OECD GLP NO25 GLP and IT Security双语

1782626

Considerations regarding IT security and GLP testfacilities

1. Introduction

1. 引言

GLP data aremore and more generated and retained in electronic format.

GLP数据越来越多地以电子格式生成和保存。

Measures of ITsecurity aim to protect electronic GLP data and applications against thespecific hazards encountered in the computerized environment.

IT安全措施旨在保护电子GLP数据和应用程序免受计算机化环境中遇到的特定危害。

Threats andattacks on systems containing GLP data and corresponding measures to ensuresecurity of such systems are constantly evolving, especially for systems andservices being provided over or interfacing the internet.

对包含GLP数据的系统的威胁和攻击以及确保这些系统安全的相应措施在不断演变，特别是对于通过互联网提供或与互联网接口的系统和服务。

Handling of ITsecurity may be outsourced by test facilities to external service providers.

试验机构可以将IT安全处理外包给外部服务商。

However, theresponsibility remains with the test facility.

然而，责任仍然在试验机构。

Therecommendation and advice of vendors of operating systems and platforms shouldbe carefully considered and applied where appropriate.

应仔细考虑并在适当的情况下应用操作系统和平台供应商的建议和意见。

2. Scope

2. 范围

This positionpaper concerns electronic GLP data and linked computerised systems hosted inservers and subject to computerised corruptions.

本文讨论了托管在服务器中的电子GLP数据和相关的计算机化系统，并受到计算机化损坏的影响。

The concepts inthis document for “test facilities”, “Test facility management” and “studydirectors”, would equally apply to “test sites”, “test site management” and“principal investigators”, where delegated study phases are conducted as partof a multisite study (these terms are defined in the GLP Principles).

本文档中的“试验机构”、“试验机构管理”和“项目负责人”概念同样适用于“试验场所”、“试验场所管理”和“主要研究者”，这些术语在GLP原则中定义。

3. Ongoingsecurity measures and GLP responsibilities

3. 持续的安全措施和GLP责任

Test facilitymanagement should maintain a security system that prevents unauthorised accessand ensures availability to GLP data.

试验机构管理应维护一个安全系统，防止未经授权的访问，并确保GLP数据的可用性。

Procedures andmeasures to ensure IT security should be based on the risk and consequence ofsystem malfunctions or internal or external deliberate or undeliberate actionsthat might adversely affect the integrity of GLP data.

确保IT安全的程序和措施应基于系统故障或内部或外部故意或无意行为的风险和后果，这些行为可能会对GLP数据的完整性产生不利影响。

4. Physicalsecurity

4. 物理安全

Servers,computers, infrastructure and media hosting GLP data and computerised systemsrelevant to GLP should be physically protected against unauthorised access,damage and loss. 托管GLP数据和相关计算机化系统的服务器、计算机、基础设施和媒体应受到物理保护，以防止未经授权的访问、损坏和丢失。

The extent ofsecurity measures depends on the criticality of the data.

安全措施的范围取决于数据的重要性。

Test Facilitymanagement should ensure an adequate level of security for data centres as wellas for local hardware such as servers, computers, tablets, phones, hard disksand USB drives.

试验机构管理应确保数据中心以及本地硬件（如服务器、计算机、平板电脑、手机、硬盘和USB驱动器）的足够安全级别。

At data centreshosting GLP data and applications, physical access should be limited to thenecessary minimum.

在托管GLP数据和应用程序的数据中心，物理访问应限制在必要的最低限度。

A two-factorauthentication can be used.

可以使用双因素认证。

Data centresshould be constructed to minimise the risk and impact of natural disasters,there should be pest control and effective measures against fire (e.g. cooling,fire detection and fire suppression), flooding and any other cause that couldalter data.

数据中心应建造以尽量减少自然灾害的风险和影响，应有害虫控制和有效的防火措施（如冷却、火灾探测和灭火）、洪水和任何其他可能改变数据的原因。

There aregenerally emergency generators and uninterruptible power supplies (UPS)together with redundant internet protocol providers.

通常有应急发电机和不间断电源（UPS），以及冗余的互联网协议提供商。

In case thedata centre is of type co-location´, the servers should be locked up andphysically protected (e.g. in cages) to prevent access from other users(co-location´ means date centres where the hosted hardware belongs to severalorganisations that have access to the server rooms).

如果数据中心是“共址”类型，服务器应锁定并受到物理保护（例如在笼子中），以防止其他用户访问（“共址”指托管硬件属于多个组织并有权访问服务器房间的数据中心）。

Preferably,data are replicated at an appropriate frequency from a primary data centre to asecondary failover site at an appropriate physical distance to minimise therisk that the same fire or natural disaster destroys both data centres.

最好以适当的频率将数据从主数据中心复制到适当物理距离的次级故障转移站点，以尽量减少同一火灾或自然灾害破坏两个数据中心的风险。

A disasterrecovery plan should be in place and tested.

应制定并测试灾难恢复计划。

5. Firewalls

5. 防火墙

In order toprovide a barrier between a trusted internal network and an untrusted externalnetwork and to control incoming and outgoing network traffic (from certain IPaddresses, destinations, protocols, applications, or ports etc.), effectivefirewalls are implemented.

为了在受信任的内部网络和不受信任的外部网络之间提供屏障，并控制进出网络的流量（来自某些IP地址、目的地、协议、应用程序或端口等），实施了有效的防火墙。

Firewall rulesshould be defined as strict as practically feasible, only allowing necessaryand permissible traffic.

防火墙规则应尽可能严格，只允许必要和允许的流量。

As firewallrules tend to be changed or become insufficient over time (e.g. as softwarevendors and IT technicians need certain ports to be opened due to installationor maintenance of applications, or as cyber threats evolve), they areperiodically reviewed.

由于防火墙规则随着时间的推移往往会发生变化或变得不足（例如，由于应用程序的安装或维护，软件供应商和IT技术人员需要打开某些端口，或者随着网络威胁的发展），它们会定期审查。

This reviewshould ensure that actual firewall rules continue to be set as tight aspossible.

此审查应确保实际防火墙规则继续尽可能严格。

6.Vulnerability management

6. 漏洞管理

Criticalvulnerabilities in operating systems and platforms can be exploited to giveunauthorised individuals privileged access to systems, and to modify or deletedata and make data inaccessible to legitimate users.

操作系统和平台中的关键漏洞可能被利用，使未经授权的个人获得系统的特权访问权限，并修改或删除数据，使合法用户无法访问数据。

Such exploitsare seen in operating systems for servers, computers, tablets, mobile phonesand routers as in platforms for databases etc.

这些漏洞在服务器、计算机、平板电脑、手机和路由器的操作系统中以及数据库平台中都可以看到。

While theseoperating systems and platforms are under support, the vendors frequentlyrelease security patches to close these vulnerabilities.

在这些操作系统和平台得到支持时，供应商经常发布安全补丁以关闭这些漏洞。

Consequently,relevant critical security patches for platforms and operating systems have tobe applied in a timely manner (immediately is recommended).

因此，必须及时应用平台和操作系统的相关关键安全补丁（建议立即应用）。

Systems whichare not security patched in a timely manner constitute a major risk for loss ofdata integrity.

未及时进行安全补丁的系统构成数据完整性丧失的重大风险。

Where relevant,such systems have to be isolated from computer networks and the internet.

在相关情况下，此类系统必须与计算机网络和互联网隔离。

7. PlatformManagement

7. 平台管理

Operatingsystems and platforms for critical applications and components should beupdated in a timely manner, in order to prevent their use in an unsupportedstate.

关键应用程序和组件的操作系统和平台应及时更新，以防止它们在不受支持的状态下使用。

Unsupportedplatforms and operating systems, for which no security patches are available,are exposed to a higher risk of vulnerability.

不受支持的平台和操作系统没有可用的安全补丁，暴露于更高的漏洞风险中。

Validation ofapplications on new operating systems and platforms and of the migration ofdata should be planned ahead and completed in due time.

应提前计划在新操作系统和平台上验证应用程序以及数据迁移，并在适当的时候完成。

Unsupportedplatforms and operating systems should be isolated from computer networks andthe internet.

不受支持的平台和操作系统应与计算机网络和互联网隔离。

8.Bidirectional devices (e.g. USB)

8. 双向设备（例如USB）

Bidirectionaldevices (e.g. USB) or other portable media or devices may have been usedoutside the test facility and could possibly compromise the system.

双向设备（例如USB）或其他便携式媒体或设备可能已在试验机构外使用，可能会危及系统。

Therefore, theyshould be strictly controlled as they may intentionally or unintentionallyintroduce malware and impact data integrity and availability.

因此，应严格控制它们，因为它们可能会故意或无意地引入恶意软件，影响数据的完整性和可用性。

9. Anti-virussoftware

9. 反病毒软件

Anti-virussoftware should be installed and activated on systems used in GLP, asappropriate.

应在GLP中使用的系统上适当安装并激活反病毒软件。

The anti-virussoftware should be continuously updated with the most recent virus definitionsin order to identify, quarantine, and remove known computer viruses.

反病毒软件应不断更新最新的病毒定义，以识别、隔离和移除已知的计算机病毒。

This processshould be monitored.

此过程应受到监控。

10. Penetrationtesting

10. 渗透测试

For systemsfacing the internet, penetration testing have to be conducted at regularintervals in order to evaluate the adequacy of security measures taken and toidentify vulnerabilities in system security, including the potential forunauthorised parties to gain access to and control the system and its data.

对于面向互联网的系统，必须定期进行渗透测试，以评估采取的安全措施的充分性，并识别系统安全中的漏洞，包括未经授权的一方可能获得访问和控制系统及其数据的潜力。

Vulnerabilitiesidentified, especially those related to a potential loss of data integrity,should be addressed and mitigated in a timely manner.

识别的漏洞，特别是与潜在数据完整性损失相关的漏洞，应及时解决和缓解。

11. Intrusiondetection and prevention

11. 入侵检测和预防

An effectiveintrusion detection and prevention system has to be implemented on systemsfacing the internet in order to monitor the network for intrusion attempts fromexternal parties and for the design and maintenance of effective preventivemeasures.

必须在面向互联网的系统上实施有效的入侵检测和预防系统，以监控网络是否遭受外部入侵尝试，并设计和维护有效的预防措施。

Threats viawireless connections have to be considered risk-based and may require a similarapproach.

通过无线连接的威胁必须基于风险考虑，并可能需要类似的方法。

12. Internalactivity monitoring

12. 内部活动监控

An effectivesystem, within the framework given by national labour legislation, fordetecting unusual or risky user activities (e.g. shift in activity pattern)have to be in place.

必须建立一个有效的系统，在国家劳动立法框架内，用于检测不寻常或有风险的用户活动（例如，活动模式的转变）。

13. Securityincident management

13. 安全事件管理

Test facilitiesshould work according to a procedure that defines and documents securityincidents.

试验机构应按照定义和记录安全事件的程序工作。

Such incidentscould be addressed in terms of criticality, and where applicable, implementseffective corrective and preventive actions to prevent recurrence.

这些事件可以根据其严重性来处理，并在适用的情况下，实施有效的纠正和预防措施以防止再次发生。

In cases wheredata have been, or may have been, compromised, the procedures should includerequirements to report security incidents to relevant parties where applicable.

在数据已经被或可能已经被泄露的情况下，程序应包括在适用的情况下向相关方报告安全事件的要求。

When using aservice provider, the service level agreement should ensure that incidents areescalated to the Test Facility Management in a timely manner in order for theTest facility Management to be able to report serious breaches to all relevantparties (study directors, sponsors, archivist …).

在使用服务商时，服务水平协议应确保事件能够及时升级到试验机构管理，以便试验机构管理能够向所有相关方（研究主管、赞助商、档案管理员等）报告严重违规行为。

14.Authentication method

14. 认证方法

The method ofauthentication in systems should identify users with a high degree ofcertainty.

系统中的认证方法应以高度确定性识别用户。

A minimumacceptable method would be by means of a user identification and password.

最低可接受的方法是通过用户识别和密码。

The need formore stringent authentication methods should be determined based on a riskassessment of the criticality of the data, and might include authenticationmethods, such as two-factor authentication.

应根据对数据重要性的风险评估来确定是否需要更严格的认证方法，可能包括双因素认证等认证方法。

Two-factorauthentication implies that two of the following three factors be used:

双因素认证意味着使用以下三个因素中的两个：

• something youknow, e.g. a user identification and password

• 你知道的事务，例如用户识别和密码

• something youhave, e.g. a security token, a certificate or a mobile phone and an SMS passcode

• 你有的事务，例如安全令牌、证书或手机和短信密码

• something youare, e.g. a fingerprint or an iris scan (biometrics)

• 自身，例如指纹或虹膜扫描（生物识别）

User accountsare automatically locked after a pre-defined number of successive failedauthentication attempts, either for a defined period of time, or until they arere-activated by a system administrator after appropriate security checks.

用户账户在连续多次认证失败后自动锁定，要么锁定一定时间，要么直到系统管理员在适当的安全检查后重新激活。

15. Remoteauthentication

15. 远程认证

Remote accessto GLP data and application, e.g. to cloud-based systems, raises specificchallenges.

远程访问GLP数据和应用程序，例如基于云的系统，提出了特定的挑战。

The level ofsecurity should be proportionate to the criticality of the data (e.g. datarequired to reconstruct the GLP studies) and to the access rights to be granted(read-only, write or even 'admin' rights).

安全级别应与数据的重要性（例如，重建GLP研究所需的数据）和要授予的访问权限（只读、写入或甚至“管理员”权限）相称。

A risk-basedapproach should be used to define the type of access control required,depending on the level of risk.

应使用基于风险的方法来定义所需的访问控制类型，具体取决于风险水平。

16. Passwordpolicies

16. 密码策略

Formalprocedures for password policies should be implemented.

应实施正式的密码策略程序。

The policiesshould include but not necessarily be limited to length, complexity, expiry,login attempts, and logout reset.

策略应包括但不限于长度、复杂性、过期、登录尝试和注销重置。

The policiesshould be enforced by systems, verified during system validation, included inperiodic reviews of the system validation and specifically addressed afterdetection of intruders.

策略应由系统执行，在系统验证期间进行验证，包括在系统验证的定期审查中，并在检测到入侵者后特别解决。

The passwordrules aim to prevent intrusion.

密码规则旨在防止入侵。

17. Passwordconfidentiality

17. 密码保密

Passwordsshould be kept confidential.

密码应保密。

Passwordsinitially received from the system or from a manager or system administratorhave to be changed by the user on their first connection to the system.

用户在首次连接到系统时必须更改最初从系统或经理或系统管理员那里收到的密码。

This should bemandated by the system.

这应由系统强制执行。

18. Inactivitylogout

18. 非活动注销

Systemsincluding an automatic inactivity, which logs out a user after a defined periodof inactivity, could be considered.

可以考虑包括自动非活动功能，该功能在定义的非活动时间后注销用户。

In such a case,the user should not be able to set the inactivity logout time (outside definedand acceptable limits) or deactivate the functionality.

在这种情况下，用户不应能够设置非活动注销时间（超出定义和可接受的限制）或停用该功能。

Upon inactivitylogout, a full re-authentication is required (e.g. password entry).

在非活动注销后，需要完全重新认证（例如输入密码）。

19. Remoteconnection

19. 远程连接

When remotelyconnecting to systems over the internet, a secure and encrypted protocol(virtual private network (VPN) and/or hypertext transfer protocol secure(HTTPS)) have to be used.

在通过互联网远程连接到系统时，必须使用安全和加密的协议（虚拟专用网络（VPN）和/或超文本传输协议安全（HTTPS））。

20. Protectionagainst unauthorised back-end changes

20. 保护免受未经授权的后端更改

The integrityof data has to be protected against unauthorised back-end changes made directlyon a database by a database administrator.

必须保护数据的完整性，防止数据库管理员直接在数据库上进行未经授权的后端更改。

A method toprevent such changes could be by setting the application up to encrypt its data

on the databaseor by storing data un-encrypted with an encrypted copy.

防止此类更改的方法之一是设置应用程序在数据库上加密其数据，或者存储未加密的数据和加密副本。

In either case,the database administrator cannot be identical to the administrator of theapplication.

在任何情况下，数据库管理员都不能与应用程序管理员密码相同。

21. Backup

21. 备份

Backups aremade, retained and stored following established procedures to ensure that GLPdata can be restored in case data has been accidentally or deliberately changedor deleted, lost as the result of a hardware malfunction or corrupted, e.g. asthe result of a cyber-attack.

按照既定程序制作、保留和存储备份，以确保在数据因意外或故意更改或删除、因硬件故障而丢失或损坏，例如因网络攻击而损坏的情况下，可以恢复GLP数据。

The frequency,retention and safe storage of backups is critically important to theeffectiveness of the process to mitigate these incidents.

备份的频率、保留和安全存储对于减轻这些事件的过程的有效性至关重要。

Backups aremade at suitable intervals (e.g. hourly, daily, weekly and monthly) and theirretention (e.g. a week, a month, a quarter, forever) should be determinedthrough a risk-based approach.

备份应以适当的间隔进行（例如每小时、每天、每周和每月），其保留（例如一周、一个月、一个季度、永久）应通过基于风险的方法确定。

Backups are notbe stored at the same physical location, on the same logical network or behindthe same firewall as the original data in order to avoid simultaneousdestruction or alteration.

备份不应存储在与原始数据相同的物理位置、相同的逻辑网络或同一防火墙后面，以避免同时被破坏或更改。

Depending onthe timely requirements for disaster recovery after an incident, applicationsand system configurations may also need to be backed up, as it may otherwisetake a long time to re-establish services.

根据事故后灾难恢复的及时要求，可能还需要备份应用程序和系统配置，否则重新建立服务可能需要很长时间。

Restoration ofdata and potentially applications and configurations from backup should betested.

应测试从备份中恢复数据以及可能的应用程序和配置。

22. StandardOperating Procedures (SOP)

22. 标准操作程序（SOP）

Procedures/policiesshould be in place describing what IT security measures are in place and takenby the test facility.

应制定程序/策略，描述试验机构已经采取的IT安全措施。

It should alsobe clearly described how the facility will handle any IT security breach andthe facility should alert its national GLP compliance monitoring authority incase of any IT security issues and data loss/hacks.

还应清楚地描述该设施将如何处理任何IT安全漏洞，并且该设施应在出现任何IT安全问题和数据丢失/黑客攻击时通知其国家GLP合规监控机构。

xqliu

学习了，谢谢提供分享。