1、欧盟gmp11计算机系统中英文对照EUROPEAN COMMISSION 欧盟委员会 HEALTH AND CONSUMERS DIRECTORATE-GENERAL 卫生与消费者协会 Public Health and Risk Assessment 公共卫生与风险评估 Pharmaceuticals 药品 Brussels, SANCO/C8/AM/sl/ares(2010)1064599 EudraLex The Rules Governing Medicinal Products in the European Union 欧盟药品生产规范 Volume 4 卷4 Good Manuf
2、acturing Practice Medicinal Products for Human and Veterinary Use 人用与兽用药品良好生产管理规范 Annex 11: Computerised Systems 附件11:计算机系统 Legal basis for publishing the detailed guidelines: Article 47 of Directive 2001/83/EC on the Community code relating to medicinal products for human use and Article 51 of Dire
3、ctive 2001/82/EC on the Community code relating to veterinary medicinal products. This document provides guidance for the interpretation of the principles and guidelines of good manufacturing practice (GMP) for medicinal products as laid down in Directive 2003/94/EC for medicinal products for human
4、use and Directive 91/412/EEC for veterinary use. 依法发布的具体指导方针:2001/83/EC第47条人用药品规范和2001/82/EC第51条兽用药品规范。此文件为2003/94/EC人用药品和91/412/EEC兽用药品GMP法规、指导方针的解释提供了指导。 Status of the document: revision 1 文件版本:修订本1 Reasons for changes: the Annex has been revised in response to the increased use of computerised sy
5、stems and the increased complexity of these systems. Consequential amendments are also proposed for Chapter 4 of the GMP Guide. 修订原因:为增强计算机系统的功能和复杂性而修订此附件。相应修正案也已被提议作为GMP指南的第4章。 Deadline for coming into operation: 30 June 2011 生效时间:2011年6月30日 Principle 总则 This annex applies to all forms of computeri
6、sed systems used as part of a GMP regulated activities. A computerised system is a set of software and hardware components which together fulfill certain functionalities. 此附件适用于符合GMP生产要求的所有形式的计算机系统。计算机系统是实现某项特定功能的软件和硬件的组合。 The application should be validated; IT infrastructure should be qualified. 应
7、用程序应验证,IT基础设施应有权限设置。 Where a computerised system replaces a manual operation, there should be no resultant decrease in product quality, process control or quality assurance. There should be no increase in the overall risk of the process. 用计算机系统代替手动操作应不对产品质量、过程控制和质量保证以及过程的整体风险产生影响。 General常规 1. Risk
8、Management 风险管理 Risk management should be applied throughout the lifecycle of the computerised system taking into account patient safety, data integrity and product quality. As part of a risk management system, decisions on the extent of validation and data integrity controls should be based on a ju
9、stified and documented risk assessment of the computerised system. 风险管理应贯穿整个计算机系统生命周期,以保证病人安全、数据完整性和产品质量。作为风险管理系统的一部分,由计算机系统风险评估决定验证范围和数据完整性控制。 2. Personnel 人员 There should be close cooperation between all relevant personnel such as Process Owner, System Owner, Qualified Persons and IT. All personne
10、l should have appropriate qualifications, level of access and defined responsibilities to carry out their assigned duties. 所有有关人员(如工艺管理员、系统管理员、质检员和IT人员)应紧密合作。这些人员应具有相应的资格证书、使用权限和定义好的相关工作职责。 3. Suppliers and Service Providers 供应商和服务供应商 When third parties . suppliers, service providers) are used . to
11、provide, install, configure, integrate, validate, maintain . via remote access), modify or retain a computerised system or related service or for data processing, formal agreements must exist between the manufacturer and any third parties, and these agreements should include clear statements of the
12、responsibilities of the third party. IT-departments should be considered analogous. 当第三方(如供应商、服务供应商)为计算机系统、相关服务或数据处理提供如供货、安装、配置、整合、验证、维护(如通过远程访问)、修改或保持时,厂商和任何第三方之间必须有正式协议,且在协议中应当明确第三方责任。IT部门类似。 The competence and reliability of a supplier are key factors when selecting a product or service provider.
13、 The need for an audit should be based on a risk assessment. 供应商的实力和可靠性是选择供应商产品或服务的关键因素,所以需要一个以风险评估为基础的审计。 Documentation supplied with commercial off-the-shelf products should be reviewed by regulated users to check that user requirements are fulfilled. 商业性标准文件应通过用户审核并符合用户需求。 Quality system and audi
14、t information relating to suppliers or developers of software and implemented systems should be made available to inspectors on request. 软件和应用系统开发商或供应商的质量体系和审计信息应便于核查人员查询。 Project Phase 项目阶段 4. Validation 验证 The validation documentation and reports should cover the relevant steps of the life cycle.
15、Manufacturers should be able to justify their standards, protocols, acceptance criteria, procedures and records based on their risk assessment. 验证文件和报告应包含系统生命周期的相关阶段。厂商应能够证明其标准、协议、验收标准、规程和记录都是基于其内部风险评估的。 Validation documentation should include change control records (if applicable) and reports on an
16、y deviations observed during the validation process. 验证文件应包含验证过程中的变更控制记录(如适用)和偏差报告。 An up to date listing of all relevant systems and their GMP functionality (inventory) should be available. 相关系统和其GMP 功能(详细目录)的最新清单应有效。 For critical systems an up to date system description detailing the physical and
17、logical arrangements, data flows and interfaces with other systems or processes, any hardware and software pre-requisites, and security measures should be available. 为对一个最新的关键系统进行详细的系统描述(如物理、逻辑流程、数据流和与其他系统或进程的接口),任何硬件和软件都是必须的,并应有安全措施。 User Requirements Specifications should describe the required fun
18、ctions of the computerised system and be based on documented risk assessment and GMP impact. User requirements should be traceable throughout the life-cycle. 应基于风险评估和GMP 影响性文件描述计算机系统的功能需求。用户需求应贯穿整个系统生命周期。 The regulated user should take all reasonable steps, to ensure that the system has been develop
19、ed in accordance with an appropriate quality management system. The supplier should be assessed appropriately. 管理者应采取合理措施保证系统更新与最新的质量管理系统一致,并对供应商作出适当的评估。 For the validation of bespoke or customised computerised systems there should be a process in place that ensures the formal assessment and reporti
20、ng of quality and performance measures for all the life-cycle stages of the system. 为验证固化或自定义计算机系统,应对系统生命周期的每个阶段都进行验证,以确认正式评估、质量报告和业绩评估报告。 Evidence of appropriate test methods and test scenarios should be demonstrated. Particularly, system (process) parameter limits, data limits and error handling s
21、hould be considered. Automated testing tools and test environments should have documented assessments for their adequacy. 应对测试方法和测试环境加以论证,特别是系统(工艺)参数范围、数据范围和错误处理。自动化测试工具和测试环境的合适性应该有书面的评估报告。 If data are transferred to another data format or system, validation should include checks that data are not a
22、ltered in value and/or meaning during this migration process. 数据转化成其他格式或传输到其他系统时,验证内容应包括检查其数据值和/或含义在转化或传输过程中没有被改变。 Operational Phase 运行阶段 5. Data 数据 Computerised systems exchanging data electronically with other systems should include appropriate built-in checks for the correct and secure entry and
23、processing of data, in order to minimize the risks. 计算机系统和其他系统之间交换数据时,应有适当的内部校验,以保证数据输入和数据处理的正确性及安全性,以期让风险降到最低。 6. Accuracy Checks 精度检查 For critical data entered manually, there should be an additional check on the accuracy of the data. This check may be done by a second operator or by validated ele
24、ctronic means. The criticality and the potential consequences of erroneous or incorrectly entered data to a system should be covered by risk management. 当手动输入关键数据时,应当复核数据的准确性。此复核可以由另外的操作人员执行或通过经验证的电子方式进行。风险管理应考虑系统错误和系统误输入数据所造成的危险或潜在影响。 7. Data Storage 数据存储 Data should be secured by both physical and
25、 electronic means against damage. Stored data should be checked for accessibility, readability and accuracy. Access to data should be ensured throughout the retention period. 数据应以物理和电子两种方式保存,以避免丢失。存储的数据应易查询、可读和准确, 并在有效期内。 Regular back-ups of all relevant data should be done. Integrity and accuracy o
26、f backup data and the ability to restore the data should be checked during validation and monitored periodically. 应定期备份相关数据。在定期验证和检测时,应检查备份数据的完整性、准确性和其恢复数据库的能力。 8. Printouts 打印输出 It should be possible to obtain clear printed copies of electronically stored data. 储存的电子数据应可被清晰打印。 For records supportin
27、g batch release it should be possible to generate printouts indicating if any of the data has been changed since the original entry. 从最初开始的任何数据变更都应被打印在批放行纪录上。 9. Audit Trails 审计跟踪 Consideration should be given, based on a risk assessment, to building into the system the creation of a record of all G
28、MP-relevant changes and deletions (a system generated audit trail). For change or deletion of GMP-relevant data the reason should be documented. Audit trails need to be available and convertible to a generally intelligible form and regularly reviewed. 基于风险评估,系统中应考虑建立所有与GMP 相关的变更和删除记录(系统产生的“审计跟踪”)。与G
29、MP 相关的数据,其变更或删除的原因应被记录。审计跟踪需转换成一般可理解的形式并定期审核。 10. Change and Configuration Management 变更和配置管理 Any changes to a computerised system including system configurations should only be made in a controlled manner in accordance with a defined procedure. 计算机系统的任何变更(包括系统配置的更换)应当有控制地按照规定的程序进行。 11. Periodic eva
30、luation 周期性评估 Computerised systems should be periodically evaluated to confirm that they remain in a valid state and are compliant with GMP. Such evaluations should include, where appropriate, the current range of functionality, deviation records, incidents, problems, upgrade history, performance, r
31、eliability, security and validation status reports. 计算机系统应该定期进行评估以确认其仍有效并符合GMP 标准。这样的评估应该包括适应性、功能性、偏差记录、事件、问题、历史追溯、性能、可靠性、安全性和验证状态报告。 12. Security 安全性 Physical and/or logical controls should be in place to restrict access to computerised system to authorised persons. Suitable methods of preventing u
32、nauthorised entry to the system may include the use of keys, pass cards, personal codes with passwords, biometrics, restricted access to computer equipment and data storage areas. 物理和/或逻辑控制器应能独自限制进入计算机系统的授权人,并用适当方法防止XX的登录(可能包含密码、通行卡、个人密码、生物识别的使用),以此限制进入电脑设备和数据存储硬盘。 The extent of security controls depends on the criticality of the computerised system. 安全控制的程度取决于计算机系统的危险等级。 Creation, change, and cancellation of access authorisations should be recorded.
