PDA-数据完整性行为守则要素

PDA数据完整性行为守则要素（中/英对照版）ParenteralDrugAssociationPointstoConsider注射剂协会考虑要点ElementsofaCodeofConductforDataIntegrity数据完整性行为守则要素Introduction简介DataIntegrityhasbeenandcurrentlyisamajorglobalconcernofHealthAuthoritiesandthepharmaceuticalindustry.Althoughnotanewissue,numerousrecentHealthAuthorityenforcementactionssuchasWarningLetters,ImportAlerts,ProductDetentions,andsuspensionorrevocationofMarketingAuthorizationshasfocusedattentiononDataIntegrity.DataIntegritycanresultfromlackofawarenessofregulatoryrequirements,employeeerrors,failuretocheckaccuracyofdata,softwareorsystemmalfunction,orconfigurationproblemswithelectronicdatahandling,ormalfeasancebyemployees.ToholisticallyaddressDataIntegrity,theParenteralDrugAssociation（PDA）isdevelopingasetoftoolsintheformofPDATechnicalReports,PDATrainingProgram,DataIntegrityWorkshops,andPointstoConsiderdocumentsthatcanbeusedbyindustrytoaddressthisseriousissue.ThisdocumentpresentstheviewsoftheParenteralDrugAssociation（PDA）onthebenefitsforcompaniestovoluntarilyadoptaCodeofConductforassuringdataintegrity.数据完整性目前已经成为全球卫生机构与制药行业所关注的重点。尽管不是一个新的问题，近期在很多卫生当局的执法行动例如警告信、进口警报、产品扣留，以及暂时取消或撤销上市许可中都非常关注数据完整性的问题。数据完整性可能由于缺乏法规要求意识、员工错误、无法核实数据准确性，软件或系统故障，或电子数据处理配置问题，或员工渎职行为导致。为了全面解决数据完整性问题，注射剂协会（PDA）正在开发一套面向行业的涵盖PDAft术报告、PDAW训程序、数据完整性研讨会，以及考虑要点文件的工具来解决这一严重问题。本文件代表注射剂协会（PDA）的观点，公司可自愿采用行为守则来确保数据完整性。HowtoUsethisDocument如何使用本文件Thisdocumentwasdevelopedbyateamwithexpertiseinthefieldsofquality,regulatoryaffairs,auditing,andmanufacturingandreviewedbyattorneysspecializedinfood,drugandlaborlaw.Thisdocumentiswrittenforeasyadoption,inpartorinitsentirety,bycompanies,iftheysochoose,withouttheneedforextensiverewritingofthedocument.Therefore,theterms‘shall’and‘must’havebeenusedtopermittheCodetobeenforceablebyacompany,ifadopted.Thisdocumentisintendedtoreinforceacultureofqualityandtrustwithinthepharmaceuticalindustry.Itisnotintendedtobearegulatorystandardorguidance,norisitintendedtosupersedeanycountryspecificorlocallawsandregulationsgoverninglabor,privacyand/oremployeerights.本文档由在质量、药政事务、审计及制造有专业知识的团队起草，并由专业从事食品、药物及劳动法的律师进行审核。对于部分选择或全部选择该文件的公司，该文件的编写易于使用且不需要大量文件的重新编辑。因此，如果使用的话，公司可以根据术语“应(should)”与“必须(must)”明确可执行的守则。本文件目的是在制药行业内加强质量与信任文化。该文件并不是药政标准或指南，也不打算取代任何国家特定或地方法律，以及监督劳动、隐私，和/或，雇员权利的法规。Inorderforthelanguageusedbelowtobeasgloballyapplicableaspossible,thedocumentscopehasbeenlimitedtodrugandbiologicalmedicinalproducts.Thesameorsimilarconceptscouldbeappliedfordeviceandcombinationproductsmanufacturing.PDAisprovidingthisdocumentandtheseconceptsasaservicetomembersandanexampleofbestpracticestothepharmaceuticalindustry.PleaseseeSection2belowformoredetailsonhowtousethiscode.Section3beginsthecodeofconductprovisions.为了使下面使用的语言尽可能全球适用，该文件的范围仅限于药品与生物药品。相同或相似的概念也可以应用于医疗器械与组合产品的制造中。 PDA等本文件和这些概念作为对会员的一种服务，并作为制药行业最佳实践的范例。关于如何使用本守则的更多详细内容请参考下面第二章。第三章是关于行为守则的条款。1.0PURPOSEANDSCOPE第一章：目的与范围Thepurposeofthisdocumentistooutlinethekeyelementsnecessarytohelpensurethereliabilityandintegrityofinformationanddatathroughoutallaspectsofaproduct'slifecycle.TheCodeofConductforDataIntegrityisintendedtoapplytoemployeesandofficersandthirdpartysuppliersandothersactingonbehalforatthebehestofthecompany,suchaspersonsthatdevelop,test,manufactureorsubmitmarketingauthorizationsforpharmaceuticalandbiologicalproducts.EachcompanywillestablishtheirownPolicies,Standards,Procedures,CodeofConduct,orotherqualitysystemelementsthatdefinetherequirementsfordataintegrity（includingtheprinciplesoutlinedintheCodeofConductincluding:本文件目的在于概述必要的关键要素，以确保贯穿产品生命周期各个方面的信息和数据的可靠性与完整性。数据完整性行为守则旨在适用于员工、官员、第三方供应商以及代表公司或公司授意的其他行为，例如从事开发、检测、制造或提交药品或生物制品上市许可的人。每个公司应建立自己的方针、标准、规程、行为守则，或其他质量系统要素以明确数据完整性的要求 （包括在行为守则中概述的基本原则）:Manufacturersoffinisheddrugproductsforclinicaltrials,bioequivalencestudies,andcommercialdistribution临床试验、生物等效性研究和商业销售的制剂制造企业Companiesthatconductclinicaltrialsinsupportofnewdrugapplicationsincluding,butnotlimitedto:InvestigationalNewDrug(IND),ClinicalTrialApplication(CTA),InvestigationalMedicinalProductDossier(IMPD),BiologicsLicenseApplication(BLA),MarketingAuthorizationApplication(MAA),NewDrugApplication(NDA),andAbbreviatedNewDrugApplication(ANDA)开展临床试验以支持新药申请的公司，包括但不限于：研究用新药 (IND)、临床试验申请(CTA)、研究用药品档案 (IMPD)、生物制品许可申请 (BLA)、上市许可申请(MAA卜新药申请(NDA)与简略新药申请(ANDA)Laboratoriesthatdevelopmethodsorformulationsintendedtosupportnewdrugapplicationsorlaboratoriesthatanalyzesamplesgeneratedfromclinicaltrials开发分析方法或配方以支持新药申请的实验室或进行临床试验样品分析的实验室Manufacturersofexcipients,intermediates,oractivepharmaceuticalingredients(APIs)辅料、中间体或原料药 (API)制造企业Contractmanufacturingorganizations(CMOs)合同制造组织 (CMO)Contractresearchorganizations(CROs)合同研究组织 (CRO)Contracttestinglaboratories合同检测实验室Contractors,consultants,suppliersandvendorsthatprovideservicesanddatathatsupporttheproductionandcontrolofAPIs,drugorbiologicalproducts提供支持API、药品或生物制品生产和控制的服务和数据的合同商、咨询顾问、供应商和卖方。TheCodeofConductforDataIntegrityisintendedtoapplytomarketingauthorizationholdersandpharmaceuticalfacilitiesperformingservicesorprovidingproductsthatarerequiredtoadheretoGXPpracticesinaccordancewithapplicablelaws,regulationsandlegislativedirectivesofregulatoryauthoritiesincluding:数据完整性行为守则适用于根据以下相关的法律、法规和药政当局立法指令，提供符合GXPt规要求的服务和产品的上市许可持有人及药厂，包括：GoodManufacturingPractice(GMP)药品生产质量管理规范 (GMP)GoodClinicalPractice(GCP)药品临床试验质量管理规范 (GCP)GoodPharmacovigilancePractice(GVP)药品警戒管理规范 (GVP)GoodLaboratoryPractice(GLP)药品非临床试验质量管理规范 (GLP)GoodDistributionPractices(GDP)药品流通质量管理规范 (GDP)GoodTissuePractice(GTP)组织质量管理规范(GTP)1.3Theprinciplesoutlinedbelowareintendedtoidentifykeydataintegrityelementsthatcompaniesmaychoosetoincorporateintotheirapplicablesystemsthatdefinethepolicies,standardsandrequirementsfortheconductofcompanymanagementandeachofitsemployees.TheelementslistedbelowmaybeusedtocreateastandaloneCodeofConductthatisspecifictoDataIntegrityforGXPoperations.Alternatively,theidentifiedelementsmaybeincorporatedintoabroaderCodeofConductthatencompassesotheraspectsofbusinessvaluesandethicsthatarebeyonddataintegrity.Thedataintegrityelementsmaybeintegratedwithexistingpolicies,standardsorotherdocumentsthatdefinerequirementsfortheconductofcompanymanagementanditsemployees(suchasQualityAgreementswithsupplychainpartners).以下所述原则旨在辨识公司可能选择纳入其恰当系统的关键数据完整性要素，该系统用于明确公司管理层和每一个员工行为的方针、标准和要求。下列要素可用于建立独立的专门用于GXPB作的数据完整性行为守则。另外，被辨识的要素可以被纳入到更广泛的包括超越数据完整性的商业价值以及道德行为守则的行为守则中。数据完整性要素可以被合并在用于定义公司管理层及其员工行为要求的现有方针、标准或其他文件中(例如供应链合作伙伴的质量协议 )1.4Manufacturesareresponsibleforensuringthatqualitysystemelementshavebeenestablishedateachofitsthirdpartysuppliersthatprovideproductsorservicesonbehalfoforatthebehestofthemanufacturer.Manufacturersneedtoensurethatsuppliers(suchascontractlaboratories,CROsandCMOs)thatoperateasanextensionofthemanufacturerhavedefinedthepolicies,standardsandrequirementsfortheconductofcompanymanagementandeachofitsemployees.制造企业有责任确保代表制造企业或制造企业授意提供产品或服务的第三方供应企业已经建立了质量体系要素。制造企业需要确保作为其延伸操作的供应企业(诸如，合同实验室、合同研究组织与合同制造组织)已经定义了公司管理层与每个员工的行为方针、标准与要求。2.0PREAMBLE第二章：序言2.1Thepharmaceuticalindustrydevelopsandmanufacturesdrugsandbiologicsthathelppatientsallovertheworldlivelonger,healthierlives.Itisaprivilegetoworkinanindustrythatmakesadifferenceinthelivesofpatients.Everyemployeehasadutytoengageinconducttoensurethatallstakeholderscantrustemployeedecisionsthatarebasedondataandinformationthatareaccurate,truthfulandcomplete.制药行业开发与制造药品与生物制品，用以帮助全世界的患者更长、更健康地生活。改变患者的生活是在这个行业工作的特权。每个员工都有责任使所有的利益相关方相信其决策是基于准确、真实和完整的数据和信息的。SeniorManagementmustestablishqualitystandards,requirementsandprocedures,andisobligatedtomaintainandmonitortheperformanceofthequalitysystemthathelpstoensureavailabilityofsafeandeffectivedrugs.Thecompanymustmaintainoperationalmanagementoversighttodemonstratethateachproducthasbeendeveloped,manufacturedortestedunderconditionsthataredesignedtoassurethereliabilityandintegrityofinformationanddatausedtosupportitsqualityandfitnessforuse,andinaccordancewithapplicablelaws,regulationsandlegislativedirectivesoftheregulatoryauthorities.Ensuringdataintegritymeanscollecting,documenting,reporting,andretainingdataandinformationinamannerthataccurately,truthfullyandcompletelyrepresentswhatactuallyoccurred.高级管理层必须建立质量标准、要求与规程，并有义务保持与监测质量体系的性能从而有助于确保获得安全并有效的药物。公司必须保持对运营管理的监督，以证明每个产品均在被设计可保证信息与数据可靠和完整的条件下开发、制造或检测，这些信息和数据被用于支持其质量与使用的适用性，并符合药政当局相关的法律、法规与立法法令。确保数据完整性意味着通过准确、真实、完整地表示实际上发生的事件来收集、记录、报告与保存数据与信息。Everyemployeeateachcompanyisresponsibleforhis/herownconducttomaintainabondoftrustbetweenthecompanyanditsstakeholders,namelythepatients,healthcareproviders,andregulators(i.e.,topreventabrokenbondduetodataintegrityissues).EmployeeshaveadutytoperformtheirGXPfunctionsinanethicalmannerthatmeetscompanyrequirementsandindustrystandardsasarticulatedincompanyrequirements,andinaccordancewithallrelevantlaws,regulationsorlegislativedirectivesofregulatoryauthorities.每个公司的每一位员工应对自身的行为负责，从而保持公司与利益相关方，即患者、卫生保健提供者与监督者之间的信任（也就是防止由于数据完整性问题破坏这一纽带）。员工有责任以道德的方式履行其 GXP职能，以满足在公司要求中清楚表达的公司要求与行业标准，并符合所有药政当局相关法律、法规或立法指令。Everyemployeeisrequiredtocollect,analyze,reportandretaininformationanddatainamannerthataccurately,truthfullyandcompletelyrepresentswhatactuallyoccurredineitherpaperorelectronicformatinaccordancewiththecompanypoliciesandproceduresandapplicablelaw.每一位员工需要按照公司方针、规程和适合的法律采用纸质或电子方式准确、真实、完整地收集、分析、报告与保存代表实际发生事件的信息与数据。ByadoptingavoluntaryCodeofConductforDataIntegrity(CodeofConduct)seniormanagementiscommitted,asrequiredbyapplicablelaw,tonotifyapplicablelicensing/regulatoryauthority(s)ifthecompanydiscoversthatapendingorapprovedmarketingauthorizationorothersubmissiontoaregulatoryauthoritycontainsanuntruestatementofmaterialfactoromitsmaterialfacts(rmationisfalse,misleading,inaccurateorincomplete).Ifdata,notsubmitted,butusedtodeterminewhetheraproductbatchmetspecificationsarelaterfoundtobefalse,misleading,inaccurateorincomplete,acompanyiscommittedtofiletheappropriatenotificationstohealthauthorities(i.e.FieldAlert,BiologicalProductDeviationReport(BPDR)ornotificationundertheFalsifiedMedicinesDirective(FMD)).Wherewarranted,managementiscommittedto;(1)providingfulldisclosure,(2)verifyingthatafullinvestigationisconducted,(3)implementingcorrectiveandpreventativeactionstopreventrecurrence,and(4)verifyingthevalidityandreliabilityofthedataandinformationfiledwithregulatoryagencies.Thisincludescorrectingmaterialfacts(informationanddatathatwerefiledpreviously,iffoundtobeincorrect,untruthful,misleadingorincomplete).通过自愿采用数据完整性行为守则(行为守则)，高级管理层应依据适当的法律要求承诺，如果本公司发现某暂停或已经批准的上市许可或其他提交给药政机构的文件中存在不真实的重要事实声明或省略的重要事实(例如，虚假、误导、不准确或不完整的信息)，将通知相关的许可 /药政当局。对于未提交，但被用来确定产品批次是否符合规格标准的数据，如果之后发现是虚假、误导、不准确或不完整的，公司承诺向卫生当局提交恰当的通知(例如，现场警报、生物产品偏差报告(BPDR)或在伪造药品法令(FMD)通知)。如必要，管理层应承诺；(1)充分披露信息，(2)确认开展全面调查，(3)实施纠正与预防措施，以防止再次发生，以及(4)确认已经提交给药政当局的数据与信息的有效性与可靠性。包括纠正重要事实(已经提交的信息与数据，如果发现存在不正确、不真实、误导或不完整的情况)。3.0ELEMENTSofaCODEOFCONDUCTFORDATAINTEGRITY第三章：数据完整性行为守则要素3.1Applicability适用性3.1.1Eachcompanythatdevelops,testsandmanufacturesAPIs,intermediates,orpharmaceuticalandbiologicalproductsorvendors/suppliersthatprovidesupportingdatamayadoptacompanyCodeofConductforDataIntegritywhichestablishesstandardsofethicalbehaviorforallemployeesandofficersofthecompany.每个开发、 检测与制造原料药、 中间体，或药品与生物制品的公司或提供支持数据的供应商 /供应方可采用公司数据完整性行为守则，从而建立适合公司全体员工与管理层的道德行为标准。3.1.2Insupportofthiscodecompanieswillestablishprogramsthat:(1)promoteanorganizationalculturethatencouragesethicalconduct;(2)demonstratesthecompany'scommitmenttocompliancewithapplicablelaws;and(3)requiresthepreventionanddetectionofdataintegritylapses.为了支持该守则，公司需建立的程序包括：(1)提倡一种鼓励道德操守的组织文化；(2)证明公司的承诺符合恰当的法律；以及(3)对数据完整性失误的预防与监测。3.1.3ThecompanywillestablishrequirementsandimplementprogramstoprovideallemployeeswithtrainingonthefundamentalprinciplesofDataIntegrityincludingemployeeconductasaconditionofperformingGXPfunctions.EachemployeeshallreceiveannualrefreshertrainingontheCodeofConductforDataIntegrity公司应建立要求并实施程序，向所有员工开展有关数据完整性基本原则的培训，包括作为实施GXP职能条件的员工行为。每位员工需每年接受数据完整性行为守则的再培训。3.1.4Eachemployeewillprovideannuallyasignedcertificationstatementconfirmingthatduringthepastyearhe/shehasadheredtotheCodeofConductforDataIntegrityincludingattestationthathe/shehasreportedtocompanymanagementwrongfulactthatraisesaquestionabouttheintegrityofdataaboutwhichhe/shebecameaware.每一位员工每年应提供签名的认证声明确认在过去一年里其遵守数据完整性守则，包括宣誓已经向公司管理层报告任何自身已经知晓的有关数据完整性问题的不法行为。3.2DataCollection,Analysis,ReportingandRetention数据采集、分析、报告与保存3.2.1Thecompanywillestablishproceduresanddocumentationsystemsdesignedtoassureallinformationanddataarecollected,analyzed,reported,andretainedinamannerthataccurately,truthfullyandcompletelyrepresentswhatactuallyoccurred.公司应建立规程与记录系统以确保所有的信息和数据以准确、真实和完整地表示实际发生情况的方式进行收集、分析、报告，与保存。3.2.2Thecompanyshallestablishdocumentationcontrolsystemsandpracticestomaintaindataintegrityaswellasprovidingmechanismsforpreventingdataintegritylapsesanddetectinginstancesofnon-compliance.SuchsystemshelptoensurethatallrawdatafromdevelopmentstudiesandproductionandcontrolactivitiesforGXPactivitiesaremaintainedinboundnotebooksorcontrolledworksheets(pre-numberedapprovedforms)forpaperrecordsorinvalidatedcomputersystemswithappropriatesecurity,audittrails,validation,andoversightforelectronicrecords.公司应建立文件控制系统与规范，以保持数据完整性，并提供防止数据完整性失误与监测不合规事件的机制。该系统可帮助确保所有针对 GXW展的开发研究、生产、控制活动的原始数据已经采用纸质记录或电子记录的方式被保存在装订的笔记本或受控的工作表 (预先编号的批准的格式 )中，对于电子记录应采用经验证有适当的安全性、审计追踪、验证和监督的计算机系统。3.2.3Employeeswilladheretotherequirementsoftheestablisheddocumentationsystemsandshallnotbepermittedtorecordrawdataonunofficialforms,writingpadsorotheruncontrolledmedia.Suchprocedureswilldescribedocumentationcontrolpracticesandretentionrequirementsandpracticesforbothpaperandelectronicrecordsincludingretentionperiodsthatcomplywithrequirementsofapplicableregulatoryauthorities.Paperandelectronicrecordsshallberetainedeitherasoriginalsorastruecopies(suchasphotocopies)orotheraccuratereproductionsoftheoriginalrecord(suchaselectronicscanning).员工需遵守既定的文件系统要求，且不允许在非正式表格、手写板或其他非受控媒介上记录原始数据。该规程将描述适用于纸质与电子记录的文件控制规范，保存要求和规范，包括符合相关药政当局要求的保留期。纸质和电子记录的保存应采用正本或真实副本 (例如影印件 )或其它正本记录的准确复印件 (例如电子扫描)。3.2.4Employeeswilladheretoestablishedcompanyproceduresthatdescribethedocumentationcontrolandretentionrequirements,andapplicablelaws,regulationsandlegislativedirectivesofregulatoryauthoritiesthatapplytopaperandelectronicdocumentsandrecords.Employeesshallnotdiscard,destroy,ormodifyinanywayrawdataororiginalrecords(otherthanattheendofprescribedretentionperiodasprovidedbyapprovedprocedures).Employeesshallnotdeleterawdataoralteroriginalrecordsinamannerthatobscuresorobliteratestheoriginalentries.Ifchangesareneededtocorrecterrors,theoriginalentriesshallberetainedalongwithentriesthatidentifythepersonmakingthecorrection,andthedateandreasonforthecorrection.员工需遵守已建立的有关纸质与电子文件和记录的文件控制与保存要求、恰当的法律、法规与药政当局立法法令的公司规程。员工不应以任何方式丢弃、销毁或修改原始数据或原始记录(除非根据批准的程序在规定的保留期结束时 )。员工不得删除原始数据或以模糊或涂改原始记录的方式改变原始记录。如果需要通过变更来纠正错误，应保留原始记录连同识别进行纠正的人员身份的内容，日期及纠正的原因。3.2.5InordertoverifypaperrecordsofGXPactivities,thecompanyshallestablishandmaintainSignatureandInitialLogsforemployeesthatworkinGXPareasthatincludeahandwrittenspecimenofthesignature/initialsofeachemployee.Employeesmustsignorinitialoriginalrecordsinacontemporaneousmanner,andmustenterthedate(andtimeifrequiredbyprocedure)toaccuratelyreflectwhoperformedorwitnessedtheactivityorwhoenteredresultsorverifiedtheaccuracyofentries.Employeesshallneverrecordthesignatureorinitialsofanotherpersonorpre-dateorbackdateentriesonanyrecord(eitherpaperorelectronic).为了确认纸质记录的GXP活动，公司需建立并保存在 GXP®域工作的员工签名与初始日志，包括每个员工签名/首字母的手写样本。员工必须以同步的方式在原始记录上签字或签首字母，且必须注明日期(如果规程要求还需要注明时间)以准确地反映谁实施或见证了该活动，或谁输入结果或确认输入内容的准确性。员工不应在记录上签其他人的签名或首字母，或将日期提前或拖后(纸质或电子 )3.2.6Thecompanyshallmaintainreadilyavailablerecordsforanauthorizedinspectionbyregulatoryauthorities.Thecompanyshallprovideaccesstoallrecordsthatarerequiredbyapplicablelaws,regulationsorlegislativedirectivesforGXPactivitiesuponrequestbyadulyauthorizedregulatoryofficialwhohasthelegalauthoritytoinspectsuchrecords.Employeesshallnotdelay,denyorlimitaccesstorecordsorrefusetopermitinspectionbydulyauthorizedofficialsofregulatoryauthorities,exceptasmaybespecifiedinawrittenprocedure[e.g.,toimmediatelynotifyexecutivemanagementwhenaninspectorarrives].公司应确保在药政机构检查中记录的迅速获取。一旦被授权有合法权限检查此记录的药政官员提出要求，公司应提供所有与GXP亍为相关的法律、法规或立法指令要求的记录。员工不得拖延、拒绝或限制记录的获取或拒绝药政当局授权官员的检查，除非在书面程序中有特殊规定 [例如，当检查官到达时应立即通知高级管理层]。3.2.7Thecompanywillestablishprocedurestoverifytheaccuracy,completenessandtruthfulnessofdataandinformationusedtoreleaseAPIs,finishedpharmaceuticalproductsandbiologicalproductstothecommercialmarketincludingverificationthatthesupportingdataandinformationconformtothecommitmentscontainedinmarketingapplicationsthathavebeenapprovedbyregulatoryauthorities(whereapplicable).Employeeswhoperformreviewbatchproductionandcontrolrecordsasaconditionofbatchreleaseshalladheretoestablishedproceduresandshallconfirmthattherecordssupportingbatchreleasehavebeensecondpersonverifiedforaccuracy,truthfulnessandcompleteness.公司应建立程序确保用于放行原料药、药品和生物制品上市销售的数据和信息的准确性、完整性和真实性，包括对符合获批上市申请中的承诺(如使用)的支持性数据和信息的确认。作为批放行的条件之一，执行批生产和控制记录审核的员工，应遵守既定的程序并证实用于支持批放行的记录已由第二人对其准确性、真实性和完整性进行了确认。3.3ElectronicDataAcquisitionSystems电子数据采集系统3.3.1IfelectronicdataacquisitionsystemsforGXPdataareestablished,thecompanymustensurethatthesystemsareconfigured,validated,andmaintainedinaccordancewithestablishedindustrystandardsintendedtoassuredataintegrity.Thebusinessprocessesshallincludetheestablishmentofwrittenproceduresthatgovernthecollection,analysis,reportingandretentionofelectronicdataincluding:如果已经建立了GX嘤据的电子数据采集系统，该公司必须确保已经根据既定的旨在保证数据完整性的行业标准进行系统的安装、验证与维护。业务流程需包括书面程序的建立以管理电子数据的收集、分析、报告和保存，包括：Proceduralcontrolscoveringtheuse,correction,andmovementofdata,ensuringthatdatacanbetracedthrougheveryphaseofitslifecycle.Ifthetransferofdataisauthorized,itmustbecontrolledinamannerthatprovidestraceabilityandretentionforaperiodoftimeprescribedbyapplicablelaws,regulationsorlegislativedirectivesorlongerifrequiredbycompanypoliciesandprocedures.涉及数据使用、 纠正与转移的过程控制， 应确保在数据生命周期的每个阶段均能进行数据追踪。 如果数据转移经过授权， 这个行为的控制必须有追溯性， 并根据相关法律、法规或立法法令规定的时间或公司方针与规程要求的更长的时间进行保存。Securitycontrolstopreventanddetectdatadeletion,over-writing,manipulationand/oromissionofdata.安全控制应能防止和监测数据的删除、覆盖、篡改和/或数据遗漏。Securedateandtimestampstopermitdetectionandtopreventmanipulationofrecords.安全日期和时间戳应能监测并防止记录的篡改。Securedataretentionstoragelocationstopreventdatafrombeingsavedtounauthorizedfilestoragelocationsincludingremovabledevices.安全数据保存位置应能防止将数据从被保存的位置转移至未经授权的文件储存位置，包括可移动设备。Systemandproceduralcontrolstoprovideforthereportingandevaluationofalldatagenerated.系统与程序控制应能对所有生成的数据提供报告与评价。3.3.2Thecompanyshallestablishappropriatesecurity,audittrails,validation,andoversightforelectronicrecordsandsignaturesincompliancewithapplicablelaws,regulationsorlegislativedirectives.Electronicrecordsshallbeattributable,legible,contemporaneous,traceable,time/datestampedandpermanent.公司应根据相关的法律、法规或立法法令对电子记录和签名建立恰当的安全、审计追踪、验证和监督。电子记录应是可归属的、清晰的、同步的、可追踪的、有时间/日期戳和永久的。3.3.3ThecompanywillmaintainandreviewaudittrailsforelectronicGXPdatathatisrequiredbycompanyproceduresorregulatoryrequirement.Suchreviewswillincludeperiodicreviewofsystemaudittraillogsagainstentriesintransactionallogstoverifythatalleventsanddata(includingmetadata)arebeingaccuratelyandcompletelycaptured,reportedandretained.根据公司规程或法规要求，公司应该对电子GX嘤据的审计追踪进行维护和审查。该审核包括按照事务日志中的输入内容对系统审计跟踪日志进行定期审核以确证所有的事件和数据 (包括元数据 )已经被准确完整地捕获、报告与保存。3.3.4EmployeeswhoenterdataorverifydataaccuracyorperformotheractivitiesinvolvingGXPdata(suchascollection,analysis,reportingorretentionfunctions)shallcontemporaneouslyenterdatainaccordancewithestablishedpoliciesandprocedures.Employeesshallaccuratelyenterandcompletelyreportallrequireddata.Employeesshallnotengageinanyconductthatcallsintoquestiontheintegrityofdata（suchasfalsifyingdata,makingunauthorizedchanges,ordestroying,deletingorover-writingdata）.Employeeswhorevieworevaluateelectronicdatashallfollowestablishedproceduresandverifythatallrequireddataandinformationhavebeenincludedinrelevantrecordsandreports.Employeesshallalwaysenterdataandinformationinamannerthataccurately,truthfullyandcompletelyrepresentswhatactuallyoccurred,andincludesalltestingresults（ifapplicable）.负责输入数据，确认数据准确性或执行其他涉及 GXP数据活动（例如收集、分析、报告或保存职能 ）的员工应该根据已经建立的方针和程序同步录入数据。员工应准确输入并完整报告所有所需的数据。员工不得进行任何对数据完整性造成疑问的行为（如，伪造数据、进行未经授权的变更，或销毁、删除或覆盖数据 ）。审核或评估电子数据的员工需遵循既定规程并确认所有要求的数据与信息已经被涵盖在相关的记录和报告中。员工应该采用准确、真实、完整表示实际发生事件的方式录入数据和信息，并包括所有的检测结果 （如果适用）。3.4ElectronicAccessSecurityMeasures电子访问安全措施3.4.1Anycomputerdataacquisitionsystemsshallbeestablishedwithsecureaccesstopreventunauthorizedchangestoelectronicdata.ThecompanywilladoptandstrictlyenforceproceduresthatrequiresecureaccesstocomputersystemsforeachcomputeruserwhoentersdataorhasaccesstoelectronicGXPdata.Securitymeasuresshallincludestrictcontrolstopreventunauthorizedaccesstocomputersystemincludinguseofuniqueusernamesandpasswordsorotherbiometricmeanstoidentifyauthorizeduserssuchasfacialrecognition,fingerprintreaders,andirisscanners.任何计算机数据采集系统需建立安全访问以防止对电子数据未经授权的更改。对于每一个需要录入数据或访问GXPt子数据的电脑用户，公司应采用并严格执行计算机系统安全访问规程。安全措施应包括对防止计算机系统未授权访问的严格控制，包括使用唯一的用户名和密码或其它生物特征手段来识别已经授权的用户，诸如，人脸识别、指纹识别器和虹膜扫描仪等。3.4.2ConsistentwiththeCodeofConductforDataIntegrity,employeesadheretoestablishedproceduresthatdescriberequirementsofsecuritycontrolsforaccessingelectronicdata.Employeesmustnotdiscloseand/orsharetheirusernameand/orpasswordswithothers,orusetheusernameorpasswordofanotherpersontoaccesscomputerfiles.与数据完整性行为守则一致，员工应遵守既定的描述电子数据访问安全控制要求的规程。员工不得泄露，和/或，与其他人分享其用户名，和 /或，密码，或使用其他人的用户名或密码访问计算机文件。3.5AuditingofQualitySystemforDataIntegrity数据完整性质量体系审计3.5.1Thecompanyshallestablishandexecuteaspartofitsinternalauditprogramprovisionstoperiodicallyevaluatetheelementsofthequalitysystemusedforcollecting,analyzing,reportingandretaininginformationanddata.作为其内部审计程序的一部分，公司应对用于收集、分析、报告和保存信息和数据的质量系统要素进行定期的评估。3.5.2Theauditprogramwillincludeperiodicauditstoconfirmadherencetoestablishedrequirementsfordataintegrity.Suchshallutilizeindependentauditorswhoarequalifiedbyeducation,experienceandtrainingtoevaluatedataintegrity.审计程序应包括定期审计从而确保符合既定数据完整性的要求。该审计应由接受并拥有数据完整性评估的教育、经验和培训的独立审计人员进行。3.5.3Employeeswhoconductdataintegrityauditswillmaintainacurrentawarenessofapplicablelaws,regulationsandlegislativedirectivesthatpertaintodocumentationandrecordkeepingrequirements.执行数据完整性审计的员工应了解现行的与文件和记录保存要求相关的法律、法规和立法指令。3.6InvestigationsofWrongfulActs不法行为的调查3.6.1Thecompanyshallestablishandfollowprocedurestoinvestigateanyallegedfalsification,fabrication,orotherconductthatraisesaquestionabouttheintegrityofdata.Suchinvestigationsshallincludeadocumentedin-depthreview,conductedinafairandbalancedmanner,byindependentpersonnel.公司应建立并按照规程对任何涉嫌导致数据完整性问题的造假、伪造或其他行为进行调查。此类调查应包括以公正平衡的方式由独立的人员对记录的深入审核。Companiesmayengagelegalcounseltohelpinvestigatorsensurethatdocumentsareproperlyidentifiedandpreserved,andthatthecompanyreceivesappropriateadviceandcounselregardingtheconductoftheinvestigation.Theinvestigator(s)shallpossesstheeducation,experienceandtrainingtoevaluatedataintegrityissues.公司可聘请法律顾问协助调查员确保文件被恰当地识别并妥善保存，且公司收到有关调查行为的恰当建议和咨询。调查员应接受并拥有数据完整性评估的教育、经验和培训。Anindependentinvestigationwillservetoidentifypotentialgapsinsystems,processes,proceduresand/orpracticesbyindividualsortheorganizationthatcouldraiseaquestionaboutdataintegrity.Suchinvestigationswillalsoservetoassessthelegalimplicationsofknownorsuspectedwrongfulacts,andpossiblereportingobligationstoregulatoryauthorities.独立调查可以用于识别由于个人或组织产生的在系统、工艺、规程和/或规范中潜在的差距，这些差距可能会导致有关数据完整性的问题。此调查也将有助于评估已知或怀疑的不法行为的法律内涵，以及向药政当局可能的报告义务。Independentinvestigationsintoconductthatraisesaquestionabouttheintegrityofdatashallidentifyallpersonsfoundduringtheinvestigationtobeinvolvedanddescribeindetailtheiractionsoractivitiesrelatedtotheconduct.Suchinvestigationmustdeterminethescopeofthequestionableconduct.Forexample,whetherthesameorsimilarconductorpracticesmayhavehappenedinotherinstancesorcouldhaveimpactedotherdata.Ifso,theinvestigationneedstobeextendedtotheseevents,activities,practicesand/orothercollecteddatacompany-wideaswell.对于在独立调查中发现的有关数据完整性的问题，应识别出在调查过程中发现的所有涉及的人员，并对有关该调查的相关活动或行为进行详细地描述。该调查必须明确可疑行为的范围。例如，在其他情况下是否可能发生相同或类似的行为或惯例，或者可能影响其它数据。如果如此，应将调查扩展到这些事件、活动、惯例，和/或公司范围采集的其它数据上。Companyproceduressh