|
Audit Trail GMP audit trails are metadata that are a record of GMP critical information (for example the change or deletion of GMP relevant data). Where computerised systems are used to capture, process, report or store raw data electronically, system design should always provide for the retention of full audit trails to show all changes to the data while retaining previous and original data. It should be possible to associate all changes to data with the persons making those changes, and changes should be time stamped and a reason given. Users should not have the ability to amend or switch off the audit trail. The relevance of data retained in audit trails should be considered by the company to permit robust data review / verification. The items included in audit trail should be those of relevance to permit reconstruction of the process or activity. It is not necessary for audit trail review to include every system activity (e.g. user log on/off, keystrokes etc.), and may be achieved by review of designed and validated system reports. Audit trail review should be part of the routine data review / approval process, usually performed by the operational area which has generated the data (e.g. laboratory). There should be a mechanism to confirm that a review of the audit trail has taken place. When designing a system for review of audit trails, this may be limited to those with GMP relevance (e.g. relating to data creation, processing, modification and deletion etc). Audit trails may be reviewed as a list of relevant data, or by a validated ‘exception reporting’ process. QA should also review a sample of relevant audit trails, raw data and metadata as part of self inspection to ensure on-going compliance with the data governance policy / procedures. If no audit trailed system exists a paper based audit trail to demonstrate changes to data will be permitted until a fully audit trailed (integrated system or independent audit software using a validated interface) system becomes available. These hybrid systems are currently permitted, where they achieve equivalence to integrated audit trail described in Annex 11 of the GMP Guide. If such equivalence cannot be demonstrated, it is expected that facilities should upgrade to an audit trailed system by the end of 2017. 审计追踪
如果计算机系统用于电子捕获、处理、报告或存贮原始数据,系统设计应能保持提供全面审计追踪的保存,在保存之前和原始和数据时显示对数据进行的所有更改。伴随对数据的所有更改,应可以显示做这些更改的人,更改均应有时间记录,并给出理由。用户不应具备修订或关闭审计追踪的能力。 公司应考虑保存在审计追踪里的数据的相关性,以使得全面的数据审核/确认成为可能。包括在审计追踪里的项目应是那些关于允许重建过程或活动的参数,审计追踪审核不需要包括每个系统活动(例如,用户登录/退出,键盘敲击等),可以通过对经过设计和验证的系统报告进行审核来达到目的。 审计追踪审核应是日常数据审核/批准过程的一部分,通常由产生数据的操作区域(例如,化验室)来实施。应该具备一种机制来确认进行了审计追踪的审核。在设计一个系统对审计追踪进行审核时,可能会局限于GMP相关性(例如,关于数据创建、处理、修正和删除等)。审计追踪可以作为相关性数据清单来审核,或由一个验证过的“例外报告”过程来审核。QA也应该审核样品的相关审计追踪、原始数据和元数据,作为自检的一部分,来保证与数据管理方针/程序的现行符合性。 如果没有审计追踪系统,则在全面审计追踪(整合的系统或使用一个验证过的界面的独立的审计软件)系统可以实施前,基于审计追踪的纸来证明对数据的更改也是允许的。只要它们可以等同达到GMP指南附录11中所述的整合审计追踪目的,这些混合系统目前是允许的。如果不能证明该等同性,则期望工厂在2017年底前将其升级至审计追踪系统。 Data Review
There should be a procedure which describes the process for the review and approval of data, including raw data. Data review must also include a review of relevant metadata, including audit trail. Data review must be documented. A procedure should describe the actions to be taken if data review identifies an error or omission. This procedure should enable data corrections or clarifications to be made in a GMP compliant manner, providing visibility of the original record, and audit trailed traceability of the correction, using ALCOA principles (see ‘data’ definition). 数据审核
应有一个程序描述对数据,包括原始数据,的审核和批准。数据审核还必须包括对相关元数据的审核,包括审计追踪。数据审核必须进行书面记录。 应有一个程序描述如果数据审核发现错误或遗漏时应采取的措施。该程序应使得对数据的修正或澄清以符合GMP的方式进行,使用ALCOA原则,提供修正所涉及的原始记录的可见性,和审计追踪的追溯性(参见“数据”的定义)。 Computerised system user access / system administrator roles
Full use should be made of access levels to ensure that people have access only to functionality that is appropriate for their job role. Facilities must be able to demonstrate the access levels granted to individual staff members and ensure that historical information regarding user access level is available. Shared logins are not acceptable. Where the computerised system design supports individual user access, this function must be used. This may require the purchase of additional licences. It is acknowledged that some computerised systems support only a single user login or limited numbers of user logins. Where alternative computerised systems have the ability to provide the required number of unique logins, facilities should upgrade to an appropriate system by the end of 2017. Where no suitable alternative computerised system is available, a paper based method of providing traceability will be permitted. The lack of suitability of alternative systems should be justified based on a review of system design, and documented. System administrator access should be restricted to the minimum number of people possible taking account of the size and nature of the organisation. System Administrator rights (permitting activities such as data deletion, database amendment or system configuration changes) should not be assigned to individuals with a direct interest in the data (data generation, data review or approval). Where this is unavoidable in the organisational structure, a similar level of control may be achieved by the use of dual user accounts with different privileges. All changes performed under system administrator access must be visible to, and approved within, the quality system. The individual should log in using the account with the appropriate access rights for the given task e.g. a laboratory manager performing data checking should not log in as system administrator where a more appropriate level of access exists for that task. 计算机化系统用户权限/系统管理员职责
应对进入权限的功能进行全面使用,以保证人员只具有与完成其工作职责相当的操作权限。工厂必须可以证明赋予给个人的登录层级,保证可以获得关于用户进入级别的历史信息。 采用相同的登录名和密码是不能接受的。如果计算机系统设计支持单个用户登录,则必须使用该功能。这可能要求购买额外的许可。 大家知道有些计算机系统仅支持一个用户登录,或有限数据用户登录。如果有可替代的计算机系统具备提供所需数据唯一登录的能力,工厂应在2017年底升级至适当的系统。如果没有适当的可替代计算机系统,则允许采用纸质方式来提供追踪。缺乏可替代系统的适用性应基于对系统设计的审核进行论证,并进行书面记录。 系统管理员权限应根据组织机构的规模和属性而限于最少人数。 系统管理员的权利(允许的活动如数据删除、数据库修正或系统参数更改)不应被赋予对数据有直接利益的个人(数据产生、数据审核或批准)。如果在组织机构内无法避免,则应使用不同特权的双重用户账号来达到类似水平的控制。所有在系统管理员权限下实施的变更必须可以由质量体系看见,并在质量体系内进行批准。 个人应采用适当的进入权限进行登录来执行指定的任务,例如,如果有一个更适合该任务操作的已有权限,则化验室经理实施数据检查不应采用系统管理员身份登录。 Data retention
Raw data (or a true copy thereof) generated in paper format may be retained for example by scanning, provided that there is a process in place to ensure that the copy is verified to ensure its completeness. Data retention may be classified as archive or backup Data and document retention arrangements should ensure the protection of records from deliberate or inadvertent alteration or loss. Secure controls must be in place to ensure the data integrity of the record throughout the retention period, and validated where appropriate. Where data and document retention is contracted to a third party, particular attention should be paid to understanding the ownership and retrieval of data held under this arrangement. The physical location in which the data is held, including impact of any laws applicable to that geographic location should also be considered. The responsibilities of the contract giver and acceptor must be defined in a contract as described in Chapter 7 of the GMP Guide 数据保留
由纸质形式产生的原始数据(或真实复制本)可以采用例如扫描方式保留,如果有程序保证该复制的完整性是经过确认的话。 数据保留可以分为“存档”或“备份”。 数据和记录保留的安排应保证能保护记录被蓄意或无意篡改或丢失。 必须有安全控制来保证记录在整个保留期间的数据完整性,并在适当时进行验证。 如果数据和记录保留是委托给第三方进行,应特别注意对第三方的了解,以及在此情况下数据情况的安排。还要考虑数据所在的物理位置,包括地理位置可能适用的所有法律问题。合同委托方的责任和合同接受方的责任必须以GMP指南中第7章的合同形式描述。 Archive Long term, permanent retention of completed data and relevant metadata in its final form for the purposes of reconstruction of the process or activity. Archive records should be locked such that they cannot be altered or deleted without detection and audit trail. The archive arrangements must be designed to permit recovery and readability of the data and metadata throughout the required retention period. 存档 完整的数据和相关的元数据以其最终形式进行长期永久保留,以达到过程或活动重建的目的。 存档记录应落锁,保证其不能在未被察觉和审计跟踪情况下被篡改或删除。 存档安排的设计必须允许数据和元数据在所要求的整个保留时期内可以被恢复和读取。 Backup A copy of current (editable) data, metadata and system configuration settings (variable settings which relate to an analytical run) maintained for the purpose of disaster recovery. Backup and recovery processes must be validated. 备份 现行的(可编辑的)数据、元数据和系统参数设置(与分析运行相关的变量设置)为了灾难恢复的目的进行保留。 备份和恢复过程必须进行验证。 File structure
文件结构
Flat files: A 'flat file' is an individual record which may not carry with it all relevant metadata (e.g. pdf, dat, doc ). Flat files may carry basic metadata relating to file creation and date of last amendment, but cannot audit trail the type and sequence of amendments. When creating flat file reports from electronic data, the metadata and audit trails relating to the generation of the raw data is also lost, unless these are retained as a ‘true copy’. There is an inherently greater data integrity risk with flat files (e.g. when compared to data contained within a relational database), in that these are easier to manipulate and delete as a single file. 扁平式文件 “扁平式文件”是指单个记录,其可能不带有任何相关的元数据(例如,PDF、DAT、DOC文件)。 扁平式文件可能带有与文件创建和最后修订日期的基本元数据,但不能对修订的类型和顺序进行审计追踪。在从电子数据创建扁平式文件报告时,如果不是以“真实复制”的方式进行保留,与原始数据产生相关的元数据和审计追踪也会被丢失。 扁平式文件具有天生的更大的数据完整性风险(例如,相比于相关性数据库里保存的数据),这时作为单个文件,它更容易被捏造和删除。 Relational database: A relational database stores different components of associated data and metadata in different places. Each individual record is created and retrieved by compiling the data and metadata for review. This file structure is inherently more secure, as the data does not exist in a single file. Retrieval of information from a relational database requires a database search tool, or the original application which created the record. 相关性数据库 相关性数据库在不同位置存贮不同的相关数据和元数据内容。每个单个记录由汇总的数据和元数据进行创建和恢复,用于审核。 这种文件结构内在的安全性更好,因为数据不是以单个文件的形式存在。 从一个相关性数据库中懒得信息需要一个数据库搜索工具,或创建该记录的原始应用软件。 Validation – for intended purpose (See also Annex 15 and GAMP 5)
Computerised systems should comply with the requirements of EU GMP Annex 11 and be validated for their intended purpose. This requires an understanding of the computerized system’s function within a process. For this reason, the acceptance of vendor-supplied validation data in isolation of system configuration and intended use is not acceptable. In isolation from the intended process or end user IT infrastructure, vendor testing is likely to be limited to functional verification only, and may not compute the requirements for performance qualification. For example – validation of computerized system audit trail A custom report generated from a relational database may be used as a GMP system audit trail. SOPs should be drafted during OQ to describe the process for audit trail verification, including definition of the data to be reviewed. ‘Validation for intended use’ would include testing during PQ to confirm that the required data is correctly extracted by the custom report, and presented in a manner which is aligned with the data review process described in the SOP. 根据既定用途进行验证 (参见附录15和GAMP5)
计算机系统应符合EU GMP附录11的要求,并根据其既定用途进行验证。这就要求理解计算机系统在处理过程中的功能。为此,供应商提供的独立于系统参数和既定用途以外的验证数据的可接受标准是不被接受的。脱离了既定的工艺或终端用户的IT硬件设施,供应商的测试可能仅局限于功能确认,可能不能达到性能确认的要求。 例如---计算机系统审计追踪的验证 从一个相关性数据库中订制报告可以用作GMP系统的审计追踪 SOP应在OQ过程中起草,描述审计追踪确认的过程,包括要审核的数据的定义 “根据其既定用途进行验证”应包括PQ中的测试,以确认所需求的数据由订制报告正确提取,其表述方式与SOP中描述的数据审核过程相符合 |
|
|
