歐盟GMP附錄11-計算機(jī)系統(tǒng)(中英文對照)

EUROPEANCOMMISSION歐盟委員會HEALTHANDCONSUMERSDIRECTORATE-GENERAL衛(wèi)生與消費(fèi)者協(xié)會PublicHealthandRiskAssessment公共衛(wèi)生與風(fēng)險評估Pharmaceuticals藥品Brussels,SANCO/C8/AM/sl/ares(2010)1064599EudraLexTheRulesGoverningMedicinalProductsintheEuropeanUnion歐盟藥品生產(chǎn)規(guī)范Volume4卷4GoodManufacturingPracticeMedicinalProductsforHumanandVeterinaryUse人用與獸用藥品良好生產(chǎn)管理規(guī)范Annex11:ComputerisedSystems附件11：計算機(jī)系統(tǒng)Legalbasisforpublishingthedetailedguidelines:Article47ofDirective2001/83/EContheCommunitycoderelatingtomedicinalproductsforhumanuseandArticle51ofDirective2001/82/EContheCommunitycoderelatingtoveterinarymedicinalproducts.Thisdocumentprovidesguidancefortheinterpretationoftheprinciplesandguidelinesofgoodmanufacturingpractice(GMP)formedicinalproductsaslaiddowninDirective2003/94/ECformedicinalproductsforhumanuseandDirective91/412/EECforveterinaryuse.依法發(fā)布的具體指導(dǎo)方針：

2001/83/EC

第

47條人用藥品規(guī)范和

2001/82/EC

第

51

條獸用藥品規(guī)范。此文件為

2003/94/EC

人用藥品和

91/412/EEC

獸用藥品

GMP

法規(guī)、指導(dǎo)方針的解釋提供了指導(dǎo)。Statusofthedocument:

revision1文件版本：修訂本

1Reasonsforchanges: theAnnexhasbeenrevisedinresponsetotheincreaseduseof computerised systems and the increased complexity of these systems.ConsequentialamendmentsarealsoproposedforChapter4oftheGMPGuide.修訂原因：為增強(qiáng)計算機(jī)系統(tǒng)的功能和復(fù)雜性而修訂此附件。

相應(yīng)修正案也已被提議作為

GMP

指南的第

4章。Deadlineforcomingintooperation:2011生效時間：2011年6月30日

30JunePrinciple 總則ThisannexappliestoallformsofcomputerisedsystemsusedaspartofaGMPregulatedactivities.Acomputerisedsystemisasetofsoftwareandhardwarecomponentswhichtogetherfulfillcertainfunctionalities.此附件適用于符合 GMP生產(chǎn)要求的所有形式的計算機(jī)系統(tǒng)。計算機(jī)系統(tǒng)是實(shí)現(xiàn)某項特定功能的軟件和硬件的組合。Theapplicationshouldbevalidated;ITinfrastructureshouldbequalified.應(yīng)用程序應(yīng)驗證， IT基礎(chǔ)設(shè)施應(yīng)有權(quán)限設(shè)置。Whereacomputerisedsystemreplacesamanualoperation,thereshouldbenoresultantdecreaseinproductquality,processcontrolorqualityassurance.Thereshouldbenoincreaseintheoverallriskoftheprocess.用計算機(jī)系統(tǒng)代替手動操作應(yīng)不對產(chǎn)品質(zhì)量、過程控制和質(zhì)量保證以及過程的整體風(fēng)險產(chǎn)生影響。General 常規(guī)1.RiskManagement 風(fēng)險管理Riskmanagementshouldbeappliedthroughoutthelifecycleofthecomputerisedsystemtakingintoaccountpatientsafety,dataintegrityandproductquality.Aspartofariskmanagementsystem,decisionsontheextentofvalidationanddataintegritycontrolsshouldbebasedonajustifiedanddocumentedriskassessmentofthecomputerisedsystem.風(fēng)險管理應(yīng)貫穿整個計算機(jī)系統(tǒng)生命周期，以保證病人安全、數(shù)據(jù)完整性和產(chǎn)品質(zhì)量。作為風(fēng)險管理系統(tǒng)的一部分，由計算機(jī)系統(tǒng)風(fēng)險評估決定驗證范圍和數(shù)據(jù)完整性控制。2.Personnel人員ThereshouldbeclosecooperationbetweenallrelevantpersonnelsuchasProcessOwner,SystemOwner,QualifiedPersonsandIT.Allpersonnelshouldhaveappropriatequalifications,levelofaccessanddefinedresponsibilitiestocarryouttheirassignedduties.所有有關(guān)人員（如工藝管理員、系統(tǒng)管理員、質(zhì)檢員和 IT人員）應(yīng)緊密合作。這些人員應(yīng)具有相應(yīng)的資格證書、使用權(quán)限和定義好的相關(guān)工作職責(zé)。3.SuppliersandServiceProviders 供應(yīng)商和服務(wù)供應(yīng)商3.1Whenthirdparties(e.g.suppliers,serviceproviders)areusede.g.toprovide,install,configure,integrate,validate,maintain(e.g.viaremoteaccess),modifyorretainacomputerisedsystemorrelatedserviceorfordataprocessing,formalagreementsmustexistbetweenthemanufacturerandanythirdparties,andtheseagreementsshouldincludeclearstatementsoftheresponsibilitiesofthethirdparty.IT-departmentsshouldbeconsideredanalogous.3.1當(dāng)?shù)谌?如供應(yīng)商、服務(wù)供應(yīng)商 )為計算機(jī)系統(tǒng)、 相關(guān)服務(wù)或數(shù)據(jù)處理提供如供貨、安裝、配置、整合、驗證、維護(hù) (如通過遠(yuǎn)程訪問 )、修改或保持時，廠商和任何第三方之間必須有正式協(xié)議， 且在協(xié)議中應(yīng)當(dāng)明確第三方責(zé)任。 IT部門類似。3.2Thecompetenceandreliabilityofasupplierarekeyfactorswhenselectingaproductorserviceprovider.Theneedforanauditshouldbebasedonariskassessment.3.2供應(yīng)商的實(shí)力和可靠性是選擇供應(yīng)商產(chǎn)品或服務(wù)的關(guān)鍵因素，所以需要一個以風(fēng)險評估為基礎(chǔ)的審計。3.3Documentationsuppliedwithcommercialoff-the-shelfproductsshouldbereviewedbyregulateduserstocheckthatuserrequirementsarefulfilled.3.3商業(yè)性標(biāo)準(zhǔn)文件應(yīng)通過用戶審核并符合用戶需求。3.4Qualitysystemandauditinformationrelatingtosuppliersordevelopersofsoftwareandimplementedsystemsshouldbemadeavailabletoinspectorsonrequest.3.4軟件和應(yīng)用系統(tǒng)開發(fā)商或供應(yīng)商的質(zhì)量體系和審計信息應(yīng)便于核查人員查詢。ProjectPhase 項目階段4.Validation驗證4.1Thevalidationdocumentationandreportsshouldcovertherelevantstepsofthelifecycle.Manufacturersshouldbeabletojustifytheirstandards,protocols,acceptancecriteria,proceduresandrecordsbasedontheirriskassessment.4.1驗證文件和報告應(yīng)包含系統(tǒng)生命周期的相關(guān)階段。廠商應(yīng)能夠證明其標(biāo)準(zhǔn)、協(xié)議、驗收標(biāo)準(zhǔn)、規(guī)程和記錄都是基于其內(nèi)部風(fēng)險評估的。4.2Validationdocumentationshouldincludechangecontrolrecords(ifapplicable)andreportsonanydeviationsobservedduringthevalidationprocess.4.2驗證文件應(yīng)包含驗證過程中的變更控制記錄（如適用）和偏差報告。4.3AnuptodatelistingofallrelevantsystemsandtheirGMPfunctionality(inventory)shouldbeavailable.4.3相關(guān)系統(tǒng)和其GMP功能（詳細(xì)目錄）的最新清單應(yīng)有效。Forcriticalsystemsanuptodatesystemdescriptiondetailingthephysicalandlogicalarrangements,dataflowsandinterfaceswithothersystemsorprocesses,anyhardwareandsoftwarepre-requisites,andsecuritymeasuresshouldbeavailable.為對一個最新的關(guān)鍵系統(tǒng)進(jìn)行詳細(xì)的系統(tǒng)描述 （如物理、 邏輯流程、數(shù)據(jù)流和與其他系統(tǒng)或進(jìn)程的接口），任何硬件和軟件都是必須的，并應(yīng)有安全措施。4.4UserRequirementsSpecificationsshoulddescribetherequiredfunctionsofthecomputerisedsystemandbebasedondocumentedriskassessmentandGMPimpact.Userrequirementsshouldbetraceablethroughoutthelife-cycle.4.4URS應(yīng)基于風(fēng)險評估和GMP影響性文件描述計算機(jī)系統(tǒng)的功能需求。用戶需求應(yīng)貫穿整個系統(tǒng)生命周期。4.5Theregulatedusershouldtakeallreasonablesteps,toensurethatthesystemhasbeendevelopedinaccordancewithanappropriatequalitymanagementsystem.Thesuppliershouldbeassessedappropriately.4.5管理者應(yīng)采取合理措施保證系統(tǒng)更新與最新的質(zhì)量管理系統(tǒng)一致， 并對供應(yīng)商作出適當(dāng)?shù)脑u估。4.6Forthevalidationofbespokeorcustomisedcomputerisedsystemsthereshouldbeaprocessinplacethatensurestheformalassessmentandreportingofqualityandperformancemeasuresforallthelife-cyclestagesofthesystem.4.6為驗證固化或自定義計算機(jī)系統(tǒng)，應(yīng)對系統(tǒng)生命周期的每個階段都進(jìn)行驗證，以確認(rèn)正式評估、質(zhì)量報告和業(yè)績評估報告。4.7Evidenceofappropriatetestmethodsandtestscenariosshouldbedemonstrated.Particularly,system(process)parameterlimits,datalimitsanderrorhandlingshouldbeconsidered.Automatedtestingtoolsandtestenvironmentsshouldhavedocumentedassessmentsfortheiradequacy.4.7應(yīng)對測試方法和測試環(huán)境加以論證，特別是系統(tǒng)(工藝)參數(shù)范圍、數(shù)據(jù)范圍和錯誤處理。自動化測試工具和測試環(huán)境的合適性應(yīng)該有書面的評估報告。4.8Ifdataaretransferredtoanotherdataformatorsystem,validationshouldincludechecksthatdataarenotalteredinvalueand/ormeaningduringthismigrationprocess.4.8數(shù)據(jù)轉(zhuǎn)化成其他格式或傳輸?shù)狡渌到y(tǒng)時，驗證內(nèi)容應(yīng)包括檢查其數(shù)據(jù)值和/或含義在轉(zhuǎn)化或傳輸過程中沒有被改變。OperationalPhase 運(yùn)行階段5.Data數(shù)據(jù)Computerisedsystemsexchangingdataelectronicallywithothersystemsshouldincludeappropriatebuilt-inchecksforthecorrectandsecureentryandprocessingofdata,inordertominimizetherisks.計算機(jī)系統(tǒng)和其他系統(tǒng)之間交換數(shù)據(jù)時， 應(yīng)有適當(dāng)?shù)膬?nèi)部校驗， 以保證數(shù)據(jù)輸入和數(shù)據(jù)處理的正確性及安全性，以期讓風(fēng)險降到最低。6.AccuracyChecks 精度檢查Forcriticaldataenteredmanually,thereshouldbeanadditionalcheckontheaccuracyofthedata.Thischeckmaybedonebyasecondoperatororbyvalidatedelectronicmeans.Thecriticalityandthepotentialconsequencesoferroneousorincorrectlyentereddatatoasystemshouldbecoveredbyriskmanagement.當(dāng)手動輸入關(guān)鍵數(shù)據(jù)時， 應(yīng)當(dāng)復(fù)核數(shù)據(jù)的準(zhǔn)確性。 此復(fù)核可以由另外的操作人員執(zhí)行或通過經(jīng)驗證的電子方式進(jìn)行。風(fēng)險管理應(yīng)考慮系統(tǒng)錯誤和系統(tǒng)誤輸入數(shù)據(jù)所造成的危險或潛在影響。7.DataStorage數(shù)據(jù)存儲7.1Datashouldbesecuredbybothphysicalandelectronicmeansagainstdamage.Storeddatashouldbecheckedforaccessibility,readabilityandaccuracy.Accesstodatashouldbeensuredthroughouttheretentionperiod.7.1數(shù)據(jù)應(yīng)以物理和電子兩種方式保存，以避免丟失。存儲的數(shù)據(jù)應(yīng)易查詢、可讀和準(zhǔn)確，并在有效期內(nèi)。7.2Regularback-upsofallrelevantdatashouldbedone.Integrityandaccuracyofback?updataandtheabilitytorestorethedatashouldbecheckedduringvalidationandmonitoredperiodically.7.2應(yīng)定期備份相關(guān)數(shù)據(jù)。在定期驗證和檢測時，應(yīng)檢查備份數(shù)據(jù)的完整性、準(zhǔn)確性和其恢復(fù)數(shù)據(jù)庫的能力。8.Printouts打印輸出8.1Itshouldbepossibletoobtainclearprintedcopiesofelectronicallystoreddata.8.1儲存的電子數(shù)據(jù)應(yīng)可被清晰打印。8.2Forrecordssupportingbatchreleaseitshouldbepossibletogenerateprintoutsindicatingifanyofthedatahasbeenchangedsincetheoriginalentry.8.2從最初開始的任何數(shù)據(jù)變更都應(yīng)被打印在批放行紀(jì)錄上。9.AuditTrails審計跟蹤C(jī)onsiderationshouldbegiven,basedonariskassessment,tobuildingintothesystemthecreationofarecordofallGMP-relevantchangesanddeletions(asystemgenerated"audittrail").ForchangeordeletionofGMP-relevantdatathereasonshouldbedocumented.Audittrailsneedtobeavailableandconvertibletoagenerallyintelligibleformandregularlyreviewed.基于風(fēng)險評估，系統(tǒng)中應(yīng)考慮建立所有與 GMP相關(guān)的變更和刪除記錄 (系統(tǒng)產(chǎn)生的“審計跟蹤”)。與GMP相關(guān)的數(shù)據(jù)，其變更或刪除的原因應(yīng)被記錄。審計跟蹤需轉(zhuǎn)換成一般可理解的形式并定期審核。10.ChangeandConfigurationManagement 變更和配置管理Anychangestoacomputerisedsystemincludingsystemconfigurationsshouldonlybemadeinacontrolledmannerinaccordancewithadefinedprocedure.計算機(jī)系統(tǒng)的任何變更 （包括系統(tǒng)配置的更換） 應(yīng)當(dāng)有控制地按照規(guī)定的程序進(jìn)行。11.Periodicevaluation 周期性評估ComputerisedsystemsshouldbeperiodicallyevaluatedtoconfirmthattheyremaininavalidstateandarecompliantwithGMP.Suchevaluationsshouldinclude,whereappropriate,thecurrentrangeoffunctionality,deviationrecords,incidents,problems,upgradehistory,performance,reliability,securityandvalidationstatusreports.計算機(jī)系統(tǒng)應(yīng)該定期進(jìn)行評估以確認(rèn)其仍有效并符合GMP標(biāo)準(zhǔn)。這樣的評估應(yīng)該包括適應(yīng)性、功能性、偏差記錄、事件、問題、歷史追溯、性能、可靠性、安全性和驗證狀態(tài)報告。12.Security安全性12.1Physicaland/orlogicalcontrolsshouldbeinplacetorestrictaccesstocomputerisedsystemtoauthorisedpersons.Suitablemethodsofpreventingunauthorisedentrytothesystemmayincludetheuseofkeys,passcards,personalcodeswithpasswords,biometrics,restrictedaccesstocomputerequipmentanddatastorageareas.12.1物理和/或邏輯控制器應(yīng)能獨(dú)自限制進(jìn)入計算機(jī)系統(tǒng)的授權(quán)人，并用適當(dāng)方法防止未經(jīng)授權(quán)的登錄 （可能包含密碼、 通行卡、個人密碼、生物識別的使用） ，以此限制進(jìn)入電腦設(shè)備和數(shù)據(jù)存儲硬盤。12.2Theextentofsecuritycontrolsdependsonthecriticalityofthecomputerisedsystem.12.2安全控制的程度取決于計算機(jī)系統(tǒng)的危險等級。12.3Creation,change,andcancellationofaccessauthorisationsshouldberecorded.12.3通行許可的創(chuàng)建、變更和注銷都應(yīng)被記錄。12.4Managementsystemsfordataandfordocumentsshouldbedesignedtorecordtheidentityofoperatorsentering,changing,confirmingordeletingdataincludingdateandtime.12.4數(shù)據(jù)和文件管理體系應(yīng)記錄登錄人員的身份、 變更內(nèi)容以及包括日期和時間的確認(rèn)或刪除。13.IncidentManagement 事件管理Allincidents,notonlysystemfailuresanddataerrors,shouldbereportedandassessed.Therootcauseofacriticalincidentshouldbeidentifiedandshouldformthebasisofcorrectiveandpreventiveactions.所有事件（不僅指系統(tǒng)故障和數(shù)據(jù)錯誤）均應(yīng)被記錄及評估。一個關(guān)鍵事件的根本起因也應(yīng)該被鑒定并形成糾正和預(yù)防措施。14.ElectronicSignature 電子簽名Electronicrecordsmaybesignedelectronically.Electronicsignaturesareexpectedto:電子文件可用電子簽名。電子簽名將 :a．havethesameimpactashand-writtensignatureswithintheboundariesofthecompany,在公司范圍內(nèi)電子簽名應(yīng)有與手寫簽名具有同等的效果，b．bepermanentlylinkedtotheirrespectiverecord, 將永久與其各自的記錄相關(guān)聯(lián)，c．includethetimeanddatethattheywereapplied.應(yīng)包括其使用的時間和日期。15.Batchrelease 批放行Whenacomputerisedsystemisusedforrecordingcertificationandbatchrelease,thesystemshouldallowonlyQualifiedPersonstocertifythereleaseofthebatchesanditshouldclearlyidentifyandrecordthepersonreleasingorcertifyingthebatches.Thisshouldbeperformedusinganelectronicsignature.當(dāng)一個計算機(jī)系統(tǒng)用來記錄認(rèn)證和批放行時， 系統(tǒng)應(yīng)該只允許質(zhì)量人員確認(rèn)批放行，并且要清楚地識別和記錄放行人員的批動作或批證明。這才是電子簽名應(yīng)履行的。16.BusinessContinuity 業(yè)務(wù)連續(xù)性Fortheavailabilityofcomputerisedsystemssupportingcriticalprocesses,provisionsshouldbemadetoensurecontinuityofsupportforthoseprocessesintheeventofasystembreakdown(e.g.amanualoralternativesystem).Thetimerequiredtobringthealternativearrangementsintouseshouldbebasedonriskandappropriateforaparticularsystemandthebusinessprocessitsupports.Thesearrangementsshouldbeadequatelydocumentedandtested.計算機(jī)系統(tǒng)所提供的關(guān)鍵工藝的有效性應(yīng)被規(guī)定，以確保工藝流程在系統(tǒng)故障(如手動或替代系統(tǒng) )的情況下持續(xù)運(yùn)行。切換時間應(yīng)基于風(fēng)險，并適合特殊系統(tǒng)和其提供的工業(yè)流程。這些設(shè)置應(yīng)該有充分的記錄和測試。17.Archiving歸檔Datamaybearchived.Thisdatashouldbecheckedforaccessibility,readabilityandintegrity.Ifrelevantchangesaretobemadetothesystem(puterequipmentorprograms),thentheabilitytoretrievethedatashouldbeensuredandtested.數(shù)據(jù)應(yīng)