MHRA-GMP-Data-Integrity-中英文.doc

MHRA GMP Data Integrity Definitions and Guidance for Industry January 2015 MHRA GMP 数据完整性定义和行业指导原则 1 月 2015 简述: Data integrity is fundamental in a pharmaceutical quality system which ensures that medicines are of the required quality. This document provides MHRA guidance on GMP data integrity expectations for the pharmaceutical industry. This guidance is intended to complement existing EU GMP, and should be readin conjunction with national medicines legislation and the GMP standards published in Eudralex volume4. 数据完整性是制药质量体系确保药品质量的基石。本文提供了MHRA 对制药行业GMP 数据完整性的指导原则。本指导原则旨在对现有EU GMP 进行补充说明，需结合国家药品法规及GMP 标准内Eudralex 第四册进行阅读理解。 The data governance system should be integral to the pharmaceutical quality system described in EU GMP chapter 1. The effort and resource assigned to data governance should be commensurate with the risk to product quality, and should also be balanced with other quality assurance resource demands. As such, manufacturers and analytical laboratories are not expected to implement a forensic approach to data checking, but instead design and operate a system which provides an acceptable state of control based on the data integrity risk, and which is fully documented with supporting rationale. 数据管理体系需要结合在EU GMP 第一章描所述的质量体系中。投入到数据管理的精力和资源应与对应产品质量风险相称，同时也应权衡其他质量保证工作的资源需求，从而进行合理分配。因此，生产企业和分析实验室不是对数据进行刻板的核对，而是要设计并运行一个对数据完整性风险可控的管理体系，并完整地记载这样设计和运行的支持性理由。 Data integrity requirements apply equally to manual (paper) and electronic data. Manufacturers and analytical laboratories should be aware that reverting from automated / computerised to manual /paper-based systems will not in itself remove the need for data integrity controls. This may also constitute a failure to comply with Article 23 of Directive 2001/83/EC, which requires an authorization holder to take account of scientific and technical progress and enable the medicinal product to be manufactured and checked by means of generally accepted scientific methods. 数据完整性的要求同时适用于手工（纸质）数据和电子数据。生产企业和分析实验室要意识到从自动/电脑系统回归到手动/纸质记录体系，其本身并不会消除对数据完整性进行控制的要求。而且这也可能造成不符合条款2001/83 / EC 第23 条需要考虑科学和技术发展程度的要求，因为该要求企业确保药品能够以普遍接受的科学方法进行生产和检验。 Throughout this guidance, associated definitions are shown as hyperlinks. 本指导原则所涉及的相关定义以超级链接连接的方式出现。 Establishing data criticality and inherent integrity risk: 建立数据的关键程度和内在的完整性风险： In addition to an overarching data governance system, which should include relevant policies and staff training in the importance of data integrity, consideration should be given to the organisational (e.g.procedures) and technical (e.g. computer system access) controls applied to different areas of the quality system. The degree of effort and resource applied to the organisational and technical control of data lifecycle elements should be commensurate with its criticality in terms of impact to product quality attributes. 除了一个包括对确保数据完整性至关重要的相应政策和人员培训的总体数据管理体系，同时应考虑在不同质量体系领域对构建性（如操作程序）和技术性（如计算机系统访问权限）控制手段的应用。对数据生命周期中各要素进行构建性和技术性控制的程度，要与其对产品质量属性影响关键程度相对应 Data may be generated by (i) a paper-based record of a manual observation, or (ii) in terms of equipment,a spectrum of simple machines through to complex highly configurable computerised systems. The inherent risks to data integrity may differ depending upon the degree to which data (or the system generating or using the data) can be configured, and therefore potentially manipulated (see figure 1) 数据可由以下几种情况产生：（i）人工观测的纸质记录，（ii）对于设备，由简单设备或复杂的高度可配置计算机系统产生的图谱。数据完整性的内在风险程度会有所不同，这取决于数据（或系统生成、使用数据）的可配置程度， 即被潜在处理的可能性（见图1）。 Figure 1: Diagram to illustrate the spectrum of simple machine (left) to complex computerized system (right), and relevance of printouts as ‘original data’ 图1：图示说明简单设备图谱（左）到复杂的计算机系统图谱（右），及将打印数据作为“初始数据”的对应关系 With reference to figure 1 above, simple systems (such as pH meters and balances) may only require calibration, whereas complex systems require ‘validation for intended purpose’. Validation effort increases from left to right in the diagram above. However, it is common for companies to overlook systems of apparent lower complexity. Within these systems it may be possible to manipulate data or repeat testing to achieve a desired outcome with limited opportunity of detection (e.g. stand-alone systems with a user configurable output such as FT-IR, UV spectrophotometers). 参考图1，简单系统（诸如pH 计和天平）可能只需要校准，而复杂的系统需要“对预期用途进行验证”。验证活动在上图中从左到右相应加强。但是，企业常常容易忽视一些貌似并不复杂的系统。在此类系统中，有可能通过处理数据或重复检测以获取期望的结果，并且不容易被发现（例如带有用户可配置输出功能单机版设备，如FT-IR，UV 分光光度计）。 Designing systems to assure data quality and integrity 系统化设计以确保数据质量和完整性 Systems should be designed in a way that encourages compliance with the principles of data integrity. Examples include: 系统的设计应遵循数据完整性的原则 包括以下： • Access to clocks for recording timed events 对用作记录以时间为顺序事件的计时器进行权限控制 • Accessibility of batch records at locations where activities take place so that ad hoc datarecording and later transcription to official records is not necessary 将记录放置在生产现场，避免不必要的临时记录数据然后事后誊成正式记录 • Control over blank paper templates for data recording 对用于数据记录的纸质空白模板进行控制 • User access rights which prevent (or audit trail) data amendments 用户权限控制以防止（或审计追踪）数据篡改 • Automated data capture or printers attached to equipment such as balances 采用数据自动采集方式或将打印机连接到设备，例如天平 • Proximity of printers to relevant activities 打印机设置在靠近相关活动的位置 • Access to sampling points (e.g. for water systems) 取样位置所在区域（例如水系统的取样位置）的权限控制 • Access to raw data for staff performing data checking activities. 对原始数据核对的区域进行权限控制 The use of scribes to record activity on behalf of another operator should be considered ‘exceptional’,and only take place where: 用笔录员替另一个操作人员进行活动记录是“特例/非常规流程”，仅在以下情况下采用： • The act of recording places the product or activity at risk e.g. documenting line interventions by sterile operators. 记录活动会使产品或行动有风险，例如无菌操作人员记录生产线的干扰活动 • To accommodate cultural or staff literacy / language limitations, for instance where an activity is performed by an operator, but witnessed and recorded by a Supervisor or Officer. 用于解决文化或员工书写/语言能力不足，例如由主管或办公室人员见证并记录。 In both situations, the supervisory recording must be contemporaneous with the task being performed,and must identify both the person performing the observed task and the person completing the record.The person performing the observed task should countersign the record wherever possible, although it is accepted that this countersigning step will be retrospective. The process for supervisory (scribe) documentation completion should be described in an approved procedure, which should also specify the activities to which the process applies. 在这两种情况下，监督记录必须与正在执行的操作任务同时完成，并对执行任务和完成记录的两人进行明确识别。虽然大家都接受回顾性会签，操作任务执行者仍然需要尽可能及时会签记录。应在批准的规程中规定用监督（笔录）方式完成记录的流程，并明确指明该流程的适用范围。 Term 术语 Definition 定义 Expectation / guidance (where relevant) 要求/指导原则 Data 数据 Information derived or obtained from raw data 由初始数据衍生或取得的信息 (e.g. a reported analytical result 例如报告的分析结果) Data must be:数据必须符合以下原则： A - attributable to the person generating the data 明确数据由谁生成 L – legible and permanent 清晰并持久 C – contemporaneous 同步记录 O – original (or ‘true copy’)初始的 （或正确的复制） A – accurate 准确性 Raw data 原始数据 Original records and documentation, retained in the formatin which they were originally generated (i.e. paper or electronic), or as a ‘true copy’. Raw data must be contemporaneously and accurately recorded by permanent means. In the case of basic electronic equipment which does not store electronic data, or provides only a printed data output (e.g. balance or pH meter), the printout constitutes the raw data. 初始的记录和文档，以初始生成的格式或以正确的复制方式进行留存。 原始数据必须是同步和准确的永久记录。对于一些不保存电子数据或仅有数据打印输出的简单电子设备 （例如天平或pH 计），打印数据视为原始数据 Raw data must:原始数据必须： • Be legible and accessible throughout the data lifecycle. 在整个数据生命周期过程都清晰可辨并能够及时获取 • Permit the full reconstruction of the activities resulting in thegeneration of the data 允许完全重现数据生成的活动 In the following definitions, the term 'data' includes raw data.在以下定义中，术语“数据”包括原始数据 Metadata: 元数据（属性数据） Metadata is data that describe the attributes of other data,and provide context and meaning. Typically, these are data that describe the structure, data elements, interrelationships and other characteristics of data. It also permits data to be attributable to an individual. 元数据（属性数据）是解释其它数据的属性数据，并提供背景信息和含义。通常元数据（属性数据）用于描述数据结构，数据要素，内在关系和其它数据特征。它也可以用于描述单一数据的属性。 Example: data (bold text)例如数据 （黑体）3.5 and metadata, giving context and meaning, (italic text) are: 元数据（属性数据）给出了背景和含义，（斜体） sodium chloride batch 1234, 3.5mg. J Smith 01/07/14 Metadata forms an integral part of the original record. Without metadata, the data has no meaning. 元数据（属性数据）与初始记录密不可分，如果没有元数据，则该数据是无意义的。 Data Integrity 数据完整性 The extent to which all data are complete, consistent andaccurate throughout the data lifecycle. 数据完整性的范畴包括数据在整个数据生命周期过程的完整性，一致性和准确性 Data governance 数据管理 The sum total of arrangements to ensure that data,irrespective of the format in which it is generated, is recorded, processed, retained and used to ensure a complete, consistent and accurate record throughout the data lifecycle. 指所有约定的总成：不论数据的生成格式、记录方式、处理过程、保留和使用的方式，这些约定确保了整个数据生命周期过程中记录的完整性、一致性和准确性 Data governance should address data ownership throughout the lifecycle, and consider the design, operation and monitoring of processes / systems in order to comply with the principles of data integrity including control over intentional and unintentional changes to information. 数据管理应解决/界定在整个生命周期中数据的归属问题，并考虑对流程/系统的设计、运行和监控，以便遵循数据完整性原则，包括完全控制有意或无意的的信息修改。 Data Governance systems should include staff training in the importance of data integrity principles and the creation of a working environment that encourages an open reporting culture for errors,omissions and aberrant results. 数据管理体系应该包括针对数据完整性原则的重要性对员工进行培训，以及营造鼓励公开汇报错误、数据遗漏和结果异常的文化。 Senior management is responsible for the implementation of systems and procedures to minimise the potential risk to data integrity, and for identifying the residual risk, using the principles of ICH Q9. Contract Givers should perform a similar review as part of their vendor assurance programme 运用ICH Q9 风险管理原理，高级管理团队负责系统和规程的实施，以降低潜在的数据完整性风险，并识别剩余风险。有合同外包的企业应进行类似的审核，以作为供应商监管项目的一部分。 Data Lifecycle 数据生命周期 All phases in the life of the data (including raw data) from initial generation and recording through processing (including transformation or migration), use, data retention, archive / retrieval and destruction. 数据生命周期的的各个阶段，包括数据的初始生成和记录、处理（包括转移和整合）、使用、数据保存，归档/恢复和销毁 The procedures for destruction of data should consider data criticality and legislative retention requirements. Archival arrangements should be in place for long term retention (in some cases, periods up to 30 years) for records such as batch documents, marketing authorization application data, traceability data for human-derived starting materials (not an exhaustive list). Additionally, at least 2 years of data must be retrievable in a timely manner for the purposes of trend analysis and inspection. 销毁数据的规程应该考虑数据的关键性和法规对保存的要求。对需要长期保留的记录应进行归档（在某些情况下，保存期长达30 年），例如批次文件，上市许可申请数据，来源于人体的起始原料的可追溯数据（非详尽的清单）。此外，必须能够及时恢复至少2 年的数据，用于趋势分析和检查。 Primary Record 主记录 The record which takes primacy in cases where data collected or retained concurrently by more than one method fail to concur. 当用多于一种方法同步收集或保存的数据发生不一致时，该记录作为首要判断依据。 In situations where the same information is recorded concurrently by more than one system, the data owner should define which system generates and retains the primary record, in case of discrepancy. The ‘primary record’ attribute should be defined in the quality system, and should not be changed on a case by case basis. 当相同信息同时被一个以上系统进行记录时，数据拥有者应界定由哪个系统生成并保留主记录，以防数据不一致时可以进行判决。“主记录”属性应在质量体系中进行明确定义，并且不得因个例而变化。 Original record / True Copy: 初始记录/正确的复制记录 Original record: Data as the file or format in which it was originally generated, preserving the integrity (accuracy,completeness, content and meaning) of the record, e.g.original paper record of manual observation, or electronic raw data file from a computerised system True Copy: An exact copy of an original record, which may be retained in the same or different format in which it was originally generated, e.g. a paper copy of a paper record,an electronic scan of a paper record, or a paper record of electronically generated data 初始记录：数据作为文件或以初始生成的格式，维持记录的完整性（准确性、完全性、有内容和有含义）。例如，人工观测的初始纸张记录，或计算机系统的初始电子数据文件。正确的复制记录：与初始记录完全一致的复制件，可以与初始生成记录以相同或不同格式保存。例如纸张记录的纸质复印件，纸张记录的电子扫描件，或电子数据的纸质记录。 Original records must preserve the integrity (accuracy, completeness, content and meaning) of the record. Exact (true) copies of original records may be retained in place of the original record (e.g. scan of a paper record), provided that a documented system is in place to verify and record the integrity of the copy. 初始记录必须维持记录的完整性（准确性、完全性、有内容和含义）。初始记录完全正确的复制件可以和初始记录放置在一起（例如纸质记录的扫描件），并建立文件记录体系来核对和记录复制记录的完整性 It is conceivable for raw data generated by electronic means to be retained in an acceptable paper or pdf format. However, the data retention process must be shown to include verified copies of all raw data, metadata, relevant audit trail and result files, software / system configuration settings specific to each analytical run*, and all data processing runs (including methods and audit trails) necessary for reconstruction of a given raw data set. It would also require a documented means to verify that the printed records were an accurate representation. This approach is likely to be onerous in its administration to enable a GMP compliant record. 对于电子方式生成的原始数据可用被接受的纸质或PDF 格式进行留存，但是数据保存流程必须体现以下各个内容：包括核对过的所有原始数据、元数据（属性数据）、相应审计追踪（系统日志）和结果文档，具体到每一个分析测试运行的软件/系统配置，以及对一套给定原始数据进行复原所必须的所有数据处理运行过程（包括方法和审计追踪/系统日志）。对打印记录准确性和有效性进行的核对工作需进行记录。 通过负责任的管理方法，比较容易使记录符合GMP 要求。 * Computerized system configuration settings should be defined,tested and ‘locked’ as part of computer system validation. Only those variable settings which relate to an analytical run would be considered as electronic raw data 对计算机系统配置参数设定应作为计算机系统验证的一部分进行定义，测试和“锁定“。只有关于一个分析方法运行的可变设定参数才被认作电子原始数据。 Computer system transactions:计算机系 统处理 A computer system transaction is a single operation or sequence of operations performed as a single logical ‘unit of work’. The operation(s) that make up a transaction are not saved as a permanent record on durable storage until the user commits the transaction through a deliberate act (e.g. pressing a save button).The metadata (i.e., user name, date, and time) is not captured in the system audit trail until the user commits the transaction. In Manufacturing Execution Systems (MES), an electronic signature is often required by the system in order for the record to be saved and become permanent. 计算机系统的处理是一个单一运作或作为一个单一逻辑“工作单元”完成的一系列运作。这些运作组成了一次处理， 直 到用户通过一个仔细考虑后的操作（例如按下保存键）对这个处理认可后， 它们才被作为可以长期存储的永久记录保存下来。直到用户认可了此处理后，元数据（属性数据）才被保留在系统的审计追踪（系统日志）中。 在生产执行计算机系统MES，系统会定期要求电子签名来认可记录，使之成为永久记录并进行保存。 Computer systems should be designed to ensure that the execution of critical operations are recorded contemporaneously by the user and are not comb