数据完整性风险矩阵分享（针对不同类型的数据划分不同的风险等级）

恨我不成钢

本文给出了如何针对不同类型的数据进行风险评估制定不同等级的风险控制措施。根据PDA TR80《实验室数据完整性管理体系》，结合检验的关键性、质量体系的成熟度和降低风险的技术，可以建立风险矩阵。根据测试是否为关键质量属性(CQA)(如无菌检查)来确定数据的关键性，关键工艺控制(CPC)，如环境监测试验；或者过程控制/其他测试，如非无菌产品的环境监测。下图显示了应用于数据完整性的风险矩阵。在本文中，矩阵用于确定在批准测试结果之前，哪些微生物测试需要第二人复核。如下：

GMP办公室翻译组

翻译：Sword

校对：Owen

欢迎加入GMP办公室翻译组QQ群：307361958

Risk Management of Data Governance Systems

数据管理系统的风险管理

Data integrity controls should be based on quality risk management principles such as ICH Q9 (37)，that is, the level of controls, verification, and oversight should be commensurate with the criticality of the data to patient safety and with the risk to data accuracy, completeness, fabrication, or falsification.

数据完整性的控制应当基于ICH Q9中的质量风险管理原理，也就是说，数据的控制、确认和日常监督的水平应当和数据与患者安全的相关性，以及与数据的准确度、完好度、伪造或篡改的风险相匹配

Risk Assessment

风险评估

Conducting a risk assessment is a recommended method to assess and challenge processes, systems, controls, and practices in place for the generation, review, and archival of paper and electronic data.

推荐通过风险评估来评价一个公司用于纸质和电子数据生成、审查和归档的过程、系统、控制和实践

Risk assessments may be performed as part of the selection, commissioning, and validation of computerized systems. Testing of system functions and user privileges should be performed to ensure appropriate controls are in place that prevent or track changes to data, including any mechanism or role that allows data to be altered, overwritten, not saved, or deleted.

风险评估可作为计算机化系统的选型、调试和验证的一部分。应当进行系统功能和用户权限的测试，以确保能够通过合适的控制手段来阻止或追踪数据的更改，其中应包括任何角色或使用任何原理对数据所进行的修改、覆盖、未保存或删除

Risk assessments for paper data should be performed to assess controls in place that provide for traceability and reconciliation of the records. Mechanisms should also be in place to ensure that original records can be authenticated.

应对纸质数据进行风险评估，以评价记录的可追溯性和核对提供的控制。相关机制也应该到位，以确保原始记录真实可靠。

Risk-Based Mitigation

基于风险的治理

As discussed earlier in this paper, risks to ensuring data integrity might include computerized systems with lack of audit trails or appropriate security controls to prevent unauthorized changes as well as observational test methodologies. A systematic approach to risk mitigation is the use of a risk matrix.

正如本文前面所讨论的，确保数据完整性的风险可能包括计算机系统缺乏审计跟踪或适当的安全控制以防止未经授权的更改，以及观察性的测试方法。降低风险的一种系统方法是使用风险矩阵。

A risk matrix can be established using criticality of the test and maturity of the quality system and use of risk-reducing technology. Data criticality can be established based on whether the test is for a critical quality attribute (CQA), such as a sterility test; a critical process control (CPC), such as an environmental monitoring test; or an in-process control or other test, such as environmental monitoring for nonsterile products. Figure 7.2-1 shows a risk matrix applied to data integrity. In this example, the matrix is used to establish which microbiological tests require second-person verification prior to approving test results.

结合检验的关键性、质量体系的成熟度和降低风险的技术，可以建立风险矩阵。可以根据测试是否为关键质量属性(CQA)(如无菌检查)来确定数据的关键性，关键工艺控制(CPC)，如环境监测试验；或者过程控制/其他测试，如非无菌产品的环境监测。下图显示了应用于数据完整性的风险矩阵。在本例中，矩阵用于确定在批准测试结果之前，哪些微生物测试需要第二人复核。

Currently, a high percentage of the tests conducted in microbiology laboratories are observational, that is, the results (such as a colony count) are viewed and manually recorded on a paper document or in a computer record. Absent an easy, reliable method to verify the recorded data, some laboratories require microbiologists to use second-person verification (e.g., supervisor) by physical examination of the test plates. Further, the second-person verification could be performed as a discreet step prior to approval of the data or combined with the data-approval step

目前，在微生物实验室进行的测试中有很大一部分是观察性的，也就是说，结果(例如菌落计数)是在纸质文件或计算机记录中查看和手动记录的。由于缺乏一种简单、可靠的方法来确认所记录的数据，一些实验室要求微生物实验员进行第二人复核(如主管)，通过对培养皿进行菌落检查。此外，第二人复核可以作为数据批准前的强化步骤，也可以与数据批准步骤结合进行。

Risk factors for the collection, control, and verification of microbiology data are reduced with computer interface technology, such as automated plate readers or rapid methods that produce an electronic record that is retrievable and relatively tamper-proof or digitally time-and-date-stamped photography equipment. This can include automation and the use of advanced methods with a validated data recording (for example, ATP bioluminescence platform) system and audit trail capabilities. Even when a technological solution is not available, a strong pharmaceutical quality system (PQS), including an effective site audit program, supervisory and Quality Unit presence in the laboratory, and a robust p>eriodic review of the documentation system, will reduce data integrity risk. On the other hand, a weak PQS increases the data integrity risk.

微生物数据的收集、控制和确认的风险因素通过计算机接口技术得到了降低，例如自动菌落计数器或快速生成电子记录的方法，这些电子记录可检索、相对不会被篡改或具有数字时间和日期戳的摄影设备。这可以包括自动化和使用先进的方法，通过验证数据记录(例如ATP生物发光平台)系统和审计跟踪功能。如若目前还没有技术解决方案，应有强大的制药质量体系(PQS)，包括有效的现场审计计划、实验室监督和质量部门的存在，以及对文档系统的定期审查，以降低数据完整性风险。另一方面，薄弱的PQS会增加数据完整性风险。

syhorchid

风险，无处不在。

ahhb

谢谢分享，学习了。

GMP观察

太粗了点，再细点就好了。

simonpeng1101

谢谢分享，学习了。