PIC／S 受法规约束的GMP和GDP环境下数据管理和完整性优良规范（中英文）

PIC/S 受法规约束的GMP/GDP环境下数据管理和完整性优良规范（中英文）PIC/S GUIDANCEPIC/S指南PIC/S：国际药品监查合作计划GOOD PRACTICES FOR DATA MANAGEMENT AND INTEGRITY IN REGULATEDGMP/GDP ENVIRONMENTS受法规约束的GMP/GDP环境下数据管理和完整性优良规范 PIC/S August 20162016年8月Reproduction prohibited for commercial purposes.Reproduction for internal use is authorised, provided that the source is acknowledged.TABLE OF CONTENTS目录1. Document history文件历史2. Introduction引言3. Purpose目的4. Scope范围5. Data governance system数据管理系统5.1 What is data governance什么是数据管理5.2 Data governance systems数据管理系统5.3 Risk management approach to data governance数据管理的风险管理方法5.4 Data criticality数据关键度5.5 Data risk数据风险5.6 Data governance system review数据管理体系审核6. Organisational influences on successful data integrity management公司对数据完整性管理成功与否的影响6.1 General概述6.2 Code of ethics and policies道德和方针准则6.3 Quality culture质量文化6.4 Modernising the Pharmaceutical Quality Management System药物质量管理体系现代化6.5 Regular management review of quality metrics质量尺度的定期管理评审6.6 Resource allocation资源配置6.7 Dealing with data integrity issues found internally内部发现的数据完整性问题处理7. General data integrity principles and enablers一般数据完整性原则和推进者8. Specific data integrity considerations for paper-based systems纸质系统特定数据完整性考虑8.1 Structure of QMS and control of blank forms/templates/recordsQMS结构和空白表格/模板/记录的控制8.2 Why is the control of records important?为什么记录的控制如此重要？8.3 Generation, distribution and control of template records模板式记录的产生、分发和控制8.4 Expectations for the generation, distribution and control of records产生、分发和控制记录的要求8.5 Use and control of records within production areas生产区域内记录的使用和控制8.6 Filling out records记录填写8.7 Making corrections on records记录更正8.8 Verification of records记录核查8.9 Maintaining records记录维护8.10 Direct print-outs from electronic systems从电子系统中直接打印出的记录8.11 True copies真实备份8.12 Limitations of remote review of summary reports远程审核报告摘要的局限性8.13 Document retention文件保存8.14 Disposal of original records原始记录的废弃9. Specific data integrity considerations for computerised systems计算机化系统特定数据完整性考虑9.1 Structure of QMS and control of computerised systemsQMS结果和计算机化系统的控制9.2 Qualification and validation of computerised systems计算机化系统的确认和验证9.3 System security for computerised systems计算机化系统的系统安全9.4 Audit trails for computerised systems计算机化系统的审计追踪9.5 Data capture/entry for computerised systems计算机化系统的数据捕获/输入9.6 Review of data within computerised systems计算机化系统内的数据审核9.7 Storage, archival and disposal of electronic data电子数据的存贮、归档和废弃10. Data integrity considerations for outsourced activities外包活动的数据完整性考虑10.1 General supply chain considerations一般供应链考虑10.2 Routine document verification日常文件核查10.3 Strategies for assessing data integrity in the supply chain供应链中数据完整性评估策略11. Regulatory actions in response to data integrity findings数据完整性缺陷引发的法规行动11.1 Deficiency references缺陷参考11.2 Classification of deficiencies缺陷分类12. Remediation of data integrity failures数据完整性失败时的弥补方法12.1 Responding to significant data integrity issues对重大数据完整性问题响应12.2 Indicators of improvement改善指标13. Definitions定义14. Revision history版本历史1 DOCUMENT HISTORY文件历史Draft 1 of PI 041-1 presented to the PIC/S Committee at its meeting in Manchester4-5 July 2016曼彻斯特会议期间PI 041-1草案提交给PIC/S委员会2016年7月4-5日Consultation of PIC/S Participating Authorities on publication of the Good Practices as a draft and implementation on a trial basis18 July 31 July 2016公布PIC/S草案征求参与药监机构意见及试行2016年7月18日31日Minor edits to Draft 11 9 August 2016第1版本草案轻微修订2016年8月1-9日Publication of Draft 2 on the PIC/S website10 August 2016第2版本草案在PIC/S网站上公布2016年8月10日Implementation of the draft on a trial basis and comment period for PIC/S Participating Authorities10 August 2016 28 February 2017试验实施和征求PIC/S参与药监机构意见阶段2016年8月10日-2017年2月28日Review of comments by PIC/S Participating AuthoritiesPIC/S参与药监机构审核所收到的意见Finalisation of draft草稿定稿Adoption by Committee ofPI 041-1DatePI 041-1被委员会采纳Entry into force ofPI 041-1DatePI 041-1生效2 INTRODUCTION引言2.1 PIC/S Participating Authorities regularly undertake inspections of manufacturers and distributors of API and medicinal products in order to determine the level of compliance with GMP/GDP principles. These inspections are commonly performed on-site however may be performed through the remote or off-site evaluation of documentary evidence, in which case the limitations of remote review of data should be considered.PIC/S参与药监机构定期对原料药和制剂生产商和销售商进行检查，以确定其GMP/GDP符合性水平。这些检查通常是在现场实施，但也可以通过远程或离厂文件证据评估进行，这时要考虑远程数据审核的局限性。2.2 The effectiveness of these inspection processes is determined by the veracity of the evidence provided to the inspector and ultimately the integrity of the underlying data. It is critical to the inspection process that inspectors can determine and fully rely on the accuracy and completeness of evidence and records presented to them.这些检查流程的有效性是由提供给检查员的证据的真实性所决定的，并最终决定于数据背后的完整性。检查员可以确定并完全依赖呈交给他们的证据和记录的完整性和准确性对于检查过程来说非常关键。2.3 Good data management practices influence the integrity of all data generated and recorded by a manufacturer and these practices should ensure that data is accurate, complete and reliable. While the main focus of this document is in relation to data integrity expectations, the principles herein should also be considered in the wider context of good data management.优良数据管理规范影响生产商所产生和记录的所有数据，这些做法应能保证数据是准确的、完整的和可靠的。尽管此文件主要关注的是数据完整性要求，在更广的优良数据管理环境下也应考虑此指南所述原则。2.4 Data Integrity is defined as “the extent to which all data are complete, consistent and accurate, throughout the data lifecycle”11 and is fundamental in a pharmaceutical quality system which ensures that medicines are of the required quality. Poor data integrity practices and vulnerabilities undermine the quality of records and evidence, and may ultimately undermine the quality of medicinal products.数据完整性定义为“所有数据在整个生命周期均完整、一致和准确的程度”，它在药物质量体系中是基本的要求，它确保药品具备所需的质量。不良的数据完整性做法和弱点会削弱记录和证据的质量，并最终可能破坏药品质量。2.5 Data integrity applies to all elements of the Quality Management System and the principles herein apply equally to data generated by electronic and paper-based systems.数据完整性适用于质量管理体系的所有要素，此中原则等同适用于电子和纸质系统产生的数据。2.6 The responsibility for good practices regarding data management and integrity lies with the manufacturer or distributor undergoing inspection. They have full responsibility and a duty to assess their data management systems for potential vulnerabilities and take steps to design and implement good data governance practices to ensure data integrity is maintained.数据管理和完整性优良规范的职责由接受检查的生产商或销售商承担。他们负有全部职责和义务来评估其数据管理体系，发现潜在弱点，设计和实施优良数据管理规范来确保数据完整性得到维护。3 PURPOSE目的3.1 This document was written with the aim of:本文件编制的目的是：3.1.1 Providing guidance for inspectorates in the interpretation of GMP/GDP requirements in relation to data integrity and the conduct of inspections.为检查员提供与数据完整性相关的GMP/GDP要求诠释及实施检查相关指南。3.1.2 Providing consolidated, illustrative guidance on risk-based control strategies which enable the existing requirements for data integrity and reliability as described in PIC/S Guides for GMP2and GDP3to be implemented in the context of modern industry practices and globalised supply chains.对基于风险的控制策略提供详细解说的整合指南，促使GMP和GDP的PIC/S指南中所述的现有数据完整性要求和可靠性在现代化工业做法和全球化供应链的环境下得到实施。3.1.3 Facilitating the effective implementation of data integrity elements into the routine planning and conduct of GMP/GDP inspections; to provide a tool to harmonise GMP/GDP inspections and to ensure the quality of inspections with regards to data integrity expectations.促进数据完整性要素在日常规划和实施GMP/GDP检查中有效实施，提供一个工具让GMP/GDP检查保持一致，保证数据完整性要求方面的检查质量。3.2 This guidance, together with inspectorate resources such as aide memoire (for future development) should enable the inspector to make an optimal use of the inspection time and an optimal evaluation of data integrity elements during an inspection.本指南与检查团资源，例如备忘录（用于进一步展开）一起让检查员优化使用检查时间，在检查中更好地评估数据完整性要素。3.3 Guidance herein should assist the inspectorate in planning a risk-based inspection relating to data integrity.本指南应协助检查组织规划基于风险的数据完整性相关检查。3.4 This guide is not intended to impose additional regulatory burden upon regulated entities, rather it is intended to provide guidance on the interpretation of existing PIC/S GMP/GDP requirements relating to current industry practice.本指南无意对受法规规范的主体形成强制的法规责任，它意在为目前行业规范相关的已有PIC/S GMP/GDP要求提供诠释。3.5 The principles of data integrity apply equally to both manual and computerized systems and should not place any restraint upon the development or adoption of new concepts or technologies. In accordance with ICH Q10 principles, this guide should facilitate the adoption of innovative technologies through continual improvement.数据完整性原则等同适用于手动和计算机化系统，不应该对发展和采用新概念或技术形成限制。根据ICH Q10原则，本指南应有助于通过持续改进采纳创新技术。3.6 This version of the guidance is intended to provide a basic overview of key principles regarding data management and integrity. The PIC/S Data Integrity Working Group will periodically update, amend and review this guidance in light of inspectorate feedback, experience in using the guide and any other developments.本版本指南意在为数据管理和完整性核心原则提供基本概貌。PIC/S数据完整性工作组将定期进行更新，根据检查团的反馈、使用本指南的经验以及任何其它发展修订和审核本指南。4 SCOPE范围4.1 The guidance has been written to apply to both on-site and remote (desktop) inspections of those sites performing manufacturing (GMP) and distribution (GDP) activities. The guide should be considered as a non-exhaustive list of areas to be considered during inspection.本指南适用于现场和远程（桌面）检查那些实施生产（GMP）和销售（GDP）活动的场所。本指南应作为检查期间要考虑领域的未尽清单。4.2 Whilst this document has been written with the above scope, many principles regarding good data management practices described herein have applications for other areas of the regulated pharmaceutical and healthcare industry.尽管此文件写就时覆盖上述范围，但其中许多关于优良数据管理规范的原则亦可应用于受法规规范的药品和保健行业的其它领域。4.3 This guide is not intended to provide specific guidance for “for-cause” inspections following detection of significant data integrity vulnerabilities where forensic expertise may be required.本指南无意为重大数据完整性漏洞引起的“有因”检查提供特定指南。在有因检查中，可能需要具有调查技巧的专家。5 DATA GOVERNANCE SYSTEM数据管理体系5.1 What is data governance?什么是数据管理？5.1.1 Data governance is the sum total of arrangements which provide assurance of data integrity. These arrangements ensure that data, irrespective of the process, format or technology in which it is generated, recorded, processed, retained, retrieved and used will ensure a complete, consistent and accurate record throughout the data lifecycle.数据管理是为数据完整性提供保障的所有安排的总和。这些安排保证数据，不管其产生、记录、处理、保存、恢复和使用的过程、格式或技术如何，均能在数据的整个生命周期中保证完整、一致和准确的记录。5.1.2 The data lifecycle refers to how data is generated, processed, reported, checked, used for decision-making, stored and finally discarded at the end of the retention period. Data relating to a product or process may cross various boundaries within the lifecycle. This may include data transfer between manual and IT systems, or between different organisational boundaries; both internal (e.g. between production, QC and QA) and external (e.g. between service providers or contract givers and acceptors).数据生命周期指数据如何产生、处理、报告、检查、用于决策、存贮和在保存期结束后最终废弃。与一个药品或工艺相关的数据可能在其生命周期内会穿越不同边界。这可能包括手工和IT系统之间的数据转移，不同公司界限之间的数据转移，内部（例如生产、QC和QA之间）和外部（例如，服务提供商或合同发包方和接受方之间）的数据转移。5.2 Data governance systems数据管理系统5.2.1 Data governance systems should be integral to the pharmaceutical quality system described in PIC/S GMP/GDP. It should address data ownership throughout the lifecycle, and consider the design, operation and monitoring of processes / systems in order to comply with the principles of data integrity, including control over intentional and unintentional changes to, and deletion of information.数据管理系统应整合于PIC/S GMP/GDP所述的药物质量体系中。它应该说明数据在其生命周期中的所有者身份，考虑对过程/系统进行设计、运行和监测，以符合数据完整性原则，包括对有意和无意修改和删除信息的控制。5.2.2 The data governance system should ensure controls over data lifecycle which are commensurate with the principles of quality risk management. These controls may be:数据管理系统应保证在数据生命周期进行控制。控制应与质量风险管理原则相称。这些控制可以是：lOrganisational从公司角度nprocedures, e.g. instructions for completion of records and retention of completed paper records;n程序，例如，记录完整的指令和完整纸质记录的保存；ntraining of staff and documented authorisation for data generation and approval;n培训人员和记录数据产生权限并批准；ndata governance system design, considering how data is generated recorded, processed retained and used, and risks or vulnerabilities are controlled effectively;n数据管理系统的设计应考虑数据是如何产生、记录、处理、存贮和使用的，应对风险和漏洞进行有效控制；nroutine data verification;n日常数据核查；nperiodic surveillance, e.g. self-inspection processes seek to verifiy the effectiveness of the data governance policy.n定期监管，例如自检过程中核查数据管理方针的有效性。lTechnical技术角度ncomputerised system control,n计算机化系统控制nAutomationn自动化5.2.3 An effective data governance system will demonstrate Managements understanding and commitment to effective data governance practices including the necessity for a combination of appropriate organisational culture and behaviours (section 6) and an understanding of data criticality, data risk and data lifecycle. There should also be evidence of communication of expectations to personnel at all levels within the organisation in a manner which ensures empowerment to report failures and opportunities for improvement. This reduces the incentive to falsify, alter or delete data.一个有效的数据管理系统将证明管理者对有效数据管理规范的了解和承诺，包括适当的公司文化和行为（第6部分）和对数据关键程度、数据风险和数据生命周期的了解。还应有证据证明在公司内以一定方式将要求沟通传达至各层次人员，保证更大的权力来报告失败和改进机会。如此可以减少伪造、篡改和删除数据的诱因。5.2.4 The organisations arrangements for data governance should be documented within their Quality Management System and regularly reviewed.公司对数据管理的安排应记录在其质量管理体系内，并定期审核。5.3 Risk management approach to data governance数据管理的风险管理方法5.3.1 Senior management is responsible for the implementation of systems and procedures to minimise the potential risk to data integrity, and for identifying the residual risk, using the principles of ICH Q9. Contract Givers should perform a similar review as part of their vendor assurance programme, (refer section 10)高级管理层对实施系统和程序以降低数据完整性潜在风险，识别残留风险，使用ICH Q9原则承担责任。合同发包方应实施类似的审核，作为其供应商保证计划的一部分（参见第10部分）。5.3.2 The effort and resource assigned to data governance should be commensurate with the risk to product quality, and should also be balanced with other quality resource demands. Manufacturers and analytical laboratories should design and operate a system which provides an acceptable state of control based on the data integrity risk, and which is fully documented with supporting rationale.为数据管理所做的工作和所配置的资源应与产品质量风险相称，同时也要与其它质量资源需求相平衡。生产商和分析化验室应设计和运行一个体系，为数据完整性风险提供可接受的控制状态，并全面记录支持性原理。5.3.3 Where long term measures are identified in order to achieve the desired state of control, interim measures should be implemented to mitigate risk, and should be monitored for effectiveness. Where interim measures or risk prioritisation are required, residual data integrity risk should be communicated to senior management, and kept under review. Reverting from automated / computerised to paper-based systems will not remove the need for data governance. Such retrograde approaches are likely to increase administrative burden and data risk, and prevent the continuous improvement initiatives referred to in paragraph 3.5.如果认为需要采取长期措施，以达到想要的控制状态，则应实施临时措施来将缓解风险，并监测其有效性。如果需要采取临时措施或者是提高风险优先度，则应与高级管理层沟通所残留的数据完整性风险，保持审核。从自动化/计算机化转化为纸质系统不能解除对数据管理的需求。此种降解方式可能会增加行政负担和数据风险，阻止第3.5段中提提出的持续改进倡议。5.3.4 Not all data or processing steps have the same importance to product quality and patient safety. Risk management should be utilised to determine the importance of each data/processing step. An effective risk management approach to data governance will consider:不是所有数据和处理步骤都对药品质量和患者安全具有等同的重要性。应使用风险管理来确定每个数据/处理步骤的重要性。对数据管理的有效风险管理方法应考虑：lData criticality (impact to decision making and product quality) andl数据关键程度（对制订决策和产品质量的影响）以及lData risk (opportunity for data alteration and deletion, and likelihood of detection / visibility of changes by the manufacturers routine review processes).l数据篡改和删除的数据风险（机会），修改被生产商的日常审核流程所发现/可见的可能性）From this information, risk proportionate control measures can be implemented.从此信息中可知，可以实施与风险相当的控制措施。5.4 Data criticality数据关键程度5.4.1 The decision that data influences may differ in importance, and the impact of the data to a decision may also vary. Points to consider regarding data criticality include:受数据影响的决策可能会在重要程度上有所有不同，数据对决策的影响度可能也不同。关于数据关键程度要考虑的要素包括：l?Which decision does the data influence?数据影响了什么决策？For example: when making a batch release decision, data which determines compliance with critical quality attributes is of greater importance than warehouse cleaning records.例如，当作出批放行决策时，确定符合关键质量属性的数据比仓库清洁记录要重要。l?What is the impact of the data to product quality or safety?数据对药品质量或安全有什么影响？For example: for an oral tablet, active substance assay data is of generally greater impact to product quality and safety than tablet friability data.例如，对于口服特此证明，活性物质含量数据一般要比脆碎度数据对药品质量和安全影响更大。5.5 Data risk数据风险5.5.1 Data risk assessment should consider the vulnerability of data to involuntary or deliberate alteration, falsification, deletion, loss or re-creation, and the likelihood of detection of such actions. Consideration should also be given to ensuring complete data recovery in the event of a disaster. Control measures which prevent unauthorised activity, and increase visibility / detectability can be used as risk mitigating actions.数据完整性应考虑数据在有意和无意修改、伪造、删除、丢失或重新创建，以及被察觉可能性方面的弱点。还要考虑保证在灾难发生时恢复完整数据。防止未经授权的活动，增加可视性/检出能力的控制措施可以用作风险降低措施。5.5.2 Examples of factors which can increase risk of data integrity failure include complex, inconsistent processes with open ended and subjective outcomes. Simple tasks which are consistent, well defined and objective lead to reduced risk.可能会增加数据完整性