受法规约束地GMP和GDP环境下大数据管理系统和完整性优良要求规范(中英文)

《受法规约束地GMP和GDP环境下大数据管理系统和完整性优良要求规范(中英文)》由会员分享，可在线阅读，更多相关《受法规约束地GMP和GDP环境下大数据管理系统和完整性优良要求规范(中英文)（95页珍藏版）》请在装配图网上搜索。

1、wordPIC/S 受法规约束的GMP/GDP环境下数据管理和完整性优良规X中英文PIC/S GUIDANCEPIC/S指南PIC/S：国际药品监查合作计划GOOD PRACTICES FOR DATA MANAGEMENT AND INTEGRITY IN REGULATEDGMP/GDP ENVIRONMENTS受法规约束的GMP/GDP环境下数据管理和完整性优良规X PIC/S August 20162016年8月Reproduction prohibited for mercial purposes.Reproduction for internal use is authorised

2、, provided that the source is acknowledged.TABLE OF CONTENTS目录1. Document history文件历史2. Introduction引言3. Purpose目的4. ScopeX围5. Data governance system数据管理系统5.1 What is data governance什么是数据管理5.2 Data governance systems数据管理系统5.3 Risk management approach to data governance数据管理的风险管理方法5.4 Data criticality

3、数据关键度5.5 Data risk数据风险5.6 Data governance system review数据管理体系审核6. Organisational influences on successful data integrity management公司对数据完整性管理成功与否的影响6.1 General概述6.2 Code of ethics and policies道德和方针准如此6.3 Quality culture质量文化6.4 Modernising the Pharmaceutical Quality Management System药物质量管理体系现代化6.5 Re

4、gular management review of quality metrics质量尺度的定期管理评审6.6 Resource allocation资源配置6.7 Dealing with data integrity issues found internally内部发现的数据完整性问题处理7. General data integrity principles and enablers一般数据完整性原如此和推进者8. Specific data integrity considerations for paper-based systems纸质系统特定数据完整性考虑8.1 Struct

5、ure of QMS and control of blank forms/templates/recordsQMS结构和空白表格/模板/记录的控制8.2 Why is the control of records important?为什么记录的控制如此重要？8.3 Generation, distribution and control of template records模板式记录的产生、分发和控制8.4 Expectations for the generation, distribution and control of records产生、分发和控制记录的要求8.5 Use an

6、d control of records within production areas生产区域内记录的使用和控制8.6 Filling out records记录填写8.7 Making corrections on records记录更正8.8 Verification of records记录核查8.9 Maintaining records记录维护8.10 Direct print-outs from electronic systems从电子系统中直接打印出的记录8.11 True copies真实备份8.12 Limitations of remote review of summ

7、ary reports远程审核报告摘要的局限性8.13 Document retention文件保存8.14 Disposal of original records原始记录的废弃9. Specific data integrity considerations for puterised systems计算机化系统特定数据完整性考虑9.1 Structure of QMS and control of puterised systemsQMS结果和计算机化系统的控制9.2 Qualification and validation of puterised systems计算机化系统确实认和验

8、证9.3 System security for puterised systems计算机化系统的系统安全9.4 Audit trails for puterised systems计算机化系统的审计追踪9.5 Data capture/entry for puterised systems计算机化系统的数据捕获/输入9.6 Review of data within puterised systems计算机化系统内的数据审核9.7 Storage, archival and disposal of electronic data电子数据的存贮、归档和废弃10. Data integrity

9、considerations for outsourced activities外包活动的数据完整性考虑10.1 General supply chain considerations一般供给链考虑10.2 Routine document verification日常文件核查10.3 Strategies for assessing data integrity in the supply chain供给链中数据完整性评估策略11. Regulatory actions in response to data integrity findings数据完整性缺陷引发的法规行动11.1 Defi

10、ciency references缺陷参考11.2 Classification of deficiencies缺陷分类12. Remediation of data integrity failures数据完整性失败时的弥补方法12.1 Responding to significant data integrity issues对重大数据完整性问题响应12.2 Indicators of improvement改善指标13. Definitions定义14. Revision history版本历史1 DOCUMENT HISTORY文件历史Draft 1 of PI 041-1 pres

11、ented to the PIC/S mittee at its meeting in Manchester4-5 July 2016曼彻斯特会议期间PI 041-1草案提交给PIC/S委员会2016年7月4-5日Consultation of PIC/S Participating Authorities on publication of the Good Practices as a draft and implementation on a trial basis18 July 31 July 2016公布PIC/S草案征求参与药监机构意见与试行2016年7月18日31日Minor e

12、dits to Draft 11 9 August 2016第1版本草案轻微修订2016年8月1-9日Publication of Draft 2 on the PIC/S website10 August 2016第2版本草案在PIC/S上公布2016年8月10日Implementation of the draft on a trial basis and ment period for PIC/S Participating Authorities10 August 2016 28 February 2017试验实施和征求PIC/S参与药监机构意见阶段2016年8月10日-2017年2月

13、28日Review of ments by PIC/S Participating AuthoritiesPIC/S参与药监机构审核所收到的意见Finalisation of draft草稿定稿Adoption by mittee ofPI 041-1DatePI 041-1被委员会采纳Entry into force ofPI 041-1DatePI 041-1生效2 INTRODUCTION引言2.1 PIC/S Participating Authorities regularly undertake inspections of manufacturers and distributo

14、rs of API and medicinal products in order to determine the level of pliance with GMP/GDP principles. These inspections are monly performed on-site however may be performed through the remote or off-site evaluation of documentary evidence, in which case the limitations of remote review of data should

15、 be considered.PIC/S参与药监机构定期对原料药和制剂生产商和销售商进展检查，以确定其GMP/GDP符合性水平。这些检查通常是在现场实施，但也可以通过远程或离厂文件证据评估进展，这时要考虑远程数据审核的局限性。2.2 The effectiveness of these inspection processes is determined by the veracity of the evidence provided to the inspector and ultimately the integrity of the underlying data. It is crit

16、ical to the inspection process that inspectors can determine and fully rely on the accuracy and pleteness of evidence and records presented to them.这些检查流程的有效性是由提供给检查员的证据的真实性所决定的，并最终决定于数据背后的完整性。检查员可以确定并完全依赖呈交给他们的证据和记录的完整性和准确性对于检查过程来说非常关键。2.3 Good data management practices influence the integrity of a

17、ll data generated and recorded by a manufacturer and these practices should ensure that data is accurate, plete and reliable. While the main focus of this document is in relation to data integrity expectations, the principles herein should also be considered in the wider context of good data managem

18、ent.优良数据管理规X影响生产商所产生和记录的所有数据，这些做法应能保证数据是准确的、完整的和可靠的。尽管此文件主要关注的是数据完整性要求，在更广的优良数据管理环境下也应考虑此指南所述原如此。2.4 Data Integrity is defined as “the extent to which all data are plete, consistent and accurate, throughout the data lifecycle11 and is fundamental in a pharmaceutical quality system which ensures that

19、 medicines are of the required quality. Poor data integrity practices and vulnerabilities undermine the quality of records and evidence, and may ultimately undermine the quality of medicinal products.数据完整性定义为“所有数据在整个生命周期均完整、一致和准确的程度，它在药物质量体系中是根本的要求，它确保药品具备所需的质量。不良的数据完整性做法和弱点会削弱记录和证据的质量，并最终可能破坏药品质量。2

20、.5 Data integrity applies to all elements of the Quality Management System and the principles herein apply equally to data generated by electronic and paper-based systems.数据完整性适用于质量管理体系的所有要素，此中原如此等同适用于电子和纸质系统产生的数据。2.6 The responsibility for good practices regarding data management and integrity lies

21、 with the manufacturer or distributor undergoing inspection. They have full responsibility and a duty to assess their data management systems for potential vulnerabilities and take steps to design and implement good data governance practices to ensure data integrity is maintained.数据管理和完整性优良规X的职责由承受检

22、查的生产商或销售商承当。他们负有全部职责和义务来评估其数据管理体系，发现潜在弱点，设计和实施优良数据管理规X来确保数据完整性得到维护。3 PURPOSE目的3.1 This document was written with the aim of:本文件编制的目的是：3.1.1 Providing guidance for inspectorates in the interpretation of GMP/GDP requirements in relation to data integrity and the conduct of inspections.为检查员提供与数据完整性相关的G

23、MP/GDP要求诠释与实施检查相关指南。3.1.2 Providing consolidated, illustrative guidance on risk-based control strategies which enable the existing requirements for data integrity and reliability as described in PIC/S Guides for GMP2and GDP3to be implemented in the context of modern industry practices and globalised

24、 supply chains.对基于风险的控制策略提供详细解说的整合指南，促使GMP和GDP的PIC/S指南中所述的现有数据完整性要求和可靠性在现代化工业做法和全球化供给链的环境下得到实施。3.1.3 Facilitating the effective implementation of data integrity elements into the routine planning and conduct of GMP/GDP inspections; to provide a tool to harmonise GMP/GDP inspections and to ensure the

25、 quality of inspections with regards to data integrity expectations.促进数据完整性要素在日常规划和实施GMP/GDP检查中有效实施，提供一个工具让GMP/GDP检查保持一致，保证数据完整性要求方面的检查质量。3.2 This guidance, together with inspectorate resources such as aide memoire (for future development) should enable the inspector to make an optimal use of the in

26、spection time and an optimal evaluation of data integrity elements during an inspection.本指南与检查团资源，例如备忘录用于进一步展开一起让检查员优化使用检查时间，在检查中更好地评估数据完整性要素。3.3 Guidance herein should assist the inspectorate in planning a risk-based inspection relating to data integrity.本指南应协助检查组织规划基于风险的数据完整性相关检查。3.4 This guide is

27、 not intended to impose additional regulatory burden upon regulated entities, rather it is intended to provide guidance on the interpretation of existing PIC/S GMP/GDP requirements relating to current industry practice.本指南无意对受法规规X的主体形成强制的法规责任，它意在为目前行业规X相关的已有PIC/S GMP/GDP要求提供诠释。3.5 The principles of

28、data integrity apply equally to both manual and puterized systems and should not place any restraint upon the development or adoption of new concepts or technologies. In accordance with ICH Q10 principles, this guide should facilitate the adoption of innovative technologies through continual improve

29、ment.数据完整性原如此等同适用于手动和计算机化系统，不应该对开展和采用新概念或技术形成限制。根据ICH Q10原如此，本指南应有助于通过持续改良采纳创新技术。3.6 This version of the guidance is intended to provide a basic overview of key principles regarding data management and integrity. The PIC/S Data Integrity Working Group will periodically update, amend and review this

30、guidance in light of inspectorate feedback, experience in using the guide and any other developments.本版本指南意在为数据管理和完整性核心原如此提供根本概貌。PIC/S数据完整性工作组将定期进展更新，根据检查团的反应、使用本指南的经验以与任何其它开展修订和审核本指南。4 SCOPEX围4.1 The guidance has been written to apply to both on-site and remote (desktop) inspections of those sites

31、performing manufacturing (GMP) and distribution (GDP) activities. The guide should be considered as a non-exhaustive list of areas to be considered during inspection.本指南适用于现场和远程桌面检查那些实施生产GMP和销售GDP活动的场所。本指南应作为检查期间要考虑领域的未尽清单。4.2 Whilst this document has been written with the above scope, many principl

32、es regarding good data management practices described herein have applications for other areas of the regulated pharmaceutical and healthcare industry.尽管此文件写就时覆盖上述X围，但其中许多关于优良数据管理规X的原如此亦可应用于受法规规X的药品和保健行业的其它领域。4.3 This guide is not intended to provide specific guidance for “for-cause inspections foll

33、owing detection of significant data integrity vulnerabilities where forensic expertise may be required.本指南无意为重大数据完整性漏洞引起的“有因检查提供特定指南。在有因检查中，可能需要具有调查技巧的专家。5 DATA GOVERNANCE SYSTEM数据管理体系5.1 What is data governance?什么是数据管理？5.1.1 Data governance is the sum total of arrangements which provide assurance o

34、f data integrity. These arrangements ensure that data, irrespective of the process, format or technology in which it is generated, recorded, processed, retained, retrieved and used will ensure a plete, consistent and accurate record throughout the data lifecycle.数据管理是为数据完整性提供保障的所有安排的总和。这些安排保证数据，不管其产

35、生、记录、处理、保存、恢复和使用的过程、格式或技术如何，均能在数据的整个生命周期中保证完整、一致和准确的记录。5.1.2 The data lifecycle refers to how data is generated, processed, reported, checked, used for decision-making, stored and finally discarded at the end of the retention period. Data relating to a product or process may cross various boundaries

36、 within the lifecycle. This may include data transfer between manual and IT systems, or between different organisational boundaries; both internal (e.g. between production, QC and QA) and external (e.g. between service providers or contract givers and acceptors).数据生命周期指数据如何产生、处理、报告、检查、用于决策、存贮和在保存期完毕

37、后最终废弃。与一个药品或工艺相关的数据可能在其生命周期内会穿越不同边界。这可能包括手工和IT系统之间的数据转移，不同公司界限之间的数据转移，内部例如生产、QC和QA之间和外部例如，服务提供商或合同发包方和承受方之间的数据转移。5.2 Data governance systems数据管理系统5.2.1 Data governance systems should be integral to the pharmaceutical quality system described in PIC/S GMP/GDP. It should address data ownership through

38、out the lifecycle, and consider the design, operation and monitoring of processes / systems in order to ply with the principles of data integrity, including control over intentional and unintentional changes to, and deletion of information.数据管理系统应整合于PIC/S GMP/GDP所述的药物质量体系中。它应该说明数据在其生命周期中的所有者身份，考虑对过程

39、/系统进展设计、运行和监测，以符合数据完整性原如此，包括对有意和无意修改和删除信息的控制。5.2.2 The data governance system should ensure controls over data lifecycle which are mensurate with the principles of quality risk management. These controls may be:数据管理系统应保证在数据生命周期进展控制。控制应与质量风险管理原如此相称。这些控制可以是：lOrganisational从公司角度nprocedures, e.g. instru

40、ctions for pletion of records and retention of pleted paper records;n程序，例如，记录完整的指令和完整纸质记录的保存；ntraining of staff and documented authorisation for data generation and approval;n培训人员和记录数据产生权限并批准；ndata governance system design, considering how data is generated recorded, processed retained and used, and

41、 risks or vulnerabilities are controlled effectively;n数据管理系统的设计应考虑数据是如何产生、记录、处理、存贮和使用的，应对风险和漏洞进展有效控制；nroutine data verification;n日常数据核查；nperiodic surveillance, e.g. self-inspection processes seek to verifiy the effectiveness of the data governance policy.n定期监管，例如自检过程中核查数据管理方针的有效性。lTechnical技术角度npute

42、rised system control,n计算机化系统控制nAutomationn自动化5.2.3 An effective data governance system will demonstrate Managements understanding and mitment to effective data governance practices including the necessity for a bination of appropriate organisational culture and behaviours (section 6) and an understa

43、nding of data criticality, data risk and data lifecycle. There should also be evidence of munication of expectations to personnel at all levels within the organisation in a manner which ensures empowerment to report failures and opportunities for improvement. This reduces the incentive to falsify, a

44、lter or delete data.一个有效的数据管理系统将证明管理者对有效数据管理规X的了解和承诺，包括适当的公司文化和行为第6局部和对数据关键程度、数据风险和数据生命周期的了解。还应有证据证明在公司内以一定方式将要求沟通传达至各层次人员，保证更大的权力来报告失败和改良机会。如此可以减少伪造、篡改和删除数据的诱因。5.2.4 The organisations arrangements for data governance should be documented within their Quality Management System and regularly reviewed

45、.公司对数据管理的安排应记录在其质量管理体系内，并定期审核。5.3 Risk management approach to data governance数据管理的风险管理方法5.3.1 Senior management is responsible for the implementation of systems and procedures to minimise the potential risk to data integrity, and for identifying the residual risk, using the principles of ICH Q9. Con

46、tract Givers should perform a similar review as part of their vendor assurance programme, (refer section 10)高级管理层对实施系统和程序以降低数据完整性潜在风险，识别残留风险，使用ICH Q9原如此承当责任。合同发包方应实施类似的审核，作为其供给商保证计划的一局部参见第10局部。5.3.2 The effort and resource assigned to data governance should be mensurate with the risk to product qual

47、ity, and should also be balanced with other quality resource demands. Manufacturers and analytical laboratories should design and operate a system which provides an acceptable state of control based on the data integrity risk, and which is fully documented with supporting rationale.为数据管理所做的工作和所配置的资源

48、应与产品质量风险相称，同时也要与其它质量资源需求相平衡。生产商和分析化验室应设计和运行一个体系，为数据完整性风险提供可承受的控制状态，并全面记录支持性原理。5.3.3 Where long term measures are identified in order to achieve the desired state of control, interim measures should be implemented to mitigate risk, and should be monitored for effectiveness. Where interim measures or

49、risk prioritisation are required, residual data integrity risk should be municated to senior management, and kept under review. Reverting from automated / puterised to paper-based systems will not remove the need for data governance. Such retrograde approaches are likely to increase administrative b

50、urden and data risk, and prevent the continuous improvement initiatives referred to in paragraph 3.5.如果认为需要采取长期措施，以达到想要的控制状态，如此应实施临时措施来将缓解风险，并监测其有效性。如果需要采取临时措施或者是提高风险优先度，如此应与高级管理层沟通所残留的数据完整性风险，保持审核。从自动化/计算机化转化为纸质系统不能解除对数据管理的需求。此种降解方式可能会增加行政负担和数据风险，阻止第段中提提出的持续改良倡议。5.3.4 Not all data or processing ste

51、ps have the same importance to product quality and patient safety. Risk management should be utilised to determine the importance of each data/processing step. An effective risk management approach to data governance will consider:不是所有数据和处理步骤都对药品质量和患者安全具有等同的重要性。应使用风险管理来确定每个数据/处理步骤的重要性。对数据管理的有效风险管理方法

52、应考虑：lData criticality (impact to decision making and product quality) andl数据关键程度对制订决策和产品质量的影响以与lData risk (opportunity for data alteration and deletion, and likelihood of detection / visibility of changes by the manufacturers routine review processes).l数据篡改和删除的数据风险机会，修改被生产商的日常审核流程所发现/可见的可能性From this

53、 information, risk proportionate control measures can be implemented.从此信息中可知，可以实施与风险相当的控制措施。5.4 Data criticality数据关键程度5.4.1 The decision that data influences may differ in importance, and the impact of the data to a decision may also vary. Points to consider regarding data criticality include:受数据影响的

54、决策可能会在重要程度上有所有不同，数据对决策的影响度可能也不同。关于数据关键程度要考虑的要素包括：l?Which decision does the data influence?数据影响了什么决策？For example: when making a batch release decision, data which determines pliance with critical quality attributes is of greater importance than warehouse cleaning records.例如，当作出批放行决策时，确定符合关键质量属性的数据比仓库

55、清洁记录要重要。l?What is the impact of the data to product quality or safety?数据对药品质量或安全有什么影响？For example: for an oral tablet, active substance assay data is of generally greater impact to product quality and safety than tablet friability data.例如，对于口服特此证明，活性物质含量数据一般要比脆碎度数据对药品质量和安全影响更大。5.5 Data risk数据风险5.5.1

56、 Data risk assessment should consider the vulnerability of data to involuntary or deliberate alteration, falsification, deletion, loss or re-creation, and the likelihood of detection of such actions. Consideration should also be given to ensuring plete data recovery in the event of a disaster. Contr

57、ol measures which prevent unauthorised activity, and increase visibility / detectability can be used as risk mitigating actions.数据完整性应考虑数据在有意和无意修改、伪造、删除、丢失或重新创建，以与被发觉可能性方面的弱点。还要考虑保证在灾难发生时恢复完整数据。防止未经授权的活动，增加可视性/检出能力的控制措施可以用作风险降低措施。5.5.2 Examples of factors which can increase risk of data integrity fa

58、ilure include plex, inconsistent processes with open ended and subjective outes. Simple tasks which are consistent, well defined and objective lead to reduced risk.可能会增加数据完整性失败的风险的因素例子包括复杂的不一致的工艺，有开放型结果和主观结果。定义明确、客观、一致的简单任务如此会降低风险。5.5.3 Risk assessments should focus on a business process (e.g. produ

59、ction, QC), evaluate data flows and the methods of generating data, and not just consider IT system functionality or plexity. Factors to consider include:风险评估应关注一个业务流程例如，生产、QC，评估数据流和数据产生方法，而不仅是评估IT系统功能和复杂性。要考虑的因素包括：lProcess plexity;l工艺复杂性；lMethods of generating, storing and retiring data and their a

60、bility to ensure data accuracy, legibility, indelibility;l数据生成、存贮和退役的方法以与其保证数据准确性、清晰、不能消除的能力；lProcess consistency and degree of automation / human interaction;l工艺一致性和自动/人工互动程度；lSubjectivity of oute / result (i.e. is the process open-ended or well defined?); andl结果的主观性即工艺是开放式的还是明确定义的；以与lThe oute of a

61、 parison between of electronic system data and manually recorded events could be indicative for malpractices (e.g. apparent discrepancies between analytical reports and raw-data acquisition times).l电子系统数据和人工记录事件之间比拟的结果可能对于不良规X来说具有指示性例如，分析报告和原始数据获得时长之间有明显的差距。5.5.4 For puterised systems, manual interf

62、aces with IT systems should be considered in the risk assessment process. puterised system validation in isolation may not result in low data integrity risk, in particular when the user is able to influence the reporting of data from the validated system.对于计算机化系统，在风险评估过程中应考虑人工与IT系统的界面。计算机化系统验证单独可能不会

63、导致较低的数据完整性风险，尤其是当用户可以影响来自经过验证的系统中的数据报告时。5.5.5 Critical thinking skills should be used by inspectors to determine whether control and review procedures effectively achieve their desired outes. An indicator of data governance maturity is an organisational understanding and acceptance of residual risk,

64、 which prioritises actions. An organisation which believes that there is no risk of data integrity failure is unlikely to have made an adequate assessment of inherent risks in the data lifecycle. The approach to assessment of data lifecycle, criticality and risk should therefore be examined in detail. This may indicate potential failure modes which can be investigated during an inspection