欢迎光临~合肥希合机械科技有限公司
语言选择: 中文版 ∷  英文版

科技创新

EMA数据完整性问答

1. How can data risk be assessed?

1. 如何评估数据风险?


Data risk assessment should consider the vulnerability of data toinvoluntary or deliberate amendment, deletion or recreation. Control measureswhich prevent unauthorised activity and increase visibility / detectability canbe used as risk mitigating actions.

数据风险评估应考虑无意或有意修改、删除或重建数据导致的隐患。可通过实施预防未授权活动的控制措施,以及增加可见性/可检测性来减少风险。


Examples of factors which can increase risk of data integrity failureinclude complex, inconsistent processes with open-ended and subjectiveoutcomes. Simple tasks which are consistent, well-defined and objective lead toreduced risk.

导致增加数据完整性风险的例子包括:结果开放主观的复杂且不一致的过程。一致、定义明确并且客观的简单任务风险较小。


Risk assessment should include a business process focus (e.g. production,QC) and not just consider IT system functionality or complexity. Factors toconsider include:

风险评估应包括对业务(例如生产、QC)的关注,不能仅考虑IT系统的功能或复杂性。应考虑的因素包括:


Proces scomplexity 工艺复杂性


  • Process consistency, degree of automation/human interface

  • 工艺一致性,自动化程度/人性化界面


  • Subjectivity of outcome / result

  • 结果的客观性


  • Is the process open-ended or well defined

  • 工艺结果是否开放或定义是否明确


This ensures that manual interfaces with IT systems are considered in therisk assessment process. Computerised system validation in isolation may notresult in low data integrity risk, in particular when the user is able toinfluence the reporting of data from the validated system.

在风险评估过程中,这将确保考虑人机(IT系统)界面的因素。对计算机化系统的独立验证并不会导致数据完整性的低风险,尤其当使用者能够影响验证系统中数据的报告时。


2. How can data criticality be assessed?

2. 如何评估数据的重要性?


The decision which data influences may differ in importance, and the impactof the data to a decision may also vary. Points to consider regarding datacriticality include:

数据影响决策的重要性可能不同,数据对一个决策产生的影响也各种各样。考虑数据重要性的关键包括:


  • What decisiondoes the data influence?

  • 数据能影响哪些决策?


For example: when making a batch release decision, data which determinescompliance with critical quality attributes is of greater importance thanwarehouse cleaning records.

例如:当做批次放行的决策时,决定关键质量属性合规的数据比仓库清洁记录的数据重要。


  • What is theimpact of the data to product quality or safety?

  • 数据对产品质量或安全性的影响有哪些?


For example: for an oral tablet, active substance assay data is of greaterimpact to product quality and safety than tablet dimensions’ data.

例如:对于口服片剂,活性成分化验数据对药品质量和安全性的影响比片剂分散性数据的影响更为重要。


3. What does ‘Data Lifecycle’ refer to?

3. “数据生命周期”是指?


‘Data lifecycle’ refers to how data is generated, processed, reported,checked, used for decision-making, stored and finally discarded at the end ofthe retention period.

“数据生命周期”是指数据从产生、加工、报告、检查、用于制定决策、存储到最终在保存期结束时的销毁。


Data relating to a product or process may cross various boundaries withinthe lifecycle, for example:

涉及产品和工艺的数据可能在生命周期中跨越多个阶段,例如:


  • IT systems

  • IT系统


  • Quality system applications

  • 质量体系程序


  • Production

  • 生产


  • Analytical

  • 分析


  • Stockmanagement systems

  • 存储管理体系


  • Datastorage (back-up and archival)

  • 数据存储(备份和存档)


  • Organisational

  • 组织


  • Internal(e.g. between production, QC and QA)

  • 内部(例如,在生产、QC和QA之间)


  • External(e.g. between contract givers and acceptors)

  • 外部(例如在委托方和受托方之间)


  • Cloud-basedapplications and storage

  • 基于云的程序和存储


4. Why is ‘Data lifecycle’ management important to ensureeffective data integrity measures?

4. 为何“数据生命周期”管理对确保数据完整性措施有效很重要?


Data integrity can be affected at any stage in the lifecycle. It istherefore important to understand the lifecycle elements for each type of dataor record, and ensure controls which are proportionate to data criticality andrisk at all stages.

数据生命周期任何阶段都可影响数据完整性。因此,理解每种类型的数据或记录的生命周期元素,并确保根据各阶段数据的重要性和风险程度进行控制很重要。


5. What should be considered when reviewing the ‘Datalifecycle’?

5. 在审查“数据生命周期”时应考虑什么?


  • The ‘Data lifecycle’ refers to the:

  • “数据生命周期”指的是:


  • Generation and recording of data

  • 数据的产生和记录


  • Processing into usable information

  • 处理成可用信息


  • Checking the completeness and accuracy ofreported data and processed information

  • 检查报告数据和已处理信息的完整性和准确性


  • Data (or results) are used to make a decision

  • 使用数据(或结果)来制定决策


  • Retaining and retrieval of data whichprotects it from loss or unauthorised amendment

  • 数据的保留和回复,避免数据丢失或避免未经授权对数据进行修改


  • Retiring or disposal of data in a controlledmanner at the end of its life

  • 在数据生命周期末尾以受控的方式对数据进行停用或处置


‘Data Lifecycle’ reviews are applicable to both paper andelectronic records, although control measures may be applied differently. Inthe case of computerised systems, the ’data lifecycle’ review should beperformed by business process owners (e.g. production, QC) in collaborationwith IT personnel who understand the system architecture. The description ofcomputerised systems required by EU GMP Annex 11 paragraph 4.3 can assist thisreview. The application of critical thinking skills is important to not onlyidentify gaps in data governance, but to also challenge the effectiveness ofthe procedural and systematic controls in place.

Segregation of duties between data lifecycle stagesprovides safeguards against data integrity failure by reducing the opportunityfor an individual to alter, mis-represent or falsify data without detection.

尽管控制措施可能有所不同,审查“数据生命周期”对纸质记录和电子记录同样适用。在计算机化系统实例中,应该由业务负责人(例如生产人员、QC)与理解系统架构的IT人员联合对“数据生命周期”进行审查。EU GMP附件11中4.3段里对计算机化系统要求的描述可有助于审查。关键思维技术的应用不仅对于数据管理中识别差距很重要,而且对于保证流程有效性和合理控制系统提出了挑战。

在数据生命周期中,隔离的任务能通过减少在未检测状态下进行个人改变、误传或伪造数据的机会减少数据完整性问题的风险。


Data risk should be considered at each stage of the datalifecycle review.

在数据生命周期审查各阶段都应考虑数据的风险。


6. ‘Data lifecycle’: What risks should be considered whenassessing the generating and recording of data?

6. “数据生命周期”:在评估产生和记录数据时应考虑什么风险?


The following aspects should be considered when determining risk andcontrol

measures:

在确定风险和控制措施时应考虑以下因素:


  • How and where is original data created (i.e.paper or electronic)

  • 原始数据如何产生?在何处产生?(例如纸质还是电子版)


  • What metadata is associated with the data, toensure a complete, accurate and traceable record, taking into account ALCOAprinciples. Does the record permit the reconstruction of the activity

  • 元数据与数据进行关联,如何确保按照ALCOA原则保证记录的完整性、准确性和可追溯性。记录是否会限制活动的重建。


  • Where is the data and metadata located

  • 数据和元数据存放在哪里?


  • Does the system require that data is saved to permanentmemory at the time of recording, or is it held in a temporary buffer

  • 系统是否要求记录时按照永久性方式存储数据,还是临时性存储?


In the case of some computerised analytical andmanufacturing equipment, data may be stored as a temporary local file prior totransfer to a permanent storage location (e.g. server). During the period of‘temporary’ storage, there is often limited audit trail provision amending,deleting or recreating data. This is a data integrity risk. Removing the use oftemporary memory (or reducing the time period that data is stored in temporarymemory) reduces the risk of undetected data manipulation.

在一些计算机分析和生产设备的案例中,数据可能有限存储在当地临时文件中,之后转移到永久存储地点(例如:服务器)。在“临时”存储期间,审计追踪关于修改、删除或重建数据规定受限。这是数据完整性风险。停止使用临时存储(或减少数据临时存储的时间)将减少未检测状态下操作数据的风险。


  • Is itpossible to recreate, amend or delete original data and metadata;

  • 是否有可能对原始数据和元数据进行重建、修改或删除?


Controls over paper records are discussed elsewhere inthis guidance.

指南中每处都讨论了对纸质记录的控制。


Computerised system controls may be more complex,including setting of user privileges and system configuration to limit orprevent access to amend data. It is important to review all data accessopportunities, including IT helpdesk staff, who may make changes at the requestof the data user. These changes should be procedurally controlled, visible andapproved within the quality system.

计算机化系统控制可能更为复杂,包括使用者权限的设置,以及限制或阻止修改数据的系统设置。审查所有接触数据的机会很重要,包括IT技术支持维护员工,该员工可能按照数据使用者的要求改动数据。这些改动应该程序受控、可视化,并且在质量体系中得到批准。


How data istransferred to other locations or systems for processing or storage;

Data should be protected from possibility of intentionalor unintentional loss or amendment during transfer to other systems (e.g. forprocessing, review or storage). Paper records should be protected fromamendment, or substitution. Electronic interfaces should be validated todemonstrate security and no corruption of data, particularly where systemsrequire an interface to present data in a different structure or file format.

如何转移数据到其他地方或系统以进行处理或存储;在转移到其他系统过程中(例如出于处理、审查或存储的目的),应避免有意或无意丢失或修改数据的可能性。应避免修改或替换纸质文件。应对电子界面进行验证,证明数据安全无破坏,尤其当系统要求以不同结构或文件格式显示数据时。


来源:药研

联系我们

CONTACT US

联系人:

手机:15056931083

电话:0551-63685905

邮箱:info@seeholm.com

地址: 安徽省合肥市包河区兰州路88号青网科技园D905室