EU GMP Annex 11全新解读资料

Section

章节2011

Version

2011版本2025Draft

Update

2025草案更新Typeof

Change

更改类型Implication/

Notes

含义/说明OverallContext

整体The

Annexwasrevisedinresponsetotheincreaseduseandcomplexityof

computerisedsystems.ConsequentialamendmentswerealsoproposedforChapter

4ofthe

GMP

Guide.

本附录的修订是为了应对计算机化系统使用的增加及其日益复杂的特点。同时，也对《GMP指南》第4章提出了相应的修订建议。The

guidelinewasrevisedtoreflectchangesinregulatoryandmanufacturing

environments,clarifyrequirements,andremoveambiguityandinconsistencies.

ItaddressestheevolvingITlandscape,increaseduseofcloudservices,and

newtechnologies,aimingforacommonapproachbetweenEUandPIC/S,ensuring

productquality,patientsafety,anddataintegrity.

本指南的修订旨在反映监管与生产环境的变化，澄清相关要求，消除歧义与不一致之处。该文件重点应对不断演进的IT环境、云服务的广泛应用以及新兴技术的出现，旨在在欧盟与PIC/S之间实现统一的方法，以确保产品质量、患者安全和数据完整性。Expanded

&Modernized

扩展和现代化Acknowledges

rapidtechnologicaladvancementsandglobalharmonizationefforts,

strengtheningthefocusonpatientsafetyanddataintegritybeyondjust

productquality.本次修订承认技术快速发展的现实及全球一致化的努力，在确保产品质量的基础上，进一步加强了对患者安全和数据完整性的关注。Scope/Principles范围/原则Applies

toallformsofcomputerisedsystemsusedaspartofGMPregulated

activities.Statesthatacomputerisedsystemisasetofsoftwareand

hardwarecomponents.Applicationshouldbevalidated;ITinfrastructure

shouldbequalified.Nodecreaseinproductquality,processcontrol,or

qualityassurance,andnoincreaseinoverallriskwhenreplacingamanual

operation.

适用于作为GMP相关活动一部分的所有形式的计算机化系统。指出计算机化系统由软件和硬件组件构成。应用程序应经过验证，IT基础设施应经过确认。在用计算机化操作替代人工操作时，不应降低产品质量、过程控制或质量保证水平，也不应增加整体风险。1.

Scope:Appliestoalltypesofcomputerisedsystemsused

inthemanufacturingofmedicinalproductsandactivesubstances.2.Principles:

Includesspecificprincipleslike2.1Lifecyclemanagement(validatedandmaintained),2.2QualityRiskManagement(QRMthroughoutlifecycle),2.3Alternativepractices(allowedifequivalentcontrol),2.4Dataintegrity

(criticallyimportant,ALCOA+principles),2.5Systemrequirements

(documented,updated,basisforvalidation),2.6Outsourcedactivities(regulateduserremainsfullyresponsible),2.7Security(stay

updatedonthreats),and2.8Noriskincrease

(similarto2011).1.适用范围：

适用于用于药品及活性物质生产的所有类型的计算机化系统。2.基本原则：

包括以下关键原则：2.1生命周期管理：系统应经过验证并持续维护；2.2质量风险管理（QRM）：应贯穿整个系统生命周期；2.3替代做法：若具备等效控制措施，则可接受；2.4数据完整性：极为重要，须遵循

ALCOA+原则；2.5系统要求：应有文档记录、及时更新，并作为验证依据；2.6外包活动：受监管用户需对其承担全部责任；2.7安全性：应持续关注潜在威胁，保持系统更新；2.8风险不可增加：与2011年版本要求一致。Expanded

&Clarified

扩展与澄清Broadens

thetypesofsystemscoveredandintroducesexplicitfoundationalprinciples

likeALCOA+fordataintegrity,formalizingresponsibilityforoutsourced

activities,andemphasizingproactivesecurity.

扩大了涵盖的系统类型，并引入了诸如数据完整性

ALCOA+原则等明确的基础性原则，正式规定了外包活动的责任归属，强调了对安全威胁的主动防范。RiskManagement风险管理Applied

throughoutthelifecycleofthecomputerisedsystemtakingintoaccount

patientsafety,dataintegrityandproductquality.Decisionsontheextent

ofvalidationanddataintegritycontrolsshouldbebasedonajustifiedand

documentedriskassessment.

应贯穿于计算机化系统的整个生命周期，考虑对患者安全、数据完整性和产品质量的影响。关于验证深度和数据完整性控制的决策应基于合理且有据可查的风险评估。4.

RiskManagement:

4.1Lifecycle:QRM

appliedthroughoutthelifecycleconsideringimpactonproductquality,

patientsafety,ordataintegrity.4.2Identificationandanalysis:Risksidentifiedandanalysedperprocedure,withexamplesof

methods/toolsfromICHQ9(R1).4.3Appropriatevalidation:Validationstrategyandeffortdeterminedbyintendeduseand

potentialrisks.4.4Mitigation:Risks

mitigatedtoacceptablelevel,influencingsystemarchitectureand

functionality.4.5Dataintegrity:

QRMprinciplesusedtoassesscriticality,vulnerability,anddetection

likelihoodofdataalteration,deletion,orloss.

4.风险管理：4.1生命周期：应在整个系统生命周期内应用质量风险管理（QRM），并考虑其对产品质量、患者安全和数据完整性的影响；4.2风险识别与分析：风险应根据程序识别并进行分析，可参考ICHQ9(R1)中的方法和工具；4.3适当验证：验证策略和工作量应基于系统预期用途及其潜在风险确定；4.4风险控制：应将风险控制在可接受水平，风险评估结果会影响系统架构与功能设计；4.5数据完整性：应依据QRM原则评估数据被更改、删除或丢失的关键性、脆弱性和可检测性。Expanded

&MorePrescriptive

扩展且更具规范性Strengthens

thecentralityofriskmanagementbyprovidingmoredetailedguidanceon

methods,integrationwithvalidation,mitigationstrategies,andaspecific

focusondataintegrityvulnerabilities.

通过提供更详尽的方法指导、强调与验证活动的结合、提出风险缓解策略，并特别关注数据完整性方面的脆弱点，进一步强化了风险管理在系统生命周期中的核心地位。Personnel

人员There

shouldbeclosecooperationbetweenallrelevantpersonnelsuchasProcess

Owner,SystemOwner,QualifiedPersonsandIT.Allpersonnelshouldhave

appropriatequalifications,levelofaccessanddefined

responsibilities.

相关人员之间应密切协作，例如工艺负责人、系统负责人、合格人员（QP）及IT团队。所有人员都应具备相应的资质、访问权限等级以及明确的职责分工。5.

PersonnelandTraining:

5.1Cooperation:

Closecooperationamongallrelevantpartiesincludingprocessowner,system

owner,users,subjectmatterexperts(SME),QA,QP,internalIT,vendors,and

serviceproviders.5.2Training:All

involvedpartiesshouldhaveadequatesystem-specifictraining,appropriate

qualifications,andexperiencecorrespondingtotheirassigneddutiesand

accessprivileges.

5.人员与培训：5.1协作：所有相关方应密切合作，包括工艺负责人、系统负责人、用户、主题专家（SME）、质量保证（QA）、合格人员（QP）、内部IT、供应商及服务提供商；5.2培训：所有参与人员都应接受与系统相关的充分培训，具备相应资质与经验，并与其职责和访问权限相匹配。Expanded

&Clarified

扩展与澄清Broadens

thelistofcollaboratingpartiestoreflectcomplexITenvironmentsand

explicitlymandatesspecifictrainingforallinvolvedpersonnel.

扩展了协作方的范围，以反映当前复杂的IT环境，并明确要求所有相关人员接受系统专属培训，确保其胜任职责。SuppliersandServiceProviders供应商和服务提供商Formal

agreementsrequiredforthirdpartiesproviding,installing,configuring,

integrating,validating,maintaining,modifyingorretainingasystemor

service.Agreementsincludeclearresponsibilities.Competenceand

reliabilityarekey,auditbasedonrisk.DocumentationwithCOTSproducts

reviewed.Qualitysystemandauditinformationavailabletoinspectors.IT

departmentsconsideredanalogous.

对于提供、安装、配置、集成、验证、维护、修改或保存系统或服务的第三方，应签订正式协议。协议中应明确各方职责。供应商的能力与可靠性至关重要，审计应基于风险进行。应审查商用现成（COTS）产品的相关文件。质量体系及审计信息应可供检查员查阅。IT部门在此类活动中也视同外部服务提供方。7.

SupplierandServiceManagement:

7.1Responsibility:

Regulateduserremainsfullyresponsibleforrequirementsevenwhenrelying

onthirdparties.<br>7.2Audit:Conduct

audits/assessmentsbasedonrisk/criticalitytodetermineadequacyof

vendor/serviceproviderproceduresanddocumentation.7.3Oversight:

ExerciseeffectiveoversightthroughdefinedServiceLevelAgreements(SLAs)

andKeyPerformanceIndicators(KPIs).7.4Documentationavailability:Ensuredocumentationforrequiredactivitiesisaccessibleand

explainablefromtheregulateduser'sfacility.7.5Contracts:

Requiresdetailedcontracts/proceduresoutliningactivities,regulatory

requirements,reporting,oversight,auditconditions,inspectionsupport,

issueresolution,quality/securitycommunication,anexitstrategyfordatacontrol,and

processesfornewsystemversionsandusertesting.

7.供应商与服务管理：7.1责任：即便依赖第三方，受监管用户仍需对相关法规要求负全责；7.2审计：应根据风险或关键性开展审计/评估，以确认供应商或服务商的程序与文件是否充分；7.3监督：通过明确定义的服务水平协议（SLA）和关键绩效指标（KPI）进行有效监督；7.4文件可得性：受监管方应确保所有必要活动的相关文件在其场所可获得并可解释；7.5合同要求：合同中应详细列明活动范围、法规要求、报告机制、监督职责、审计安排、检查支持、问题解决、质量/安全沟通机制、数据控制的退出策略、新版本管理流程及用户测试要求。Significantly

Expanded&Strengthened

大幅扩展与强化Imposes

muchmorestringentrequirementsformanagingoutsourcedactivities,

emphasizingtheregulateduser'sultimateresponsibility,detailed

contractualobligations(includingdataexitstrategies),andongoing

oversightusingKPIs/SLAs.

对外包活动管理提出了更为严格的要求，强调受监管用户的最终责任、合同中需明确的细节义务（如数据退出策略），以及通过KPI/SLA实现的持续监督机制。Validation/QualificationandValidation

确认/验证Validation

documentationandreportsshouldcoverrelevantlifecyclesteps.Justify

standards,protocols,acceptancecriteria,proceduresbasedonrisk

assessment.Documentationincludeschangecontrolanddeviationreports.

Up-to-datesysteminventoryanddescriptionforcriticalsystems.User

RequirementsSpecifications(URS)basedonriskandGMPimpact,traceable.

Systemdevelopedwithappropriatequalitymanagementsystem,supplier

assessed.Processforbespoke/customisedsystems.Evidenceoftestmethods/scenarios

(parameter/datalimits,errorhandling).Validationincludeschecksfordata

alterationduringmigration.

验证文件与报告应覆盖系统相关生命周期阶段。所采用的标准、方案、接收标准和程序应基于风险评估进行合理说明。文档应包含变更控制和偏差报告。对于关键系统，应有最新的系统清单和系统描述。用户需求规范（URS）应基于风险和GMP影响制定，并具备可追溯性。系统应在适当的质量管理体系下开发，并对供应商进行评估。需有定制/个性化系统的控制流程。应提供测试方法/场景的证据（如参数/数据限值、错误处理）。验证内容包括迁移过程中数据更改的检查。9.

QualificationandValidation:

9.1Principles:

FollowsGMPAnnex15,addressingstandard,configured,andcustomised

functionality.9.2Qualityriskmanagement:Decisionsonscopeandextentbasedonjustifiedand

documentedriskassessmentofrequirements,consideringproductquality,

patientsafety,anddataintegrity.9.3Installationandconfiguration:Verifiescorrectinstallation,configuration,calibration,updatedoperatingsystems/platforms,andrelevantsecurity

patches.9.4Evidence:

Providesevidenceviaexecutedtestscriptsandscreendumps.9.5Traceability:

Requiresdocumentedtraceabilitybetweenrequirements,designspecifications,

andtestcases,encouragingeffectivetools.9.6Focus:Increased

focusontestingkeyfunctionalrequirements,GMPcompliance,anddataintegrityfunctionality(e.g.,

accessprivileges,calculations,audittrails,errorhandling,alarms,

reports,restorefrombackup).9.7Planandapproval:

Activitiesconductedaccordingtoapprovedplans,protocols,andtest

scripts.9.8Completionpriortouse:Successfullycompletedandreportedpriortoapprovalanduse.

Allowsconditionalapprovalwithdocumentedassessmentthatdeficiencieswillnotimpact

productquality,patientsafety,ordataintegrity.9.9Authorisation:

Regulateduserfullyaccountableforreviewingandauthorizingdocumentation,

evenfromexternalproviders.

9.确认与验证：9.1原则：遵循《GMP附录15》，涵盖标准功能、配置功能和定制功能；9.2质量风险管理：验证范围与深度应基于经合理说明和记录的风险评估，考虑产品质量、患者安全与数据完整性；9.3安装与配置：确认正确安装、配置、校准、操作系统/平台更新及相关安全补丁的应用；9.4证据：通过已执行的测试脚本和屏幕截图提供验证证据；9.5可追溯性：要求需求、设计规范与测试用例之间具备文档化的可追溯性，鼓励使用有效的工具实现；9.6重点关注：加强对关键功能要求、GMP合规性和数据完整性功能的测试（如访问权限、计算功能、审计追踪、错误处理、警报、报告、备份恢复等）；9.7计划与批准：所有活动应依据已批准的计划、方案与测试脚本开展；9.8使用前完成：所有验证活动必须在系统批准与使用前成功完成并记录。如条件批准，则必须有记录证明相关缺陷不会影响产品质量、患者安全或数据完整性；9.9授权：即使由外部方提供文件，受监管用户仍需对其进行审核与最终授权，承担全责。Expanded,

Clarified&MoreFlexible

扩展、澄清且更具灵活性Strengthens

thelinktoQRMandAnnex15,emphasizesdataintegritytestingandsecurity

patching,andintroducesflexibilitythroughconditionalapprovalforsystem

use,whilereiteratinguseraccountabilityforexternaldocumentation.

强化了与质量风险管理及《附录15》的衔接，强调数据完整性测试与安全补丁管理，同时引入“有条件批准”机制以增强灵活性，并重申用户对外部文件承担最终责任。Data/HandlingofData

数据/数据处理Computerised

systemsexchangingdataelectronicallyshouldincludeappropriatebuilt-in

checksforcorrectandsecureentryandprocessing.Forcriticaldataentered

manually,anadditionalaccuracycheckisrequired(secondoperatoror

validatedelectronicmeans).Datashouldbesecuredbyphysicaland

electronicmeansagainstdamage.Storeddatacheckedforaccessibility,

readability,andaccuracy;accessensuredthroughoutretention.

进行电子数据交换的计算机化系统应具备适当的内置检查机制，以确保数据录入和处理的正确性与安全性。对于关键数据的人工录入，必须进行额外的准确性核查（可由第二操作员或经过验证的电子方式实现）。应通过物理和电子手段保护数据不受损坏。储存的数据应定期检查其可访问性、可读性和准确性，并确保在整个保存期限内均可访问。10.

HandlingofData:

10.1Inputverification:Systemsshouldhaveplausibilityverificationforcritical

manualdatainputs,alertinguserswheninputisnotplausible.10.2Datatransfer:

Criticaldatatransfershouldpreferablybebasedonvalidatedinterfacesratherthan

manualtranscriptions.Ifmanual,effectivemeasuresfordataintegrityare

required.10.3Datamigration:

Adhoccriticaldata/databasemigrationmustbebasedonavalidatedprocess.10.4Encryption:

Criticaldatashouldbeencryptedonasystem.

10.数据处理：10.1输入核查：系统应对关键的人工数据输入进行合理性核查，若输入不合理，应提示用户；10.2数据传输：关键数据传输应优先使用经过验证的电子接口，而非人工转录。若采用人工方式，必须采取有效的数据完整性控制措施；10.3数据迁移：临时执行的关键数据或数据库迁移必须基于已验证的流程进行；10.4加密：关键数据在系统中应进行加密处理。Expanded,

Clarified&Strengthened

扩展、澄清与强化Introduces

morespecificrequirementsfordatainputverification,stronglyprefers

validatedelectronicdatatransfers,mandatesvalidatedprocessesfordata

migration,andexplicitlyrequiresencryptionforcriticaldata.本节引入了更具体的数据输入核查要求，强烈建议使用验证过的电子数据传输方式，要求数据迁移过程经验证，并明确规定关键数据必须加密，全面强化了数据完整性与安全性要求。DataStorage/Backup

数据存储/备份Regular

back-upsofallrelevantdatashouldbedone.Integrityandaccuracyof

back-updataandtheabilitytorestoredatashouldbecheckedduring

validationandmonitoredperiodically.

所有相关数据应定期备份。在验证期间应检查备份数据的完整性与准确性，以及数据恢复能力，并应定期监控。16.

Backup:(Newdedicatedsection)16.1Regularbackup:

Dataandmetadataregularlybackeduptopreventlossfromvariousincidents,

includingcyber-attacks.16.2Frequencyandretention:Backupsmadeatsuitableintervals(e.g.,hourly,daily)and

retentiondeterminedbyarisk-basedapproach.16.3Physicalseparation:Backupsphysicallyseparatedfromtheoriginaldatalocation

andstoredatasafedistance.16.4Logicalseparation:Backupsnotstoredonthesamelogicalnetworkasoriginal

data.16.5Scope:

Applicationsandsystemconfigurationsmayalsoneedtobebackedupbasedon

criticality.16.6Restoretest:

Restoreofdatafrombackupmustbetestedanddocumentedbasedonrisk

duringvalidationandafterchangestobackupprocesses/tools.

16.备份（新增专章）：16.1定期备份：应定期备份数据及元数据，以防数据因各种事件（包括网络攻击）而丢失；16.2频率与保存：备份应按适当间隔执行（例如每小时、每天），保留期限应依据风险导向方法确定；16.3物理隔离：备份应与原始数据的存储位置物理隔离，存放在安全距离之外；16.4逻辑隔离：备份不应存储在与原始数据相同的逻辑网络上；16.5备份范围：应根据关键性评估是否需同时备份应用程序及系统配置；16.6恢复测试：数据恢复过程必须基于风险在验证期间及备份工具/流程变更后进行测试并留有记录。New

DedicatedSection&SignificantlyMoreDetailed

新增专章，内容显著增强Elevates

backuprequirementsintoastandalone,highlydetailedsection,emphasizing

frequency,retention,physicalandlogicalseparation,broaderscope

(includingapplications/configurations),andrigorousrestoretesting.

将备份要求提升为独立章节，详细规定了备份的频率、保存策略、物理与逻辑隔离要求、备份范围扩展（包含应用与配置），以及恢复测试的严格性，全面强化数据保护措施。Printouts

打印输出It

shouldbepossibletoobtainclearprintedcopiesofelectronicallystored

data.Forrecordssupportingbatchrelease,printoutsshouldindicateifany

ofthedatahasbeenchangedsincetheoriginalentry.

应能够清晰地打印出电子存储的数据副本。对于用于支持批放行的记录，打印件应标示出自原始录入以来是否有任何数据被更改。No

directstandalonesection.Requirementsfordatadisplayandintegrityare

integratedintosectionslikeAuditTrails

(12.9Electroniccopy,12.4Accommodatereview)andElectronicSignatures

(13.6Manifestation).

无单独设立章节

与打印输出相关的要求未以独立章节呈现，而是整合进了诸如审计追踪（如12.9电子副本、12.4便于审阅）及电子签名（如13.6显示方式）等章节中。Reorganized/Integrated

结构调整/要求整合The

specificrequirementforprintoutsasaprimaryoutputisde-emphasized.The

focusshiftstoensuringdataintegrityandtraceability,whichincludesthe

abilitytodisplayandunderstanddata(includingchanges)electronicallyor

inaprintedformat,asgovernedbyaudittrailandelectronicsignature

principles.

不再强调“打印件”作为主要输出形式，重点转向确保数据的完整性与可追溯性，包括能否通过电子或打印方式显示并理解数据（包括其更改历史），这些要求受审计追踪与电子签名规范的共同约束。AuditTrails

审计追踪Consideration

shouldbegiven,basedonariskassessment,tobuildingina

system-generated"audittrail"forallGMP-relevantchangesand

deletions.ReasonshouldbedocumentedforchangeordeletionofGMP-relevant

data.Audittrailsneedtobeavailable,convertibletoagenerally

intelligibleform,andregularlyreviewed.应基于风险评估考虑为所有与GMP相关的更改与删除内建系统生成的审计追踪功能。对于GMP相关数据的更改或删除，必须记录更改的原因。审计追踪应可获取、可转换为通用可理解的形式，并定期进行审查。12.

AuditTrails:

12.1Manualuserinteractions:Systemswhereuserscancreate,modify,ordelete

data/settings,acknowledgealarms,orexecuteelectronicsignaturesshouldhaveanaudittrail

functionality.12.2Who,what,when,why:Unambiguouslycaptureuser(role),whatwaschanged(old/new

value),date/time(timezone),recordedattimeofevents.Systemsshouldautomaticallypromptforandregisterthereason

forchange.12.3Noeditordeactivation:Audittrailfunctionalityshouldbeenabled

andlockedatalltimes,noteditable.Changesto

audittrailsettingscreateanentryandonlypossiblebyasystem

administratornotinvolvedinGMPactivities.12.4Accommodatereview:Mustalloweffectiveandefficientsortingandsearchingof

data(who,what,when,why)withinthesystemorbyexport.12.5Reviews:

Conductedperdocumentedprocedure,encouragingtools,andsignificant

variationsinvestigated.12.6Independentreview:Shouldbeconductedbypersonnelnotdirectlyinvolvedinthe

reviewedactivities(peerreview).12.7Scopeofreview:

Targeted,risk-based,focusingondetectingdeliberateorindeliberate

changes,GMPviolations,andverifyingreasonsforchanges.12.8Timelinessofreview:Conductedinatimelymanner,prior

tobatchreleaseunlessjustified.12.9Electroniccopy:

Acompleteelectroniccopyofsystemdata,includingaudittraildata,should

beobtainableandsearchable/sortable.12.10AvailabilitytoQP:Audittrailreviewswithdirectimpactonproductrelease

shouldbeavailabletotheQPatbatchrelease.

12.审计追踪：12.1人工用户交互：凡用户可创建、修改或删除数据/设定、确认警报或执行电子签名的系统，均应具备审计追踪功能；12.2谁、做了什么、何时、为何：审计追踪应明确记录用户（角色）、更改内容（旧值/新值）、日期/时间（含时区），并在事件发生时实时记录。系统应自动提示并记录更改原因；12.3不可编辑或停用：审计追踪功能必须始终启用并锁定，不可编辑。变更审计追踪设定本身应被记录，且只能由不参与GMP活动的系统管理员执行；12.4便于审查：系统内或通过导出方式，审计追踪应支持高效的数据筛选与搜索（包括谁、做了什么、何时、为何）；12.5审查活动：应按书面程序进行审查，鼓励使用辅助工具，并对重大偏差进行调查；12.6独立性：审查应由未直接参与被审查活动的人员进行（同行审查）；12.7审查范围：应采用有针对性、基于风险的方法，重点识别有意或无意的更改、违反GMP的行为，并核实更改原因；12.8审查时机：应及时完成审查，在批放行前完成，除非有合理说明；12.9电子副本：应可获取包括审计追踪在内的完整系统数据电子副本，且可搜索与排序；12.10QP可用性：与产品放行直接相关的审计追踪审查结果应在批放行时提供给合格人员（QP）Significantly

Expanded&MorePrescriptive

显著扩展且更具规范性Strengthens

audittrailrequirementsfrom"consideration"toamandate.Provideshighlydetailed

specificationsforaudittrailcontent,systemcontrols(un-editable,

locked),reviewfunctionality,independenceofreview,timeliness(especially

forbatchrelease),andQPaccess,profoundlyenhancingdataintegrity.本节将原先“建议考虑”的要求上升为强制性规定，细化了审计追踪内容、系统控制（不可编辑、需锁定）、审查功能、审查独立性、完成时限（尤其在批放行前）及合格人员获取权限，极大提升了数据完整性保障力度。ChangeandConfigurationManagement

变更及配置管理Any

changestoacomputerisedsystemincludingsystemconfigurationsshouldonly

bemadeinacontrolledmannerinaccordancewithadefinedprocedure

对计算机化系统的任何变更（包括系统配置）必须按照既定程序以受控方式进行。3.ii

(PharmaceuticalQualitySystem):Anychangetoa

computerisedsystem(config,hardware,software,platform,OS)madeina

controlledmanner.Significantchangesimpacting

quality/safety/integrityrequirere-qualificationandvalidation.

6.6

(SystemRequirements-Configuration):Requires

clarityonfunctionalitymodifiedbyconfigurationanddocumentationof

chosenconfiguration.详细内容：3.ii（药品质量体系）：对计算机化系统（配置、硬件、软件、平台、操作系统）的任何变更，均须受控执行。对质量、安全或完整性有重大影响的变更，必须进行重新确认和验证；6.6（系统要求—配置）：需明确说明通过配置修改的功能，并对所选配置进行文档记录。Reorganized

&Strengthened

结构调整与强化Integrates

changecontrolintothePharmaceuticalQualitySystem,explicitlyrequiring

re-qualificationandvalidationforsignificantchangesandspecific

documentationforsystemconfiguration.

将变更控制纳入药品质量体系管理，明确规定重大变更必须重新确认和验证，且对系统配置的变更必须有具体文档支持，进一步强化了变更和配置管理的规范性和可追溯性。PeriodicEvaluation/PeriodicReviews定期评估/定期审查Computerised

systemsshouldbeperiodicallyevaluatedtoconfirmthattheyremainina

validstateandarecompliantwithGMP.Evaluationsshouldinclude,where

appropriate,thecurrentrangeoffunctionality,deviationrecords,

incidents,problems,upgradehistory,performance,reliability,securityand

validationstatusreports.

计算机化系统应定期评估，以确认其仍处于有效状态且符合GMP要求。评估内容应包括（视情况而定）当前功能范围、偏差记录、事件、问题、升级历史、性能、可靠性、安全性以及验证状态报告。14.

PeriodicReviews:

14.1Periodicreviews:

Verifiesifthesystemremains'fitforintendeduse'andin'avalidated

state',documentingfindingsandanalysingforconsequencesonproduct

quality,patientsafety,anddataintegrity.14.2Scopeofreview:

Significantlyexpandedtoinclude:changes(hardware/software,config,

platform,infrastructure,interfaces,documentation,combinedeffectof

multiplechanges,undocumentedchangesidentificationviaconfiguration

auditing).Also,follow-uponsupportingprocesses(previous

reviews/audits/inspections/CAPA,audittrailreviews,accessreviews,risk

assessments,incidents,securitythreats,maintenance,contracts/SLAs/KPIs,

backupprocedures/restoretests/DRP,archivaladequacy,dataintegrity

assessments,regulatorychanges).14.3Frequency:

Establishedandjustifiedbasedontheriskthesystemposestoproduct

quality,patientsafety,anddataintegrity;afinalreviewuponsystem

retirement.

14.1定期审查：验证系统是否仍“适合预期用途”且处于“已验证状态”，记录审查结果并分析对产品质量、患者安全和数据完整性的影响；14.2审查范围：大幅扩展，涵盖硬件/软件、配置、平台、基础设施、接口、文档的变更，多项变更的综合影响，以及通过配置审计发现的未记录变更。同时包含对支持流程的跟踪，如之前的审查/审核/检查/CAPA，审计追踪审查，访问权限审查，风险评估，事件，安全威胁，维护，合同/SLA/KPI，备份程序/恢复测试/灾难恢复计划，归档适当性，数据完整性评估，法规变更等；14.3频率：根据系统对产品质量、患者安全和数据完整性风险的评估设定并合理确定，系统退役时应进行最终审查。Significantly

Expanded&MoreDetailed

显著扩展且更为详尽Transforms

periodicevaluationintoacomprehensive'healthcheck'forthesystem,with

amuchbroaderandmoreprescriptivescopecoveringallaspectsofits

operation,changes,andassociatedprocesses,throughoutitsentire

lifecycle,includingretirement.

将定期评估升级为系统的全面“健康检查”，覆盖系统生命周期内操作、变更及相关流程的各个方面，包括系统退役阶段，内容更加广泛且规范。Security/IdentityandAccessManagement&Security

安全/身份和访问管理与安全Physical

and/orlogicalcontrolsshouldbeinplacetorestrictaccesstocomputerised

systemtoauthorisedpersons.Methodsmayincludekeys,passcards,personal

codeswithpasswords,biometrics,restrictedaccesstocomputerequipmentand

datastorageareas.Extentofsecuritycontrolsdependsoncriticality.

Creation,change,andcancellationofaccessauthorisationsshouldbe

recorded.Managementsystemsfordataandfordocumentsshouldbedesignedto

recordtheidentityofoperatorsentering,changing,confirmingordeleting

dataincludingdateandtime.

应通过物理和/或逻辑控制，限制计算机系统仅被授权人员访问。控制方式包括钥匙、门禁卡、个人密码、生物识别、限制对设备和数据存储区的访问等。安全措施的严密程度依据系统关键性确定。访问授权的创建、变更、撤销均须有记录。管理数据和文档的系统应记录操作人员身份及操作时间。11.

IdentityandAccessManagement:(Newdedicatedsection

focusingonuseraccess)11.1Uniqueaccounts:

Allusersmusthaveuniqueandpersonalaccounts;sharedaccountsgenerally

violatedataintegrity.11.2Continuousmanagement:Useraccessesandrolesgranted,modified,andrevokedtimely.

<br>11.3Certainidentification:Authenticationidentifiesuserswithhighcertaintyand

effectiveprotection(e.g.,uniqueusername/password,biometrics;token/smart

cardaloneinsufficient).<br>11.5Securepasswords:

Passwordsenforcedbysystems,secure(length,charactermix),nodictionary

wordsforcriticalsystems.<br>11.6Strongauthentication:Remoteauthenticationoncriticalsystemsfromoutside

controlledperimetersmustincludemultifactor

authentication(MFA).11.7Autolocking:

Accountslockedafterfailedattempts.<br>11.8Inactivitylogout:

Automaticinactivitylogoutrequiredwithre-authentication.11.9Accesslog:

Systemsshouldincludeasearchable/sortableaccesslog.<br>11.10Guidingprinciples:Emphasizessegregationofduties(noadminprivilegesforGMPusers)andleastprivilegeprinciple.

<br>11.11Recurrentreviews:Useraccountssubjecttorecurrentreviewsbymanagersto

confirmcontinuedaccess.<br>15.Security:(New

dedicatedandsignificantlyexpandedsection)<br>15.1Securitysystem:

Effectiveinformationsecuritymanagementsystemtosafeguardand

detect/preventunauthorizedaccess.<br>15.2Continuousimprovement:Keepupdatedonnewsecuritythreatsandcontinuouslyimprove

measures.<br>15.3Trainingandtests:Recurrentsecurityawarenesstrainingforusers,evaluatedby

simulatedtests.<br>15.4Physicalaccess:

Servers,computers,devicesphysicallyprotected,limitedaccesstoserver

rooms(MFA).<br>15.5Disastersanddisturbances:Datacentersconstructedtominimizerisk/impactofdisasters.

<br>15.6Replication:

Criticaldatareplicatedtosecondarydatacenteratsafedistance.

<br>15.7Disasterrecovery:

Planinplace,tested,ensuringcontinuityofoperationwithinadefined

RecoveryTimeObjective(RTO).<br>15.8Segmentationandfirewalls:Networkssegmented,effectivefirewallsimplementedwith

strictrules.<br>15.10Updatedplatforms:Operatingsystemsandplatformsupdatedtimely.<br>

15.12Unsupportedplatforms:Highlyvulnerable,shouldbeisolated.<br>15.13Timelypatching:

Relevantsecuritypatchesdeployedtimely,immediatelyforcritical

vulnerabilities.<br>15.15Strictcontrol:

Useofbidirectionaldevices(e.g.,USB)strictlycontrolled.<br>

15.18Anti-virussoftware:Installed,activated,continuouslyupdated,effectiveness

monitored.<br>15.19Penetrationtesting:Forcriticalinternet-facingsystems,regularpenetration

testingtoevaluatesecurityandidentifyvulnerabilities.<br>15.20Encryption:

Secureandencryptedprotocolforremoteconnectionsovertheinternet.

11.身份与访问管理（新增独立章节，聚焦用户访问控制）11.1唯一账户：所有用户必须拥有唯一且个人专属账户，共用账户一般视为数据完整性风险。11.2持续管理：及时授予、变更、撤销用户访问权限和角色。11.3可靠身份认证：需高确定性身份验证，如唯一用户名/密码、生物识别等；仅使用令牌或智能卡不足以满足要求。11.5安全密码：密码需由系统强制执行安全策略（长度、字符复杂度），关键系统禁止使用字典词。11.6强认证：关键系统的远程访问必须实施多因素认证（MFA）。11.7自动锁定：多次失败登录后自动锁定账户。11.8非活动自动注销：要求非活动自动注销并重新认证。11.9访问日志：系统应含可搜索、可排序的访问日志。11.10访问管理原则：强调职责分离（GMP用户无管理员权限）和最小权限原则。11.11定期审查：管理人员需定期复审用户账户权限，确认访问的合理性。15.信息安全（新增且大幅扩展）15.1安全管理体系：建立有效的信息安全管理体系，防范和检测未经授权访问。15.2持续改进：及时关注安全威胁，持续改进安全措施。15.3培训和测试：定期开展安全意识培训并通过模拟测试评估效果。15.4物理安全：服务器、计算机及设备须有物理防护，服务器机房访问受限并要求多因素认证。15.5灾害防范：数据中心设计应最大限度降低灾害风险和影响。15.6数据复制：关键数据需复制到物理安全距离的备份数据中心。15.7灾难恢复计划：制定并测试灾难恢复计划，确保在规定恢复时间目标（RTO）内持续运行。15.8网络隔离与防火墙：实施网络分段，配置严格的防火墙规则。15.10平台更新：操作系统及平台应及时更新。15.12不支持平台：不再支持的平台高度脆弱，应隔离使用。15.13补丁管理：关键安全补丁需立即部署，其他补丁及时更新。15.15设备控制：严格控制双向设备（如USB）使用。15.18杀毒软件：安装并启用杀毒软件，持续更新和监控其有效性。15.19渗透测试：针对关键互联网暴露系统，定期进行渗透测试以评估安全性。15.20加密通信：互联网远程连接需使用安全加密协议。Significantly

Expanded,Splitintotwomajorsections,&HighlyDetailed

内容大幅扩展，拆分为两个主要章节，且极为详尽。This

isamajoroverhaul.The2025draftintroducescomprehensiverequirementsfor

identity/accessmanagement(uniqueaccounts,MFA,strictpasswordrules,

accessreviews)andavastarrayofITsecuritymeasuresincluding

informationsecuritymanagementsystems,proactivethreatmanagement,

physicalsecurityfordatacenters,networksegmentation,rigorouspatching,

devicecontrol,anti-virus,andpenetrationtesting.Thisreflectsthe

increasedcriticalityofcybersecurityinGMP.

2025版草案在身份与访问管理和信息安全方面进行了重大升级，内容更详尽全面，体现了GMP环境下网络安全日益重要的趋势。它强化了对唯一账户、多因素认证、密码强度及访问审查的要求，同时扩展了IT安全体系的覆盖面，包括物理安全、网络安全、补丁管理、设备使用控制和持续安全意识培训等，确保