AIPIC：基于風險的數據完整性管理實踐指南（60頁）.pdf

《AIPIC：基于風險的數據完整性管理實踐指南（60頁）.pdf》由會員分享，可在線閱讀，更多相關《AIPIC：基于風險的數據完整性管理實踐指南（60頁）.pdf（60頁珍藏版）》請在三個皮匠報告上搜索。

1、APIC/Practical risk-based guide for managing data integrity Version 1,March 2019 APIC 基于風險的數據完整性管理實踐指南 第 1 版 201903 翻譯 JULIA 頁 1/60 ACTIVE PHARMACEUTICAL INGREDIENTS COMMITTEE Practical risk-based guide for managing data integrity 基于風險的數據完整性管理實踐指南基于風險的數據完整性管理實踐指南 Version 1,March 2019 第第 1 版版 2019 年年

2、 3 月月 APIC/Practical risk-based guide for managing data integrity Version 1,March 2019 APIC 基于風險的數據完整性管理實踐指南 第 1 版 201903 翻譯 JULIA 頁 2/60 PREAMBLE 前言前言 This original version of this guidance document has been compiled by a subdivision of the APIC Data Integrity Task Force on behalf of the Active Pha

3、rmaceutical Ingredient Committee(APIC)of CEFIC.本指南初版由 APIC 數據完整性工作組代表 CEFIC 的 APIC 編纂。The Task Force members are:Charles Gibbons,AbbVie,Ireland Danny De Scheemaecker,Janssen Pharmaceutica NV Rob De Proost,Janssen Pharmaceutica NV Dieter Vanderlinden,S.A.Ajinomoto Omnichem N.V.Andr van der Biezen,Asp

4、en Oss B.V.Sebastian Fuchs,Tereos Daniel Davies,Lonza AG Fraser Strachan,DSM Bjorn Van Krevelen,Janssen Pharmaceutica NV Alessandro Fava,F.I.S.(Fabbrica Italiana Sintetici)SpA Alexandra Silva,Hovione FarmaCiencia SA Nicola Martone,DSM Sinochem Pharmaceuticals Ulrich-Andreas Opitz,Merck KGaA Dominiqu

5、e Rasewsky,Merck KGaA With support and review from:Pieter van der Hoeven,APIC,Belgium Francois Vandeweyer,Janssen Pharmaceutica NV Annick Bonneure,APIC,Belgium The APIC Quality Working Group APIC/Practical risk-based guide for managing data integrity Version 1,March 2019 APIC 基于風險的數據完整性管理實踐指南 第 1 版

6、201903 翻譯 JULIA 頁 3/60 Contents 目錄 1.General Section通用部分通用部分 1.1 Introduction 簡介 1.2 Objectives and Scope 目的與范圍 1.3 Definitions and abbreviations 定義與縮寫 1.4 Overall Data Integrity Approach 數據完整性方法概述 2 Business Processing Mapping 業務流程分析業務流程分析 3 Data and System Identification 數據與系統識別數據與系統識別 4 Data and

7、System Categorisation 數據與系統分類數據與系統分類 4.1 Data Severity Assessment 數據嚴重性分析 4.2 System Profiling 系統概況 4.2.1 System categorization 系統分類 4.2.2 System categorization requirements 系統分類需求 4.3 System Assessment 系統評估 5 Risk Assessment 風險評估風險評估 6 Risk Management 風險管理風險管理 7 References 參考文獻參考文獻 8 Examples 實例實例

8、8.1 Production Systems and Process Risk Assessment 生產系統和流程風險評估 8.2 Laboratory Systems and Process Risk Assessment 實驗室系統與流程風險評估 APIC/Practical risk-based guide for managing data integrity Version 1,March 2019 APIC 基于風險的數據完整性管理實踐指南 第 1 版 201903 翻譯 JULIA 頁 4/60 1.General Section 通用部分通用部分 1.1 Introducti

9、on 簡介 Data integrity refers to the accuracy,completeness and consistency of GxP data over its entire lifecycle.The steps that need to be overseen include the initial generation and recording,the processing(incl.analysis,transformation or migration),the outcome/use,the retention,retrieval,archive and

10、 finally the destruction.數據完整性指 GXP 數據在其整個生命周期中的準確性、完整性和持續性。需要監管的步驟包括初始生成和記錄、處理（包括分析、轉化或遷移）、結果/使用、保存、檢索、歸檔和最終銷毀。Data integrity means that all the steps defined above are well managed,controlled and documented and therefore the records of the activities follow the ALCOA principles described in the gu

11、idelines.數據完整性意味著上述所有步驟均得到良好管理、控制和記錄，因此活動的記錄遵守本指南中所述的ALCOA 原則。The ALCOA and ALCOA+principles have been in place for several years in the industry and are widely known and implemented.Achieving data integrity compliance,for paper,electronic and hybrid systems,requires translation of these principles

12、into practical controls in order to assure GxP-impacting business decisions can be verified and inspected throughout the data lifecycle.ALCOA 和 ALCOA+原則在行業里已存在了數年，已得到廣泛理解和執行。紙質、電子和混合系統達成數據完整性合規需要將這些原則轉化為實用控制，以確保具 GXP 影響的業務決策可在其整個生命周期中得到確認和檢查。Currently available regulatory guidelines have been used t

13、o elaborate the approach outlined in this practical guide(see also section 7,References).目前已有的法規指南已被用來制訂本實操指南中所列的方法（參見第 7 部分，參考文獻）。The current guidelines on data integrity require that companies complete data integrity criticality and risk assessments to ensure that the organizational and technical

14、controls that are put in place are commensurate with the level of risk to quality attributes.當前對數據完整性的指南要求公司完成數據關鍵性和風險評估以確保所采用的組織和技術方面控制與質量屬性風險水平相稱。The guidelines emphasise the importance of creating and maintaining a working environment and organisational culture that supports data integrity.Compan

15、ies should establish data governance programs that address technical,procedural and behavioural aspects to assure confidence in data quality and integrity.指南強調了創建和維護支持數據完整性的工作環境和組織文件的重要性。公司應建立數據管理程序，從技術、程序和行為方面確保數據質量和完整性可信度。This document will not describe all the elements required for a data governa

16、nce program in detail.However,some foundational principles are given below:本文件不會詳細講解數據管理程序所需的所有要素，但也在下面列出了一些基本原則：Organisational Culture 組織文化 Organisational culture has the potential to increase the possibility for lapses in data integrity;intentional(e.g.fraud or falsification)or unintentional(e.g.l

17、ack of understanding of responsibilities and/or requirements).To reduce this potential,organisations should aspire to an open culture where subordinates can challenge hierarchy,and full reporting of a systemic or individual failure is a business expectation.組織文化可能會有意（例如偽造或欺詐）或無意（例如缺乏對職責和/或需求的了解）地增加數

18、據完整性出問題的可能性；。為降低這種可能性，組織應鼓勵開放文化，下屬可挑戰等級制度，將全面地報告系統性或個人失敗作為一項業務要求。Awareness 意識 It is crucial that employees at all levels understand the importance of data integrity and the impact that they can have on GxP data with the authorisations assigned for their job roles.Training is a major component of rai

19、sing awareness and should be conducted periodically.The ALCOA+concepts,and the APIC/Practical risk-based guide for managing data integrity Version 1,March 2019 APIC 基于風險的數據完整性管理實踐指南 第 1 版 201903 翻譯 JULIA 頁 5/60 acronym itself,are widely used by regulators and industry and should be incorporated into

20、 the program(e.g.within staff training,policies etc.).關鍵地的各層次員工了解數據完整性的重要性，及其對因工作原因獲得授權的 GXP 數據可能產生的影響。培訓是提升意識的主要組成部分，應定期進行。ALCOA+概念及縮寫本身在藥監機構和行業里被廣泛使用，應整合至程序中（例如，放在員工培訓、方針等內）。System and Process Design 系統和流程設計 Compliance with data integrity principles can be encouraged through the consideration of e

21、ase of access,usability and location.For example:可通過考慮易于獲得、易用和位置來鼓勵符合數據完整性原則：o Control over blank paper templates for GxP data recording o 對 GXP 數據記錄用空白紙質模板進行控制 o Control of spreadsheets used for calculations o 對用于計算的表格進行控制 o Access to appropriate clocks for recording timed events o 可獲得適當的時鐘記錄需要計時的事

22、件 o Accessibility of records at the locations where activities take place o 在活動發生的地方可訪問記錄 o User access rights and permissions that align with personnel responsibilities o 用戶訪問權限和許可與人員職責相對應 o Automation of GxP data capture where possible o 盡可能自動捕獲 GXP 數據 o Access to electronic GxP data for staff per

23、forming data review activities o 為執行數據審核活動的員工提供電子 GXP 數據訪問權限 Management Commitment 管理者承諾 Senior management should ensure that there is a written commitment to follow an effective quality management system and professional practices to deliver good data management.The commitments should include 高級管理人

24、員應確保有書面承諾來執行有效的質量管理體系，以及專業性做法來實現良好的數據管理。承諾應包括：An open quality culture 開放的質量文化 Data integrity governance 數據完整性管理 Allocation of appropriate resources 適當的資源配置 Data integrity training for staff 員工數據完整性培訓 Monitoring of data integrity issues with CAPA taken to address issues identified 監測數據完整性問題，采取 CAPA 解

25、決所識別出的問題 Mechanisms for staff to report concerns to management 員工向管理層報告其擔憂的機制 APIC/Practical risk-based guide for managing data integrity Version 1,March 2019 APIC 基于風險的數據完整性管理實踐指南 第 1 版 201903 翻譯 JULIA 頁 6/60 1.2 Objectives and Scope 目的與范圍 This document is based on general Data Integrity requiremen

26、ts and gathers practical experiences from a number of companies operating in the sector that can be used as guidance to others.It is not an all-inclusive list of requirements but proposes a comprehensive approach that companies can adopt to help carry out their data integrity risk assessments.本文件是基于

27、通用數據完整性要求，匯集了在該領域運營的大量公司的實用經驗，可用于指導其它公司。它并非窮盡的需求清單，只是提出了一個全面的方法讓公司可以用來幫助執行其數據完整性風險評估。The guide is essentially practical and therefore,after the presentation of the approach and of the tools,the document includes some examples of executed assessments,categorisations and check lists that can be used b

28、y any company according to their individual needs.Each company can choose the appropriate tools and categorisations that apply to their own business processes and systems.本指南基本是實用性的，因此在展示了方法和工具后，文件中包括了一些執行、分類和檢查清單的實例，任何公司均可根據其自己需求加以使用。每個公司均可選擇其適當的工具和分類方法，應用于其自己的業務流程和系統。This guidance applies to all G

29、xP processes and GxP data used in the manufacture and analysis of APIs for use in human and veterinary drugs.本指南適用于所有人藥和獸藥 API 生產和檢驗所用的 GXP 流程和 GXP 數據。1.3 Definitions and abbreviations 定義與縮寫定義與縮寫 Business process:a set of structured activities or tasks that produce a specific service for a particula

30、r customer or customers.It is often visualised as a flowchart of a sequence of activities with decision points.業務流程：一系列結構化活動或任務，為一個特定客戶或多個客戶提供特定的服務。通?？煽醋魇菐в袥Q策點的序列活動的一個流程圖。Data:Facts,figures and statistics collected together for reference or analysis.All original records and true copies of original r

31、ecords,including source GxP data and metadata and all subsequent transformations and reports of these GxP data,that are generated or recorded at the time of the GxP activity and allow full and complete reconstruction and evaluation of the GxP activity.數據：為參考或分析而一起采集的事實、數字和統計學內容。所有原始記錄和原始記錄的真實副本，包括 G

32、XP 源數據和元數據以及這些GXP 數據后續的轉化和報告，這些數據是在 GXP 活動執行時生成或記錄的，使得可以全面完整重構和評估該 GXP 活動。Raw data:Raw data is defined as the original record(data)which can be described as the first-capture of GxP information,whether recorded on paper or electronically.Information that is originally captured in a dynamic state sho

33、uld remain available in that state.原數據：原數據定義為首次捕獲GXP 信息的紙質或電子原始記錄（數據）。原始以動態狀態捕獲的電子信息應保持可以該狀態獲得該信息。Metadata:Metadata are data that describe the attributes of other data and provide context and meaning.Typically,these are data that describe the structure,data elements,inter-relationships and other cha

34、racteristics of data e.g.audit trails.Metadata also permit data to be attributable to an individual(or if automatically generated,to the original data source).元數據：描述其它數據屬性和提供環境與含義的數據為元數據。一般來說，這些數據描述數據的結構、數據要素、內在關系和其它屬性，例如審計追蹤。元數據亦使得數據可追蹤至個人身份（或者如果是自動生成的，追蹤到原始數據源）。Data severity assessment:within GxP

35、data,different levels of severity can be defined as a function of its use.Typically,this is linked to the stage of manufacturing following the principle of increasing GxP outlined in ICH Q7.Alternatively,other factors such as impact on final product quality can be taken into account to further diffe

36、rentiate between severity categories.數據嚴重程度評估：在 GXP 數據中，不同級別的嚴重程度可定義為其用途的函數。一般來說，這與生產階段有關，可按 ICH Q7 里所列的根據 GXP 漸增原則。其它因素如對最終產品質量的影響性亦進行考慮用于進一步區別嚴重程度。Data elements:(for the purpose of this document)individual GxP data items that are part of raw GxP data or metadata,e.g.an operator name,a test date.數據

37、要素：（本文件中）作為原GXP 數據或元數據一部分的單個APIC/Practical risk-based guide for managing data integrity Version 1,March 2019 APIC 基于風險的數據完整性管理實踐指南 第 1 版 201903 翻譯 JULIA 頁 7/60 GXP 數據項目，例如，一個操作員的姓名、檢測日期）。Data Flow:diagram that maps the flow of information of any process or system(inputs,outputs,storage points and ro

38、utes between each destination).數據流：描繪出任何流程或系統（輸入、輸出、存貯點和每個終點之間的路徑）信息流的圖形。Data process mapping:generation of a visual representation of the creation and movement of data through the business process including documentation of the systems used.數據流程分析：將整個業務流程中數據創建和流向（包括所用系統的文件）以可視化方式呈現。Data Audit Trail

39、:appropriate audit trail elements supporting the acquisition,sequencing,processing,reporting and retention of GxP data for the release of product.Including all relevant or significant GxP data generated,which may affect the product(such as:analytical method validation,stability analysis,multiple sam

40、ple/test runs,etc.),as determined by a risk assessment.數據審計追蹤：支持產品放行用GXP 數據的采集、排序、處理、報告和保存的適當的審計追蹤要素。包括按風險評估所決定的生成的所有可能影響產品的相關或重大GXP 數據（如分析方法驗證、穩定性分析、多個樣品/檢測輪次等）。LIMS:Laboratory Information Management System LIMS：實驗室信息管理系統 MES:Manufacturing Execution System MES：生產執行系統 PCS/DCS:process control systems

41、(PCS)/distributed control systems(DCS)PCS/DCS：工 藝 控 制 系 統（PCS）/集散控制系統（DCS）Process mapping:activities involved in defining what a business entity does,who is responsible,to what standard a business process should be completed,and how the success of a business process can be determined.流程分析：規定業務實體做什么、

42、誰負責、業務流程應完成至什么標準以及業務流程的成功要如何確定中所涉及的活動。System Audit Trail:a record of all administrator changes.The frequency of this review should be determined based on a risk assessment.This may be performed as part of the system periodic review as appropriate.系統審計追蹤：一份所有管理員變更的記錄。該審核頻次應根據風險評估來確定。適當時可作為系統定期審核的一部分來

43、執行。True copy:A copy(irrespective of the type of media used)of the original record that has been verified(i.e.by a dated signature or by generation through a validated process)to have the same information,including data that describe the context,content,and structure,as the original 真實副本：經核查（即通過有日期的簽

44、名或通過一個已驗證的流程生成）具備相同信息，包括描述環境、內容和結構的數據的原始記錄副本（無論使用何種介質）。1.4 Overall Data Integrity Approach 全面數據完整性方法全面數據完整性方法 When assessing data integrity risks within an organisation,companies may focus immediately on those systems or areas that are the most obvious in this context,such as a particular software,a

45、 specific lab system or instrument etc.Doing so creates the risk of forgetting less visible but still important areas,processes or systems,or of failing to address integrity issues concerning data flows between controlled environments.在一個組織內評估數據完整性風險時，公司可能會直接關注在其環境中最明顯的那些系統或領域，如特別的軟件、特定的實驗室系統或儀器等。如此

46、可能會帶來忽視掉不顯見但仍很重要的領域、流程或系統的風險，或未能解決關于受控環境間數據流的完整性問題。Therefore,this guide approaches data integrity in a holistic manner by looking at the organisation from a high-level business process perspective,subsequently diving deeper into underlying sub-processes and only at the end drilling down to individua

47、l activities or systems that involve GxP data.因此，本指南的數據完整性方法是從較高水平的業務流程角度來對組織進行全面查看，然后進一步深入至底層子流程，最后挖掘到涉及 GXP 數據的單個活動或系統。Figure 1 is a graphical representation of this approach and the sequence of steps that should help assessors to obtain a complete and profound data integrity risk assessment.圖 1 采

48、用圖形方式展示了該方法和步驟順序，有助于評估人得到完整深入的數據完整性風險評估。It should be noted that the proposed approach is suitable not only to assess risks related to systems or processes already present in the organisation but also to proactively evaluate the requirements of APIC/Practical risk-based guide for managing data integr

49、ity Version 1,March 2019 APIC 基于風險的數據完整性管理實踐指南 第 1 版 201903 翻譯 JULIA 頁 8/60 new systems.要注意的是所提議的方法不僅適用于評估與組織內現有系統或流程有關的風險，亦可用于提前評估新系統的需求。Below is a short description of the sequence actions that are illustrated in the diagram.Details for the major steps will be further elaborated in the following s

50、ections of this guideline(those sections are also cross-referenced in Figure 1).以下是圖中展示的動作順序的簡單說明。主要步驟的詳細情況將在本指南后續部分里進一步說明（那些部分亦在圖 1 中做了交叉引用）。Identify the companys high-level GxP business processes(or having links to GxP activities)(ref.to section 2)識別公司的高水平 GXP 業務流程（或與 GXP 活動有關的）（參考第 2 部分）Map each

51、of the GxP business processes and their sub-processes down to level of process flows that consist of individual activities(refer to section 0)分析分析每個 GXP 業務流程業務流程及其子流程直至單項活動構成的流程水平 Identify the GxP data elements and the way the data flows(IN/OUT)between the different process steps or activities(Data

52、Process Mapping);(refer to section 0)識別出 GXP 數據要素數據要素，以及不同流程步驟或活動之間的數據流數據流（進/出）途徑（數據流程分析數據流程分析）（參見第 0 部分）Identify and isolate the individual systems(both paper and electronic)that manage(generate,store,transfer or process)GxP data(refer to section 0)識別并分隔分隔出單個管理（生成、存貯、轉移或處理）GXP 數據的系統系統（紙質和電子的）（參見第 0

53、 部分）Assign GxP data to a specific category based on a severity assessment(refer to section 4.1)根據嚴重程度評估嚴重程度評估結果，將 GXP 數據分類數據分類至具體的類別（參照第 4.1 部分）Create a profile of each system based on the way GxP data is handled by that system(e.g.data generation,storage,processing,transfer or a combination thereof

54、)and assign a category to the system based on its profile;(refer to section 4.2)根據該系統處理 GXP 數據的方法，為每個系統系統創建一份概況概況說明（例如，數據生成、存貯、處理、轉移或后續組合），并根據其概況將系統分類至一個類別（參見第 4.2 部分）Identify the gap between the“as is”state of the system and the desired state(i.e.the set of data integrity requirements linked to the

55、 particular system category);a check-list should be used to accomplish this task;(refer to section 4.3)識別系統當前狀態與所需狀態之間的差距（即，與特定系統類別相關的一系列數據完整性需求）；應使用檢查清單來完成此任務（參考第 4.3 部分）Analyse the data integrity risk considering the gaps identified above,which is an assessment of the failure mode,using severity,o

56、ccurrence and detectability that are part of the risk assessment methodology(e.g.FMEA);(refer to section 5)分析分析數據完整性風險風險，同時考慮上述已識別的差距，這是一種失效模式分析，采用嚴重程度嚴重程度、發生可能性發生可能性與檢出能力檢出能力作為風險評估方法學的一部分（例如 FMEA）（參見第 5 部分）Establish a remediation plan to remediate the gaps and set priorities based on the magnitude

57、of the risk(refer to section 6)制訂補救計劃對差距進行彌補，并根據風險的重要性設定優先順序（參見第 6 部分）APIC/Practical risk-based guide for managing data integrity Version 1,March 2019 APIC 基于風險的數據完整性管理實踐指南 第 1 版 201903 翻譯 JULIA 頁 9/60 Figure 1 Data integrity management approach(General Concept)Data Integrity-General Concept of this

58、 guide X.x Reference to chapter/paragraph Company X Business process mapping(GxP)-Identify Data Flows-Isolate Systems that manage data Business process N Business process N-1 Business process 1 Sub process X Process step 1 Process step 2 Process step N DATA SYSTEM Data severity assessment System pro

59、file System requirement Data categorization System profiling Risk assessment Gap x severity Occurrence x detect Risk management Priorities Mitigation actions Risk acceptance 2 3 4 5 6 4.1 4.2.1 4.2.2 IN OUT IN+Paper/Electronic Data Flow Process Flow E.g.RM,IPC,INT,API Cat 1,2 As is to be GAP APIC/Pr

60、actical risk-based guide for managing data integrity Version 1,March 2019 APIC 基于風險的數據完整性管理實踐指南 第 1 版 201903 翻譯 JULIA 頁 10/60 圖1 數據完整性管理方法（一般概念）2 Business Processing Mapping 業務流程分析業務流程分析 Business Process mapping should be used in order to provide a global overview on all kinds of activities performe

61、d in a company,including operational,supportive and strategic processes.Examples include:應對業務流程進行分析以提供公司內所實施的所有類型活動的全球概況，包括運作、支持和策略流程。實例包括：Production(Development&Control of Master Batch Record,Manufacture of a Product)生產（主批記錄的制訂&控制、產品生產）Laboratories(Analysis of Material Sample,Qualification&Calibrat

62、ion of Instruments)實驗室（物料樣品的分析、儀器確認&校正）數據完整性-本指南一般概念 X.x 參考章節/段落 X 公司公司 業務流程分析(GxP)-識別數據流-分離管理數據的系統 業務流程 N 業務流程 N-1 業務流程 1 子流程 X 流程步驟 1 流程步驟 2 流程步驟 N 數據數據 系統系統 數據嚴重程度評估 系統概況 系統需求 數據分類 系統概況 風險評估 差距 x 嚴重程度 發生率 x 檢出能力 風險管理 優先級別 緩解措施 接受風險 2 3 4 5 6 4.1 4.2.1 4.2.2 進 出 進+紙質/電子 數據 流 流程 流 例如原料、中控、中間體、原料藥 第

63、1,2類 當前 改進后 差距 APIC/Practical risk-based guide for managing data integrity Version 1,March 2019 APIC 基于風險的數據完整性管理實踐指南 第 1 版 201903 翻譯 JULIA 頁 11/60 Control of Packaging&Labels 包裝&標簽控制 Quality(Change Control,Complaint Management)質量（變更控制、投訴管理）Materials Management(Distribution of Final Product)物料管理（最終產

64、品的銷售運輸）Facilities and Equipment(Calibration)設施與設備（校正）This approach not only helps to visualize all activities sequencing within a process,but also interactions between these activities as well as interactions between processes.該方法不僅有助于實現流程內所有活動排序的可視化，亦有助于這些活動之間的相互作用和流程之間的相互作用。Business Process Mappin

65、g is an approach to visually represent flows for given processes.It is intended to provide a clear schematic view of the activities performed,step by step from start to finish.業務流程分析是一種以可視方式呈現指定流程的業務流，意在為所實施的活動從開始到結束按步驟順序提供一個清晰的示意圖。After defining which business processes are GxP relevant the next ph

66、ase is to map them in detail.It is essential to form a cross functional team to perform the mapping which involves the relevant subject matter experts(SMEs)and business process owners.This is commonly done by identifying each step of the process,as an action or decision point,and to build the sequen

67、ced process.Depending on the level of detail,a step can also be subdivided in sub-steps(which can be mapped separately).在指定了哪些業務流程與 GXP 有關后，下一步是將其詳細畫出。這是形成一個涉及相關主題專家（SME）和業務流程所有者的交叉功能團隊以執行流程分析畫出流程圖基本要求。一般是通過識別流程每個步驟來實現此工作，作為一個行動或決策點，以及建立有序流程。根據詳細程序不同，一個步驟亦可進一步細分為子步驟（可以分別畫出流程圖）。The examples displayed

68、 in section 8 illustrate the approach.在第 8 部分展示的例子說明了此方式。APIC/Practical risk-based guide for managing data integrity Version 1,March 2019 APIC 基于風險的數據完整性管理實踐指南 第 1 版 201903 翻譯 JULIA 頁 12/60 3 Data and System Identification 數據和系統識別數據和系統識別 Following the execution of business process mapping including

69、the mapping of sub-processes,the following steps are performed:在實施了業務流程包括子流程分析和畫出流程圖后，執行以下步驟：A.Identify the systems(both paper and electronic)involved in the processing of GxP data B.識別 GXP 數據處理中涉及的系統（紙質和電子）C.Define individual GxP data elements D.定義單個 GXP 數據要素 E.Identify GxP data elements that can b

70、e modified,deleted or re-processed after creation(at the non-administrator level i.e.either accidentally or deliberately).F.識別可在創建之后進行修改、刪除或重新處理的 GXP 數據（在非管理員層次，即有意或無意）The execution of these steps allows for efficiency in the execution of the risk assessment in the next stage of the process.這些步驟的執行可

71、提高流程下一階段中執行風險評估的效率。Figure 2 Example of an individual sub-process mapping(sample booking step)圖 2 單個子流程分析舉例（樣品記錄步驟）圖 2 單個子流程分析舉例（樣品記錄步驟）流程流 收樣（單流程流）樣品存貯 樣品錄入 在 LIMS 中生成樣品工作指令 HPLC 譜圖 1 HPLC 譜圖 1 HPLC 譜圖 1 數據審核 System ID Data Elements LIMS 樣品日期 樣品 ID 化驗員 時間/日期 A B C Process Flow Sample receipt(single

72、process flow)Sample storage Sample booking in Sample work order generation in LIMS HPLC grp1 HPLC grp1 HPLC grp1 Data review System ID Data Elements LIMS Sample date Sample ID Analyst Time/Date A B C APIC/Practical risk-based guide for managing data integrity Version 1,March 2019 APIC 基于風險的數據完整性管理實踐

73、指南 第 1 版 201903 翻譯 JULIA 頁 13/60 4 Data and System Categorisation 數據和系統分類數據和系統分類 4.1 Data Severity Assessment 數據嚴重程度評估 A proposed approach is to use the stage of manufacturing as the primary determinant for severity classification(high-medium-low),following the principle of increasing GxP requiremen

74、ts outlined in ICH Q7.However,additional factors such as impact on final product quality can be considered to further differentiate within a severity category(high/very high medium/medium high 所提議的方法可使用生產階段作為嚴重程度分級的初步確定（高-中-低），遵從 ICH Q7 中逐步增加GXP 要求的原則。但是，可考慮引入更多因子如對最終產品質量的影響來進一步區分同一嚴重級別內的差異（高/非常高-中等

75、/中高）。Remark:in case certain GxP data,depending on its use,belongs to different severity categories the highest severity is maintained.(see also table 3 of chapter 5 Risk assessment to clarify severity rating)注：根據其用途不同，如果有些 GXP 數據屬于不同嚴重級別，則保持最高嚴重級別（參見第 5 章“風險評估”表 3 對嚴重程度分級的說明）High/very high severity

76、data:GxP Data generated during and directly associated with the final stage of API synthesis(direct impact on product quality/patient safety)高高/極高嚴重性數據：極高嚴重性數據：在 API 合成最后階段或與之直接相關生成的 GXP 數據（直接影響產品質量/患者安全）Examples(not exhaustive):例子包括（但不僅限于）o Temperature of final crystallisation o 最終結晶溫度 o Weighing a

77、nd dispensing of critical raw materials o 關鍵原料稱重和分料 o Analytical testing records of API o API 分析檢驗記錄 o Calibration of instruments controlling critical process parameters o 控制關鍵工藝參數的儀器校正 o Calibration records of QC instruments o QC 儀器校正記錄 o Cleaning records of a production equipment o 生產設備清潔記錄 Medium

78、/medium high severity data:GxP Data generated during and directly associated with the production of API intermediates and raw materials testing.中等中等/中高級嚴重性數據：中高級嚴重性數據：在 API 中間體生產和原料檢測中生成或與其直接有關的 GXP 數據 Examples(not exhaustive):例子包括（但不僅限于）o Reaction conditions during API intermediate production o API

79、 中間體生產中的反應條件 o Analytical testing records of raw materials and intermediates (from regulatory starting raw material onwards)o 原料和中間體分析檢測記錄（自注冊起始物料往后）o Calibration of instruments controlling non-critical parameters o 控制非關鍵參數的儀器校正 o Records of in-process controls for API intermediate manufacture o API

80、 中間體生產中控記錄 APIC/Practical risk-based guide for managing data integrity Version 1,March 2019 APIC 基于風險的數據完整性管理實踐指南 第 1 版 201903 翻譯 JULIA 頁 14/60 Low severity data:GxP Data that is GxP relevant but is not directly associated with raw material testing,API intermediate production or testing or API final

81、 stage production or testing.嚴重性較低的數據：嚴重性較低的數據：具有 GXP 相關性但不直接與原料檢測、API 中間體生產或檢測，或 API 最終階段生產或檢測有關的 GXP 數據 Examples(not exhaustive):例子包括（但不僅限于）o Records that do not directly impact operations and not described in the batch production record(BPR)or analytical methods o 不直接影響操作，未在批生產記錄（BPR）或檢驗方法中描述的記錄

82、o Location and transfers of materials(not temperature sensitive)or material transfer requests o 物料位置和轉移（對溫度不敏感）或物料轉移請求 o Autoclave GxP data for waste media disposal o 廢棄培養基處理的滅菌器 GXP 數據 o Operator access to production area o 操作員進出生產區域 o GxP data generated during the development of process or systems

83、 or equipment,prior to the validation or qualification o 在工藝或系統或設備開發期間驗證或確認之前生成的 GXP 數據 o Shift scheduling o 排班表 o Planning data(production schedule)o 計劃數據（生產計劃）o Shift change notes o 交接班日志 o Time and attendance information(time and attendance system may not be qualified,but maybe used during invest

84、igations)o 時間和考勤信息（時間和考勤系統可不確認，但可能會在調查中使用）o Safety training o 安全培訓 o Analysis of chemicals before starting materials o 起始物料之前的化學品分析 o For information only in process controls o 僅供過程控制參考的信息 4.2 System Profiling 系統系統概況分析概況分析 Once the system is identified,it can be further categorised based upon the Gx

85、P data that is generated in and by the system.This system categorisation will help selecting the necessary questions during the system assessment in the next step.(see section 4.3).一旦對系統進行了識別，即可進一步將其根據其中生所的 GXP 數據和系統類別進行分類。此系統分類有助于在下一步系統評估中選擇必要的問題（參見第 4.3 部分）。Remark:please note that these categories

86、 are different from categories as defined in GAMP guide since the focus here is on the data lifecycle instead of on the system.注：請注意這些類型與 GAMP 指南中所定義的類別是不同的，因為這里關注的是數據生命周期而不是系統。APIC/Practical risk-based guide for managing data integrity Version 1,March 2019 APIC 基于風險的數據完整性管理實踐指南 第 1 版 201903 翻譯 JULI

87、A 頁 15/60 4.2.1 System categorization 系統分類系統分類 The following 6 categories are proposed.提議分為以下 6 類 Remark:備注(1)It is important to evaluate the system in relation to all GxP data it processes.In case of different outcomes,the highest category is maintained.For hybrid systems both categories have to be

88、 taken in to account.重點是要評估與其所處理的所有 GXP 數據有關的系統。如果有不同結果，使用最高類別?；旌舷到y則要考慮兩種類別。(2)It is important that the evaluation is done from the point of view of the system where the GxP data is generated and not where the GxP data is being transferred to.重點是要從生成 GXP 數據的系統而不是 GXP 數據被轉移到的系統的角度進行評估。Category 1:A no

89、n-electronic system.No GxP data are stored.Typical examples are bag sealers,pH paper,density meters,CAPA logbook.第第 1 類類 非電子系統。沒有存貯 GXP數據。典型的例子是袋子封簽，pH試紙、比重計、CAPA 臺賬 Category 2:An electronic system and the generated GxP data is not stored and manually transferred on paper.Typical examples could incl

90、ude pH meters,balances,polarimeters with manual adjustable a wavelength,pressure gauge with display.第第 2 類類 生成 GXP 數據但不存貯，而是手動轉移至紙上的電子系統。典型的例子可包括 pH 計、天平、可手動調節波長的折光計、有顯示的壓力表。Category 3:An electronic system with some limited manual adjustable input data and the generated GxP data is not stored but pr

91、inted out.Typical examples could be potentiometric titrators not connected to a PC,balances with printer.第第 3 類類 電子系統，可手動手限調整輸入數據并生成 GXP 數據，不能存貯但可以打印出來。典型例子是未連接至電腦的滴定儀、接有打印機的天平。Category 4:An electronic system with some limited manual adjustable input data and the generated GxP data is not stored but

92、 sent via an interface to another system,e.g.a cat 5 or 6.Typical examples could be temperature sensors.第第 4 類類 電子系統，可手動有限調整輸入數據并生成 GXP 數據，不能存貯但經過接口傳輸至另一個系統，例如五類線和六類線，典型例子是溫度探頭。Category 5:An electronic system where GxP data are permanently stored,and these GxP data are not modified by the user to ge

93、nerate results(static GxP data).Examples could include UV instruments or IR instruments used for identification testing,in line particle size and TOC testing 第第 5 類類 電子系統，可永久存貯 GXP數據，且這些 GXP 數據不能由用戶修改生成結果（靜態 GXP 數據）。例子包括鑒別用 UV 和 IR 光譜儀，在線粒徑和 TOC 儀。Category 6:An electronic system where GxP data are p

94、ermanently stored,and the GxP data can be processed by the user to generate results.Examples could be MES systems,ERP systems,chromatographic data systems,electronic deviations management system.第第 6 類類 電子系統，其 GXP 數據可永久保存，用戶可對這些 GXP 數據進行處理生成結果。例子有 MES 系統、ERP 系統、色譜數據系統、電子偏差管理系統。In order to facilitate

95、 this system categorization,below decision flow can be used(see Figure 3).為便于系統分類，可使用以下決策流程（見圖 3）APIC/Practical risk-based guide for managing data integrity Version 1,March 2019 APIC 基于風險的數據完整性管理實踐指南 第 1 版 201903 翻譯 JULIA 頁 16/60 Figure 3 System categorization Evaluate the system and the associated

96、GxP data Is the system electronic?Does the system permanently store electronic GxP data?Is the GxP data manually observed and transcribed in another system?GxP data printed on a paper record?Cat 1 Cat 2 Cat 3 Cat 4 Cat 5 Cat 6 Non-electronic Manual observations Printed Interfacing Permanent storage

97、Processable storage Modification/deletion of GxP data possible?Yes No No Yes No Yes No Yes No APIC/Practical risk-based guide for managing data integrity Version 1,March 2019 APIC 基于風險的數據完整性管理實踐指南 第 1 版 201903 翻譯 JULIA 頁 17/60 圖3 系統分類 4.2.2 System categorization requirements 系統分類需求 It is important t

98、o follow the different chronological steps described in the previous and next chapters to assure review of all the GxP data and their severity.This process assesses the complete dataflow and enables identifying the appropriate remediation.The below described requirements for the different system cat

99、egorisations can help in defining the actions at the end of the process(see Table 1).重點是要遵守之前所述和下一章中所述不同的時序步驟，以確保對所有 GXP 數據及其嚴重性的審核。本流程評估的是完整的數據流，使得能夠找出適當的補救措施。下述不同系統分類要求可有助于在流程結束時制訂措施（參見表 1）。a)Good documentation practices:優良文件記錄規范優良文件記錄規范 Good documentation practices are a general quality requireme

100、nt and should be in line with the ALCOA principles,as described earlier in this document.This is applicable to all categories where 評估系統及相關 GXP 數據 是否電子系統?系統是否永久保存電子 GxP 數據?GxP 數據是否人為觀察后轉錄至另一系統?GxP 數據是否打印在一張紙質記錄上?第 1 類 第 2 類 第 3 類 第 4 類 第 5 類 第 6 類 非電子 人工觀察 打印 接口 永久存貯 可處理的存貯 GxP 數據是否有可能修改/刪除？?是 否 否 是

101、 否 是 否 是 否 APIC/Practical risk-based guide for managing data integrity Version 1,March 2019 APIC 基于風險的數據完整性管理實踐指南 第 1 版 201903 翻譯 JULIA 頁 18/60 GxP data is created.Starting from medium criticality up to high criticality(GxP activities)a process to control the issuance and reconciliation of documents

102、/log books.In addition,GxP data should be reviewed.優良文件記錄規范是一個通用質量要求，正如本文件早前所述，應與 ALCOA 原則相一致。它適用于 GXP 數據創建的所有類別，從中等關鍵程度直到高度關鍵（GXP 活性）的控制文件/記錄本發放和回收流程。另外，GXP 數據應進行審核。b)Access control:訪問控制訪問控制 A system needs to be in place to control unauthorised access to systems.應具備有系統對未經授權訪問系統進行控制。c)User levels:用戶

103、水平用戶水平 Depending upon a specific job responsibility,users can have different privileges in a system.An administrator will have more privileges in order to maintain the system and all the related GxP data,while an end-user only will operate the system and use the GxP data to generate results.This sho

104、uld achieve segregation of duties.Each user must have an individual ID and password to log into the system.根據具體的崗位職責，用戶可具備不同的系統權限。一個管理員將具備更多的權限以對系統和相關GXP 數據進行維護，而終端用戶則只能操作系統和使用 GXP 數據生成結果。這需要拆分職責。每個用戶必須具備個人 ID 和密碼來登錄系統。d)Audit trail:審計審計追蹤追蹤 The system should have a functionality to document the dif

105、ferent activities that have taken place.Who has done what,when and why?系統應具備記錄已發生的不同活動的功能，以及是誰在何時為何原因操作。It is important to consider both the GxP data audit trail and the system audit trail.重點要考慮 GXP 數據審計追蹤和系統審計追蹤。e)Audit trail review:審計審計追蹤追蹤審核審核 An audit trail is only useful if there is a regular r

106、eview of the activities that are stored in it.Depending upon the criticality of these stored GxP data the frequency of the review will increase and should be risk based.審計追蹤僅當定期審核存貯在其中的活動時才有用。根據這些所存貯的 GXP 數據的關鍵程度，審核頻次將增加，且應基于風險決定。f)Back-up/Restore/Archive 備份備份/恢復恢復/歸檔歸檔 A process needs to be in plac

107、e for the back-up of the electronic GxP data in order to guarantee that GxP data is retrievable,reproducible and unaltered for the retention period of the record.A test should be completed periodically to restore these GxP data confirming that it can still be read and is complete.應具備一個流程對電子 GXP 數據進行

108、備份，以確保 GXP 數據在記錄保存期間可恢復、復制以及不可修改。應定期完成這些 GXP 數據的恢復測試以確認其完整可讀。GxP Data(paper and electronic)are archived in a dedicated,protected and controlled environment.The record retention period should be defined in writing and depends upon the criticality of the GxP data.GXP 數據（紙質與電子）存檔在一個受保護控制的專用環境中。記錄保存時間應根

109、據 GXP 數據的關鍵程度以書面形式確定。APIC/Practical risk-based guide for managing data integrity Version 1,March 2019 APIC 基于風險的數據完整性管理實踐指南 第 1 版 201903 翻譯 JULIA 頁 19/60 Table 1 Minimum system requirements based on categories 表 1 各級別對系統的最低需求 Category Severity(score)Good documentation practices Access control User l

110、evels Audit trail review+frequency Back-up/restore/archive 分類分類 嚴重程度嚴重程度（評分）（評分）優良文件記錄規范優良文件記錄規范 訪問權限訪問權限控制控制 用戶層次用戶層次 審計追蹤審計追蹤 審審核核+頻次頻次 備份備份/恢復恢復/存檔存檔 Category 1(non-electronic)Low(1)X N/A N/A N/A X Medium(2-3)X+controlled issuance/reconciliation of docs N/A N/A N/A X High(4-5)X+controlled issuanc

111、e/reconciliation of docs N/A N/A N/A X 第第 1 類類（非電子）（非電子）低（1）X 不適用 不適用 不適用 X 中（2-3）X+文件受控發放/計數回收 不適用 不適用 不適用 X 高（4-5）X+文件受控發放/計數回收 不適用 不適用 不適用 X Category 2(manual observations)Low X N/A N/A N/A X Medium(2)X+controlled issuance/reconciliation of docs N/A N/A N/A X Medium(3)X+controlled issuance/reconc

112、iliation of docs+risk-based witnessing of critical GxP data N/A N/A N/A X High(4-5)X+controlled issuance/reconciliation of docs+risk-based witnessing of critical GxP data N/A N/A N/A X 第第 2 類類（人工觀察）低 X 不適用 不適用 不適用 X 中(2)X+文件受控發放/計數回收 不適用 不適用 不適用 X 中(3)X+文件受控發放/計數回收+對關鍵GXP數據基于風險的觀察 不適用 不適用 不適用 X 高(4-

113、5)X+文件受控發放/計數回收+對關鍵GXP數據基于風險的觀察 不適用 不適用 不適用 X Category 3(printed)Low(1)X N/A N/A N/A X Medium(2-3)X+controlled issuance/reconciliation of docs+printing of relevant GxP data X1 N/A N/A X High(4-5)X+controlled issuance/reconciliation of docs+printing of relevant GxP data X1 N/A N/A X 第第 3 類類(打印的)低(1)X

114、 不適用 不適用 不適用 X 中(2-3)X+文件受控發放/計數回收+打印相關GXP 數據 X2 不適用 不適用 X 高(4-5)X+受控發放/文件計數回收+打印相關GXP 數據 X1 不適用 不適用 X Category 4(system sending GxP data via interfacing)(interface qualified as part of the system)Low(1)X N/A N/A N/A N/A Medium(2-3)X+controlled issuance/reconciliation of docs,if any X Minimum 2:admi

115、n,end user(where human intervention is required)N/A N/A High(4-5)X X Minimum 2:N/A N/A 1 Access control only for securing time and date settings 僅對時間日期設置進行權限控制 2 Access control only for securing time and date settings僅對時間日期設置進行權限控制 APIC/Practical risk-based guide for managing data integrity Version

116、1,March 2019 APIC 基于風險的數據完整性管理實踐指南 第 1 版 201903 翻譯 JULIA 頁 20/60 Category Severity(score)Good documentation practices Access control User levels Audit trail review+frequency Back-up/restore/archive 分類分類 嚴重程度嚴重程度（評分）（評分）優良文件記錄規范優良文件記錄規范 訪問權限訪問權限控制控制 用戶層次用戶層次 審計追蹤審計追蹤 審審核核+頻次頻次 備份備份/恢復恢復/存檔存檔+controll

117、ed issuance/reconciliation of docs,if any admin,end user(where human intervention is required)第第 4 類類(系統通過一個接口發送 GXP 數據)（接口作為系統的一部分進行確認）低(1)X 不適用 不適用 不適用 不適用 中(2-3)X+文件（如有）受控發放/計數回收 X 中 2:管理員、最終用戶（如需人工干預）不適用 不適用 高(4-5)X+文件（如有）受控發放/計數回收 X 中 2:管理員、最終用戶（如需人工干預）不適用 不適用 Category 5(Permanent storage)Low(1

118、)X X Administrator N/A X Monthly Back-up Medium(2-3)X+controlled issuance/reconciliation of docs,if any X Minimum 2:admin,end user X System ATR every 2 years X Weekly Back-up High(4-5)X+controlled issuance/reconciliation of docs,if any X Minimum 2:admin,end user X System ATR:once per year X Daily Ba

119、ck-up 第第 5類類(永久存貯)低(1)X X 管理員 N/A X 每月備份 中(2-3)X+文件（如有）受控發放/計數回收 X 中 2:管理員、最終用戶 X 系統 ATR 每2 年一次 X 每周備份 高(4-5)X+文件（如有）受控發放/計數回收 X 中 2:管理員、最終用戶 X 系統 ATR:每年一次 X 每天備份 Category 6(Processable storage)Low(1)X X Administrator N/A X Monthly Back-up Medium(2)X+controlled issuance/reconciliation of docs,if any

120、 X Minimum 2:admin,end user X Data ATR:risk based(e.g.spot check)System ATR:every 2 years X Weekly Back-up Medium(3)X+controlled issuance/reconciliation of docs,if any X Minimum 2:admin,end user X Data AT review:every batch System ATR:every 2 years X Weekly Back-up High(4-5)X+controlled issuance/rec

121、onciliation of docs,if any X Minimum 2:admin,end user Data:every batch System ATR:risk based,e.g.yearly X Daily Back-up 第第 6 類類(可處理方式存貯)低(1)X X 管理員 N/A X Monthly Back-up 中(2)X+文件（如有）受控發放/計數回收 X 中 2:管理員、最終用戶 X 數據 ATR:基于風險(例如抽查)系統 ATR:每 2年 X 每周備份 中(3)X+文件（如有）受控發放/計數回收 X 中 2:管理員、最終用戶 X 數據 AT 審核:每批 系統 A

122、TR:每 2 年 X 每周備份 高(4-5)X+文件（如有）受控發放/計數回收 X 中 2:管理員、最終用戶 數據:每批 系統 ATR:基于風險，例如每年 X 每天備份 APIC/Practical risk-based guide for managing data integrity Version 1,March 2019 APIC 基于風險的數據完整性管理實踐指南 第 1 版 201903 翻譯 JULIA 頁 21/60 4.3 System Assessment 系統評估系統評估 To manage the individual risks relating to Data Int

123、egrity,it is necessary to assess the gaps within the individual systems and processes.為管理與數據完整性有關的每個風險，有必要對各系統和流程內的差距進行評估。For all combinations of systems,processes and GxP data,it is necessary to challenge the following areas:對于所有包含系統、流程和 GXP 數據的組合，有必要挑戰以下方面：Administrator Roles&Responsibilities 管理身份

124、&職責 Administrator role and responsibilities,Training 管理員身份和職責，培訓 Security/User Access Control 安全性/用戶訪問控制 Access Approval,Authentication,Authorisation,Periodic Access Review 訪問批準、身份驗證、授權、定期訪問審核 Signatures 簽名 Electronic signatures,Wet Signatures 電子簽名，原始簽名（即手寫簽名）Data review 數據審核 Data review process,Dou

125、ble witnessing 數據審核流程，雙人復核 Audit trail 審計追蹤 Audit trail review process,Functionality 審計追蹤審核流程，功能性 Data lifecycle management 數據生命周期管理 Archival/Retrieval,Records Retention,Backup/Restore,(True)Copies,Dynamic GxP data 存檔/檢索、記錄保存、備份/恢復、（真實）副本、動態GXP數據 System life cycle management 系統生命周期管理 Calibration/Qua

126、lification/Validation,Periodic review,Change control,GxP Data migration,Risk management,Transient GxP Data Management 校正/確認/驗證、定期審核、變更控制、GXP數據遷移、風險管理、臨時GXP數據管理 Time Stamps 時間戳 Access security,Daylight savings Time,Synchronization,Time/Date format and precision,Time zone 訪問安全性、夏令時、同步、時間/日期格式和精密度、時區 T

127、hese aspects have been documented in a detailed Data Integrity checklist and used to identify the current gaps(refer to Table 2).這些方面已記錄在詳細的數據完整性檢查表中用于識別目前差距（參見表 2）。The example checklist consists of 44 questions.Not all questions are applicable to all systems:based on the system profiling as defined

128、 on section 4.2,the system category(from 1 to 6)will guide the decision as to which questions apply.檢查清單例子包括有 44 個問題。并不是所有的問題適用于所有系統。根據第 4.2 部分所定義的系統概況分析所得系統類別（從 1-6 類），可知哪些問題適用。APIC/Practical risk-based guide for managing data integrity Version 1,March 2019 APIC 基于風險的數據完整性管理實踐指南 第 1 版 201903 翻譯 JUL

129、IA 頁 22/60 Table 2 detailed data integrity checklist 表2 詳細的數據完整性檢查表 ID Topic 主題主題 Sub topic 子題目子題目 Question 問題問題 Category 類別類別 Acceptance criteria 可接受標準可接受標準 Does the system meet the criteria?系系統是否符合統是否符合標準？標準？Description of gap 差距描述差距描述 Comments 備注備注 1 System lifecycle management Calibration/Qualif

130、ication/Validation Is the system calibrated/qualified/validated in accordance with an approved life cycle management procedure?Comment:Includes Paper based systems(procedures for paper batch records needs to be qualified completion of batch record,BRR,archival,)1/2/3/4/5/6 Documented objective evide

131、nce shall be present showing that the system performs as intended.A life cycle management process shall be followed to implement the system.Calibration/qualification/validation documentation for the system shall be maintained during the lifetime of the system and retained in accordance with the comp

132、anies Retention Schedule.系統生命周期管理 校正/確認/驗證 系統是否根據已批準的生命周期管理程序進行校正/確認/驗證？備注：備注：包括基于紙質的系統（紙質批記錄程序需要確認批記錄、BPR、存檔的完成情況）1/2/3/4/5/6 應呈交文件化客觀證據顯示系統表現符合預期。應按照生命周期管理流程實施系統。系統校正/確認/驗證文件應在系統生命周期內進行維護，并根據公司保存計劃保存。2 System lifecycle management Change control Are changes to the system controlled according to the

133、 sites change management process?1/2/3/4/5/6 All changes to the original validated/qualified state shall be captured in a Change Management process,including:-All system-,patch-and user roles changes;-All activities performed by Administrators;-GxP Data changes outside the system(database,flat files

134、);系統生命周期管理 變更控制 對系統的變更是否根據現場變更管理流程進行控制？1/2/3/4/5/6 所有對原始驗證/確認狀態的變更均應按變更管理流程處理，包括：-所有系統、批次和用戶身份變更-由管理員執行的所有活動-系統以外的 GXP 數據變更（數據庫、平面文件）3 System lifecycle management Data migration Is data verification executed as part of computer system validation activities when GxP data is migrated from a source sys

135、tem to another system?5/6 Data migration from a source system to another system requires GxP data verification as part of computer system validation activities.GxP Data shall be verified for completeness and accuracy using a statistically relevant sample.系統生命周期管理 數據遷移 在 GXP 數據從源系統遷移至另一個系統時，是否進行數據核查并

136、將其作為計算機系統驗證活動的一部分？5/6 數據從源系統遷移至另一個系統需要對 GXP 數據進行核查并作為計算機系統驗證活動的一部分。應使用統計學相關樣本核查 GXP 數據的完整性和準確性。4 System lifecycle management Transient Data Management Are the requirements for temporary(interfacing)GxP data defined and documented?Examples:data translations,compression,scan-rates,3/4/5/6 Transient Gx

137、P Data(interface)requirements shall be defined.系統生命周期管理 臨時數據管理 臨時【接口】GXP 數據的需求是否定義并記錄？3/4/5/6 應定義臨時 GXP 數據【接口】需求 5 System lifecycle Transient Data Is the interface validated for intended use?Definition of Interface:GxP Data in this 4 The interface shall be validated for intended use.During the set-u

138、p and validation,it should be APIC/Practical risk-based guide for managing data integrity Version 1,March 2019 APIC 基于風險的數據完整性管理實踐指南 第 1 版 201903 翻譯 JULIA 頁 23/60 ID Topic 主題主題 Sub topic 子題目子題目 Question 問題問題 Category 類別類別 Acceptance criteria 可接受標準可接受標準 Does the system meet the criteria?系系統是否符合統是否符合標

139、準？標準？Description of gap 差距描述差距描述 Comments 備注備注 management Management interfacing system is received from a sending system and forwarded to a receiving system without permanent storage of GxP data in this interfacing system.These systems only transfer GxP data.Note:Connections like RS-232 cords,Moxa-

140、boxes,USB-cables,etc.shall not be treated as interfaces since they do not have user or security management and they do not temporarily store raw GxP data before sending it to the receiving system.These connections shall be treated as being part of the sending system.guaranteed that:-the GxP data res

141、iding at the receiving system is the exact representation of the GxP data generated at the sending system.-no business users are able to manipulate this temporary GxP data at the intermediate storage location.系統生命周期管理 臨時數據管理 接口是否驗證符合其既定用途？“接口”的定義：從發送系統接收 GXP 數據并發送至一個接收系統，而不在此接口系統中存貯 GXP 數據。此類系統僅轉移 G

142、XP 數據。注：RS-232、摩沙盒、USB 線等不應作為是接口，因為他們并沒有用戶或安全管理，他們亦不會在發送GXP 原數據至接收系統之前臨時存貯這些數據。這些連接應作為發送系統的一部分來對待。4 接口應驗證是否符合既定用途。在設置和驗證期，應確保：-駐存在接收系統內的 GXP 數據準確代表在發送系統中生成的 GXP 數據-沒有業務用戶能篡改在中間存貯位置的臨時GXP 數據 6 System lifecycle management User accounts Are user accounts required specifically for system testing/qualifi

143、cation in the Production Environment disabled at the end of testing/qualification?5/6 Business administrators shall ensure that if any user accounts are required specifically for system testing/qualification in the production environment,these accounts are disabled at the end of testing/qualificatio

144、n.系統生命周期管理 用戶賬號 生產環境中的系統測試/確認所需的特殊用戶賬號在測試/確認結束后是否要關閉？5/6 業務管理員應確保如果在生產環境下系統測試/確認需要特殊用戶賬號，則這些賬號在測試/確認結束之后要關閉 7 System lifecycle management Periodic review Is the system periodically reviewed and is the review documented according to a prescribed process?1/2/3/4/5/6 On a periodic basis a system review

145、 shall evaluate the current range of functionality,deviation records,incidents,changes,problems,upgrade history,performance,reliability,security and validation status reports.The period shall be defined based on risk.系統生命周期管理 定期審核 系統是否定期審核，審核是否根據所述流程記錄？1/2/3/4/5/6 系統審核應定期評估目前功能范圍、偏差記錄、事件、變更、問題、升級歷史、

146、性能、可靠性、安全保護和驗證狀態報告。應根據風險規定該周期。8 Data lifecycle management Data capture/entry Does the system enforces saving at the moment of GxP data entry?2/3/4/5/6 The system should enforce saving immediately after critical GxP data entry.GxP Data entry prior to saving to permanent memory with audit trail(server

147、,database)is considered to be temporary memory.The length of time that GxP data is held in temporary memory should be minimized.數據生命周期管理 數據捕獲/錄入 系統是否在 GXP 數據錄入時即保存？2/3/4/5/6 系統應在關鍵 GXP 數據錄入之后立即保存。GXP 數據錄入后保存為具有審計追蹤的永久記憶之前（服務 APIC/Practical risk-based guide for managing data integrity Version 1,March

148、 2019 APIC 基于風險的數據完整性管理實踐指南 第 1 版 201903 翻譯 JULIA 頁 24/60 ID Topic 主題主題 Sub topic 子題目子題目 Question 問題問題 Category 類別類別 Acceptance criteria 可接受標準可接受標準 Does the system meet the criteria?系系統是否符合統是否符合標準？標準？Description of gap 差距描述差距描述 Comments 備注備注 器、數據庫）被認為是臨時記憶。GXP 數據保留在臨時記憶中的時間長度應盡可能縮短。9 Data lifecycle

149、management Data capture/entry Is a process or procedure in place to identify which system generates and retains the primary GxP data record,in case of discrepancy when the same information is captured by more than one system?2/3/4/5/6 If the same information is captured by more than one system,a pro

150、cess or procedure shall be present to identify which system generates and retains the primary record,in case of discrepancy.The assigned primary record should provide the greatest accuracy,completeness,content and meaning.數據生命周期管理 數據捕獲/錄入 如有在多個系統采集相同信息，在存在分歧時，是否有流程或程序識別哪個系統生成和保存初始 GXP 數據記錄？2/3/4/5/6

151、 如有多個系統采集相同信息，在存在分歧時，應有一個流程或程序識別是哪個系統生成和保存初始記錄。10 Data lifecycle management Data capture/entry Are good documentation and record management practices applied on non-electronic GxP data?1/2 Good documentation and record management practices shall be applied on non-electronic GxP data.數據生命周期管理 數據采集/錄入

152、 非電子 GXP 數據是否應用優良文件記錄管理規范？1/2 優良文件記錄管理規范應適用于非電子 GXP 數據 11 Data lifecycle management Copies Is a documented process in place to verify and record the integrity and authenticity of the copy when exact or true copies are retained in place of the original GxP data record?1/3/5/6 Exact or true copies of

153、original records may be retained in place of the original record(e.g.scan of a paper record)provided that a documented process is in place to verify and record the integrity and authenticity of the true copy.數據生命周期管理 副本 如果保存了確切或真實副本，代替原始 GXP 數據記錄，是否有文件化流程用于核查和記錄副本的完整性和真實性？1/3/5/6 如果有一個文件化流程核查和記錄真實副本

154、的完整性和真實性，則原始記錄的確切或真實副本可代替原始記錄保存（例如，紙質記錄的掃描件）12 Data lifecycle management Retention Are all GxP data(Including meta data and audit trail data)retained in accordance with the companies Retention Schedule and applicable GxP 1/2/3/4/5/6 GxP Data generated,including paper records,system records and corre

155、sponding audit trail entries,shall be retained in accordance with the companys retention schedule and any applicable legal hold notices.GxP documents shall be maintained in a secured storage location that is reasonably accessible and readily available for review to responsible personnel.數據生命周期管理 保存

156、是否所有 GXP 數據（包括元數據和審計追蹤數據）按公司的保存計劃和適用 GXP 進行保存？1/2/3/4/5/6 生成的 GXP 數據，包括紙質記錄、系統記錄和相應審計追蹤內容均應根據公司的保存計劃和所有適用法定保存要求進行保存。GXP 文件應保存在一個受到安全保護的存貯位置，為負責人的審核提供合理訪問途徑并易于獲得。13 Data lifecycle management Backup/restore Is a risk-based approach used to define the strategy and the frequency for backup and restore a

157、nd is the backup,restore strategy documented,validated and periodically tested?5/6 Formal Data Backup procedures for all GxP relevant data shall be established,documented,validated and periodically tested.Backup storage time shall be based on companys requirements.Data Backups shall include both bus

158、iness GxP data and metadata and system GxP data.Data backup frequency shall be pre-determined.and APIC/Practical risk-based guide for managing data integrity Version 1,March 2019 APIC 基于風險的數據完整性管理實踐指南 第 1 版 201903 翻譯 JULIA 頁 25/60 ID Topic 主題主題 Sub topic 子題目子題目 Question 問題問題 Category 類別類別 Acceptance

159、 criteria 可接受標準可接受標準 Does the system meet the criteria?系系統是否符合統是否符合標準？標準？Description of gap 差距描述差距描述 Comments 備注備注 shall be periodically performed per a risk assessment.Data Backups shall be performed prior to any system upgrade or maintenance activity.The process of restoring a Data Backup shall be

160、 checked with a pre-defined frequency determined by a risk assessment and shall be documented according to the companys procedure.數據生命周期管理 備份/恢復 是否使用了基于風險的方法來定義備份和恢復策略與頻次，備份和恢復策略是否有文件記錄、驗證和定期測試？5/6 應為所有 GXP 相關數據建立書面正式的數據稷程序，進行驗證并定期測試。備份存貯時間應基于公司的需求。數據備份應包括業務 GXP 數據和元數據以及系統 GXP 數據。數據備份頻次應預先確定，并根據風險評估

161、定期執行。任何系統升級或維護活動之前應進行數據備份?；謴蛿祿浞莸牧鞒虘鶕陲L險評估預定的頻次進行檢查，并根據公司的程序記錄。14 Data lifecycle management Backup/restore Is a scheduling system maintained for manual data backups and are manual backup processes traceable throughout the process of performing the activity?5/6 For manual Data Backup,a scheduling s

162、ystem shall be maintained.The scheduling system shall track and notify the appropriate personnel when backup is required.Manual backup processes shall be traceable throughout the process of performing the activity.數據生命周期管理 備份/恢復 手動數據備份是否有計劃系統，手動備份流程在實施活動的流程中是否可追溯？5/6 手動數據備份應有一份計算系統。計劃系統應追蹤并通過適當的人員何時

163、需要備份。手動備份流程應在實施活動的流程中可追溯 15 Data lifecycle management Backup/restore Does backup include all relevant raw GxP data,metadata and audit trail data?5/6 Where computerized systems are used to capture,process,report or store raw GxP data electronically,data backups shall include both business GxP data,me

164、ta data and system GxP data.The items included in audit trail should be those of relevance to permit reconstruction of the process or activity.數據生命周期管理 備份/恢復 備份是否包括所有相關 GXP 原數據、元數據和審計追蹤數據？5/6 如果使用了計算機化系統以電子形式采集、處理、報告或存貯 GXP 原數據，數據備份應包括業務 GXP 數據、元數據和系統 GXP 數據。審計追蹤中包括的項目應與允許重構活動流程有關。16 Data lifecycle

165、management Backup/restore Are the backups stored in a secure location protected from unauthorized users/people?5/6 The location of the backup shall be separated from the production system.The backup shall be stored in a secure location protected from unauthorized users/people,fire and water(sprinkle

166、r and other sources of water and moisture,fire protection and housekeeping).Access to backup data shall not be provided to non-authorized user roles.數據生命周期管理 備份/恢復 備份是否存貯在安全位置，保護不允許未經授權的用戶/人操作 5/6 備份存貯位置應與生產系統分開。備份應存貯在安全的位置受到保護，不允許未經授權的用戶/人操作、防 APIC/Practical risk-based guide for managing data integ

167、rity Version 1,March 2019 APIC 基于風險的數據完整性管理實踐指南 第 1 版 201903 翻譯 JULIA 頁 26/60 ID Topic 主題主題 Sub topic 子題目子題目 Question 問題問題 Category 類別類別 Acceptance criteria 可接受標準可接受標準 Does the system meet the criteria?系系統是否符合統是否符合標準？標準？Description of gap 差距描述差距描述 Comments 備注備注 火防水（消防噴淋或其它來源的水和水分、防火和房屋維護）。不應允許未經授權的用

168、戶身份訪問備份數據。17 Data lifecycle management Backup/restore Do changes to the Data Backups process follow a formal change control process?5/6 Any changes to scheduled Data Backups shall follow the formal change management process.數據生命周期管理 備份/恢復 數據備份流程的變更是否遵守正式的變更控制流程？5/6 對所計劃的數據備份的變更應遵守正式的變更管理流程 18 Data l

169、ifecycle management Archival/retrieval Does the system have an archival strategy documented and is the GxP data retrieval process periodically verified?1/3/5/6 The system shall have an archival strategy documented.GxP Data and associated meta data shall be archived if system modifications impact the

170、 functionality to read or to process existing files.GxP Data shall be archived at the retirement of the system.Data archival storage time shall be defined per the companys Retention Schedule.GxP Data retrieval of archived records shall be tested on a periodic basis,as required by applicable regulati

171、on,using a statistically relevant sample.數據生命周期管理 存檔/檢索 系統是否有書面的存檔策略，GXP 數據檢索流程是否定期核查？1/3/5/6 系統應有書面的存檔策略。如果系統修改影響讀取功能或處理現有文件的功能，則 GXP 數據和相關元數據應存檔。系統退役時應將 GXP 數據存檔。已存檔記錄的 GXP 數據檢索應按適用法規，采用統計學相關樣本定期測試 19 Data lifecycle management Archival/retrieval Are archived GxP data records stored in a secure loc

172、ation protected from unauthorized users/people,fire and water(sprinkler and other sources of water and moisture,fire protection and housekeeping)?1/3/5/6 Archive records shall be locked such that they cannot be altered or deleted without detection and audit trail.Access to the archived GxP data shal

173、l be limited to the System Administrator.If GxP data are archived in a readable format(e.g.pdf files stored in a controlled network folder),they may be made available to the business users for consultation purposes.數據生命周期管理 存檔/檢索 已存檔 GXP 數據記錄是否存貯在安全的位置，防止未經授權用戶/人員操作、防火和防水（消防噴淋或其它來源的水和水分、防火和房屋維護）？1/3

174、/5/6 存檔記錄應上鎖，使得其不能在未被發現和審計追蹤情況下被修改或刪除。對已存檔 GXP 數據的訪問應限制于系統管理員。如果 GXP 數據已采用只讀格式存檔（例如，PDF 文件存貯在一個受控的網絡文件夾中），則可提供給業務用戶用于參考。20 Data lifecycle management Dynamic data Is dynamic GxP data kept in its dynamic state?6 Raw GxP data that is generated electronically should remain in its dynamic(electronic)stat

175、e if the ability to interact with the GxP data is critical to its integrity or later verification.Where the capability of the electronic system permits dynamic storage,it is not appropriate for low-resolution or static(printed/manual)GxP data to be collected in preference to high resolution or dynam

176、ic(electronic)GxP data.APIC/Practical risk-based guide for managing data integrity Version 1,March 2019 APIC 基于風險的數據完整性管理實踐指南 第 1 版 201903 翻譯 JULIA 頁 27/60 ID Topic 主題主題 Sub topic 子題目子題目 Question 問題問題 Category 類別類別 Acceptance criteria 可接受標準可接受標準 Does the system meet the criteria?系系統是否符合統是否符合標準？標準？De

177、scription of gap 差距描述差距描述 Comments 備注備注 數據生命周期管理 動態數據 動態 GXP 數據是否以動態狀態保存？6 如果與 GXP 數據互動的能力對其完整性或后期確認甚為關鍵，則以電子形式生成的 GXP 原數據應以其動態（電子）形式保存。如果電子系統能夠進行動態存貯，則優先采集低分辨度或靜態（打印/手動）GXP 數據而不是高分辨率或動態（電子）GXP 數據是恰當的。21 Data lifecycle management Records Are records protected against intentional or accidental modifi

178、cation or deletion throughout the record retention period?1/3/5/6 Computerized system records shall be protected against intentional or accidental modification or deletion throughout the companies Retention Schedule.Appropriate controls shall be in place to ensure the integrity of the record through

179、out the companies Retention Schedule.These controls must prevent manipulation and/or unscheduled destruction of original hard copy paper as well as electronic documents and must be validated in the case of electronic controls.數據生命周期管理 記錄 在記錄保存期間是否保護記錄不受有意無意的修改或刪除？1/3/5/6 計算機化系統應受到保護使得其在公司的保存計劃期間不受有意

180、無意修改或刪除。應有適當的控制確保公司保存時間內的記錄完整性。這些控制必須防止原始紙質副本以及電子文件的篡改和/或未按計劃銷毀，如果是電子控制則必須進行驗證。22 Audit trail Functionality Is good documentation practice applied for paper records?1/2/3 Good documentation practice shall be applied at the creation and completion of paper records.審計追蹤 功能性 紙質記錄是否應用優良文件記錄規范？1/2/3 紙質記錄

181、的創建和完成應適用優良文件記錄規范 23 Audit trail Functionality Is there an audit trail in place for user management and system settings?2/3/4/5/6 Where computerized systems are used to capture,process,report or store raw GxP data electronically,the GxP data shall include user management-and system settings.The item

182、s included in audit trail should be those of relevance to permit reconstruction of the generation,modification and deletion of the user management-and system settings.審計追蹤 功能性 用戶管理和系統設置是否有審計追蹤？2/3/4/5/6 如果使用了計算機化系統以電子方式采集、處理、報告或存貯 GXP 原數據，則 GXP 數據應包括用戶管理和系統設置。審計追蹤中所包括的項目應允許重構用戶管理和系統設置的生成、修改和刪除。24 Au

183、dit trail Functionality Is there an audit trail in place for GxP data supporting product release 5/6 Where computerized systems are used to capture,process,report or store raw GxP data electronically,system design should provide for the retention of full audit trails.The items included in audit trai

184、l should be those of relevance to permit reconstruction of the process or activity.審計追蹤 功能性 支持產品放行的 GXP 數據是否有審計追蹤？5/6 如果使用了計算機化系統以電子方式采集、處理、報告或存貯 GXP 原數據，則系統設計應能保存全部審 APIC/Practical risk-based guide for managing data integrity Version 1,March 2019 APIC 基于風險的數據完整性管理實踐指南 第 1 版 201903 翻譯 JULIA 頁 28/60

185、ID Topic 主題主題 Sub topic 子題目子題目 Question 問題問題 Category 類別類別 Acceptance criteria 可接受標準可接受標準 Does the system meet the criteria?系系統是否符合統是否符合標準？標準？Description of gap 差距描述差距描述 Comments 備注備注 計追蹤。審計追蹤中包括的項目允許重構流程或活動。25 Audit trail Functionality Do users or administrators have the ability to amend or switch

186、off the audit trail?2/3/4/5/6 End users shall not have the ability to amend or switch off the audit trail.If the system administrator has access to disable the audit trail a procedure shall be in place to mitigate/prevent this.審計追蹤 功能性 用戶或管理員是否有能力修改或關閉審計追蹤？2/3/4/5/6 最終用戶不應有能力修改或關閉審計追蹤。如果系統管理員可進入并關閉審

187、計追蹤，則應制訂程序降低/防止其發生。26 Audit trail Audit trail review Are audit trails reviewed according to the applicable procedures?2/3/4/5/6 The companys requirements on audit trail review shall be taken into account and should be supported by a risk-based approach to define the process and frequency for executi

188、on.審計追蹤 審核追蹤審核 是否根據適用程序執行審計追蹤審核？2/3/4/5/6 應考慮公司對審計追蹤審核的需求，并采用基于風險的方法支持以規定執行流程和頻次。27 Audit trail Audit trail review Is an investigation initiated when data integrity issues are identified during the review?2/3/4/5/6 If any risks or data integrity issues are identified during the audit trail review,an

189、 investigation shall be initiated according to the companys non-conformance handling procedures.審計追蹤 審核追蹤審核 如果在審核中發現數據完整性問題，是否啟動調查？2/3/4/5/6 如果在審計追蹤審核中發現任何風險或數據完整性問題，則應根據公司的不符合事件處理程序啟動調查。28 Administrator Roles&Responsibilities Administrator role Is Segregation of Duties in place for the system?1/2/3

190、/4/5/6 Procedures shall be in place describing how the segregation of role functions is managed.The periodic access review shall include a check to ensure that the users are assigned to the appropriate training curricula for their role and that the appropriate segregation of duties is in place.If re

191、quired to have dual roles in a single account,a Quality management approved procedural mitigation shall be in place.管理員身份&職責 管理員身份 系統職責是否有進行劃分？1/2/3/4/5/6 應有程序描述如果管理角色職責劃分。對訪問權限的定期審核應包括一項檢查，以確保用戶經過其職責所需全部課程的適當培訓，并有適當的職責劃分。如果需要在一個賬號中有雙重身份，則應有質量管理批準程序降低風險。29 Security/User Access Control Access Approva

192、l Is a procedure in place describing access approval,revocation and periodic access review?1/2/3/4/5/6 Procedures shall be in place describing the access approval,revocation and periodic review.Access to a system shall be limited to individuals with a business need to access the system.Access to the

193、 system shall be approved by the business system owner or documented delegate before access is granted.All training shall be completed prior to granting access to trainees.A check shall be performed at the time of granting access to a new role whether the user has rights that allow a APIC/Practical

194、risk-based guide for managing data integrity Version 1,March 2019 APIC 基于風險的數據完整性管理實踐指南 第 1 版 201903 翻譯 JULIA 頁 29/60 ID Topic 主題主題 Sub topic 子題目子題目 Question 問題問題 Category 類別類別 Acceptance criteria 可接受標準可接受標準 Does the system meet the criteria?系系統是否符合統是否符合標準？標準？Description of gap 差距描述差距描述 Comments 備注備

195、注 conflict of interest(segregation of role functions).An approved procedural mitigation shall be in place if a conflict of interest is unavoidable within a single account.Documented evidence of verification of relevant training shall be present.When a user no longer requires system access,a procedur

196、e shall exist to disable access in a timely manner.安全保護/用戶訪問控制 訪問權限的批準 是否有程序描述訪問權限的批準、吊銷，以及定期審核？1/2/3/4/5/6 應有程序描述訪問權限的批準、吊銷和定期審核。對系統的訪問權限應限于業務需要求訪問系統的人員。對系統的訪問應在批準訪問權限之前經過業務系統所有人的批準，或文件化委任。所有培訓均應在受訓人的訪問權限被批準之前完成。在批準訪問權限給一個新身份之前應檢查該用戶是否擁有導致利益沖突的權力（身份職責劃分）。如果利益沖突不可避免，則應有批準的程序降低風險。應存在有相關培訓確認的文件化證據。如果一

197、個用戶不再需要系統訪問權限，則應有程序及時關閉其訪問權限。30 Security/User Access Control Access Approval For contractors;Is an agreement in place with the service provider capturing the data integrity responsibilities of the service provider?1/2/3/4/5/6 An agreement shall be in place with the service provider(Quality Agreement

198、,Service Level Agreement,etc.),capturing the responsibilities of the service provider.安全保護/用戶訪問控制 訪問權限的批準 對于合同方，是否與服務提供者訂有協議說明服務提供方的數據完整性職責？1/2/3/4/5/6 應與服務提供方訂有協議（質量協議、服務水平協議等），規定服務提供方的職責 31 Security/User Access Control Authentication Is a procedure present that prohibits to operate and to sign und

199、er someone elses name?1/2/3/4/5/6 Login IDs and passwords shall only be used by their genuine owner.Procedures and training are in place to ensure individual account access is not shared with other users.Procedures and training are in place to ensure that one user does not log on to a system to prov

200、ide access to another user.安全保護/用戶訪問控制 身份驗證 是否有程序禁止以他人名義操作和登錄？1/2/3/4/5/6 登錄 ID 和密碼應僅由真實所有者使用。應有程序和培訓確保個人賬號訪問權限不與其它用戶共用。應有程序和培訓確保個人用戶不會登入系統然后讓另一個用戶訪問。32 Security/User Access Control Authentication Is the system designed and operating applying unique user specific login on the application system?No s

201、hared logins are allowed!2/3/4/5/6 Group IDs and associated passwords(shared logins or generic user access)are not acceptable and shall not be used for accessing the application if the computerized system design supports individual user access.Each user account(internal and external personnel)must h

202、ave a unique login ID and password.The lack of suitability of alternative systems shall be justified based on a review of system design,and documented.A paper-based method,described in controlled documentation,shall be available for providing traceability of user actions performed by a specific APIC

203、/Practical risk-based guide for managing data integrity Version 1,March 2019 APIC 基于風險的數據完整性管理實踐指南 第 1 版 201903 翻譯 JULIA 頁 30/60 ID Topic 主題主題 Sub topic 子題目子題目 Question 問題問題 Category 類別類別 Acceptance criteria 可接受標準可接受標準 Does the system meet the criteria?系系統是否符合統是否符合標準？標準？Description of gap 差距描述差距描述 C

204、omments 備注備注 individual.Additional controls shall be in place,including a log to track who&when used the generic account and what was performed.安全保護/用戶訪問控制 身份驗證 系統設計和運行是否使用了唯一用戶專用登錄應用系統？不允許共用登錄 2/3/4/5/6 如果計算機化系統設計支持個人用戶訪問權限設置，則組 ID 和其密碼（共用登錄賬號和通用用戶訪問）是不可接受的，不應將其用于應用軟件訪問。每個用戶賬號（內部和外部人員）均必須有唯一登錄 ID 和

205、密碼。缺乏替代系統的適用性應根據對系統設計的審核進行合理化論證，并記錄。在受控文件中描述的紙質方法應可提供由特定人員執行的用戶措施的可追溯性。應有另外的控制，包括日志來追蹤是誰以及何時使用了通用賬號以及做了什么。33 Security/User Access Control Authentication Are login IDs and passwords safeguarded to prevent unauthorized use?2/3/4/5/6 Login IDs and passwords shall be safeguarded to prevent unauthorized

206、use.The system shall only allow authorized users access to the system.安全保護/用戶訪問控制 身份驗證 登錄 ID 和密碼是否受到安全保護防止未經授權的使用？2/3/4/5/6 登錄 ID 和密碼應受到安全保護，防止未經授權的使用。系統應僅允許經過授權的用戶訪問系統。34 Security/User Access Control Authentication Does the system require enforcing for password change at a defined interval?2/3/4/5/

207、6 The system must require enforcing for a password change at a defined interval.安全保護/用戶訪問控制 身份驗證 系統是否要求按指定周期強制更改密碼？2/3/4/5/6 系統必須要求以指定周期強制更改密碼。35 Security/User Access Control Authentication Does the system block user accounts if they have executed multiple unauthorized access attempts?2/3/4/5/6 The

208、system user accounts shall be blocked if they have executed multiple unauthorized access attempts.安全保護/用戶訪問控制 身份驗證 如果用戶多次試圖未經授權訪問系統，系統是否會攔截該用戶賬號？2/3/4/5/6 如果一個用戶賬號多次嘗試未經授權訪問系統，則系統應攔截該賬號 36 Security/User Access Control Authentication Is an investigation started according to the local sites event hand

209、ling procedures in case that login credentials have been compromised and potentially misused?2/3/4/5/6 A procedural control shall be present describing that an investigation shall be initiated according to the companies nonconformance handling procedures if login credentials have been compromised an

210、d potentially misused.安全保護/用戶訪問控制 身份驗證 如果登錄憑證有危險可能被誤用，是否根據本地事件處理程序啟動調查？2/3/4/5/6 應有程序控制要求在登錄憑證有危險可能被誤用時，會根據公司不符合事件處理程序啟動調查 37 Security/User Access Control Authentication Does an inactive/unattended computer system go into a non-accessible mode after a defined period of inactivity?2/3/4/5/6 An inacti

211、ve/unattended computer system shall go into a non-accessible mode after a defined period of inactivity.安全保護/用戶訪問控制 身份驗證 在不活動指定時間之后，不活動/無人看管的計算機系統是否會進入不可進入的模式？2/3/4/5/6 在不活動指定時間之后，不活動/無人看管的計算機系統應進入不可進入的模式？38 Security/User Access Control Authorization Are user roles and responsibilities pre-determined

212、 and documented in controlled documentation?1/2/3/4/5/6 Users of computerized systems shall only have access to functionality within the system as required by their job role.User roles and responsibilities shall be pre-determined and documented in controlled APIC/Practical risk-based guide for manag

213、ing data integrity Version 1,March 2019 APIC 基于風險的數據完整性管理實踐指南 第 1 版 201903 翻譯 JULIA 頁 31/60 ID Topic 主題主題 Sub topic 子題目子題目 Question 問題問題 Category 類別類別 Acceptance criteria 可接受標準可接受標準 Does the system meet the criteria?系系統是否符合統是否符合標準？標準？Description of gap 差距描述差距描述 Comments 備注備注 documentation 安全保護/用戶訪問控

214、制 身份驗證 用戶身份和職責是否在受控文件中預先確定并記錄？1/2/3/4/5/6 計算機化系統用戶應僅具備其工作身份所需的系統功能訪問權限。用戶身份和職責應在受控文件中預先確定和記錄。39 Security/User Access Control Periodic Access Review Is a risk-based approach used to define the period for access review and is a procedure in place describing how and what to review(including a check for

215、 the appropriate training expectations for each role)?1/2/3/4/5/6 A periodic review of access shall be performed at a period based on risk.安全保護/用戶訪問控制 訪問期限定期審核 是否有基于風險的方法用于定義訪問權限審核的周期，是否有程序描述如何以及由何人審核（包括檢查是否對每個身份訂有適當的培訓要求）？1/2/3/4/5/6 應按基于風險確定的周期對訪問權限進行定期審核 40 Time Stamps Synchronization Is the syst

216、em synchronized with an approved managed trusted time server(atomic clock)?3/4/5/6 The system shall be synchronized with a managed trusted time server(atomic clock)or when synchronization to a trusted time source is not possible:the administrator shall periodically review the audit log time source f

217、or accuracy against a trusted time server(atomic clock),with a frequency defined by risk assessment.The administrator shall correct inaccuracies in system time according to the companys procedures.For server-based systems,the date and time shall be taken always from the server,not from(one of)the cl

218、ient components.All components producing time information shall be synchronized automatically with a managed trusted time server(atomic clock).Synchronization shall start at the start up of the system.時間戳 同步 系統是否與一個已批準的受管理受信任時間服務器（自動時鐘）同步？3/4/5/6 系統應與一個受到管理的受信任時間服務器（自動時鐘）進行同步；或者，如果不可能與一個受信任的時間源同步，則管

219、理員應按風險評估所定義的頻次定期審核審計日志時間源的準確性，與一個受信任的時間服務器核對（自動）。管理員應根據公司程序糾正系統時間的不準確情況。對于基于服務器的系統，日期與時間應總是來自服務器，而不是來自（一個）客戶組件。所有生成時間信息的組件均應與受管理的受信任時間服務器（自動時鐘）進行自動同步。同步應自系統啟動時開始。41 Time Stamps Synchronization For paper based manual observations:do the procedures ensure to make use of an approved managed trusted clo

220、ck?1 Procedures shall be in place to ensure the usage of an approved managed trusted clock when recording date and time notations on paper records?時間戳 同步 對于紙質手動觀察：程序是否確保使用經過批準的受管理受信任的時鐘？1 在紙質記錄上記錄時間和日期標注時，應有程序確保使用經過批準的受管理的受信任時鐘 APIC/Practical risk-based guide for managing data integrity Version 1,Ma

221、rch 2019 APIC 基于風險的數據完整性管理實踐指南 第 1 版 201903 翻譯 JULIA 頁 32/60 ID Topic 主題主題 Sub topic 子題目子題目 Question 問題問題 Category 類別類別 Acceptance criteria 可接受標準可接受標準 Does the system meet the criteria?系系統是否符合統是否符合標準？標準？Description of gap 差距描述差距描述 Comments 備注備注 42 Time Stamps Time and date format and precision Are d

222、ates in a format that makes the day,month,and year and time zone clearly discernible?1/2/3/4/5/6 Dates shall be in a format that makes the day,month,and year clearly discernible.If a 12-hour format is being used to record time,“AM”or“PM”must always be included in the time recorded(e.g.12:43 PM)for e

223、very entry.Any format of AM or PM is acceptable,e.g.AM/PM,A.M./P.M.,a.m./p.m.,etc.if the meaning is clear in context.Calculations shall be verified for conversion between 24-hour and 12-hour format.The time&date format chosen shall be defined and consistently used.時間戳 時間與日期格式和精密度 日期的格式是否可清晰分辨時區、年月日？

224、1/2/3/4/5/6 日期格式應可清晰分辨時區、年月日。如果采用 12小時格式記錄時間，則每條記錄中所記錄時間里應總是包括“AM”（上午）或“PM”（下午）（例如 12：43PM）。任何格式的 AM或 PM均是可接受的，例如 AM/PM、A.M./P.M.、a.m./p.m.等，只要在上下文中含義清楚即可。24 小時與 12 小時格式之間的轉換要經過確認。應定義所選擇的時間&日期格式，使用時要保持一致。43 Time Stamps Daylight savings Is the system capable of taking a daylight-saving time switch to

225、 correct for summer or winter time?3/4/5/6 When the system is technically not capable to take daylight-saving time switch into account automatically,specific arrangements need to be implemented and defined in a procedure for that system.These arrangements shall make sure that no GxP data are lost or

226、 overwritten.Additional notation may be required for clarity for those two-time definitions whenever displayed or printed.時間戳 夏令時 系統是否能實現夏令時轉換以修正夏天或冬天時間？3/4/5/6 如果系統從技術角度不能自動轉移夏令時，則需要執行特定的安排，并在該系統的程序中規定。這些安排應確保沒有 GXP 數據丟失或被改寫。如果需要展示或打印，則可能需要有額外的注釋說明這兩個時間的定義。44 Time Stamps Access security Can non-IT

227、administrator roles change systems date and time settings(including time zone settings)?3/4/5/6 Only system administrators shall have sufficient authority to change systems date and time settings.Non-administrator roles shall have read only access.時間戳 訪問權限安全保護 非 IT 管理員身份是否可更改系統日期和時間設置（包括時區設置）？3/4/5/

228、6 只有系統管理員才應具備足夠的權力更換系統日期和時間設置。非管理員身份應僅有只讀權限。APIC/Practical risk-based guide for managing data integrity Version 1,March 2019 APIC 基于風險的數據完整性管理實踐指南 第 1 版 201903 翻譯 JULIA 頁 33/60 5 Risk Assessment 風險評估風險評估 The gaps identified by applying the checklist from the previous section,will feed into a risk as

229、sessment.通過執行前一部分的檢查清單識別出差距，然后輸入風險評估。It is essential that the Risk Assessment process involves a truly scientific examination of Data Integrity controls and is not solely used to justify existing practices.風險評估流程中有必要對數據完整性控制進行真實科學的檢驗，而不僅是用于論證現有做法。The risk assessment methodology should include genera

230、l rules for scoring,minimum attendance at the risk assessment sessions,how the outcomes from the risk assessment should be tracked,and how the resultant risk assessments should be approved and archived.風險評估方法學應包括評分通則、風險評估課程的最低出勤率、風險評估結果如何追蹤，以及風險評估結果要如何批準及達成。In the example,the FMEA methodology is app

231、lied and the following general stages are distinguished(alternative methodologies described in ICH Q9 are acceptable):在實例中使用的是 FMEA 方法，分為以下通用階段（在 ICH Q9 中所述的其它方法亦可接受）：A.Identification of Failure Modes:within the context of this guideline the failure modes are to be derived directly from the identifi

232、ed gaps in the previous section.B.失效模式的識別，在本指南中失效模式要直接從之前部分所識別的差距中分析獲得 C.Assessment of Failure Modes using a structured formalized risk assessment.D.采用結構化正式風險評估對失效模式進行評估 E.Evaluation of risks using a Risk Priority Number(RPN)defined as follows F.采用以下定義的風險優先度（RPN）法對風險進行評估 RPN=Severity X Occurrence X

233、Detectability RPN=嚴重程度 X 發生概率 X 檢出概率 APIC/Practical risk-based guide for managing data integrity Version 1,March 2019 APIC 基于風險的數據完整性管理實踐指南 第 1 版 201903 翻譯 JULIA 頁 34/60 Figure 4 Risk Assessment example 圖4：風險評估舉例 （原表為 EXCEL 表格截圖）ID#Checklist ID Step Function/Requirement or Data flow Step Potential F

234、ailure Mode Effect Severity Occurrence Detectability RPN ID 號 檢查清單號 步驟 功能/需求或數據流步驟 可能的失效模式 效果 嚴重程度 發生概率 檢出能力 RPN 1 N/A Data process mapping Software:functionality Data review Users can run multiple analysis from the same sample without recording the first initial runs in the system Testing into comp

235、liance 4 1 4 16 NA【數據流程分析】軟件功能 數據審核 用戶可對同一樣品運行多次分析而不記錄在該系統的首次運行 檢測直到合格 4 1 4 16 2 ID44 Time Stamps Access security A non-IT administrator role is able to change systems date and time settings.Analyst can misrepresent times of analysis to falsify on results 4 2 4 32 ID44 時間戳 訪問權限安全保護 非 IT 管理員身份可以修改系統

236、日期和時間設置 化驗員可使用錯誤的分析時間來偽造結果 4 2 4 32 3 ID26 Audit trail Audit trail review Relevant audit trails are not being reviewed since the system is not having a user friendly report to do so.Possible incorrect data used in making a batch release decision,having possible impact on product quality and patients

237、 safety 4 3 3 36 ID26 審計追蹤 審計追蹤審核 由于系統沒有人性化報告執行審計追蹤審核，因此相關審計追蹤未得以審核 可能使用了不正確的數據來做出批放行決策，可能對產品質量和患者安全產生影響 4 3 3 36 4 ID15 Data lifecycle management Backup/restore Backup does not include all relevant GXP metadata Permanent loss of GXP data 3 2 3 18 ID15 數據生命周期管理 備份/恢復 備份不包括所有相關 GXP 元數據 永久丟失 GXP 數據 3

238、2 3 18 APIC/Practical risk-based guide for managing data integrity Version 1,March 2019 APIC 基于風險的數據完整性管理實踐指南 第 1 版 201903 翻譯 JULIA 頁 35/60 To build the FMEA,the individual gaps in column A to E are resulting out of:為構建 FMEA，第 A-E 列的單個差距來自：the data process mapping(section 0)數據流程（第 0 部分）example:failu

239、re modes in manual transcribing GxP data from one system into the other 實例：從一個系統中人工謄寫 GXP 數據至另一個系統的失效模式 the system assessment applying a checklist with some standard questions to be evaluated(section 4.3)使用檢查清單采用一些標準問題評估后得到系統評估 Severity colu mn G:Considers the worst possible consequence of a failure

240、 classified by the degree of injury,property damage,system damage and mission loss that could occur.嚴重程度第嚴重程度第 G 列：列：考慮傷害程度、財產損失、系統損壞和任務損失可能發生時可能的最壞失效后果 Table 3 example of severity scoring 表3 嚴重程度評估分舉例 5 Very high 很高 4 High 高 3 Medium High 中高 2 Medium 中 1 Low 低 Guidance with regard to assigning seve

241、rity is given in section 4.1 關于嚴重程度分級的指南在第 4.1 部分給出。Occ urrenc e c olumn H:also called likelihood,is a numerical estimate of the likelihood that the failure mode will occur 發生概率第發生概率第 H 列：列：亦稱為“可能性”，是對失效模式發生可能性的數字化估算 This variable is to be evaluated system by system/process by process/data set by da

242、ta set.該變更要逐個系統/流程/數據系列進行評估 Table 4 Example of occurrence scoring 表4 發生概述評分舉例 4 The event is likely to occur/this event has occurred historically 事件非常有可能發生/歷史上曾經發生該事件 3 The event is possible to occur/events of this nature have been historically reported 事件有可能發生/歷史上未曾報告過此類事件 2 Is unlikely to occur/ev

243、ents of this nature have not been historically reported 不可能發生/歷史上未曾報告過此類事件 1 Is very unlikely to occur/events of this nature have not been historically reported 非常不可能發生/歷史上未曾報告過此類事件 0 Is technically not possible to occur/technically fail safe 技術角度不可能發生/技術失效安全 Detectability column I :also called effe

244、ctiveness,is a numerical subjective estimate of the effectiveness of the controls to prevent or detect the cause or failure mode before the failure reaches the customer.檢出能力第檢出能力第 I 列：列：亦稱為“有效程度”，是對失效情況到達客戶處之前預防或發現原因或失效模式控制的有效性的數字化客觀估算 This variable is to be evaluated system by system/process by pro

245、cess/data set by data set.該變量要逐個系統/流程/數據系列進行單獨評估。APIC/Practical risk-based guide for managing data integrity Version 1,March 2019 APIC 基于風險的數據完整性管理實踐指南 第 1 版 201903 翻譯 JULIA 頁 36/60 Table 5 Example of detectability scoring 表5 檢出能力評估舉例 4 No detection mechanism exists 沒有發現機制 3 Is likely to be detected

246、 after lot release 可能在批放行之后發現 2 Is likely to be detected before lot release 可能在批放行之前發現 1 Will be detected before lot release on each occasion 每次均會在批放行之前發現 The evaluation of risk is attained in terms of RPN using the formula reported above.RPN are grouped in order to define three different levels of

247、risk.The grouping is performed such that an equal number of combinations is present within each RPN group.With reference to the example above,the following RPN group thresholds apply:風險評估的 RPN 是采用以上報告的公式計算而得。對 RPN 進行分級，定義三個不同級別的風險。分級方法是讓每個 RPN 級別中出現的組合有相同的數字。參考上述實例，應用以下 RPN 分級值。Table 6 example of RP

248、N grouping 表6 RPN分級舉例 RPN Risk category 風險分級風險分級 0-8 Low(green)低（綠）低（綠）9-23 Medium(amber)中（黃）中（黃）24-80 High(red)高（紅）高（紅）APIC/Practical risk-based guide for managing data integrity Version 1,March 2019 APIC 基于風險的數據完整性管理實踐指南 第 1 版 201903 翻譯 JULIA 頁 37/60 6 Risk Management 風險管理風險管理 Once the risk has be

249、en assessed,mitigation actions and priorities to address them should be defined.一旦對風險進行了評估，則應制訂降低風險的措施以及進行優先排序的方法。According to the significance of the risk,short-term and long-term mitigation actions should be defined.These mitigations should lead to an increased control over process,GxP data or sys

250、tems by acting on probability and/or detectability.根據風險的嚴重程度，應規定短期和長期風險降低措施。這些風險降低措施應通過對發生可能性和/或檢出能力采取措施增加對流程、GXP 數據或系統的控制。Some examples of short-and/or long-term remediation actions are reported later in the document(section 8).一些短期和/或長期補救措施在文件的后面報道（第 8 部分）。After defining short-term and long-term m

251、itigation actions,re-assess the risks to confirm the expected residual risk is acceptable.在規定了短期和長期風險降低措施之后，對風險重新評估以確認預期的殘留風險是可以接受的。Typically,risks identified as low can be accepted without any further action.Certain medium risks can still be accepted on a temporary basis provided no further mitigat

252、ion actions are possible at the time of evaluation(e.g.upgrade of software nor alternative solution available from vendor).Such type of remaining medium risks should be periodically re-evaluated.一般來說，識別為低的風險可以接受而不需要更多措施。有些中等風險如果在評估時無法采取更多風險降低措施時仍可臨時接受（例如，不能更新軟件，供應商亦不能提供替代解決方法）。此類保留的中等風險應定期進行再評估。Acti

253、ons should be defined and tracked in alignment with the companys CAPA and risk management procedures.應根據公司的 CAPA 和風險評估程序制訂措施并進行跟蹤。APIC/Practical risk-based guide for managing data integrity Version 1,March 2019 APIC 基于風險的數據完整性管理實踐指南 第 1 版 201903 翻譯 JULIA 頁 38/60 Figure 5 example of risk mitigation a

254、ctions 圖5 降低風險措施舉例 ID#Step Potential Failure Mode RPN Intermediate action Severity Occurrence Detectability RPN Long-term recommended actions Severity Occurrence Detectability RPN ID 號 步驟 潛在失效模式 RPN 即刻措施 嚴重程度 發生概率 檢出能力 RPN 建議長期措施 嚴重程度 發生概率 檢出能力 RPN 1 Software functionality Users can run multiple ana

255、lysis from the same sample without recording the first initial runs in the system 16 Introduce a log book to be filled in for each run they start and run 4 1 2 8 Update the software to go to the version which is storing all of the 4 1 1 4 軟件功能 用戶對同一樣品可運行多個分析，而不記錄在該系統的首次運行 16 引入日志填寫其啟動并運行的每次分析 4 1 2

256、8 更新軟件至可存貯所有運行的版本 4 1 1 4 2 Time Stamps A non-IT administrator role is able to change systems date and time settings 32 Restrict the access for that specific role in the system 4 0 4 0 N/A(covered by intermediate action)4 0 4 0 時間戳 非 IT 管理員身份可以修改系統日期和時間設置 32 限制系統中特定身份的訪問權限 4 0 4 0 N/A（即刻措施已包括）4 0 4

257、0 3 Audit trail Relevant audit trails are not being reviewed since the system is not having a user friendly report to do so.36 Implement some validated queries to pull by IT on a frequent basis and provide the data to the end user for review purposes 4 2 2 16 Implement validated reports containing t

258、he validated queries giving the end user the possibility to pull and review the data with a higher frequency on its own.4 1 1 4 審計追蹤 由于系統沒有人性化報告界面，因此相關審計追蹤未審核 36 實施一些經驗證的詢問由 IT 頻繁拉出，并提供該數據給最終用戶用于審核 4 2 2 16 實施經過驗證含有經驗證詢問的報告，為終端用戶提供自然較高頻次拉出并審核數據的可能 4 1 1 4 4 Data lifecycle management Backup does not

259、include all relevant GxP metadata.18 Run separate backup runs for the relevant GxP meta data 3 1 4 12 Include the relevant GxP meta in the backup process of the related GxP raw data 3 1 2 6 數據生命周期管理 備份未包括所有相關 GXP 元數據 18 運行單獨的備份流程備份 GXP 元數據 3 1 4 12 在相關 GXP 原數據備份流程中包括相關 GXP 元數據 3 1 2 6 In the specifi

260、c example,as a result of implementation of remediation action,residual risk is reduced to low/medium level on short term and to low level on long term basis.在具體案例中，由于實施了補救措施，殘留風險已在短期內降低至低/中等水平，并在長期基礎上降低至低水平。APIC/Practical risk-based guide for managing data integrity Version 1,March 2019 APIC 基于風險的數據

261、完整性管理實踐指南 第 1 版 201903 翻譯 JULIA 頁 39/60 7 References 參考文獻參考文獻 1.ICH Q7 Good Manufacturing Practice for APIs ICH Q7 原料藥 GMP 2.ICH Q9 Quality Risk Management ICH Q9 質量風險管理 3.ICH international conference of harmonisation.(August 2009).Q8(R2).ICH Q8(R2)200908 4.MHRA.(March 2018).GxP Data Integrity Guida

262、nce and Definitions.MHRA（201803）GXP 數據完整性指南與定義 5.PIC/S PHARMACEUTICAL INSPECTION CONVENTION.(Nov 2018).GOOD PRACTICES FOR DATA MANAGEMENT AND INTEGRITY(PI 041-1 DRAFT 3).PIC/S（201811）數據管理和完整性優良規范（PI041-1 草案 3）6.WHO.(September 2015).GUIDANCE ON GOOD DATA AND RECORD MANAGEMENT.WHO（201503）優良數據和記錄管理規范 7

263、.FDA,Data Integrity and Compliance with Drug CGMP-Questions&Answers-Guidance for industry,Dec 2018 FDA 行業指南：數據完整性與藥品 CGMP 合規問答 201812 APIC/Practical risk-based guide for managing data integrity Version 1,March 2019 APIC 基于風險的數據完整性管理實踐指南 第 1 版 201903 翻譯 JULIA 頁 40/60 8 Examples 實例實例 8.1 Production Sy

264、stems and Process Risk Assessment 生產系統和工藝風險評估 1)Scenario:情境 The MES system is an IT platform,having several modules for serving end to end manufacturing purposes.For this example,the focus is on the production execution module,in particular the Synthesis process module.Material GxP data is available

265、 and approved.Equipment is calibrated,configured under change control and in a clean status.Raw materials are available and approved.Users are trained and assigned the correct role.The recipes have lifecycle management guaranteeing change control and are in an approved status.MES 系統是一個 IT 平臺，具備幾個模塊服

266、務于端對端生產目的。在本例中，主要關注的是生產執行模塊，尤其是“合成”工藝模塊?？梢垣@得和批準物料GXP 數據。設備已經過校正，根據變更控制程序進行了參數設置，處于清潔狀態。原料藥已有并經過批準。用戶已經過培訓，并給予正確的身份。配方有生命周期管理，確保變更的控制及處于已批準狀態。Sample labels are all created from a prepopulated template.樣品標簽均采用預先制訂的的模板創建。Remark:備注 The analytical instruments are not taking into account for this example

267、as this is already covered under the lab system example.在本例中不考慮分析儀器因其已包括在實驗室系統舉例中。2)Business process mapping 業務流程分析 The business process mapping utilizes the 6 FDA systems and their subsystems 業務流程分析采用了 FDA 的六大系統及其子系統方式。FDA Process:Production control system FDA 流程：生產控制系統 A A 14 QC Laboratory Analysi

268、s 1.Vendor Qualification 2.Raw Material 3.Process Manufacturing Order 4.Material Picking/Staging 5.Weigh&Dispense 6.Material Charging 7.Processing 8.Material Discharging 9.Packing 11.Batch Record Review 12.Batch Releases 13.Logistics 10 In-process Controls APIC/Practical risk-based guide for managin

269、g data integrity Version 1,March 2019 APIC 基于風險的數據完整性管理實踐指南 第 1 版 201903 翻譯 JULIA 頁 41/60 Sub Process:Processing(Synthesis)子流程：工藝處理（合成）7.1/溶解 6.投料過程 7.2/混合 7.3/加熱&攪拌 7.4/取樣/檢測 7.5/降溫(停止反應)B B 7.6/結晶 7.7/取樣/檢測 7.8/分離 7.9/洗滌&干燥 8.放料過程 7.1/Dissolution 6.Charge Material Process 7.2/Mixing 7.3/Heating&St

270、eering 7.4/Sampling/Testing 7.5/Cooling(Stop reaction)B B 7.6/Crystallization 7.7/Sampling/Testing 7.8/Isolation 7.9/Washing&Drying 8.Material Discharge Process A A 14 QC 實驗室分析 1.供應商確認 2.原料 3.工藝生產指令 4.領料/清場 5.稱重&分料 6.投料 7.加工 8.放料 9.包裝 11.批記錄審核 12.批放行 13.物流 10 中控 APIC/Practical risk-based guide for m

271、anaging data integrity Version 1,March 2019 APIC 基于風險的數據完整性管理實踐指南 第 1 版 201903 翻譯 JULIA 頁 42/60 2)Data(paper/electronic)and system identification 數據（紙質/電子）和系統識別 a.System identification:(see section 3 step A)系統識別（參見第 3 部分第 A 步驟）7.1 7.2 7.3 7.4 7.5 7.6 7.7 7.8 7.9 Start Dissolution Mixing Heating&Stee

272、ring Sampling/Testing Cooling(Stop reaction)Crystallization Sampling/Testing Isolation Washing&Drying 開始 溶解 混合 加熱&攪拌 取樣/檢測 降溫（停止反應）結晶 取樣/檢測 分離 洗滌&干燥 GxP Data electronic electronic electronic paper/electronic electronic electronic paper/electronic electronic electronic GXP 數據 電子 電子 電子 紙質/電子 電子 電子 紙質/

273、電子 電子 電子 System MES PCS/DCS Data Historian MES PCS/DCS Data Historian MES PCS/DCS Data Historian MES Analytical Instrument3 Sample label LIMS MES PCS/DCS Data Historian MES PCS/DCS Data Historian MES Sample label LIMS MES PCS/DCS Data Historian MES PCS/DCS Data Historian 系統 MES PCS/DCS數據庫 MES PCS/DC

274、S數據庫 MES PCS/DCS數據庫 MES 分析儀器 樣品標簽 LIMS MES PCS/DCS數據庫 MES PCS/DCS數據庫 MES 樣品標簽 LIMS MES PCS/DCS數據庫 MES PCS/DCS數據庫 3 Instrument with DI requirements is not further discussed in this example as this is already covered in the lab system example.有 DI 需求的儀器在本例中不展開討論，因為已覆蓋在實驗室系統例子中。APIC/Practical risk-base

275、d guide for managing data integrity Version 1,March 2019 APIC 基于風險的數據完整性管理實踐指南 第 1 版 201903 翻譯 JULIA 頁 43/60 b.Data Identification:(see section 3 step B)數據識別（參見第 3 部分步驟 B）Step 7.1 Dissolution 7.2 Mixing 7.3 Heating&Steering 7.4 Sampling/Testing 7.5 Cooling(Stop reaction)7.6 Crystallization 7.7 Sampl

276、ing/Testing 7.8 Isolation 7.9 Washing&Drying 步驟步驟 7.1 溶解溶解 7.2 混合混合 7.3 加熱加熱&攪拌攪拌 7.4 取樣取樣/檢測檢測 7.5 降低（停降低（停止反應）止反應）7.6 結晶結晶 7.7 取樣取樣/檢測檢測 7.8 分離分離 7.9 洗滌洗滌&干干燥燥 System 1:PCS/DCS Transferring and controlling GxP data from the equipment towards the Data historian and MES systems 系統系統 1：PCS/DCS從設備向數據庫

277、和從設備向數據庫和 MES 系統轉移和控制系統轉移和控制 GXP 數據數據 GxP Data elements Speed of addition Steering Speed Vessel Temp Sludge Temp Pressure Agitation speed Steering Speed Temperature*Temperature*Pressure Speed Temperature*Pressure Speed Agitation speed Temperature Quantity added Temperature*Temperature Pressure GXP數據

278、要素 加入速度 回轉速度 容器溫度 物料溫度 壓力 攪拌速度 回轉速度 溫度 溫度 壓力 速度 溫度 壓力 速度 攪拌速度 溫度 加入數量 溫度 溫度 壓力 System 2:Data Historian Recording of the continuous pressure/temperature/speed(trend)data,for permanent storage 系統系統 2：數據庫：數據庫持續記錄壓力持續記錄壓力/溫度溫度/速度（趨勢）數據，用于永久存貯速度（趨勢）數據，用于永久存貯 GxP Data elements Speed of addition Steering S

279、peed Vessel Temp Sludge Temp Pressure Agitation speed Steering Speed Temperature Temperature Pressure Speed Temperature Pressure Speed Agitation speed Temperature Quantity added Temperature Temperature Pressure GXP數據要素 加入速度 回轉速度 容器溫度 物料溫度 壓力 攪拌速度 回轉速度 溫度 溫度 壓力 速度 溫度 壓力 速度 攪拌速度 溫度 加入數量 溫度 溫度 壓力 Syste

280、m 3:MES 系統系統 3：MES GxP Data elements User ID Start Date&Time End Date&Time Equipment ID Ph Dissolution confr.Speed of addition Steering Speed Vessel Temp Sludge Temp Pressure User ID Start Date&Time End Date&Time Equipment ID Duration*Agitation speed Steering Speed Temperature*User ID Start Date&Tim

281、e End Date&Time Equipment ID Temperature*Pressure Speed User ID Start Date&Time End Date&Time Equipment ID Batch Material ID Storage Condition User ID Start Date&Time End Date&Time Equipment ID Duration User ID Start Date&Time End Date&Time Equipment ID Ph User ID Start Date&Time End Date&Time Equip

282、ment ID Batch Material ID Storage Condition User ID Start Date&Time End Date&Time Equipment ID Loss on drying Visual check result Duration User ID Start Date&Time End Date&Time Equipment ID Quantity*Duration APIC/Practical risk-based guide for managing data integrity Version 1,March 2019 APIC 基于風險的數

283、據完整性管理實踐指南 第 1 版 201903 翻譯 JULIA 頁 44/60 Step 7.1 Dissolution 7.2 Mixing 7.3 Heating&Steering 7.4 Sampling/Testing 7.5 Cooling(Stop reaction)7.6 Crystallization 7.7 Sampling/Testing 7.8 Isolation 7.9 Washing&Drying 步驟步驟 7.1 溶解溶解 7.2 混合混合 7.3 加熱加熱&攪拌攪拌 7.4 取樣取樣/檢測檢測 7.5 降低（停降低（停止反應）止反應）7.6 結晶結晶 7.7 取

284、樣取樣/檢測檢測 7.8 分離分離 7.9 洗滌洗滌&干干燥燥 GXP數據要素 用戶 ID 開始日期&時間 結束日期&時間 設備 ID pH 溶出 用戶 ID 開始日期&時間 結束日期&時間 設備 ID 時長 攪拌速度 回轉速度 溫度 用戶 ID 開始日期&時間 結束日期&時間 設備 ID 溫度 壓力 速度 用戶 ID 開始日期&時間 結束日期&時間 設備 ID 批號 物料 ID 存貯條件 用戶 ID 開始日期&時間 結束日期&時間 設備 ID 時長 用戶 ID 開始日期&時間 結束日期&時間 設備 ID pH 用戶 ID 開始日期&時間 結束日期&時間 設備 ID 批號 物料 ID 存貯條件

285、 用戶 ID 開始日期&時間 結束日期&時間 設備 ID 干燥失重 目檢結果 時長 用戶 ID 開始日期&時間 結束日期&時間 設備 ID 數量 時長 System 4:LIMS 系統系統 4：LIMS GxP Data elements Sample ID User ID Date/Time Quantity/Batch Material ID Sample result*Sample ID User ID Date/Time Quantity/Batch Material ID Sample result*GXP數據要素 樣品 ID 用戶 ID 時間/日期 數量/批號 物料 ID 樣品結果

286、 樣品 ID 用戶 ID 時間/日期 數量/批號 物料 ID 樣品結果 System 5:Sample Label 系統系統 5：樣品標簽：樣品標簽 GxP Data elements Sample ID User ID Date/Time Quantity/Batch Material ID Storage Condition Sample ID User ID Date/Time Quantity/Batch Material ID Storage Condition GXP數據要素 樣品 ID 用戶 ID 時間/日期 數量/批號 物料 ID 存貯條件 樣品 ID 用戶 ID 時間/日期

287、數量/批號 物料 ID 存貯條件 APIC/Practical risk-based guide for managing data integrity Version 1,March 2019 APIC 基于風險的數據完整性管理實踐指南 第 1 版 201903 翻譯 JULIA 頁 45/60 c.Highlight electronic GxP data that can be modified/deleted or re-processed after creation.(as indicated by an asterix in above table)(see section 3

288、step C)特別要注意在創建之后可修改/刪除/可重新處理的電子 GXP 數據（如上表中帶星項）（參見第 3 部分步驟 C）3)Data and System categorization 數據和系統分類 a.Data severity assessment(see section 4.1)數據嚴重程度評估（參見第 4.1 部分）This example will focus on the MES system only.The PCS/DCS,Data Historian,Sample label and LIMS should be handled in a separate assess

289、ment.本例僅關注 MES 系統。PCS/DCS、數據庫、樣品標簽和 LIMS 應采用單獨評估處理。The MES is used for intermediates and APIs manufacturing.MES 用于中間體和 API 生產。According to the severity definitions,the API categorisation results in very high severity data.根據嚴重程度定義，API 分級為非常高嚴重程度的數據非常高嚴重程度的數據。b.System profiling(see section 4.2,decisi

290、on tree figure 3)系統概況（參見第 4.2 部分決策樹圖 3）System 1:PCS/DCS-cat 6 系統 1：PCS/DCS 第 6 類系統 System 2:Data Historian-cat 5 系統 2：數據庫第 5 類系統 System 3:MES-cat 6 系統系統 3：MES第第 6 類系統類系統 System 4:LIMS-cat 6 系統 4：LIMS第 6 類系統 System 5:Sample label-cat 1 系統 5：樣品標簽第 1 類系統 c.System assessment:(according to checklist 4.3

291、table 2)Only the gaps are in below overview.系統評估：（根據第 4.3 部分檢測清單表 2）以下概覽僅展示了差距 APIC/Practical risk-based guide for managing data integrity Version 1,March 2019 APIC 基于風險的數據完整性管理實踐指南 第 1 版 201903 翻譯 JULIA 頁 46/60 Topic Sub topic Question Acceptance criteria Does the system meet the criteria?Descripti

292、on of gap 主題主題 子標題子標題 問題問題 可接受標準可接受標準 系統是否符系統是否符合標準合標準 差距描述差距描述 Data lifecycle management Retention Are all GxP data(Including meta data and audit trail data)retained in accordance with the companies Retention Schedule?Data generated,including paper records,system records and corresponding audit tra

293、il entries,shall be retained in accordance with the companies retention schedule and any applicable legal hold notices,GxP documents shall be maintained in a secured storage location that is reasonably accessible and readily available for review to responsible personnel.No The units of measures are

294、not part of the backup and archiving data set.Since these is valuable information in interpreting the time,pressure,temperature notations they become GxP meta data to be retained during the applicable schedule and for disaster recovery purposes.數據生命周期管理 保存 是否所有 GXP 數據（包括元數據和審計追蹤數據）均根據公司保存計劃進行保存？所生成的

295、數據，包括紅質記錄、系統記錄和相應的審計追蹤內容均應根據公司的保存計劃和所有適用法定保存通知進行保存。GXP 文件應保存在安全的存貯位置，負責審核的人可以合理的方式易于獲取。否 測量單元不是備份和存檔數據系列的一部分。由于這些在解釋時間、壓力、溫度注釋方面是非常有價值的信息，他們成為GXP 元數據以適用的計劃時間進行保存，并在災難恢復時使用。Audit trail Audit trail review Are audit trails reviewed according to the applicable procedures?The companies requirements on au

296、dit trail review shall be taken into account and should be supported by a risk based approach to define the process and frequency for execution No For some steps,the entered duration,temperature or quantity could be modified after the data has been saved.No audit trail is available.審計追蹤 審計追蹤審核 審計追蹤是

297、否根據適用程序進行審核？應考慮公司對審計追蹤審核的要求，并有基于風險的方法進行支持，用以確定流程和執行頻次。否 有些步驟中錄入時長、溫度或數據可在數據保存后進行修改。沒有審計追蹤。Security/User Access Control Authentication Does an inactive/unattended computer system go into a non-accessible mode after a defined period of inactivity?An inactive/unattended computers system shall go into a

298、 non-accessible mode after a defined period of inactivity.No The MES user sessions are not being locked automatically after a defined period of inactivity.安全保護/用戶訪問權限控制 身份驗證 在指定的不活動時間之后，不活動/無人看管的計算機系統是否會進入無法訪問的模式？在指定的不活動時間之后，不活動/無人看管的計算機系統應該進入無法訪問的模式 否 MES 用戶會話在指定不活動時長后不會自動鎖定 Security/User Access Co

299、ntrol Periodic Access Review Is a risk based approach used to define the period for access review and is a procedure in place describing how and what to review(including a check for the appropriate training expectations for each role)?A periodic review of access shall be performed at a period based

300、on risk.No Periodic access review is not being performed for the administrator roles.安全保護/用戶訪問權限控制 訪問權限定期審核 是否使用基于風險的方法來定義訪問權限審核的周期，是否有程序描述如何審核以及審核什么（包括檢查每個身份是否符合適當的培訓要求）？應根據基于風險確定的周期定期審核訪問權限 否 未對管理員身份的訪問權限進行定期審核 Time Stamps Access security Can non-IT administrator roles change systems date and time

301、 settings(including time zone settings)?Only system administrator shall have sufficient authority to change system date and time settings.Non-administrator roles shall have read only access.No The client PCs are not protected for unintentional changes towards the time and date settings.Since for the

302、 sampling step the PCs time and date notations are automatically being used,this is critical to be locked for manipulation.時間戳 訪問安全保護 非 IT 管理員身份是否可修改系統時間和日期設置（包括時區設置）？應只有系統管理員才具備足夠的權力修改系統日期和時間設置。非管理員身份只應具備只讀權限 否 客戶端 PC 未受到保護不被無意修改時間和日期設置。由于所用 PC 時間和日期標注的抽樣步驟是自動的，因此進行鎖定防止篡改至為關鍵 APIC/Practical risk-ba

303、sed guide for managing data integrity Version 1,March 2019 APIC 基于風險的數據完整性管理實踐指南 第 1 版 201903 翻譯 JULIA 頁 47/60 4)Risk Assessment(FMEA to calculate the gaps and their current individual Risk Priority Numbers(RPN)(see section 5)風險評估（計算差距的 FMEA 以及其當前單個風險優先度得分（RPN）參見第 5 部分 ID#Checklist ID Step Function/

304、Requirement or Data flow Step Potential Failure Mode Effect Severity Occurrence Detectability RPN ID號 檢查清單號 步驟 功能/需求或數據流步驟 潛在失效模式 后果 嚴重程度 發生概率 檢出能力 RPN 1 8 Retention Are all GxP data including meta data and audit all data retained in accordance with the companies Retention Schedule?The units of meas

305、ures are not part of the backup and archiving data set.Since these is valuable information in interpreting the time,pressure,temperature notations they become GxP meta data to be retained during the applicable schedule and for disaster recovery purposes.Data can be lost 5 4 1 20 8 保存 是否所有 GXP 數據（包括元

306、數據和審計追蹤數據）均根據公司保存計劃進行保存？測量單元不是備份和存檔數據系列的一部分。由于這些在解釋時間、壓力、溫度注釋方面是非常有價值的信息，他們成為 GXP 元數據以適用的計劃時間進行保存，并在災難恢復時使用。數據可能丟失 5 4 1 20 2 14 Audit trail review Are audit trails reviewed according to the applicable procedures?For some steps,the entered duration,temperature or quantity could be modified after the

307、 data has been saved.No audit trail is available.Manipulation of data possible 5 3 4 60 14 審計追蹤 審計追蹤是否根據適用程序進行審核？有些步驟中錄入時長、溫度或數據可在數據保存后進行修改。沒有審計追蹤。數據可能被篡改 5 3 4 60 3 17 Authentication Does an inactive/unattended computer system go into a non-accessible mode after a defined period of inactivity?The M

308、ES user sessions are not being locked automatically after a defined period of inactivity.Possible misused of someones session and credentials 5 3 4 60 17 身份驗證 在指定的不活動時間之后，不活動/無人看管的計算機系統是否會進入無法訪問的模式？MES 用戶會話在指定不活動時長后不會自動鎖定 可能誤用某人的對話和憑證 5 3 4 60 4 23 Periodic Access Review Is a risk based approach use

309、d to define the period for access review and is a procedure in place describing how and what to review(including a check for the appropriate training expectations for each role)?Periodic access review is not being performed for the administrator roles.Risk on administrators access rights being misus

310、ed while people have moved position,possibly leading to uncontrolled changes to the system 5 3 3 45 23 訪問權限定期審核 是否使用基于風險的方法來定義訪問權限審核的周期，是否有程序描述如何審核以及審核什么（包括檢查每個身份是否符合適當的培訓要求）？未對管理員身份的訪問權限進行定期審核 當人員調崗時存在管理員訪問權限被誤用的風險，可能導致系統修改不受控制 5 3 3 45 5 34 Access security Can non-IT administrator roles change sys

311、tems date and time settings(including time zone settings)?The client PCs are not protected for unintentional changes towards the time and date settings.Since for the sampling step the PCs time and date notations are automatically being used,this is critical to be locked for Possible registration of

312、incorrect/manipulated time&date notation for some steps 5 2 4 40 APIC/Practical risk-based guide for managing data integrity Version 1,March 2019 APIC 基于風險的數據完整性管理實踐指南 第 1 版 201903 翻譯 JULIA 頁 48/60 manipulation.34 訪問權限安全保護 非 IT 管理員身份是否可修改系統時間和日期設置（包括時區設置）？客戶端 PC 未受到保護不被無意修改時間和日期設置。由于所用 PC 時間和日期標注的抽樣

313、步驟是自動的，因此進行鎖定防止篡改至為關鍵 可能有些步驟登記的是不正確的/篡改過的時間&日期標注 5 2 4 40 5)Risk management(see section 6)風險管理（參見第 6 部分）The above table shows that 4 of the 5 gaps have a high RPN(Red).Actions have been defined to address these issues immediately.上表所示第 4 與第 5 項差距具有高 RPN（紅色）值，已制訂措施來立即解決這些問題。Additional actions have al

314、so been defined to mitigate the other gaps 對其它差距亦制訂了其它措施來縮小差距。In the next table the RPNs are recalculated after implementation of the defined actions.下表中的 RPN 是實施了制訂的措施之后重新計算所得。ID#Potential Failure Mode Effect Severity Occurrence Detectability RPN Intermediate action Severity Occurrence Detectabilit

315、y RPN Long-term recommended actions Severity Occurrence Detectability RPN ID 號 潛在失效模式 后果 嚴重程度 發生概率 檢出能力 RPN 即刻措施 嚴重程度 發生概率 檢出能力 RPN 建議長期措施 嚴重程度 發生概率 檢出能力 RPN 1 The units of measures are not part of the backup and archiving data set.Since these is valuable information in interpreting the time,pressur

316、e,temperature notations they become GxP meta data to be retained during the applicable schedule and for disaster recovery purposes.Data can be lost 5 4 1 20 Access and include the relevant meta data in the backup and archiving data set 5 0 1 0 NA 0 測量單元不是備份和存檔數據系列的一部分。由于這些在解釋時間、壓力、溫度注釋方面是非常有價值的信息，他們

317、成為GXP 元數據以適用的計劃時間進行保存，并在災難恢復時使用。數據可能丟失 5 4 1 20 訪問并將相關元數據包括在備份和存檔數據系列中 5 0 1 0 不適用 0 2 For some steps,the entered duration,temperature or quantity could be modified after the data has been saved.No audit trail is Manipulation of data possible Implement procedure to prohibit users to change registere

318、d parameters after saving 5 1 4 20 Upgrade the system to enable the audit trail functionality of these parameters 5 1 1 5 APIC/Practical risk-based guide for managing data integrity Version 1,March 2019 APIC 基于風險的數據完整性管理實踐指南 第 1 版 201903 翻譯 JULIA 頁 49/60 ID#Potential Failure Mode Effect Severity Occ

319、urrence Detectability RPN Intermediate action Severity Occurrence Detectability RPN Long-term recommended actions Severity Occurrence Detectability RPN ID 號 潛在失效模式 后果 嚴重程度 發生概率 檢出能力 RPN 即刻措施 嚴重程度 發生概率 檢出能力 RPN 建議長期措施 嚴重程度 發生概率 檢出能力 RPN available.有些步驟中錄入時長、溫度或數據可在數據保存后進行修改。沒有審計追蹤。數據可能被篡改 5 3 4 60 執行程

320、序禁止用戶在保存之后修改已登記的參數 5 1 4 20 升級系統，激活這些參數的審計追蹤功能 5 1 1 5 3 The MES user sessions are not being locked automatically after a defined period of inactivity.Possible misused of someones session and credentials 5 3 4 60 Configure the system to go into a non-accessible mode after a defined period of inactiv

321、ity 5 0 4 0 NA 0 MES 用戶會話在指定不活動時長后不會自動鎖定 可能誤用某人的對話和憑證 5 3 4 60 設置系統參數使得在指定不活動時間后系統進入不可訪問的模式 5 0 4 0 不適用 0 4 Periodic access review is not being performed for the administrator roles.Risk on administrators access rights being misused while people have moved position,possibly leading to uncontrolled c

322、hanges to the system 5 3 3 45 Implement a process and procedure to execute the periodic review of administrator account 5 1 1 5 NA 0 未對管理員身份的訪問權限進行定期審核 當人員調崗時存在管理員訪問權限被誤用的風險，可能導致系統修改不受控制 5 3 3 45 執行流程和程序對管理員賬號進行定期審核 5 1 1 5 不適用 0 5 The client PCs are not protected for unintentional changes towards t

323、he time and date settings.Since for the sampling step the PCs time and date notations are automatically being used,this is critical to be locked for manipulation.Possible registration of incorrect/manipulated time&date notation for some steps 5 2 4 40 Implement a process to prohibit for changing the

324、 date and time setting on the PC 5 1 4 20 Lock the date and time setting on the PC 5 0 4 0 客戶端 PC 未受到保護不被無意修改時間和日期設置。由于所用 PC 時間和日期標注的抽樣步驟是自動的，因此進行鎖定防止篡改至為關鍵 可能有些步驟登記的是不正確的/篡改過的時間&日期標注 5 2 4 40 執行流程禁止修改PC 上的日期與時間設置 5 1 4 20 鎖定 PC 上的日期與時間設置 5 0 4 0 APIC/Practical risk-based guide for managing data int

325、egrity Version 1,March 2019 APIC 基于風險的數據完整性管理實踐指南 第 1 版 201903 翻譯 JULIA 頁 50/60 To close out the risk in a documented and formal way,an additional column can describe the objective evidence that has been implemented to remediate the gaps.為了以文件化正式方式關閉風險，可增加一列描述已實施措施彌補差距的客觀證據。ID#Potential Failure Mode

326、 Effect Severity Occurrence Detectability RPN Intermediate action Severity Occurrence Detectability RPN Long-term recommended actions Severity Occurrence Detectability RPN References ID 號 潛在失效模式 后果 嚴重程度 發生概率 檢出能力 RPN 即刻措施 嚴重程度 發生概率 檢出能力 RPN 建議長期措施 嚴重程度 發生概率 檢出能力 RPN 參考信息 1 The units of measures are

327、not part of the backup and archiving data set.Since these is valuable information in interpreting the time,pressure,temperature notations they become GxP meta data to be retained during the applicable schedule and for disaster recovery purposes.Data can be lost 5 4 1 20 Access and include the releva

328、nt meta data in the backup and archiving data set 5 0 1 0 NA 0 1)Inclusion of the relevant meta data in the backup and archiving data set under change control 測量單元不是備份和存檔數據系列的一部分。由于這些在解釋時間、壓力、溫度注釋方面是非常有價值的信息，他們成為 GXP 元數據以適用的計劃時間進行保存，并在災難恢復時使。數據可能丟失 5 4 1 20 訪問并將相關元數據包括在備份和存檔數據系列中 5 0 1 0 不適用 0 1）通過變

329、更控制在備份和歸檔數據系列中包括相關元數據 2 For some steps,the entered duration,temperature or quantity could be modified after the data has been saved.No audit trail is available.Manipulation of data possible Implement procedure to prohibit users to change registered parameters after saving 5 1 4 20 Upgrade the system

330、 to enable the audit trail functionality of these parameters 5 1 1 5 1)operational procedure 2)change control for system upgrade including audit trail functionality 3)audit trail review procedure adapted including the review of related data 有些步驟中錄入時長、溫度或數據可在數據保存后進行修改。沒有審計追蹤。數據可能被篡改 5 3 4 60 執行程序禁止用戶

331、在保存之后修改已登記的參數 5 1 4 20 升級系統，激活這些參數的審計追蹤功能 5 1 1 5 1）操作程序 2）通過變更控制升級系統以包括審計追蹤功能 3）采用審計追蹤審核程序，包括對相關數據的審核 3 The MES user sessions are not being locked automatically after a defined period of inactivity.Possible misused of someones session and credentials 5 3 4 60 Configure the system to go into a non-a

332、ccessible mode after a defined period of inactivity 5 0 4 0 NA 0 1)configuration of the system sessions settings under change control APIC/Practical risk-based guide for managing data integrity Version 1,March 2019 APIC 基于風險的數據完整性管理實踐指南 第 1 版 201903 翻譯 JULIA 頁 51/60 ID#Potential Failure Mode Effect

333、Severity Occurrence Detectability RPN Intermediate action Severity Occurrence Detectability RPN Long-term recommended actions Severity Occurrence Detectability RPN References ID 號 潛在失效模式 后果 嚴重程度 發生概率 檢出能力 RPN 即刻措施 嚴重程度 發生概率 檢出能力 RPN 建議長期措施 嚴重程度 發生概率 檢出能力 RPN 參考信息 MES 用戶會話在指定不活動時長后不會自動鎖定 可能誤用某人的對話和憑證 5 3 4 60 設置系統參數使得在指定不活動時間后系統進入不可訪問的模式 5 0 4 0 不適用 0 1）通過變更程序對系統對話設置進行參數設置 4 Periodic access review