Update. Requirements should be updated and maintained throughout the lifecycle of a system to ensure that they continue to give a complete and accurate description of system functionality as the system undergoes subsequent changes and customisations. Updated requirements should form the very basis for qualification and validation of a system.6.4. 更新:在系統的整個生命周期內���,要求應進行更新和維護,以確保在系統經歷后續變更和定制時����,它們能持續完整且準確地描述系統功能����。更新后的要求應構成系統確認和驗證的根本依據����。
6.5.Traceability. Documented traceability between individual requirements, underlaying design specifications and corresponding qualification and validation test cases should be established and maintained. The use of effective tools to capture and hold requirements and Page 5 of 19 facilitate the traceability is encouraged.6.5. 可追溯性:應建立并維護單個需求、底層設計規范以及相應的確認和驗證測試用例之間的文件化可追溯性。鼓勵使用有效的工具來捕獲和留存需求,以促進可追溯性�����。
6.6.Configuration. It should be clear what functionality, if any, is modified or added by configuration of a system. Options allowing configuration of system functionality should be described in the requirements specification and the chosen configuration should be documented in a controlled configuration specification.6.6. 配置:應明確通過系統配置修改或增加了哪些功能(如有)����。允許配置系統功能的選項應在需求規范中描述,且所選配置應記錄在受控的配置規范中���。
7. Supplier and Service Management7. 供應商與服務管理
7.1.Responsibility. When a regulated user is relying on a vendor’s qualification of a system used in GMP activities, a service provider, or an internal IT department’s qualification and/or operation of such system, this does not change the requirements put forth in this document. The regulated user remains fully responsible for these activities based on the risk they constitute on product quality, patient safety and data integrity.7.1. 責任:當受監管用戶依賴供應商對藥品GMP活動所用系統的確認�����、服務提供商或內部信息技術(IT)部門對該系統的確認和 / 或操作時�����,這并不會改變本文件規定的要求?���;谶@些活動對產品質量���、患者安全和數據完整性構成的風險��,受監管用戶仍對這些活動負全部責任。
7.2.Audit. When a regulated user is relying on a vendor’s or a service provider’s qualification and/or operation of a system used in GMP activities, the regulated user should, according to risk and system criticality, conduct an audit or a thorough assessment to determine the adequacy of the vendor or service provider’s implemented procedures, the documentation associated with the deliverables, and the potential to leverage these rather than repeating the activities.7.2. 審計:當受監管用戶依賴供應商���、服務提供商對 GMP 活動所用系統的確認和 / 或操作時,受監管用戶應根據風險和系統關鍵性�����,開展審計或全面評估��,以確定供應商或服務提供商已實施程序的充分性�����、與交付成果相關文件的充分性,以及利用這些程序而非重復開展活動的可能性。
7.3.Oversight. When a regulated user is relying on a service provider’s or an internal IT department’s operation of a system used in GMP activities, the regulated user should exercise effective oversight of this according to defined service level agreements (SLA) and key performance indicators (KPI) agreed with the service provider or the internal IT department.7.3. 監督:當受監管用戶依賴服務提供商或內部 IT 部門對 GMP 活動所用系統的操作時�,受監管用戶應根據與服務提供商或內部 IT 部門商定的既定服務水平協議(SLA)和關鍵績效指標(KPI)�����,對此進行有效監督�。
7.4.Documentation availability. When a regulated user relies on a vendor’s, a service provider’s or an internal IT department’s qualification and/or operation of a system used in GMPactivities, the regulated user should ensure that documentation for activities required in this document is accessible and can be explained from their facility. In this, the regulated user may be supported by the vendor, the service provider or the internal IT department.7.4. 文件可用性:當受監管用戶依賴供應商����、服務提供商或內部 IT 部門對 GMP 活動所用系統的確認和 / 或操作時��,受監管用戶應確保本文件要求的活動相關文件可獲取�����,且可從其設施處進行解釋說明。在此過程中�����,受監管用戶可獲得供應商�、服務提供商或內部 IT 部門的支持。
7.5.Contracts. When a regulated user is relying on a service provider’s or an internal IT department’s qualification and/or operation of a system used in GMP activities, the regulated user should have a contract with a service provider or have approved procedures with an internal IT department which:7.5. 合同:當受監管用戶依賴服務提供商或內部 IT 部門對 GMP 活動所用系統的確認和 / 或操作時����,受監管用戶應與服務提供商簽訂合同��,或與內部 IT 部門制定經批準的程序,其中應規定:
i.Describes the activities and documentation to be providedi. 描述需提供的活動及文件
ii.Establishes the company procedures and regulatory requirements to be metii. 規定需滿足的公司程序及監管要求
iii.Agrees on regular, ad hoc and incident reporting and oversight (incl. SLAs and KPIs), answer times, resolution times, etc.iii. 就常規、臨時及事件報告與監督(包括服務水平協議(SLAs)和關鍵績效指標(KPIs) )���、響應時間、解決時間等達成一致
iv.Agrees on conditions for supplier auditsiv. 就供應商審核條件達成一致
v.Agrees on support during regulatory inspections, if so requestedv. 如有要求�,就監管檢查期間的支持事宜達成一致
vi.Agrees on resolution of issues brought up during normal operation, audits and regulatory inspections etc.vi. 就正常運行���、審核及監管檢查等過程中發現問題的解決方式達成一致
vii.Defines requirements and processes for communication of quality and security related issuesvii. 界定與質量和安全相關問題的溝通要求及流程
viii.Defines an exit strategy by which the regulated user may retain control of system dataviii. 規定退出策略��,使受監管用戶能夠保留對系統數據的控制權
ix.Agrees on the process for release of new system versions and on the regulated user’s possibility to test these prior to release.ix. 就新系統版本的發布流程,以及受監管用戶在發布前對其進行測試的可能性達成一致
8. Alarms8. 報警
8.1.Reliance on system. Alarms should be implemented in computerised systems where a regulated user is relying on the system to notify about an event. This is required when the user must take a specific action, without which product quality, patient safety or data integrity might otherwise be compromised.8.1. 依賴系統:在受監管用戶依賴系統就某一事件進行通知的計算機化系統中�,應設置報警功能����。當用戶必須采取特定行動(若不采取該行動��,產品質量、患者安全或數據完整性可能會受到損害 )時�,需設置此類報警�。
8.2.Settings. Alarm limits, delays, and any early warnings or alerts, should be appropriately justified, and set within approved and validated process and product specifications. Setting, changing or deactivation should only be available to users with appropriate access privileges and should be managed by an approved procedure.8.2. 設置:報警限值�、延遲時間以及任何預警或警報,都應經過合理論證���,并在已批準且經驗證的工藝和產品質量標準范圍內進行設置。報警的設置���、更改或停用操作,僅應向具備相應訪問權限的用戶開放�����,且應通過已批準的程序進行管理���。
8.3.Signalling. Alarms should set off visible and/or audible signals when set alarm limits are exceeded and after any defined delay. The signalling should accommodate a timely reaction and should be appropriate to the work environment.8.3. 信號發出:當超出設定的報警限值且經過任何規定的延遲時間后�,報警應觸發可見和 / 或可聽信號。信號的發出應便于及時做出反應����,且應與工作環境相適配��。
8.4. Acknowledgement. Critical alarms potentially impacting product quality, patient safety or data integrity should only be acknowledged by users with appropriate access privileges. As part of the acknowledgement, i.e. a confirmation that the alarm has been seen and appropriate action will be taken, a comment should be added about why the alarm was acknowledged (see 12 Audit Trails).8.4. 確認:可能影響產品質量、患者安全或數據完整性的關鍵報警����,僅應由具備相應訪問權限的用戶進行確認�。作為確認的一部分(即確認已看到報警并將采取適當行動 )�,應添加一條關于為何確認該報警的注釋(見 12 審計追蹤 )。
8.5.Log. All alarms and acknowledgements should be automatically added to an alarm log. This should contain the name of the alarm, date and time of the alarm, date and time of the acknowledgement, username and role of the user acknowledging the alarm and any comment about why the alarm was acknowledged. It should not be possible for users working according to GMP to deactivate or edit alarm logs.8.5. 記錄:所有報警及確認信息都應自動添加到報警日志中���。日志應包含報警名稱、報警發生的日期和時間��、確認的日期和時間�����、確認報警的用戶的用戶名和角色,以及關于為何確認該報警的任何注釋。遵循藥品GMP開展工作的用戶不應能夠停用或編輯報警日志。
8.6.Searchability and sortability. Alarm logs should be searchable and sortable in the
originating system, or it should be possible to export logs to a tool which provides this functionality. Other methods of reviewing alarms may also be used, if they provide the same effectiveness.
8.6. 可搜索性和可排序性:報警日志應能在生成系統中進行搜索和排序���,或者應能夠將日志導出到具備該功能的工具中。若其他查看報警的方法能達到相同效果��,也可使用�。
8.7.Review. Alarm logs should be subject to appropriate periodic reviews based on approved procedures, in which it should be evaluated whether they have been timely acknowledged by authorised users and whether appropriate action has been taken. Reviews should be documented, and results should be evaluated to identify any trends that could indicate negative performance of a system or process, or impact on the product. The frequency and Page 7 of 19detail of reviews should be based on the risk to product quality, patient safety and data integrity.8.7. 審核:應依據已批準的程序����,對報警日志進行適當的定期審核���。審核中應評估報警是否已被授權用戶及時確認�����,以及是否已采取適當行動����。審核應形成文件記錄�����,且應對結果進行評估�����,以識別任何可能表明系統或流程存在不良表現或對產品產生影響的趨勢。審核的頻率和詳細程度應基于對產品質量、患者安全和數據完整性的風險����。
9. Qualification and Validation9. 確認與驗證
9.1.Principles. Qualification and validation activities for computerised systems should follow the general principles outlined in GMP Annex 15. The activities should address both standard and configured system functionality, as well as any functionality realised through customisation.9.1. 原則:計算機化系統的確認與驗證活動應遵循GMP 附錄 15 中概述的一般原則。這些活動應涵蓋標準和已配置的系統功能���,以及通過定制實現的任何功能。
9.2.Quality risk management. Computerised systems should be qualified and validated in accordance with the principles of quality risk management. Decisions on the scope and extent of qualification and validation of specific functionality and entire systems should be based on a justified and documented risk assessment of individual requirements and, where relevant, functional specifications, considering the risk for product quality, patient safety and data integrity.9.2. 質量風險管理:計算機化系統應依照質量風險管理原則進行確認和驗證����。關于特定功能和整個系統的確認與驗證范圍及程度的決策��,應基于對單個需求以及相關功能規范(如適用 )的合理且有文件記錄的風險評估,同時考慮對產品質量���、患者安全和數據完整性的風險。
9.3 Installation and configuration. Prior to commencing any test activity, it should be verified that a computerised system and its components have been correctly installed and configured according to specifications, and where applicable, that relevant components have been properly calibrated. Operating systems and platforms should be updated to supported versions and relevant security patches should be deployed (see 15.10 Updated platforms and 15.13 Timely patching).9.3. 安裝與配置:在開展任何測試活動之前,應驗證計算機化系統及其組件已根據規范正確安裝和配置�����,且在適用情況下�����,相關組件已正確校準����。操作系統和平臺應更新至受支持的版本�����,并應部署相關安全補?����。ㄒ?15.10 已更新的平臺和 15.13 及時打補丁 )。
9.4.Evidence. System qualification and validation should provide evidence in the form of executed test scripts, and where relevant, screen dumps, that requirements, and where applicable, derived functional specifications, are met by the system.9.4. 證據:系統確認和驗證應通過已執行的測試腳本(以及相關的屏幕截圖�,如適用 )的形式提供證據�,證明系統滿足需求以及(如適用 )衍生的功能規范�����。
9.5.Traceability. Test cases should be traceable to individual requirements or specifications, e.g. by means of a requirements traceability matrix. Test cases not referring (traceable) to requirements or applicable specifications do not meet the requirements to qualification and validation.9.5. 可追溯性:測試用例應可追溯到單個需求或規范,例如通過需求追溯矩陣�����。未提及(可追溯到 )需求或適用規范的測試用例����,不滿足確認和驗證的要求。
9.6. Focus. Increased focus should be on testing a system’s handling of key functional
requirements, on functionality intended to ensure that activities are conducted according to GMP, and on functionality designed to ensure data integrity. This includes but is not limited to access privileges, release of products and results, calculations, audit trails, error handling, handling of alarms and warnings, boundary and negative testing, reports and interfaces, and restore from backup.
9.6. 重點:應更加注重測試系統對關鍵功能需求的處理����、旨在確?�;顒右勒?GMP 開展的功能����,以及為確保數據完整性而設計的功能��。這包括但不限于訪問權限�、產品和結果的放行�、計算、審計追蹤����、錯誤處理�、報警和警告的處理����、邊界和負面測試、報告和接口���,以及從備份恢復。
9.7.Plan and approval. Qualification and validation activities should be conducted according to approved plans, protocols and test scripts. Test scripts should be described in sufficient detail to ensure a correct and repeatable conduct of test steps and prerequisites.9.7. 計劃與批準:確認和驗證活動應依照已批準的計劃�、方案和測試腳本開展。測試腳本的描述應足夠詳細��,以確保測試步驟和前提條件能正確且可重復地執行��。
9.8.Completion prior to use. Qualification and validation activities should be successfully completed and reported prior to approval and taking a system into use. Conditional approval to proceed to taking a system into use may be granted where certain acceptance criteria have not been met, or deviations have not been fully addressed. A condition for this is, that there is a documented assessment, that any deficiencies in the affected system functionality or Page 8 of 19 GMP processes, will not impact product quality, patient safety or data integrity. Where a conditional approval is issued, it should be explicitly stated in the validation report and there should be close follow-up on approval of outstanding actions according to plan.9.8. 使用前完成:確認和驗證活動應在批準并啟用系統之前成功完成并報告����。在某些接受標準未滿足或偏差未完全解決的情況下�,可有條件批準啟用系統。條件是要有文件記錄的評估��,證明受影響的系統功能或藥品GMP流程中的任何缺陷不會影響產品質量�����、患者安全或數據完整性�����。若頒發有條件批準,應在驗證報告中明確說明�����,且應根據計劃密切跟進未完成行動的批準情況 ����。
9.9.Authorisation. Qualification and validation documentation may be provided by a service provider, a vendor or an internal IT department in parts or in whole. However, the regulated user is fully accountable and should carefully review and authorise the use of the documentation. They should carefully consider whether it covers the implemented version and supports GMP, and company processes as is, or whether it should be repeated in parts or completely by the regulated user.9.9. 批準:確認和驗證文件可由服務提供商、供應商或內部信息技術(IT)部門部分或全部提供。然而���,受監管用戶負有全部責任,應仔細審核并批準文件的使用。他們應仔細考慮文件是否涵蓋已實施的版本�、是否支持 GMP 及公司現有流程��,或者是否應由受監管用戶部分或全部重新開展相關活動 。
10. Handling of Data10. 數據處理
10.1.Input verification. Where critical data is entered manually, systems should, were applicable, have functionality to verify the plausibility of the inputs (e.g. within expected ranges), and alert the user when the input is not plausible.10.1. 輸入驗證:在手動輸入關鍵數據的情況下,系統應在適用時具備驗證輸入合理性(如在預期范圍內 )的功能,并在輸入不合理時向用戶發出警報��。
10.2.Data transfer. Where a routine work process requires that critical data be transferred from one system to another (e.g. from a laboratory instrument to a LIMS system), this should, where possible, be based on validated interfaces rather than on manual transcriptions. If critical data is transcribed manually, effective measures should be in place to ensure that this does not introduce any risk to data integrity.10.2. 數據傳輸:當常規工作流程要求將關鍵數據從一個系統傳輸到另一個系統(如從實驗室儀器傳輸到實驗室信息管理系統(LIMS) )時���,應在可能的情況下基于經驗證的接口進行傳輸����,而非手動轉錄��。若關鍵數據手動傳輸�����,應采取有效措施確保不會給數據完整性帶來任何風險。
10.3.Data migration. Where an ad hoc process requires that critical data or a whole database be migrated from one system to another (e.g. when moving data from a retired to a new system), this should be based on a validated process. Among other things, it should consider the constraints on the sending and receiving side.10.3. 數據遷移:當臨時流程要求將關鍵數據或整個數據庫從一個系統遷移到另一個系統(如將數據從舊系統遷移到新系統 )時,應基于經驗證的流程進行。除其他事項外�����,還應考慮發送方和接收方的約束條件����。
10.4.Encryption. Where applicable, critical data should be encrypted on a system.10.4. 加密:在適用情況下,關鍵數據應在系統上進行加密�����。
11. Identity and Access Management11. 身份與訪問管理
11.1.Unique accounts. All users should have unique and personal accounts. The use of shared accounts except for those limited to read-only access (no data or settings can be changed), constitute a violation of data integrity.11.1. 唯一賬戶:所有用戶都應擁有唯一的個人賬戶。使用共享賬戶(僅限只讀訪問(無法更改數據或設置 )的賬戶除外 )構成對數據完整性的違規。
11.2. Continuous management. User accesses and roles should be granted, modified and revoked as relevant and in a timely manner as users join, change, and end their involvement in GMP activities.11.2. 持續管理:隨著用戶加入�、變動以及結束參與藥品GMP活動����,應適時且相關地授予����、修改和撤銷用戶訪問權限及角色。
11.3.Certain identification. The method of authentication should identify users with a high degree of certainty and provide an effective protection against unauthorised access. Typically, it may involve a unique username and a password, although other methods providing at least the same level of security may be employed (e.g. biometrics). Authentication only by means of a token or a smart card is not sufficient, if this could be used by another user.11.3. 可靠識別:身份驗證方法應能高度可靠地識別用戶,并有效防止未經授權的訪問。通常��,這可能涉及唯一用戶名和密碼����,不過也可采用其他至少具備同等安全級別的方法(如生物識別 )�。若令牌或智能卡可能被其他用戶使用,則僅通過令牌或智能卡進行身份驗證是不夠的。
11.4.Confidential passwords. Passwords and other means of authentication should be kept confidential and protected from all other users, both at system and at a personal level. Passwords received from e.g. a manager, or a system administrator should be changed at the first login, preferably required by the system.11.4. 保密密碼:密碼及其他身份驗證方式應在系統和個人層面上對所有其他用戶保密并加以保護��。從如經理或系統管理員處獲取的密碼�����,應在首次登錄時更改���,最好由系統強制要求更改����。
11.5. Secure passwords. Passwords should be secure and enforced by systems. Password rules should be commensurate with risks and consequences of unauthorised changes in systems and data. For critical systems, passwords should be of sufficient length to effectively prevent unauthorised access and contain a combination of uppercase, lowercase, numbers and symbols. A password should not contain e.g. words that can be found in a dictionary, the name of a person, a user id, product or organisation, and should be significantly different from a previous password.11.5. 安全密碼:密碼應安全且由系統強制實施��。密碼規則應與系統和數據中未經授權更改的風險及后果相匹配�����。對于關鍵系統,密碼長度應足以有效防止未經授權的訪問����,且應包含大寫字母��、小寫字母、數字和符號的組合�。密碼不應包含如字典中能查到的單詞����、人名��、用戶 ID����、產品或組織名稱����,且應與之前的密碼有顯著差異 ��。
11.6.Strong authentication. Remote authentication on critical systems from outside controlled perimeters, should include multifactor authentication (MFA).11.6. 強身份驗證:從受控區域外對關鍵系統進行遠程身份驗證時�����,應包含多因素身份驗證(MFA) 。
11.7.Auto locking. Accounts should be automatically locked after a pre-defined number of successive failed authentication attempts. Accounts should only be unlocked by the system administrator after it has been confirmed that this was not part of an unauthorised login attempt or after the risk for such attempt has been removed.11.7. 自動鎖定:在連續多次身份驗證失?。ù螖殿A先定義)后�,賬戶應自動鎖定�。僅在確認該情況并非未經授權的登錄嘗試的一部分,或此類嘗試的風險已消除后��,系統管理員才可解鎖賬戶�。
11.8. Inactivity logout. Systems should include an automatic inactivity logout, which logs out a user after a defined period of inactivity. The user should not be able to change the inactivity logout time (outside defined and acceptable limits) or deactivate the functionality. Upon inactivity logout, a re-authentication should be required (e.g. password entry).11.8. 無活動注銷:系統應包含自動無活動注銷功能,在用戶無活動狀態持續預定義時長后�����,將用戶注銷�����。用戶不應能夠更改無活動注銷時間(超出定義的可接受范圍)或停用該功能��。無活動注銷后�����,應要求重新進行身份驗證(如輸入密碼).
11.9.Access log. Systems should include an access log (separate, or as part of the audit trail) which, for each login, automatically logs the username, user role (if possible, to choose between several roles), the date and time for login, the date and time for logout (incl. inactivity logout). The log should be sortable and searchable, or alternatively, it should be possible to export the log to a tool which provides this functionality.11.9. 訪問日志:系統應包含訪問日志(單獨的,或作為審計追蹤的一部分)����,對于每次登錄,自動記錄用戶名����、用戶角色(若可能�����,在多個角色中選擇)、登錄日期和時間�、注銷日期和時間(包括無活動注銷)����。日志應可排序和搜索�����,或者應能夠將日志導出到具備該功能的工具中��。
11.10.Guiding principles. Access privileges for users of computerised systems used in GMP activities should be managed according to the following two guiding principles:11.10. 指導原則:藥品GMP活動所用計算機化系統的用戶訪問權限,應根據以下兩項指導原則進行管理:
·Segregation of duties, i.e. that users who are involved in GMP activities do not have administrative privileges.職責分離,即參與 GMP 活動的用戶不應擁有管理權限。
·Least privilege principle, i.e. that users do not have higher access privileges than what is necessary for their job function.最小權限原則,即用戶擁有的訪問權限不應高于其工作職能所需的權限�。
11.11.Recurrent reviews. User accounts should be subject to recurrent reviews where managers confirm the continued access of their employees in order to detect accesses which should have been changed or revoked during daily operation, but were accidentally forgotten. If user accounts are managed by means of roles, these should be subject to the same kind of reviews, where the accesses of roles are confirmed. The reviews should be documented, and appropriate action taken. The frequency of these reviews should be commensurate with the risks and consequences of changes in systems and data made by unauthorised individuals.11.11. 定期審核:用戶賬戶應接受定期審核����,由管理人員確認其員工的持續訪問權限���,以便發現那些在日常操作中本應更改或撤銷但意外被遺忘的訪問權限��。若用戶賬戶通過角色進行管理�����,這些角色也應接受同類審核,確認角色的訪問權限����。審核應形成文件記錄,并采取適當行動。這些審核的頻率應與未經授權人員對系統和數據進行更改的風險及后果相匹配���。
12. Audit Trails12. 審計追蹤
12.1. Manual user interactions. Systems which are used to control processes, capture, hold or report data, and where users can create, modify or delete data, settings or access privileges, Page 10 of 19 acknowledge alarms or execute electronic signatures etc., should have an audit trail functionality which automatically logs all manual user interactions.12.1. 手動用戶交互:用于控制流程、捕獲���、保存或報告數據,且用戶可創建�����、修改或刪除數據�、設置或訪問權限、確認報警或執行電子簽名等的系統�����,應具備審計追蹤功能���,自動記錄所有手動用戶交互�。
12.2. Who, what, when, why. The audit trail should unambiguously capture the user who made a change (including the user’s role, if users may have more than one role), what was changed (including the data that was changed and the old and the new value), and the date and time when the change was made (including the time zone if applicable). Audit trail data should be recorded at the time of events, not at the end of a process. Where data is changed from an old value to a new value, systems should automatically prompt the user for, and register the reason, why the change was made.12.2. 何人、何事、何時、何故.審計追蹤應清晰捕獲做出更改的用戶(若用戶可能有多個角色���,包括用戶的角色)、更改的內容(包括被更改的數據以及舊值和新值),以及更改發生的日期和時間(如適用����,包括時區)�。審計追蹤數據應在事件發生時記錄�,而非在流程結束時。當數據從舊值更改為新值時,系統應自動提示用戶并記錄更改原因�。
12.3.No edit or deactivation. Audit trail functionality should be enabled and locked at all times, and it should not be possible for any user to edit audit trail data. If audit trail settings or system time can be changed, or if the functionality can be deactivated, this should by itself create an entry in the audit trail, and it should only be possible for a system administrator not involved in any GMP activities (see 11.10 Guiding principles).12.3. 不可編輯或停用:審計追蹤功能應始終啟用并鎖定��,任何用戶都不應能夠編輯審計追蹤數據。若審計追蹤設置或系統時間可更改���,或該功能可停用����,此操作本身應在審計追蹤中創建一條記錄�����,且僅應由未參與任何藥品GMP活動的系統管理員執行(見 11.10 指導原則 )。
12.4.Accommodate review. Systems should accommodate effective and efficient reviews of audit trail data. It should be possible for all users to sort and search audit trail data (who, what, when and why) in the system, or alternatively, to allow export of the data to a tool where this is possible.12.4. 便于審核:系統應便于對審計追蹤數據進行有效且高效的審核�。所有用戶應能夠在系統中對審計追蹤數據(何人����、何事���、何時���、何故)進行排序和搜索�����,或者可將數據導出到具備該功能的工具中���。
12.5. Reviews. Audit trail reviews should be conducted according to a documented procedure for the specific system, or type of systems. The procedure should outline who should make the review, what should be reviewed, and when should the review be made. The use of tools to help conduct audit trail reviews is encouraged and appropriate action should be taken and documented following the reviews. Any significant variation from the expected outcome found during the audit trail review should be fully investigated and recorded.12.5. 審核:應依據針對特定系統或系統類型的文件化程序開展審計追蹤審核�。程序應規定由誰進行審核�����、審核內容以及審核時間�����。鼓勵使用工具輔助開展審計追蹤審核,審核后應采取適當行動并形成文件記錄�。審計追蹤審核中發現的與預期結果的任何重大偏差,都應進行全面調查并記錄�����。
12.6.Independent review. Audit trail reviews should be conducted by personnel not directly involved in the activities covered by the review (a peer review).12.6. 獨立審核:審計追蹤審核應由未直接參與審核所涉活動的人員進行(同行評審)����。
12.7. Scope of review. Reviewing all entries in an audit trail record may not be effective. Reviews should be targeted, based on risk and adapted to local manufacturing processes. Procedures for audit trail reviews should focus on detecting any deliberate or indeliberate changes to critical processes or data that indicate a violation of GMP principles, including, but not limited to, repetition of activities, errors, omissions, unauthorised process deviations and loss of data integrity. A key element should be to verify the reason why a change is made.12.7. 審核范圍:審核審計追蹤記錄中的所有條目可能并非有效方式。審核應基于風險有針對性地開展����,并適應本地生產流程���。審計追蹤審核程序應聚焦于檢測對關鍵流程或數據的任何故意或無意更改����,這些更改可能表明違反了藥品GMP原則����,包括但不限于活動重復、錯誤���、遺漏、未經授權的流程偏差以及數據完整性受損�����。其中一個關鍵要素是驗證更改的原因 ��。
12.8. Timeliness of review. Audit trail reviews should be conducted in a timely manner according to the risk of the process reviewed. The audit trail review should be conducted prior to batch release, unless the risk of a later detection of any unwarranted changes can be justified.12.8. 審核的及時性:應根據所審核流程的風險����,及時開展審計追蹤審核���。審計追蹤審核應在批次放行前進行�����,除非后續發現任何不當更改的風險可被證明是合理的�。
12.9.Electronic copy. It should be possible to obtain a complete electronic copy of system data including audit trail data. Flat and locked files are not acceptable, it should be possible to search and sort data.12.9. 電子副本:應能夠獲取包含審計追蹤數據在內的系統數據的完整電子副本����。靜態且鎖定的文件不可接受,應能夠對數據進行搜索和排序�。
12.10. Availability to QP. Audit trail reviews with direct impact on the release of a product should be available to the QP at the time of batch release.12.10. 對質量受權人的可用性:對產品放行有直接影響的審計追蹤審核結果����,應在批次放行時可供質量受權人(QP)查閱 �。
13. Electronic Signatures13. 電子簽名
13.1.Scope. Requirements for electronic signatures in this document apply to systems and tools used in processes where GMP require a signature.13.1. 范圍:本文件中電子簽名的要求適用于藥品GMP要求簽名的流程中使用的系統和工具。
13.2.Open systems. Where the system owner does not have full control of system accesses (open systems), or where required by other legislation, electronic signatures should, in addition, meet applicable national and international requirements, such as trusted services.13.2. 開放系統:當系統所有者無法完全控制系統訪問(開放系統)�����,或其他法規有要求時�����,電子簽名還應滿足適用的國家和國際要求����,如可信服務�����。
13.3. Re-authentication. When executing an electronic signature, a system should enforce users to perform a full re-authentication providing at least the same level of security as during system login (see 11.3 Certain identification). When executing subsequent electronic signatures in immediate sequence, authentication may be by means of a password or biometrics only. Authentication only by means of a smart card, a pin code, or relying on the previous system authentication is not acceptable.13.3. 重新認證:執行電子簽名時��,系統應強制用戶進行完整的重新認證,其安全級別至少應與系統登錄時相同(見 11.3 可靠識別 )。連續執行后續電子簽名時����,可僅通過密碼或生物識別進行認證。僅通過智能卡��、個人識別碼(PIN)或依賴之前的系統認證進行認證是不可接受的��。
13.4.Date and time. Systems should automatically log the date and time and, where applicable, the time zone when an electronic signature was applied.13.4. 日期和時間:系統應自動記錄應用電子簽名的日期和時間�,以及適用時的時區���。
13.5.Meaning. It should be clear when a user is executing an electronic signature and where applicable, systems should prompt the user for the meaning of the signature (e.g. reviewer or approver).13.5. 含義:應明確用戶何時執行電子簽名�,且在適用時,系統應提示用戶說明簽名的含義(如審核人或批準人)。
13.6. Manifestation. When an electronic signature is displayed (on screen or print), the manifestation should include the full name of the user, the username, where applicable the role of the signer and the meaning of the signature, the date and time, and where needed the time zone, when the signature was applied.13.6. 顯示形式:當電子簽名顯示(在屏幕上或打印件上)時���,顯示內容應包括用戶的全名、用戶名(如適用)、簽名人的角色、簽名的含義�����、簽名應用的日期和時間�,以及需要時的時區。
13.7.Indisputability. Electronic signatures should be indisputable and equivalent to hand-written signatures.13.7. 不可爭辯性:電子簽名應具有不可爭辯性��,且與手寫簽名等效�。
13.8.Unbreakable link. Electronic signatures should be permanently linked to their respective records. Controls should be in place to ensure that a signed record cannot be modified or alternatively, that if a later change is made to a signed record, it will clearly appear as unsigned.13.8. 不可破解的關聯:電子簽名應與其各自的記錄永久關聯。應采取控制措施確保已簽名記錄無法被修改�����,或者若后續對已簽名記錄進行更改�����,能明顯顯示為未簽名狀態�。
13.9. Hybrid solution. If a wet-ink signature (on paper) is used to sign electronic records held in a computerised system (a hybrid solution), measures should be implemented to provide a high degree of certainty that any change to the electronic record will invalidate the signature. This may be implemented by calculating a hash code (check sum) of the electronic record and printing that on the signature page.13.9. 混合解決方案:若使用手寫墨水簽名(在紙上)對計算機化系統中保存的電子記錄進行簽名(混合解決方案)�,應采取措施確保電子記錄的任何更改都會使簽名失效,且具有高度確定性�?���?赏ㄟ^計算電子記錄的哈希碼(校驗和)并將其打印在簽名頁上來實現����。
14. Periodic Reviews14. 定期審核
14.1 Periodic reviews. After a system has been initially validated and is put into operation, periodic reviews should be conducted. This review should verify whether the system remains 'fit for intended use' and in 'a validated state', or whether changes should be made and re-validation (complete or in parts) is required. The reviews should be documented and findings analysed to identify any consequences on product quality, patient safety and data integrity, and to prevent recurrence.14.1. 定期審核:系統初步驗證并投入運行后�,應開展定期審核。審核應確認系統是否仍“適合預期用途” 且處于 “驗證狀態”��,或是否應進行變更及是否需要重新驗證(全部或部分 )��。審核應形成文件記錄����,對發現的問題進行分析,以識別對產品質量��、患者安全和數據完整性的任何影響�����,并防止問題再次發生��。
14.2.Scope of review. Where applicable, periodic reviews should include, but may not be limited to:14.2. 審核范圍:在適用情況下,定期審核應包括但不限于:
Changes made since the previous review:自上次審核以來發生的變更
i.To the system’s hardware and software components, configuration, platform, infrastructure and interfaces.i. 系統硬件和軟件組件���、配置、平臺����、基礎架構及接口的變更����。
ii.To the system documentation, e.g. requirements specifications, user guides and SOPs. This includes a verification that system changes are fully reflected in the system documentationii. 系統文件的變更��,如需求規范����、用戶指南和標準操作程序(SOPs)�。這包括驗證系統變更已完整反映在系統文件中
iii.The combined effect of multiple changes in this, and in other systems, should be assessed. Undocumented (unapproved) changes should be effectively identified, e.g.by means of configuration auditing.iii. 應評估本系統及其他系統中多項變更的綜合影響��。應有效識別未記錄(未批準 )的變更�,如通過配置審核的方式�����。
Follow-up on supporting processes:對支持流程的跟進
iv.Actions from previous periodic reviews, audits and inspections, and corrective and preventive actions.iv. 以往定期審核�、審計和檢查所要求的行動��,以及糾正和預防措施����。
v.Conduct of, and actions from, audit trail reviews, access reviews, and risks assessments.v. 審計追蹤審核�、訪問審核和風險評估的開展情況及所要求的行動。
vi.Actions from incidents, problems and deviations, security incidents and new security threats.vi. 事件����、問題和偏差���、安全事件及新安全威脅所要求的行動�����。
vii.Maintenance, calibration, support contracts and service level agreements (SLA).vii. 維護、校準、支持合同及服務水平協議(SLA)。
viii.Contracts and key performance indicators (KPI) with vendors and service providers.viii. 與供應商和服務提供商簽訂的合同及關鍵績效指標(KPI)��。
ix.Adequacy of backup procedures, restore tests and disaster recovery plans.ix. 備份程序���、恢復測試及災難恢復計劃的充分性�。
x.Adequacy and timeliness of archival.x. 歸檔的充分性和及時性。
xi.Conduct and actions from data integrity assessments.xi. 數據完整性評估的開展情況及所要求的行動�����。
xii.Changes to regulatory requirements.xii. 監管要求的變更���。
14.3.Frequency. Periodic reviews should be conducted, approved and closed according to plan. The frequency of reviews should be established and justified based on the risk the system poses to product quality, patient safety and data integrity. A final review should be conducted when the system is taken out of use.14.3. 頻率:定期審核應依據計劃開展��、批準并收尾。審核頻率應根據系統對產品質量、患者安全和數據完整性構成的風險來確定并說明合理性。系統停用前應開展最終審核�。
15. Security15. 安全
15.1.Security system. Regulated users should ensure an effective information security management system is implemented and maintained, which safeguards authorised access to, and detects and prevents unauthorised access to GMP, systems and data.15.1. 安全系統:受監管用戶應確保實施并維護有效的信息安全管理系統�����,保障對藥品GMP、系統和數據的授權訪問,檢測并阻止未經授權的訪問。
15.2.Continuous improvement. Regulated users should keep updated about new security threats,and measures to protect GMP systems and data should be continuously improved as applicable to counter this development.15.2. 持續改進:受監管用戶應及時了解新的安全威脅����,且保護藥品GMP系統和數據的措施應持續改進�����,以應對安全威脅的發展情況 ���。
15.3.Training and tests. Regulated users should undergo recurrent security awareness training, as relevant, to raise and maintain their understanding of cyber threats and safe behaviour. The effectiveness of the training should be evaluated, e.g. by means of simulated tests.15.3. 培訓與測試:受監管用戶應按需求接受定期的安全意識培訓����,以提升并保持其對網絡威脅和安全行為的認知��。培訓的有效性應進行評估��,如通過模擬測試的方式。
15.4. Physical access. Servers, computers, devices, infrastructure and storage media used in GMP activities should be physically protected against unauthorised access, damage and loss. Physical access to server rooms and data centres should be limited to the necessary minimum and these should be securely locked, e.g. by means of multi-factor authentication. If unauthorised access is possible (e.g. `co-location´), access to individual servers should be protected.15.4. 物理訪問:用于 GMP 活動的服務器����、計算機��、設備�����、基礎設施和存儲介質應進行物理防護��,防止未經授權的訪問、損壞和丟失��。進入服務器機房和數據中心的物理訪問應限制在必要的最小范圍內���,且這些區域應安全鎖閉����,如通過多因素認證的方式。若存在未經授權訪問的可能(如 “共址” )�,應對單個服務器的訪問進行防護 �����。
15.5.Disasters and disturbances. Data centres should be constructed to minimise the risk and impact of natural and manmade disasters and disturbances. This includes, but may not be limited to, storms, flooding, water leaks, earthquakes, fires, power outages, and network failures etc.15.5. 災難與干擾:數據中心的建設應將自然和人為災難及干擾的風險與影響降至最低。這包括但不限于風暴�����、洪水�����、漏水����、地震���、火災�����、停電和網絡故障等情況。
15.6.Replication. Where relevant, critical data should be replicated from a primary to a secondary data centre. The replication should take place automatically with a delay which is short enough to minimise the risk of loss of data. The secondary (failover) data centre should be located at a safe distance from the primary site to minimise the risk that the same incident destroys both data centres.15.6. 復制:在相關情況下����,關鍵數據應從主數據中心復制到輔助數據中心��。復制應自動進行,且延遲時間應足夠短���,以將數據丟失的風險降至最低。輔助(故障轉移)數據中心應與主站點保持安全距離���,以降低同一事件摧毀兩個數據中心的風險。
15.7.Disaster recovery. A disaster recovery plan should be in place, tested and available during and after a disaster has affected a data centre, server, computer, infrastructure, or data. Where applicable, the plan should ensure the continuity of operation within a defined Recovery Time Objective (RTO).15.7. 災難恢復:應制定災難恢復計劃�����,該計劃應在數據中心��、服務器�����、計算機�、基礎設施或數據受到災難影響期間及之后可用且經過測試����。在適用情況下,計劃應確保在規定的恢復時間目標(RTO)內恢復運營連續性 ����。
15.8.Segmentation and firewalls. Networks should be segmented, and effective firewalls implemented to provide barriers between networks, and control incoming and outgoing network traffic. Firewall rules (e.g. based on IP addresses, destinations, protocols, applications, or ports) should be defined as strict as practically feasible, only allowing necessary and permissible traffic.15.8. 分段與防火墻:網絡應進行分段���,并實施有效的防火墻,以在網絡之間設置屏障并控制進出的網絡流量����。防火墻規則(如基于 IP 地址�、目標地址���、協議�、應用程序或端口 )應在實際可行的情況下盡可能嚴格定義,僅允許必要且合規的流量 。
15.9.Review of firewalls. Firewall rules should be periodically reviewed as the rules tend to be changed or become insufficient over time (e.g. as ports are opened but never closed, or as new cyber threats evolve). This review should ensure that firewalls continue to be set as tight as possible.15.9. 防火墻審核:由于防火墻規則會隨時間發生變化或變得不足(如端口被打開但從未關閉,或新的網絡威脅出現)�����,應定期審核防火墻規則�。此類審核應確保防火墻繼續設置為盡可能嚴格的狀態。
15.10.Updated platforms. Operating systems and platforms for applications should be updated in a timely manner according to vendor recommendations, to prevent their use in an unsupported state.15.10. 平臺更新:應用程序的操作系統和平臺應根據供應商建議及時更新,以避免在無支持的狀態下使用。
15.11.Validation and migration. Validation of applications on updated operating systems and platforms and migration of data should be planned and completed in due time prior to the expiry of the vendor’s support.15.11. 驗證與遷移:在供應商支持到期前�,應規劃并及時完成在更新后的操作系統和平臺上對應用程序的驗證及數據遷移���。
15.12. Unsupported platforms. Applications on operating systems and platforms, which are no longer supported by vendors, and for which threats are no longer monitored and applicable security patches released, are highly vulnerable and should be isolated from computer networks and the internet.15.12. 無支持的平臺:運行在供應商不再支持的操作系統和平臺上的應用程序�,由于不再對其威脅進行監控且不再發布適用的安全補丁�����,極易受到攻擊�����,應與計算機網絡和互聯網隔離。
15.13. Timely patching. While operating systems and platforms are under support, vendors typically release security patches to counter identified vulnerabilities, some of which (critical vulnerabilities) could otherwise be exploited to give unauthorised individuals privileged access to systems and allow code execution (e.g. ransomware attacks). Hence, relevant security patches released by vendors of operating systems and platforms should be deployed in a timely manner according to vendor recommendations. For critical vulnerabilities, this might be immediately.15.13. 及時打補?���。涸诓僮飨到y和平臺受支持期間���,供應商通常會發布安全補丁以應對已識別的漏洞,其中一些(關鍵漏洞)若不處理可能會被利用,使未經授權的人員獲得系統的特權訪問并執行代碼(如勒索軟件攻擊)。因此����,操作系統和平臺供應商發布的相關安全補丁應根據供應商建議及時部署�����。對于關鍵漏洞,可能需要立即部署���。
15.14. Unpatched platforms. Applications on operating systems and platforms, which are not security patched in a timely manner (critical patches) according to vendor recommendations are highly vulnerable and constitute a major risk for loss of data integrity. Where relevant, such systems should be isolated from computer networks and the internet.15.14. 未打補丁的平臺:未根據供應商建議及時進行安全補丁(關鍵補?��。└碌牟僮飨到y和平臺上的應用程序極易受到攻擊,且會對數據完整性構成重大丟失風險���。在相關情況下,此類系統應與計算機網絡和互聯網隔離�。
15.15.Strict control. The use of bidirectional devices (e.g. USB) in servers and computers used in GMP activities should be strictly controlled within the organisation.15.15. 嚴格控制:在藥品GMP活動所用的服務器和計算機中��,雙向設備(如 USB)的使用應在組織內部嚴格管控。
15.16. Effective scan. If bidirectional devices (e.g. USB) may have been used outside the organisation (e.g. privately), they may intentionally or unintentionally introduce malware and cause code execution. Hence, they should not be used unless they have been effectively scanned and found to be harmless, and not compromise system and data integrity.15.16. 有效掃描:若雙向設備(如 USB)可能在組織外部使用過(如個人使用 ),它們可能有意或無意地引入惡意軟件并導致代碼執行�。因此�����,除非已對其進行有效掃描并確認無害,且不會損害系統和數據完整性,否則不應使用這些設備����。
15.17. Deactivated ports. Ports for bidirectional devices (e.g. USB) in critical servers and computers should be deactivated by default, blocked or even removed, unless they are used for devices necessary to operate the system (e.g. keyboard or mouse).15.17. 停用端口:關鍵服務器和計算機中雙向設備(如 USB)的端口默認應停用���、屏蔽甚至移除�,除非這些端口用于操作系統必需的設備(如鍵盤或鼠標 )。
15.18.Anti-virus software. Anti-virus software should be installed and activated on systems used in GMP activities, especially those interfacing the internet. The anti-virus software should be continuously updated with the most recent virus definitions to identify, quarantine, and remove known computer viruses. The effectiveness of the process should be monitored.15.18. 防病毒軟件:應在 GMP 活動所用的系統上安裝并激活防病毒軟件,尤其是那些與互聯網連接的系統。防病毒軟件應使用最新的病毒定義持續更新,以識別�����、隔離和清除已知計算機病毒�。應監控該流程的有效性�。
15.19.Penetration testing. For critical systems facing the internet, penetration testing (ethical hacking) should be performed at regular intervals to evaluate the adequacy of security measures taken, and to identify vulnerabilities in system security. This should include the potential for unauthorised parties to gain access to and control the system and its data. The effectiveness of the process should be verified and monitored. Vulnerabilities identified, especially those related to a potential loss of data integrity, should be addressed and mitigated in a timely manner.15.19. 滲透測試:對于面向互聯網的關鍵系統,應定期進行滲透測試(道德黑客測試)�����,以評估所采取安全措施的充分性�����,并識別系統安全中的漏洞����。這應包括未經授權方獲得系統及其數據的訪問和控制權限的可能性��。應驗證并監控該流程的有效性�����。識別出的漏洞,尤其是與數據完整性潛在丟失相關的漏洞�����,應及時處理和緩解�。
15.20.Encryption. When remotely connecting to systems over the internet, a secure and encrypted protocol should be used.15.20. 加密:通過互聯網遠程連接到系統時,應使用安全且加密的協議�����。
16. Backup16. 備份
16.1. Regular backup. Data and metadata should be regularly backed up following established Page 15 of 19 procedures to prevent the loss of data in case of accidental or deliberate change or deletion, loss as the result of a malfunction or corruption, e.g. as the result of a cyber-attack.16.1. 定期備份:應按照既定程序定期備份數據和元數據�,以防止在意外或故意更改、刪除�,或因故障�����、損壞(如網絡攻擊導致的情況)而丟失數據時出現數據丟失�����。
16.2. Frequency and retention. The frequency, retention period and storage of backups is critically important to the effectiveness of the process to mitigate the loss of data. Backups should be made at suitable intervals (e.g. hourly, daily, weekly and monthly) and their retention determined through a risk-based approach (e.g. correspondingly a week, a month, a quarter, and years).16.2. 頻率與保留期限:備份的頻率���、保留期限和存儲方式對于減輕數據丟失影響的流程有效性至關重要�。應按合適的間隔(如每小時����、每天、每周��、每月)進行備份�����,并通過基于風險的方法確定其保留期限(如相應地為一周�����、一個月、一個季度����、數年)�。
16.3.Physical separation. Backups should be physically separated from the server or computer holding the original data and stored at a safe distance from this, to prevent that both would be impacted by the same incident.16.3. 物理隔離:備份應與存儲原始數據的服務器或計算機進行物理隔離���,并存儲在與其有安全距離的位置�����,以防止兩者因同一事件受到影響����。
16.4.Logical separation. Backups should not be stored at the same logical network as the original data to avoid simultaneous destruction or alteration.16.4. 邏輯隔離:備份不應與原始數據存儲在同一邏輯網絡中����,以避免同時遭到破壞或篡改。
16.5. Scope. Depending on the criticality and urgency for recovery after an incident, applications and system configurations may also need to be backed up.16.5. 范圍:根據事件發生后恢復的關鍵性和緊迫性�����,應用程序和系統配置可能也需要進行備份��。
16.6. Restore test. Restore of data from backup should be tested and documented based on risk during system validation and after changes are made to the backup or restore processes and tools. Restore tests should be documented and include a verification that data is accessible on the system.16.6. 恢復測試:從備份中恢復數據的操作應基于風險進行測試并形成文件記錄�����,測試應在系統驗證期間以及備份或恢復流程、工具發生變更后開展�����?;謴蜏y試應形成文件記錄,且應包含對系統上數據可訪問性的驗證。
17. Archiving17. 歸檔
17.1. Read only. After completion of a process, e.g. release of a product, GMP data and metadata (incl. audit trails) should be protected from deletion and changes throughout the retention period. This may be by changing its status to read-only in the system where the data was generated or captured, or by moving it to a dedicated archival system via a validated interface.17.1. 只讀:在流程完成后(如產品放行),藥品GMP數據和元數據(包括審計追蹤 )在整個保留期內應受到保護���,防止被刪除和更改。可通過在生成或捕獲數據的系統中將其狀態改為只讀����,或通過經驗證的接口將其移至專用歸檔系統來實現�。
17.2. Verification. When moving GMP data and metadata from one location to another in a system, or to a dedicated archival system, the integrity of the data should be verified by a high degree of certainty before any data is deleted, e.g. by means of a checksum. Where this is not possible, the completeness and integrity of the data should be verified manually. However, this verification does not alter the need for a validation of the archival and retrieval process, and of the systems and interfaces involved.17.2. 驗證:當在系統內將 GMP 數據和元數據從一個位置移至另一個位置����,或移至專用歸檔系統時��,應在刪除任何系統之前�����,通過高度可靠的方式(如借助校驗和 )驗證數據的完整性。若無法采用這種方式,應手動驗證數據的完整性和完備性�。不過����,這種驗證并不免除對歸檔和檢索流程以及所涉及系統和接口進行驗證的需求��。
17.3. Backup. If data is archived on a server (disk), it should be regularly backed up following the same procedures as for live data (see 16 Backup). As for other backups, these should be physically and logically separated from the archived data.17.3. 備份:若數據歸檔在服務器(磁盤)上�,應按照與實時數據相同的程序定期進行備份(見 16 備份 )���。與其他備份一樣�,這些備份應在物理和邏輯上與歸檔數據隔離。
17.4.Durability. If data is archived long-term on volatile storage media with limited durability (e.g. CD), this should follow a validated process. It should ensure that data is stored only for a verified duration according to vendor recommendations, and if necessary, transferred to new media in secure manner (see 16 Backup).17.4. 耐久性:若數據長期歸檔在耐久性有限的易失性存儲介質(如 CD )上��,應遵循經驗證的流程���。應確保根據供應商建議僅在經過驗證的期限內存儲數據���,且如有必要�����,以安全的方式轉移到新介質上(見 16 備份 )���。
17.5. Retrieval. It should be possible to retrieve archived data and metadata in a format which allows searching and sorting of the data, or alternatively, to allow export of the data to a Page 16 of 19 tool where this is possible.17.5. 檢索:應能夠以允許對數據進行搜索和排序的格式檢索歸檔數據和元數據�,或者可將數據導出到具備該功能的工具中����。
Glossary術語
ALCOA+An acronym for “attributable, legible, contemporaneous, original and accurate”, which puts additional emphasis on the attributes of being complete, consistent, enduring and available – implicit basic ALCOA principles.ALCOA+是“可歸屬�����、清晰�、及時、原始��、準確(attributable, legible, contemporaneous, original and accurate)” 的首字母縮寫��,額外強調了完整���、一致����、持久�、可用這些屬性 —— 是基本 ALCOA 原則的延伸內涵 。
Application應用程序
Software installed on a defined platform/hardware providing specific functionality.用程序安裝在特定平臺 / 硬件上���、具備特定功能的軟件 。
Audit trail審計追蹤
In computerised systems, an audit trail is a secure, computer generated, time-stamped electronic record that allows reconstruction of the events relating to the creation, modification, or deletion of an electronic record.
在計算機化系統中�����,審計追蹤是安全的���、由計算機生成并帶有時間戳的電子記錄�����,可用于還原與電子記錄的創建����、修改或刪除相關的事件過程���。
Backup備份
Provisions made for the recovery of data files or software, for the restart of processing, or for the use of alternative computer equipment after a system failure or disaster.為在系統故障或災難發生后恢復數據文件���、軟件�、重啟處理流程或使用備用計算機設備而做的準備工作����。
Change control變更控制
Ongoing evaluation and documentation of system operations and changes to determine whether the actual changes might affect a validated status of the computerised system. The intent is to determine the need for action that would ensure that the system is maintained in a validated state.對系統操作和變更進行持續評估并記錄,以確定實際變更是否可能影響計算機化系統的驗證狀態�����。目的是確定是否需要采取行動��,確保系統維持在驗證狀態��。
Commercial off-the-shelf現成商用(產品)
Software or hardware is a commercial off-the-shelf (COTS) product if provided by a vendor to the general public, if available in multiple and identical copies, and if implemented by the test facility management without or with some customization.若軟件或硬件由供應商提供給普通大眾、有多個相同副本可用�����,且由測試機構管理方在無需定制或進行一定定制的情況下實施����,則屬于現成商用(COTS)產品 。
Computerised System計算機化系統
A computerised system is a function (process or operation) integrated with a computer system and performed by trained personnel. The function is controlled by the computer system. The controlling computer system is comprised of hardware and software. The controlled function is comprised of equipment to be controlled and operating procedures performed by personnel.計算機化系統是與計算機系統集成、由經過培訓的人員執行的功能(流程或操作)����。該功能由計算機系統控制�����。控制用計算機系統由硬件和軟件組成����。被控制功能由待控制的設備和人員執行的操作程序組成。
Configuration配置
A configuration is an arrangement of functional units and pertains to the choice of hardware, software and documentation. It affects function and performance of the system.配置是功能單元的一種安排,涉及硬件、軟件和文件的選擇。它會影響系統的功能和性能���。
Customisation定制
A computerised system individually designed to suit a specific business process.為適應特定業務流程而單獨設計的計算機化系統。
Electronic record電子記錄
Any combination of text, graphics, data, audio, pictorial, or other information representation in digital form that is created, modified, maintained, archived, retrieved, or distributed by a computer system.由計算機系統創建、修改��、維護���、歸檔��、檢索或分發的����,以數字形式呈現的文本、圖形、數據�����、音頻����、圖片或其他信息表示的任意組合。
Infrastructure基礎設施
The hardware and software such as networking software and operation systems, which makes it possible for the application to function.使應用程序能夠運行的硬件和軟件,如網絡軟件和操作系統。
Migration遷移
Data migration is the activity of e.g. transporting electronic data from one computer system to another, transferring data between storage media or simply the transition of data from one state to another [e.g. conversion of data to a different format]. The term “data” refers to “raw data” as well as “metadata”.數據遷移是指諸如將電子數據從一個計算機系統傳輸到另一個系統、在存儲介質之間傳輸數據,或簡單地將數據從一種狀態轉換為另一種狀態(如將數據轉換為不同格式)的活動����。“數據” 一詞既指 “原始數據”���,也指 “元數據”�。
Multifactor authentication (MFA)多因素認證(MFA)
A combination of two of the three factors: something you know (e.g. a password), something you have (e.g. a phone or smartcard) or something you are (biometrics).以下三種因素中兩種的組合:你知道的東西(如密碼)�����、你擁有的東西(如手機或智能卡)或你的生物特征(生物識別)�。
Operating system操作系統
A program or collection of programs, routines and sub-routines that controls the operation of a computer. An operating system may provide services such as resource allocation, scheduling, input/output control, and data management.控制計算機操作的一個程序或一組程序�����、例程和子例程。操作系統可提供資源分配����、調度��、輸入 / 輸出控制和數據管理等服務。
Qualification確認
Action of verifying that the system (including hardware and software) is effectively designed, installed, commissioned, and operates correctly. Refer to Computer system Validation驗證系統(包括硬件和軟件)經過有效設計��、安裝���、調試且能正確運行的活動�����。參考計算機系統驗證�����。
Regulated user受監管用戶
A company regulated under GMP.受GMP監管的公司。
Specification規范
A document that specifies, in a complete, precise, verifiable manner, the requirements, design, behaviour, or other characteristics of a system or component, and often, the procedures for determining whether these provisions have been satisfied.以完整、精確、可驗證的方式規定系統或組件的要求���、設計、行為或其他特征的文件�,通常還規定確定這些規定是否得到滿足的程序�����。
Test case測試用例
A set of test inputs, execution conditions, and expected results developed for a particular objective, such as to exercise a particular program path or to verify compliance with a specific requirement.為特定目標(如執行特定程序路徑或驗證是否符合特定要求)而編制的一組測試輸入、執行條件和預期結果����。
User用戶
An individual user at a company regulated under GMP.受GMP監管的公司中的具體用戶。
User requirement specifications (URS)用戶需求規范(URS)
User requirement specifications define in writing what the user expects the computerised system to be able to do.用戶需求規范以書面形式規定用戶期望計算機化系統具備的功能����。
Validation驗證
Action of proving that a process leads to the expected results. Validation of a computerised system requires ensuring and demonstrating the fitness for its purpose.證明一個流程能產生預期結果的活動��。計算機化系統的驗證需要確保并證明其適合預定用途。
Verification確認
Confirmation, through the provision of objective evidence that specified requirements have been fulfilled.通過提供客觀證據�����,證實規定要求已得到滿足的活動�����。
