EMA-GMP数据完整性问答(中英对照版)(2016.08)

TranslatedbyAprilfromCPAPE,onlyforstudyandcommunication,notforcommercialization1EMADataintegrityQ&A(NEWAugust2016)EMA数据完整性问答（2016年8月）1.Howcandatariskbeassessed?1.如何评估数据风险？Datariskassessmentshouldconsiderthevulnerabilityofdatatoinvoluntaryordeliberateamendment,deletionorrecreation.Controlmeasureswhichpreventunauthorisedactivityandincreasevisibility/detectabilitycanbeusedasriskmitigatingactions.数据风险评估应考虑无意或有意修改、删除或重建数据导致的隐患。可通过实施预防未授权活动的控制措施，以及增加可见性/可检测性来减少风险。Examplesoffactorswhichcanincreaseriskofdataintegrityfailureincludecomplex,inconsistentprocesseswithopen-endedandsubjectiveoutcomes.Simpletaskswhichareconsistent,well-definedandobjectiveleadtoreducedrisk.导致增加数据完整性风险的例子包括：结果开放主观的复杂且不一致的过程。一致、定义明确并且客观的简单任务风险较小。Riskassessmentshouldincludeabusinessprocessfocus(e.g.production,QC)andnotjustconsiderITsystemfunctionalityorcomplexity.Factorstoconsiderinclude:风险评估应包括对业务（例如生产、QC）的关注，不能仅考虑IT系统的功能或复杂性。应考虑的因素包括：Processcomplexity工艺复杂性Processconsistency,degreeofautomation/humaninterface工艺一致性，自动化程度/人性化界面Subjectivityofoutcome/result结果的客观性Istheprocessopen-endedorwelldefined工艺结果是否开放或定义是否明确ThisensuresthatmanualinterfaceswithITsystemsareconsideredintheriskassessmentprocess.Computerisedsystemvalidationinisolationmaynotresultinlowdataintegrityrisk,inparticularwhentheuserisabletoinfluencethereportingofdatafromthevalidatedsystem.在风险评估过程中，这将确保考虑人机（IT系统）界面的因素。对计算机化系统的独立验证并不会导致数据完整性的低风险，尤其当使用者能够影响验证系统中数据的报告时。2.Howcandatacriticalitybeassessed?TranslatedbyAprilfromCPAPE,onlyforstudyandcommunication,notforcommercialization22.如何评估数据的重要性？Thedecisionwhichdatainfluencesmaydifferinimportance,andtheimpactofthedatatoadecisionmayalsovary.Pointstoconsiderregardingdatacriticalityinclude:数据影响决策的重要性可能不同，数据对一个决策产生的影响也各种各样。考虑数据重要性的关键包括：Whatdecisiondoesthedatainfluence?数据能影响哪些决策？Forexample:whenmakingabatchreleasedecision,datawhichdeterminescompliancewithcriticalqualityattributesisofgreaterimportancethanwarehousecleaningrecords.例如：当做批次放行的决策时，决定关键质量属性合规的数据比仓库清洁记录的数据重要。Whatistheimpactofthedatatoproductqualityorsafety?数据对产品质量或安全性的影响有哪些？Forexample:foranoraltablet,activesubstanceassaydataisofgreaterimpacttoproductqualityandsafetythantabletdimensions’data.例如：对于口服片剂，活性成分化验数据对药品质量和安全性的影响比片剂分散性数据的影响更为重要。3.Whatdoes‘DataLifecycle’referto?3.“数据生命周期”是指？‘Datalifecycle’referstohowdataisgenerated,processed,reported,checked,usedfordecision-making,storedandfinallydiscardedattheendoftheretentionperiod.“数据生命周期”是指数据从产生、加工、报告、检查、用于制定决策、存储到最终在保存期结束时的销毁。Datarelatingtoaproductorprocessmaycrossvariousboundarieswithinthelifecycle,forexample:涉及产品和工艺的数据可能在生命周期中跨越多个阶段，例如：ITsystemsIT系统oQualitysystemapplicationso质量体系程序oProductiono生产oAnalyticalo分析TranslatedbyAprilfromCPAPE,onlyforstudyandcommunication,notforcommercialization3oStockmanagementsystemso存储管理体系oDatastorage(back-upandarchival)o数据存储（备份和存档）Organisational组织oInternal(e.g.betweenproduction,QCandQA)o内部（例如，在生产、QC和QA之间）oExternal(e.g.betweencontractgiversandacceptors)o外部（例如在委托方和受托方之间）oCloud-basedapplicationsandstorageo基于云的程序和存储4.Whyis‘Datalifecycle’managementimportanttoensureeffectivedataintegritymeasures?4.为何“数据生命周期”管理对确保数据完整性措施有效很重要？Dataintegritycanbeaffectedatanystageinthelifecycle.Itisthereforeimportanttounderstandthelifecycleelementsforeachtypeofdataorrecord,andensurecontrolswhichareproportionatetodatacriticalityandriskatallstages.数据生命周期任何阶段都可影响数据完整性。因此，理解每种类型的数据或记录的生命周期元素，并确保根据各阶段数据的重要性和风险程度进行控制很重要。5.Whatshouldbeconsideredwhenreviewingthe‘Datalifecycle’?5.在审查“数据生命周期”时应考虑什么？The‘Datalifecycle’referstothe:“数据生命周期”指的是：Generationandrecordingofdata数据的产生和记录Processingintousableinformation处理成可用信息Checkingthecompletenessandaccuracyofreporteddataandprocessedinformation检查报告数据和已处理信息的完整性和准确性Data(orresults)areusedtomakeadecision使用数据（或结果）来制定决策Retainingandretrievalofdatawhichprotectsitfromlossorunauthorisedamendment数据的保留和回复，避免数据丢失或避免未经授权对数据进行修改RetiringordisposalofdatainacontrolledmannerattheendofitslifeTranslatedbyAprilfromCPAPE,onlyforstudyandcommunication,notforcommercialization4在数据生命周期末尾以受控的方式对数据进行停用或处置‘DataLifecycle’reviewsareapplicabletobothpaperandelectronicrecords,althoughcontrolmeasuresmaybeapplieddifferently.Inthecaseofcomputerisedsystems,the’datalifecycle’reviewshouldbeperformedbybusinessprocessowners(e.g.production,QC)incollaborationwithITpersonnelwhounderstandthesystemarchitecture.ThedescriptionofcomputerisedsystemsrequiredbyEUGMPAnnex11paragraph4.3canassistthisreview.Theapplicationofcriticalthinkingskillsisimportanttonotonlyidentifygapsindatagovernance,buttoalsochallengetheeffectivenessoftheproceduralandsystematiccontrolsinplace.Segregationofdutiesbetweendatalifecyclestagesprovidessafeguardsagainstdataintegrityfailurebyreducingtheopportunityforanindividualtoalter,mis-representorfalsifydatawithoutdetection.尽管控制措施可能有所不同，审查“数据生命周期”对纸质记录和电子记录同样适用。在计算机化系统实例中，应该由业务负责人（例如生产人员、QC）与理解系统架构的IT人员联合对“数据生命周期”进行审查。EUGMP附件11中4.3段里对计算机化系统要求的描述可有助于审查。关键思维技术的应用不仅对于数据管理中识别差距很重要，而且对于保证流程有效性和合理控制系统提出了挑战。在数据生命周期中，隔离的任务能通过减少在未检测状态下进行个人改变、误传或伪造数据的机会减少数据完整性问题的风险。Datariskshouldbeconsideredateachstageofthedatalifecyclereview.在数据生命周期