欧盟GMP附录11-计算机系统(中英文对照)

EUROPEANCOMMISSION欧盟委员会HEALTHANDCONSUMERSDIRECTORATE-GENERAL卫生与消费者协会PublicHealthandRiskAssessment公共卫生与风险评估Pharmaceuticals药品Brussels,SANCO/C8/AM/sl/ares(2010)1064599EudraLexTheRulesGoverningMedicinalProductsintheEuropeanUnion欧盟药品生产规范Volume4卷4GoodManufacturingPracticeMedicinalProductsforHumanandVeterinaryUse人用与兽用药品良好生产管理规范Annex11:ComputerisedSystems附件11：计算机系统Legalbasisforpublishingthedetailedguidelines:Article47ofDirective2001/83/EContheCommunitycoderelatingtomedicinalproductsforhumanuseandArticle51ofDirective2001/82/EContheCommunitycoderelatingtoveterinarymedicinalproducts.Thisdocumentprovidesguidancefortheinterpretationoftheprinciplesandguidelinesofgoodmanufacturingpractice(GMP)formedicinalproductsaslaiddowninDirective2003/94/ECformedicinalproductsforhumanuseandDirective91/412/EECforveterinaryuse.依法发布的具体指导方针：2001/83/EC第47条人用药品规范和2001/82/EC第51条兽用药品规范。此文件为2003/94/EC人用药品和91/412/EEC兽用药品GMP法规、指导方针的解释提供了指导。Statusofthedocument:revision1文件版本：修订本1Reasonsforchanges:theAnnexhasbeenrevisedinresponsetotheincreaseduseofcomputerisedsystemsandtheincreasedcomplexityofthesesystems.ConsequentialamendmentsarealsoproposedforChapter4oftheGMPGuide.修订原因：为增强计算机系统的功能和复杂性而修订此附件。相应修正案也已被提议作为GMP指南的第4章。Deadlineforcomingintooperation:2011生效时间：2011年6月30日30JunePrinciple总则ThisannexappliestoallformsofcomputerisedsystemsusedaspartofaGMPregulatedactivities.Acomputerisedsystemisasetofsoftwareandhardwarecomponentswhichtogetherfulfillcertainfunctionalities.此附件适用于符合GMP生产要求的所有形式的计算机系统。计算机系统是实现某项特定功能的软件和硬件的组合。Theapplicationshouldbevalidated;ITinfrastructureshouldbequalified.应用程序应验证，IT基础设施应有权限设置。Whereacomputerisedsystemreplacesamanualoperation,thereshouldbenoresultantdecreaseinproductquality,processcontrolorqualityassurance.Thereshouldbenoincreaseintheoverallriskoftheprocess.用计算机系统代替手动操作应不对产品质量、过程控制和质量保证以及过程的整体风险产生影响。General常规1.RiskManagement风险管理Riskmanagementshouldbeappliedthroughoutthelifecycleofthecomputerisedsystemtakingintoaccountpatientsafety,dataintegrityandproductquality.Aspartofariskmanagementsystem,decisionsontheextentofvalidationanddataintegritycontrolsshouldbebasedonajustifiedanddocumentedriskassessmentofthecomputerisedsystem.风险管理应贯穿整个计算机系统生命周期，以保证病人安全、数据完整性和产品质量。作为风险管理系统的一部分，由计算机系统风险评估决定验证范围和数据完整性控制。2.Personnel人员ThereshouldbeclosecooperationbetweenallrelevantpersonnelsuchasProcessOwner,SystemOwner,QualifiedPersonsandIT.Allpersonnelshouldhaveappropriatequalifications,levelofaccessanddefinedresponsibilitiestocarryouttheirassignedduties.所有有关人员（如工艺管理员、系统管理员、质检员和IT人员）应紧密合作。这些人员应具有相应的资格证书、使用权限和定义好的相关 工作职责 党支部工作制度和职责国库集中支付中心工作职责安全生产工作职责分工财务部工作职责城市社区居委会工作职责 。3.SuppliersandServiceProviders供应商和服务供应商3.1Whenthirdparties(e.g.suppliers,serviceproviders)areusede.g.toprovide,install,configure,integrate,validate,maintain(e.g.viaremoteaccess),modifyorretainacomputerisedsystemorrelatedserviceorfordataprocessing,formalagreementsmustexistbetweenthemanufacturerandanythirdparties,andtheseagreementsshouldincludeclearstatementsoftheresponsibilitiesofthethirdparty.IT-departmentsshouldbeconsideredanalogous.3.1当第三方(如供应商、服务供应商)为计算机系统、相关服务或数据处理提供如供货、安装、配置、整合、验证、维护(如通过远程访问)、修改或保持时，厂商和任何第三方之间必须有正式 协议 离婚协议模板下载合伙人协议 下载渠道分销协议免费下载敬业协议下载授课协议下载 ，且在协议中应当明确第三方责任。IT部门类似。3.2Thecompetenceandreliabilityofasupplierarekeyfactorswhenselectingaproductorserviceprovider.Theneedforanauditshouldbebasedonariskassessment.3.2供应商的实力和可靠性是选择供应商产品或服务的关键因素，所以需要一个以风险评估为基础的审计。3.3Documentationsuppliedwithcommercialoff-the-shelfproductsshouldbereviewedbyregulateduserstocheckthatuserrequirementsarefulfilled.3.3商业性标准文件应通过用户审核并符合用户需求。3.4Qualitysystemandauditinformationrelatingtosuppliersordevelopersofsoftwareandimplementedsystemsshouldbemadeavailabletoinspectorsonrequest.3.4软件和应用系统开发商或供应商的质量体系和审计信息应便于核查人员查询。ProjectPhase项目阶段4.Validation验证4.1Thevalidationdocumentationandreportsshouldcovertherelevantstepsofthelifecycle.Manufacturersshouldbeabletojustifytheirstandards,protocols,acceptancecriteria,proceduresandrecordsbasedontheirriskassessment.4.1验证文件和 报告 软件系统测试报告下载sgs报告如何下载关于路面塌陷情况报告535n,sgs报告怎么下载竣工报告下载 应包含系统生命周期的相关阶段。厂商应能够证明其标准、协议、验收标准、规程和 记录 混凝土 养护记录下载土方回填监理旁站记录免费下载集备记录下载集备记录下载集备记录下载 都是基于其内部风险评估的。4.2Validationdocumentationshouldincludechangecontrolrecords(ifapplicable)andreportsonanydeviationsobservedduringthevalidationprocess.4.2验证文件应包含验证过程中的变更控制记录（如适用）和偏差报告。4.3AnuptodatelistingofallrelevantsystemsandtheirGMPfunctionality(inventory)shouldbeavailable.4.3相关系统和其GMP功能（详细目录）的最新清单应有效。Forcriticalsystemsanuptodatesystemdescriptiondetailingthephysicalandlogicalarrangements,dataflowsandinterfaceswithothersystemsorprocesses,anyhardwareandsoftwarepre-requisites,andsecuritymeasuresshouldbeavailable.为对一个最新的关键系统进行详细的系统描述（如物理、逻辑流程、数据流和与其他系统或进程的接口），任何硬件和软件都是必须的，并应有安全措施。4.4UserRequirementsSpecificationsshoulddescribetherequiredfunctionsofthecomputerisedsystemandbebasedondocumentedriskassessmentandGMPimpact.Userrequirementsshouldbetraceablethroughoutthelife-cycle.4.4URS应基于风险评估和GMP影响性文件描述计算机系统的功能需求。用户需求应贯穿整个系统生命周期。4.5Theregulatedusershouldtakeallreasonablesteps,toensurethatthesystemhasbeendevelopedinaccordancewithanappropriatequalitymanagementsystem.Thesuppliershouldbeassessedappropriately.4.5管理者应采取合理措施保证系统更新与最新的质量管理系统一致，并对供应商作出适当的评估。4.6Forthevalidationofbespokeorcustomisedcomputerisedsystemsthereshouldbeaprocessinplacethatensurestheformalassessmentandreportingofqualityandperformancemeasuresforallthelife-cyclestagesofthesystem.4.6为验证固化或自定义计算机系统，应对系统生命周期的每个阶段都进行验证，以确认正式评估、质量报告和业绩评估报告。4.7Evidenceofappropriatetestmethodsandtestscenariosshouldbedemonstrated.Particularly,system(process)parameterlimits,datalimitsanderrorhandlingshouldbeconsidered.Automatedtestingtoolsandtestenvironmentsshouldhavedocumentedassessmentsfortheiradequacy.4.7应对测试方法和测试环境加以论证，特别是系统(工艺)参数范围、数据范围和错误处理。自动化测试工具和测试环境的合适性应该有书面的评估报告。4.8Ifdataaretransferredtoanotherdataformatorsystem,validationshouldincludechecksthatdataarenotalteredinvalueand/ormeaningduringthismigrationprocess.4.8数据转化成其他格式或传输到其他系统时，验证内容应包括检查其数据值和/或含义在转化或传输过程中没有被改变。OperationalPhase运行阶段5.Data数据Computerisedsystemsexchangingdataelectronicallywithothersystemsshouldincludeappropriatebuilt-inchecksforthecorrectandsecureentryandprocessingofdata,inordertominimizetherisks.计算机系统和其他系统之间交换数据时，应有适当的内部校验，以保证数据输入和数据处理的正确性及安全性，以期让风险降到最低。6.AccuracyChecks精度检查Forcriticaldataenteredmanually,thereshouldbeanadditionalcheckontheaccuracyofthedata.Thischeckmaybedonebyasecondoperatororbyvalidatedelectronicmeans.Thecriticalityandthepotentialconsequencesoferroneousorincorrectlyentereddatatoasystemshouldbecoveredbyriskmanagement.当手动输入关键数据时，应当复核数据的准确性。此复核可以由另外的操作人员执行或通过经验证的电子方式进行。风险管理应考虑系统错误和系统误输入数据所造成的危险或潜在影响。7.DataStorage数据存储7.1Datashouldbesecuredbybothphysicalandelectronicmeansagainstdamage.Storeddatashouldbecheckedforaccessibility,readabilityandaccuracy.Accesstodatashouldbeensuredthroughouttheretentionperiod.7.1数据应以物理和电子两种方式保存，以避免丢失。存储的数据应易查询、可读和准确，并在有效期内。7.2Regularback-upsofallrelevantdatashouldbedone.Integrityandaccuracyofback?updataandtheabilitytorestorethedatashouldbecheckedduringvalidationandmonitoredperiodically.7.2应定期备份相关数据。在定期验证和检测时，应检查备份数据的完整性、准确性和其恢复数据库的能力。8.Printouts打印输出8.1Itshouldbepossibletoobtainclearprintedcopiesofelectronicallystoreddata.8.1储存的电子数据应可被清晰打印。8.2Forrecordssupportingbatchreleaseitshouldbepossibletogenerateprintoutsindicatingifanyofthedatahasbeenchangedsincetheoriginalentry.8.2从最初开始的任何数据变更都应被打印在批放行纪录上。9.AuditTrails审计跟踪Considerationshouldbegiven,basedonariskassessment,tobuildingintothesystemthecreationofarecordofallGMP-relevantchangesanddeletions(asystemgenerated"audittrail").ForchangeordeletionofGMP-relevantdatathereasonshouldbedocumented.Audittrailsneedtobeavailableandconvertibletoagenerallyintelligibleformandregularlyreviewed.基于风险评估，系统中应考虑建立所有与GMP相关的变更和删除记录(系统产生的“审计跟踪”)。与GMP相关的数据，其变更或删除的原因应被记录。审计跟踪需转换成一般可理解的形式并定期审核。10.ChangeandConfigurationManagement变更和配置管理Anychangestoacomputerisedsystemincludingsystemconfigurationsshouldonlybemadeinacontrolledmannerinaccordancewithadefinedprocedure.计算机系统的任何变更（包括系统配置的更换）应当有控制地按照规定的程序进行。11.Periodicevaluation周期性评估ComputerisedsystemsshouldbeperiodicallyevaluatedtoconfirmthattheyremaininavalidstateandarecompliantwithGMP.Suchevaluationsshouldinclude,whereappropriate,thecurrentrangeoffunctionality,deviationrecords,incidents,problems,upgradehistory,performance,reliability,securityandvalidationstatusreports.计算机系统应该定期进行评估以确认其仍有效并符合GMP标准。这样的评估应该包括适应性、功能性、偏差记录、事件、问 题 快递公司问题件快递公司问题件货款处理关于圆的周长面积重点题型关于解方程组的题及答案关于南海问题 、历史追溯、性能、可靠性、安全性和验证状态报告。12.Security安全性12.1Physicaland/orlogicalcontrolsshouldbeinplacetorestrictaccesstocomputerisedsystemtoauthorisedpersons.Suitablemethodsofpreventingunauthorisedentrytothesystemmayincludetheuseofkeys,passcards,personalcodeswithpasswords,biometrics,restrictedaccesstocomputerequipmentanddatastorageareas.12.1物理和/或逻辑控制器应能独自限制进入计算机系统的授权人，并用适当方法防止未经授权的登录（可能包含密码、通行卡、个人密码、生物识别的使用），以此限制进入电脑设备和数据存储硬盘。12.2Theextentofsecuritycontrolsdependsonthecriticalityofthecomputerisedsystem.12.2安全控制的程度取决于计算机系统的危险等级。12.3Creation,change,andcancellationofaccessauthorisationsshouldberecorded.12.3通行许可的创建、变更和注销都应被记录。12.4Managementsystemsfordataandfordocumentsshouldbedesignedtorecordtheidentityofoperatorsentering,changing,confirmingordeletingdataincludingdateandtime.12.4数据和文件管理体系应记录登录人员的身份、变更内容以及包括日期和时间的确认或删除。13.IncidentManagement事件管理Allincidents,notonlysystemfailuresanddataerrors,shouldbereportedandassessed.Therootcauseofacriticalincidentshouldbeidentifiedandshouldformthebasisofcorrectiveandpreventiveactions.所有事件（不仅指系统故障和数据错误）均应被记录及评估。一个关键事件的根本起因也应该被鉴定并形成纠正和预防措施。14.ElectronicSignature电子签名Electronicrecordsmaybesignedelectronically.Electronicsignaturesareexpectedto:电子文件可用电子签名。电子签名将:a．havethesameimpactashand-writtensignatureswithintheboundariesofthecompany,在公司范围内电子签名应有与手写签名具有同等的效果，b．bepermanentlylinkedtotheirrespectiverecord,将永久与其各自的记录相关联，c．includethetimeanddatethattheywereapplied.应包括其使用的时间和日期。15.Batchrelease批放行Whenacomputerisedsystemisusedforrecordingcertificationandbatchrelease,thesystemshouldallowonlyQualifiedPersonstocertifythereleaseofthebatchesanditshouldclearlyidentifyandrecordthepersonreleasingorcertifyingthebatches.Thisshouldbeperformedusinganelectronicsignature.当一个计算机系统用来记录认证和批放行时，系统应该只允许质量人员确认批放行，并且要清楚地识别和记录放行人员的批动作或批证明。这才是电子签名应履行的。16.BusinessContinuity业务连续性Fortheavailabilityofcomputerisedsystemssupportingcriticalprocesses,provisionsshouldbemadetoensurecontinuityofsupportforthoseprocessesintheeventofasystembreakdown(e.g.amanualoralternativesystem).Thetimerequiredtobringthealternativearrangementsintouseshouldbebasedonriskandappropriateforaparticularsystemandthebusinessprocessitsupports.Thesearrangementsshouldbeadequatelydocumentedandtested.计算机系统所提供的关键工艺的有效性应被规定，以确保工艺流程在系统故障(如手动或替代系统)的情况下持续运行。切换时间应基于风险，并适合特殊系统和其提供的工业流程。这些设置应该有充分的记录和测试。17.Archiving归档Datamaybearchived.Thisdatashouldbecheckedforaccessibility,readabilityandintegrity.Ifrelevantchangesaretobemadetothesystem(e.g.computerequipmentorprograms),thentheabilitytoretrievethedatashouldbeensuredandtested.数据应被存档，并作访问性、可读性和完整性检查。如果系统作相关变更(如计算机设备或程序变更)，其数据恢复能力应被保证和测试。Glossary术语Application:Softwareinstalledonadefinedplatform/hardwareprovidingspecificfunctionality应用程序：在某个特定平台安装的软件或提供某种特殊功能的硬件。Bespoke/Customizedcomputerisedsystem:Acomputerisedsystemindividuallydesignedtosuitaspecificbusinessprocess固化/自定义计算机系统：适合某项特定业务流程的单个计算机系统。Commercialoftheshelfsoftware:Softwarecommerciallyavailable,whosefitnessforuseisdemonstratedbyabroadspectrumofusers.商业软件：此软件应市场化、功能适用并且得到广大用户的认可。ITInfrastructure:Thehardwareandsoftwaresuchasnetworkingsoftwareandoperationsystems,whichmakesitpossiblefortheapplicationtofunction.IT基础设施：满足某项功能的硬件和软件（如网络软件和操作系统）。Lifecycle:Allphasesinthelifeofthesystemfrominitialrequirementsuntilretirementincludingdesign,specification,programming,testing,installation,operation,andmaintenance.生命周期：包含从初始要求提出到退役的所有系统生命阶段，其中包含设计、详述、程序编制、测试、安装、运行和维护。Processowner:Thepersonresponsibleforthebusinessprocess.工艺管理员：为工艺流程负责的人员。Systemowner:Thepersonresponsiblefortheavailability,andmaintenanceofacomputerisedsystemandforthesecurityofthedataresidingonthatsystem.系统管理员：对计算机系统的有效性、维护和系统数据安全负责的人员。ThirdParty:Partiesnotdirectlymanagedbytheholderofthemanufacturingand/orimportauthorisation.第三方：不直接受雇于制造厂商和/或被授权的组织。