201501 MHRA数据完整性指南

zxc0458 2016-05-11

展开全文

2015-01-29 21:33:23| 分类： EDQM | 标签： |举报 |字号大中小订阅

MHRA GMP Data Integrity Definitions and Guidance for Industry January 2015

MHRA的GMP数据完整性定义和行业指南/2015年1月

Introduction: 背景介绍

Data integrity is fundamental in a pharmaceutical quality system which ensures that medicines are of the required quality. This document provides MHRA guidance on GMP data integrity expectations for the pharmaceutical industry. This guidance is intended to complement existing EU GMP, and should be read in conjunction with national medicines legislation and the GMP standards published in Eudralex volume 4.

数据完整性在药品质量体系中是基本要求，它保证药品具有所需要的质量。本文件向制药行业提供MHRA关于GMP数据完整性方面期望的指南。本指南意在对现有EU GMP进行补充，应与国家药监法规和欧洲法规第4卷的GMP标准联合解读。

The data governance system should be integral to the pharmaceutical quality system described in EU GMP chapter 1. The effort and resource assigned to data governance should be commensurate with the risk to product quality, and should also be balanced with other quality assurance resource demands. As such, manufacturers and analytical laboratories are not expected to implement a forensic approach to data checking, but instead design and operate a system which provides an acceptable state of control based on the data integrity risk, and which is fully documented with supporting rationale.

数据管理系统应与EU GMP第1章中描述的药品质量体系相结合。给数据管理提供的努力和资源应与产品质量的风险相称，还应与其它质量保证资源需求相平衡。因此，并不期待生产商和分析实验室实施一种辩论的方法来对数据进行检查，而只需要设计和实施一种系统，提供一种基于数据完整性风险的可接受控制状态，并对支持性理由进行完整记录。

Data integrity requirements apply equally to manual (paper) and electronic data. Manufacturers and analytical laboratories should be aware that reverting from automated / computerised to manual / paper-based systems will not in itself remove the need for data integrity controls. This may also constitute a failure to comply with Article 23 of Directive 2001/83/EC, which requires an authorisation holder to take account of scientific and technical progress and enable the medicinal product to be manufactured and checked by means of generally accepted scientific methods.

数据完整性要求等同适用于手工（纸质）和电子数据。生产商和分析化验室应明白将自动化的/计算机化的系统转换为人工/纸质的系统并不能消除数据完整性控制的需求。这可能也会是违反法条2001/83/EC第23款的，该条款要求自动化的持有者要考虑科学技术进步，使得药品采用普遍被接受的科学方法进行生产和检查。

Throughout this guidance, associated definitions are shown as hyperlinks.

在本指南全篇中相关定义均采用了超链接显示。

Establishing data criticality and inherent integrity risk:

建立数据关键性和内在完整性风险

In addition to an overarching data governance system, which should include relevant policies and staff training in the importance of data integrity, consideration should be given to the organisational (e.g. procedures) and technical (e.g. computer system access) controls applied to different areas of the quality system. The degree of effort and resource applied to the organisational and technical control of data lifecycle elements should be commensurate with its criticality in terms of impact to product quality attributes.

除了包括相关方针和员工关于数据完整重要性培训的顶端数据管理系统外，还要考虑将组织性（例如，程序）和技术性（例如，计算机系统进入权限）控制应用于质量体系的不同领域。应用于组织性和技术性控制数据生命周期要素的努力程度和资源配置情况应与其对产品质量属性的影响关键性相适应。

Data may be generated by (i) a paper-based record of a manual observation, or (ii) in terms of equipment, a spectrum of simple machines through to complex highly configurable computerised systems. The inherent risks to data integrity may differ depending upon the degree to which data (or the system generating or using the data) can be configured, and therefore potentially manipulated (see figure 1).

数据可以由以下方式产生（1）人工观察纸质记录（2）仪器，简单设备通过复杂的高级参数计算机化系统产生的图谱。数据完整性的内在风险根据数据可设置参数水平不同而不同，因此是可以捏造的（参见图1）。

说明: 201501 MHRA数据完整性指南 - Julia - 成功是永远的追逐，追逐是永远的成功

With reference to figure 1 above, simple systems (such as pH meters and balances) may only require calibration, whereas complex systems require ‘validation for intended purpose’. Validation effort increases from left to right in the diagram above. However, it is common for companies to overlook systems of apparent lower complexity. Within these systems it may be possible to manipulate data or repeat testing to achieve a desired outcome with limited opportunity of detection (e.g. stand-alone systems with a user configurable output such as FT-IR, UV spectrophotometers).

参考上述图1，简单系统（例如pH计和天平）可能只要求进行校正，而复杂系统则需要进行“对其既定用途进行验证”。验证工作在上图中从左到右逐步增加。但是，公司一般需要对明显的较低复杂程度的系统进行验看。在这些系统中，可能会可以捏造数据或重复测试以达到所想要的结果，而被发现的机会较低（例如，独立系统具有用户可设置参数的输出，例如，FT-IR，UV色谱仪）。

Designing systems to assure data quality and integrity

设计系统来保证数据质量和完整性

Systems should be designed in a way that encourages compliance with the principles of data integrity. Examples include:

系统设计方式应鼓励符合数据完整性性原则：

l Access to clocks for recording timed events

l 记录事件时间的时钟进入权限

l Accessibility of batch records at locations where activities take place so that ad hoc data recording and later transcription to official records is not necessary

l 让批记录摆放在活动进行的当地，这样就不需要临时数据记录然后转抄至正式记录

l Control over blank paper templates for data recording

l 数据记录所用的空白纸模板控制

l User access rights which prevent (or audit trail) data amendments

l 用户权限能防止（或审计追踪）数据修改

l Automated data capture or printers attached to equipment such as balances

l 仪器，如天平，附带的自动获取或打印数据设施

l Proximity of printers to relevant activities

l 打印机与相关活动邻近

l Access to sampling points (e.g. for water systems)

l 取样点进入权限（例如，水系统）

l Access to raw data for staff performing data checking activities.

l 员工进行数据检查时进入原始数据的权限

The use of scribes to record activity on behalf of another operator should be considered ‘exceptional’, and only take place where:

使用专门记录人员来代表另一个操作人员记录所实施的活动应只在例外下才考虑和发生，如

l The act of recording places the product or activity at risk e.g. documenting line interventions by sterile operators.

l 记录行为会使得产品或活动产生风险，例如，由无菌操作者进行静脉注射剂的生产线记录

l To accommodate cultural or staff literacy / language limitations, for instance where an activity is performed by an operator, but witnessed and recorded by a Supervisor or Officer.

l 陪同培养或员工文字/语言受限时，如一种活动由操作人员实施，但由主管或管理人员进行证明和记录

In both situations, the supervisory recording must be contemporaneous with the task being performed, and must identify both the person performing the observed task and the person completing the record. The person performing the observed task should countersign the record wherever possible, although it is accepted that this countersigning step will be retrospective. The process for supervisory (scribe) documentation completion should be described in an approved procedure, which should also specify the activities to which the process applies.

在两种情形下，主管记录必须与所实施的任务同步进行，且必须识别观察任务和完成记录的人的身份。只要可能，进行观察工作的人应会签记录。监管（记录）文件记录完成的过程应在一个批准程序里进行描述，还应说明该程序适用的活动。

Term

Definition

Expectation / guidance (where relevant)

术语

定义

期望/指南（相关时）

Data

Information derived or obtained from raw data (e.g. a reported analytical result)

Data must be:

A – attributable to the person generating the data

L – legible and permanent

C – contemporaneous

O – original (or ‘true copy’)

A – accurate

数据

从原始数据获得或衍生的信息（例如，所报告的检验结果）

数据必须：

A—可追踪至产生数据的人

L—清晰，能永久保存

C—同步

O—原始（或真实复制）

A—准确

Raw data

Original records and documentation, retained in the format in which they were originally generated (i.e. paper or electronic), or as a ‘true copy’. Raw data must be contemporaneously and accurately recorded by permanent means. In the case of basic electronic equipment which does not store electronic data, or provides only a printed data output (e.g. balance or pH meter), the printout constitutes the raw data.

Raw data must:

Be legible and accessible throughout the data lifecycle.

Permit the full reconstruction of the activities resulting in the generation of the data

原始数据

原始记录和文件，按原始产生的形式保留（即纸质或电子）或“真实复制”。原始数据必须是同步产生的，采用可以永久保留的方式准确记录。如果基础电子仪器不能存贮电子数据，或仅提供打印数据输出（例如，天平或pH计），则打印数据应成为原始数据。

原始数据必须：

清晰可读，在数据的整个生命周期内均可以获得

可以据原始数据对数据产生的整个活动进行重现

In the following definitions, the term 'data' includes raw data.

在以下定义中，术语“数据”包括原始数据。

Metadata:

Metadata is data that describe the attributes of other data, and provide context and meaning. Typically, these are data that describe the structure, data elements, inter-relationships and other characteristics of data. It also permits data to be attributable to an individual.

Example: data (bold text)

3.5

and metadata, giving context and meaning, (italic text) are:

sodium chloride batch 1234, 3.5mg. J Smith 01/07/14

Metadata forms an integral part of the original record. Without metadata, the data has no meaning.

元数据

元数据是指描述其它数据属性的数据，提供语境和含义。一般来说，这些数据描述数据的结构、数据要素、内在关系和其它数据特性。它还允许数据追踪至个体。

例如：数据（粗体）

3.5

和元数据，提供语境和意义（斜体）为

氯化钠批号1234，3.5mg.J Smith 01/07/14

元数据所形成原始记录不可分割的一部分，没有元数据，数据就没有意义。

Data Integrity

The extent to which all data are complete, consistent and accurate throughout the data lifecycle.

数据完整性

数据完整性应能保证在数据的整个生命周期内，所有数据均完全、一致和准确。

Data governance

The sum total of arrangements to ensure that data, irrespective of the format in which it is generated, is recorded, processed, retained and used to ensure a complete, consistent and accurate record throughout the data lifecycle.

Data governance should address data ownership throughout the lifecycle, and consider the design, operation and monitoring of processes / systems in order to comply with the principles of data integrity including control over intentional and unintentional changes to information.

Data Governance systems should include staff training in the importance of data integrity principles and the creation of a working environment that encourages an open reporting culture for errors, omissions and aberrant results.

Senior management is responsible for the implementation of systems and procedures to minimise the potential risk to data integrity, and for identifying the residual risk, using the principles of ICH Q9. Contract Givers should perform a similar review as part of their vendor assurance programme

数据管理

为保证数据，不论这些数据产生的形式如何，的记录、处理、保留和使用能保证在数据的整个生命周期内均完全、一致和准确所采取的措施的总和

数据管理应说明生命周期中数据所有权，要考虑对过程/系统的设计、操作和监控，以符合数据完整性原则，包括对信息有意和无意更改的控制。

数据管理系统应包括对员工进行数据完整性原则的重要性培训，以及创造工作环境鼓励公开报告错误、遗漏和异常结果的文化。

Data Lifecycle

All phases in the life of the data (including raw data) from initial generation and recording through processing (including transformation or migration), use, data retention, archive / retrieval and destruction.

The procedures for destruction of data should consider data criticality and legislative retention requirements. Archival arrangements should be in place for long term retention (in some cases, periods up to 30 years) for records such as batch documents, marketing authorisation application data, traceability data for human-derived starting materials (not an exhaustive list). Additionally, at least 2 years of data must be retrievable in a timely manner for the purposes of trend analysis and inspection.

数据的生命周期

数据（包括原始数据）自初始产生和记录，到处理（包括转化或移植）、使用、数据保留、存档/恢复和重建的整个生命阶段。

数据重建程序应考虑数据关键性和法规保留要求。对记录，例如批记录、上市许可申报数据、追踪性数据或人来源的起始物料（本清单未穷尽）应有长期保留的存档安排（在有些情况下，长达30年）。另外，至少2年的数据必须可以及时恢复用于趋势分析或现场检查。

Primary Record

The record which takes primacy in cases where data collected or retained concurrently by more than one method fail to concur.

In situations where the same information is recorded concurrently by more than one system, the data owner should define which system generates and retains the primary record, in case of discrepancy. The ‘primary record’ attribute should be defined in the quality system, and should not be changed on a case by case basis.

基准记录

采用不止一种方法同步收集数据而未能相互一致时作为基准的记录。

如果相同的信息采用不止一个系统同步记录，数据所有者应定义在差异时是哪个系统产生和保留基本记录。“基准记录”属性应在质量体系里定义，不应根据各案进行变更。

Original record / True Copy:

Original record: Data as the file or format in which it was originally generated, preserving the integrity (accuracy, completeness, content and meaning) of the record, e.g. original paper record of manual observation, or electronic raw data file from a computerised system

True Copy: An exact copy of an original record, which may be retained in the same or different format in which it was originally generated, e.g. a paper copy of a paper record, an electronic scan of a paper record, or a paper record of electronically generated data

Original records must preserve the integrity (accuracy, completeness, content and meaning) of the record. Exact (true) copies of original records may be retained in place of the original record (e.g. scan of a paper record), provided that a documented system is in place to verify and record the integrity of the copy.

It is conceivable for raw data generated by electronic means to be retained in an acceptable paper or pdf format. However, the data retention process must be shown to include verified copies of all raw data, metadata, relevant audit trail and result files, software / system configuration settings specific to each analytical run*, and all data processing runs (including methods and audit trails) necessary for reconstruction of a given raw data set. It would also require a documented means to verify that the printed records were an accurate representation. This approach is likely to be onerous in its administration to enable a GMP compliant record.

* computerised system configuration settings should be defined, tested and ‘locked’ as part of computer system validation. Only those variable settings which relate to an analytical run would be considered as electronic raw data.

原始记录/真实复制

原始记录：

原始记录必须保留记录的完整性（准确性、完全性、内容和含义）。如果有一个文件记录体系来确认和记录复印件的完整性，则也可以采用真实复印件代替原件（例如，纸质记录扫描）进行保存。

可以对电子方式产生的原始数据进行纸质或PDF格式保存，但必须显示数据的留存过程，以包括所有原始数据、元数据、相关审计追踪和结果文件、每一分析运行过程中软件/系统设置标准，一个给定的原始数据系列重建所需的所有数据处理运行情况（包括方法和审计追踪），经过确认的复本。还要求有一个书面方法来确认打印的记录是准确的重现。该方法可能使符合GMP的记录管理变得繁杂。

*计算机系统参数设置应作为计算机系统验证的一部分进行界定、测试和“锁定”。只有与分析运行相关的变量设定才会被认为是电子原始数据。

Computer system transactions:

A computer system transaction is a single operation or sequence of operations performed as a single logical ‘unit of work’. The operation(s) that make up a transaction are not saved as a permanent record on durable storage until the user commits the transaction through a deliberate act (e.g. pressing a save button).

The metadata (i.e., user name, date, and time) is not captured in the system audit trail until the user commits the transaction.

In Manufacturing Execution Systems (MES), an electronic signature is often required by the system in order for the record to be saved and become permanent.

Computer systems should be designed to ensure that the execution of critical operations are recorded contemporaneously by the user and are not combined into a single computer system transaction with other operations. A critical processing step is a parameter that must be within an appropriate limit, range, or distribution to ensure the desired product quality. These should be reflected in the process control strategy.

Examples of 'units of work':

Weighing of individual materials

Entry of process critical manufacturing / analytical parameters

Verification of the identity of each component or material that will be used in a batch

Verification of the addition of each individual raw material to a batch (e.g. when the sequence of addition is considered critical to process control – see figure 2)

Addition of multiple pre-weighed raw materials to bulk vessel when required as a single manufacturing step (e.g. when the sequence of addition is not considered critical to process control – see figure 3)

计算机系统处理

计算机系统处理是一个单独的操作或一系列作为单个逻辑“工作单元”的操作，组成一个处理，在用户通过一个清楚的动作认可前不会长期存贮作为永久的记录（例如，按下保存按键）。在用户认可该处理前，元数据（即用户名、日期和时间）不会被审计追踪系统捕捉到。在生产执行系统中，系统通常会要求一个电子签名以使记录得以存贮成为永久记录。

计算机系统的设计应保证关键操作的执行被用户同步记录，不会与其它操作一起被合并为一个单独的计算机系统处理。一个关键处理步骤是一个参数，必须在一个适当的限度、范围内，或分配范围内，以保证所需的产品质量。这些应反映在工艺控制策略中。

“工作单元”的例子：

单个原料的称重

关键生产/分析参数的处理输入

将用于一个批次的每个成分或原料的识别确认

要向一个批次中增加每一种原料的确认（例如，如果加料顺序被认为是工艺控制的关键参数---参见图2）

作为一个单独的生产步骤，需要向大罐中添加多种预称重的原料（例如，添加顺序被认为对工艺控制并不关键----参见图3）

说明: 201501 MHRA数据完整性指南 - Julia - 成功是永远的追逐，追逐是永远的成功

Audit Trail

GMP audit trails are metadata that are a record of GMP critical information (for example the change or deletion of GMP relevant data).

Where computerised systems are used to capture, process, report or store raw data electronically, system design should always provide for the retention of full audit trails to show all changes to the data while retaining previous and original data. It should be possible to associate all changes to data with the persons making those changes, and changes should be time stamped and a reason given. Users should not have the ability to amend or switch off the audit trail.

The relevance of data retained in audit trails should be considered by the company to permit robust data review / verification. The items included in audit trail should be those of relevance to permit reconstruction of the process or activity. It is not necessary for audit trail review to include every system activity (e.g. user log on/off, keystrokes etc.), and may be achieved by review of designed and validated system reports.

Audit trail review should be part of the routine data review / approval process, usually performed by the operational area which has generated the data (e.g. laboratory). There should be a mechanism to confirm that a review of the audit trail has taken place. When designing a system for review of audit trails, this may be limited to those with GMP relevance (e.g. relating to data creation, processing, modification and deletion etc). Audit trails may be reviewed as a list of relevant data, or by a validated ‘exception reporting’ process. QA should also review a sample of relevant audit trails, raw data and metadata as part of self inspection to ensure on-going compliance with the data governance policy / procedures.

If no audit trailed system exists a paper based audit trail to demonstrate changes to data will be permitted until a fully audit trailed (integrated system or independent audit software using a validated interface) system becomes available. These hybrid systems are currently permitted, where they achieve equivalence to integrated audit trail described in Annex 11 of the GMP Guide. If such equivalence cannot be demonstrated, it is expected that facilities should upgrade to an audit trailed system by the end of 2017.

审计追踪

如果计算机系统用于电子捕获、处理、报告或存贮原始数据，系统设计应能保持提供全面审计追踪的保存，在保存之前和原始和数据时显示对数据进行的所有更改。伴随对数据的所有更改，应可以显示做这些更改的人，更改均应有时间记录，并给出理由。用户不应具备修订或关闭审计追踪的能力。

公司应考虑保存在审计追踪里的数据的相关性，以使得全面的数据审核/确认成为可能。包括在审计追踪里的项目应是那些关于允许重建过程或活动的参数，审计追踪审核不需要包括每个系统活动（例如，用户登录/退出，键盘敲击等），可以通过对经过设计和验证的系统报告进行审核来达到目的。

审计追踪审核应是日常数据审核/批准过程的一部分，通常由产生数据的操作区域（例如，化验室）来实施。应该具备一种机制来确认进行了审计追踪的审核。在设计一个系统对审计追踪进行审核时，可能会局限于GMP相关性（例如，关于数据创建、处理、修正和删除等）。审计追踪可以作为相关性数据清单来审核，或由一个验证过的“例外报告”过程来审核。QA也应该审核样品的相关审计追踪、原始数据和元数据，作为自检的一部分，来保证与数据管理方针/程序的现行符合性。

如果没有审计追踪系统，则在全面审计追踪（整合的系统或使用一个验证过的界面的独立的审计软件）系统可以实施前，基于审计追踪的纸来证明对数据的更改也是允许的。只要它们可以等同达到GMP指南附录11中所述的整合审计追踪目的，这些混合系统目前是允许的。如果不能证明该等同性，则期望工厂在2017年底前将其升级至审计追踪系统。

Data Review

There should be a procedure which describes the process for the review and approval of data, including raw data. Data review must also include a review of relevant metadata, including audit trail.

Data review must be documented.

A procedure should describe the actions to be taken if data review identifies an error or omission. This procedure should enable data corrections or clarifications to be made in a GMP compliant manner, providing visibility of the original record, and audit trailed traceability of the correction, using ALCOA principles (see ‘data’ definition).

数据审核

应有一个程序描述对数据，包括原始数据，的审核和批准。数据审核还必须包括对相关元数据的审核，包括审计追踪。数据审核必须进行书面记录。

应有一个程序描述如果数据审核发现错误或遗漏时应采取的措施。该程序应使得对数据的修正或澄清以符合GMP的方式进行，使用ALCOA原则，提供修正所涉及的原始记录的可见性，和审计追踪的追溯性（参见“数据”的定义）。

Computerised system user access / system administrator roles

Full use should be made of access levels to ensure that people have access only to functionality that is appropriate for their job role. Facilities must be able to demonstrate the access levels granted to individual staff members and ensure that historical information regarding user access level is available.

Shared logins are not acceptable. Where the computerised system design supports individual user access, this function must be used. This may require the purchase of additional licences.

It is acknowledged that some computerised systems support only a single user login or limited numbers of user logins. Where alternative computerised systems have the ability to provide the required number of unique logins, facilities should upgrade to an appropriate system by the end of 2017. Where no suitable alternative computerised system is available, a paper based method of providing traceability will be permitted. The lack of suitability of alternative systems should be justified based on a review of system design, and documented.

System administrator access should be restricted to the minimum number of people possible taking account of the size and nature of the organisation.

System Administrator rights (permitting activities such as data deletion, database amendment or system configuration changes) should not be assigned to individuals with a direct interest in the data (data generation, data review or approval). Where this is unavoidable in the organisational structure, a similar level of control may be achieved by the use of dual user accounts with different privileges. All changes performed under system administrator access must be visible to, and approved within, the quality system.

The individual should log in using the account with the appropriate access rights for the given task e.g. a laboratory manager performing data checking should not log in as system administrator where a more appropriate level of access exists for that task.

计算机化系统用户权限/系统管理员职责

应对进入权限的功能进行全面使用，以保证人员只具有与完成其工作职责相当的操作权限。工厂必须可以证明赋予给个人的登录层级，保证可以获得关于用户进入级别的历史信息。

采用相同的登录名和密码是不能接受的。如果计算机系统设计支持单个用户登录，则必须使用该功能。这可能要求购买额外的许可。

大家知道有些计算机系统仅支持一个用户登录，或有限数据用户登录。如果有可替代的计算机系统具备提供所需数据唯一登录的能力，工厂应在2017年底升级至适当的系统。如果没有适当的可替代计算机系统，则允许采用纸质方式来提供追踪。缺乏可替代系统的适用性应基于对系统设计的审核进行论证，并进行书面记录。

系统管理员权限应根据组织机构的规模和属性而限于最少人数。

系统管理员的权利（允许的活动如数据删除、数据库修正或系统参数更改）不应被赋予对数据有直接利益的个人（数据产生、数据审核或批准）。如果在组织机构内无法避免，则应使用不同特权的双重用户账号来达到类似水平的控制。所有在系统管理员权限下实施的变更必须可以由质量体系看见，并在质量体系内进行批准。

个人应采用适当的进入权限进行登录来执行指定的任务，例如，如果有一个更适合该任务操作的已有权限，则化验室经理实施数据检查不应采用系统管理员身份登录。

Data retention

Raw data (or a true copy thereof) generated in paper format may be retained for example by scanning, provided that there is a process in place to ensure that the copy is verified to ensure its completeness.

Data retention may be classified as archive or backup

Data and document retention arrangements should ensure the protection of records from deliberate or inadvertent alteration or loss.

Secure controls must be in place to ensure the data integrity of the record throughout the retention period, and validated where appropriate.

Where data and document retention is contracted to a third party, particular attention should be paid to understanding the ownership and retrieval of data held under this arrangement. The physical location in which the data is held, including impact of any laws applicable to that geographic location should also be considered. The responsibilities of the contract giver and acceptor must be defined in a contract as described in Chapter 7 of the GMP Guide

数据保留

由纸质形式产生的原始数据（或真实复制本）可以采用例如扫描方式保留，如果有程序保证该复制的完整性是经过确认的话。

数据保留可以分为“存档”或“备份”。

数据和记录保留的安排应保证能保护记录被蓄意或无意篡改或丢失。

必须有安全控制来保证记录在整个保留期间的数据完整性，并在适当时进行验证。

如果数据和记录保留是委托给第三方进行，应特别注意对第三方的了解，以及在此情况下数据情况的安排。还要考虑数据所在的物理位置，包括地理位置可能适用的所有法律问题。合同委托方的责任和合同接受方的责任必须以GMP指南中第7章的合同形式描述。

Archive

Long term, permanent retention of completed data and relevant metadata in its final form for the purposes of reconstruction of the process or activity.

Archive records should be locked such that they cannot be altered or deleted without detection and audit trail.

The archive arrangements must be designed to permit recovery and readability of the data and metadata throughout the required retention period.

存档

完整的数据和相关的元数据以其最终形式进行长期永久保留，以达到过程或活动重建的目的。

存档记录应落锁，保证其不能在未被察觉和审计跟踪情况下被篡改或删除。

存档安排的设计必须允许数据和元数据在所要求的整个保留时期内可以被恢复和读取。

Backup

A copy of current (editable) data, metadata and system configuration settings (variable settings which relate to an analytical run) maintained for the purpose of disaster recovery.

Backup and recovery processes must be validated.

备份

现行的（可编辑的）数据、元数据和系统参数设置（与分析运行相关的变量设置）为了灾难恢复的目的进行保留。

备份和恢复过程必须进行验证。

File structure

文件结构

Flat files:

A 'flat file' is an individual record which may not carry with it all relevant metadata (e.g. pdf, dat, doc ).

Flat files may carry basic metadata relating to file creation and date of last amendment, but cannot audit trail the type and sequence of amendments. When creating flat file reports from electronic data, the metadata and audit trails relating to the generation of the raw data is also lost, unless these are retained as a ‘true copy’.

There is an inherently greater data integrity risk with flat files (e.g. when compared to data contained within a relational database), in that these are easier to manipulate and delete as a single file.

扁平式文件

“扁平式文件”是指单个记录，其可能不带有任何相关的元数据（例如，PDF、DAT、DOC文件）。

扁平式文件可能带有与文件创建和最后修订日期的基本元数据，但不能对修订的类型和顺序进行审计追踪。在从电子数据创建扁平式文件报告时，如果不是以“真实复制”的方式进行保留，与原始数据产生相关的元数据和审计追踪也会被丢失。

扁平式文件具有天生的更大的数据完整性风险（例如，相比于相关性数据库里保存的数据），这时作为单个文件，它更容易被捏造和删除。

Relational database:

A relational database stores different components of associated data and metadata in different places. Each individual record is created and retrieved by compiling the data and metadata for review.

This file structure is inherently more secure, as the data does not exist in a single file.

Retrieval of information from a relational database requires a database search tool, or the original application which created the record.

相关性数据库

相关性数据库在不同位置存贮不同的相关数据和元数据内容。每个单个记录由汇总的数据和元数据进行创建和恢复，用于审核。

这种文件结构内在的安全性更好，因为数据不是以单个文件的形式存在。

从一个相关性数据库中懒得信息需要一个数据库搜索工具，或创建该记录的原始应用软件。

Validation – for intended purpose (See also Annex 15 and GAMP 5)

Computerised systems should comply with the requirements of EU GMP Annex 11 and be validated for their intended purpose. This requires an understanding of the computerized system’s function within a process. For this reason, the acceptance of vendor-supplied validation data in isolation of system configuration and intended use is not acceptable. In isolation from the intended process or end user IT infrastructure, vendor testing is likely to be limited to functional verification only, and may not compute the requirements for performance qualification.

For example – validation of computerized system audit trail

A custom report generated from a relational database may be used as a GMP system audit trail.

SOPs should be drafted during OQ to describe the process for audit trail verification, including definition of the data to be reviewed.

‘Validation for intended use’ would include testing during PQ to confirm that the required data is correctly extracted by the custom report, and presented in a manner which is aligned with the data review process described in the SOP.

根据既定用途进行验证

（参见附录15和GAMP5）

计算机系统应符合EU GMP附录11的要求，并根据其既定用途进行验证。这就要求理解计算机系统在处理过程中的功能。为此，供应商提供的独立于系统参数和既定用途以外的验证数据的可接受标准是不被接受的。脱离了既定的工艺或终端用户的IT硬件设施，供应商的测试可能仅局限于功能确认，可能不能达到性能确认的要求。

例如---计算机系统审计追踪的验证

从一个相关性数据库中订制报告可以用作GMP系统的审计追踪

SOP应在OQ过程中起草，描述审计追踪确认的过程，包括要审核的数据的定义

“根据其既定用途进行验证”应包括PQ中的测试，以确认所需求的数据由订制报告正确提取，其表述方式与SOP中描述的数据审核过程相符合

数据完整性的“指南针”——MHRA发布GMP数据完整性指南

2015-02-03 康利华咨询 GMP行业新闻

说明: http://mmbiz./mmbiz/cI0QmibG1ShsJDjQ1Q65txrwGgaW2nibhkchjDibY5GfrF5Op9WaJF7nrGCDH9aWv3yamsZic4UP23tRVdyEnuaJxw/0

近期，多家药企因为GMP数据完整性问题导致检查失败，正当药企为如何做好GMP数据完整性而迷茫时，MHRA发布了关于GMP数据完整性的行业指南，为药企指明了方向。

在该指南中，首先对数据完整性概念、重要性以及适用范围做了概要说明；然后在“ 建立数据的关键程度和内在的完整性风险（Establishing data criticality and inherent integrity risk）”和“设计系统以保证数据质量和完整性（Designing systems to assure data quality and integrity）”两个方面对数据完整性进行了详细的论述，强调数据完整性的控制程度应该与其风险程度相一致；最后，该指南使用列表的方式，从“定义（Definition）”和“期望/指南（Expectation / guidance）”两个方面对数据完整性的多个方面进行了详细描述，这些方面主要包括以下几个方面：

数据（Data）

原始数据（Rawdata）

元数据（Metadata）

数据完整性（Data Integrity）

数据管理（Data governance）

数据生命周期（Data Lifecycle）

首要记录（Primary Record）

原始记录/准确副本（Original record / True Copy）

计算机系统事项（Computer system transactions）

审计追踪（Audit Trail）

数据回顾（Data Review）

计算机化系统使用者权限/系统管理员职责（Computerised system user access / system administrator roles）

数据保留（Data retention）

存档（Archive）

备份（Backup）

文件结构（File structure）

平面文件（Flat files）

相关数据库（Relational database）

根据既定用途进行验证（Validation - for intended purpose）

【原文翻译】

MHRA GMP数据完整性定义和工业指南

概要：

数据完整性是药物质量体系的基础，药物质量体系保证药品是符合既定质量要求的系统。本文件向制药行业提供了关于GMP数据完整性期望方面的MHRA指南。本指南是对现有EU GMP的补充，并且在解读时应该联系国家药品法规和已经在Eudralex第四卷出版的GMP标准。

数据管理系统是EU GMP 第一章节中描述的药品质量体系不可或缺的一部分。在数据管理方面分配的资源和精力应该与产品质量风险相一致，并且应该与其他的质量保证资源需求相协调。实际上，在数据核对方面，并不期望生产商和分析实验室建立辩证的方法，只要建立并执行这样一个系统就可以：这个系统基于数据完整性风险提供了一个可以接受的控制状态，并且被完整记录的支持性证据。

对数据完整性的要求同样适用于手册和电子数据。制造商和分析实验室应该意识到从自动的/计算机化的系统恢复到手工的/纸基的系统并不能完全的去除对数据完整性控制的需求。这可能也会造成不能符合法规2001/83/EC的第23条款，该条款要求授权的持有者考虑科学和技术进步，并且能够使药品以一种可接受的科学的方式生产和检查。

在这个指南当中，使用了超链接的方式解释相关的定义。

建立数据的关键程度和内在的完整性风险：

除了一个包括相应政策以及对人员进行数据完整重要性培训的全面的数据管理系统，还应该考虑将组织（例如，程序）和技术控制（例如，计算机系统访问控制）应用于质量系统的不同领域。在数据生命周期元素的组织和技术控制方面投入的精力程度和资源应该与其对产品质量属性影响的关键程度相一致。

数据可能是通过人工观察的纸质记录产生的，或者是来源于设备——从简单设备到复杂的高配置的计算机化系统产生的图谱。数据完整性的内在风险可能不同，这依赖于数据（或者系统产生或者使用数据）可被设定和潜在捏造的程度。

图表1：此图表用来说明从简单设备（左边）到复杂的计算机化设备（右边）产生的图谱以及打印出来的“原始数据”的相关性。

按照图表1，简单的系统（例如pH计和天平）可能只需要校验，但是复杂的系统需要根据预定用途进行验证。验证的程度从图表的左边到右边依次增加。然而，企业忽视明显低复杂性的系统是很常见的。在这些系统中，有可能为了获得期望的结果而伪造或者重复测试，而且不易发现（例如，用户控制输出的独立系统，比如傅里叶变换红外光谱，紫外分光光度计）。

设计系统以保证数据质量和完整性：

应该以鼓励符合数据完整性原则的方式设计系统，例如：