Section
章节 | 2011 Version
2011版本 | 2025 Draft Update
2025草案更新 | Type of Change
更改类型 | Implication / Notes
含义/说明 |
Overall Context
整体 | The Annex was revised in response to the increased use and complexity of computerised systems. Consequential amendments were also proposed for Chapter 4 of the GMP Guide.
本附录的修订是为了应对计算机化系统使用的增加及其日益复杂的特点。同时,也对《GMP 指南》第4章提出了相应的修订建议。 | The guideline was revised to reflect changes in regulatory and manufacturing environments, clarify requirements, and remove ambiguity and inconsistencies. It addresses the evolving IT landscape, increased use of cloud services, and new technologies, aiming for a common approach between EU and PIC/S, ensuring product quality, patient safety, and data integrity.
本指南的修订旨在反映监管与生产环境的变化,澄清相关要求,消除歧义与不一致之处。该文件重点应对不断演进的IT环境、云服务的广泛应用以及新兴技术的出现,旨在在欧盟与PIC/S之间实现统一的方法,以确保产品质量、患者安全和数据完整性。 | Expanded & Modernized
扩展和现代化 | Acknowledges rapid technological advancements and global harmonization efforts, strengthening the focus on patient safety and data integrity beyond just product quality.本次修订承认技术快速发展的现实及全球一致化的努力,在确保产品质量的基础上,进一步加强了对患者安全和数据完整性的关注。 |
Scope / Principles范围/原则 | Applies to all forms of computerised systems used as part of GMP regulated activities. States that a computerised system is a set of software and hardware components. Application should be validated; IT infrastructure should be qualified. No decrease in product quality, process control, or quality assurance, and no increase in overall risk when replacing a manual operation.
适用于作为GMP相关活动一部分的所有形式的计算机化系统。指出计算机化系统由软件和硬件组件构成。应用程序应经过验证,IT基础设施应经过确认。在用计算机化操作替代人工操作时,不应降低产品质量、过程控制或质量保证水平,也不应增加整体风险。 | 1. Scope: Applies to all types of computerised systems used in the manufacturing of medicinal products and active substances. 2. Principles: Includes specific principles like2.1 Lifecycle management (validated and maintained), 2.2 Quality Risk Management (QRM throughout lifecycle), 2.3 Alternative practices (allowed if equivalent control), 2.4 Data integrity (critically important, ALCOA+ principles), 2.5 System requirements (documented, updated, basis for validation), 2.6 Outsourced activities (regulated user remains fully responsible), 2.7 Security (stay updated on threats), and 2.8 No risk increase (similar to 2011).1. 适用范围:
适用于用于药品及活性物质生产的所有类型的计算机化系统。2. 基本原则:
包括以下关键原则:2.1 生命周期管理:系统应经过验证并持续维护;2.2 质量风险管理(QRM):应贯穿整个系统生命周期;2.3 替代做法:若具备等效控制措施,则可接受;2.4 数据完整性:极为重要,须遵循 ALCOA+ 原则;2.5 系统要求:应有文档记录、及时更新,并作为验证依据;2.6 外包活动:受监管用户需对其承担全部责任;2.7 安全性:应持续关注潜在威胁,保持系统更新;2.8 风险不可增加:与2011年版本要求一致。 | Expanded & Clarified
扩展与澄清 | Broadens the types of systems covered and introduces explicit foundational principles like ALCOA+ for data integrity, formalizing responsibility for outsourced activities, and emphasizing proactive security.
扩大了涵盖的系统类型,并引入了诸如数据完整性 ALCOA+ 原则等明确的基础性原则,正式规定了外包活动的责任归属,强调了对安全威胁的主动防范。 |
Risk Management风险管理 | Applied throughout the lifecycle of the computerised system taking into account patient safety, data integrity and product quality. Decisions on the extent of validation and data integrity controls should be based on a justified and documented risk assessment.
应贯穿于计算机化系统的整个生命周期,考虑对患者安全、数据完整性和产品质量的影响。关于验证深度和数据完整性控制的决策应基于合理且有据可查的风险评估。 | 4. Risk Management:
4.1 Lifecycle: QRM applied throughout the lifecycle considering impact on product quality, patient safety, or data integrity. 4.2 Identification and analysis: Risks identified and analysed per procedure, with examples of methods/tools from ICH Q9 (R1). 4.3 Appropriate validation: Validation strategy and effort determined by intended use and potential risks. 4.4 Mitigation: Risks mitigated to acceptable level, influencing system architecture and functionality. 4.5 Data integrity: QRM principles used to assess criticality, vulnerability, and detection likelihood of data alteration, deletion, or loss.
4.风险管理:4.1 生命周期:应在整个系统生命周期内应用质量风险管理(QRM),并考虑其对产品质量、患者安全和数据完整性的影响;4.2 风险识别与分析:风险应根据程序识别并进行分析,可参考 ICH Q9(R1) 中的方法和工具;4.3 适当验证:验证策略和工作量应基于系统预期用途及其潜在风险确定;4.4 风险控制:应将风险控制在可接受水平,风险评估结果会影响系统架构与功能设计;4.5 数据完整性:应依据QRM原则评估数据被更改、删除或丢失的关键性、脆弱性和可检测性。 | Expanded & More Prescriptive
扩展且更具规范性 | Strengthens the centrality of risk management by providing more detailed guidance on methods, integration with validation, mitigation strategies, and a specific focus on data integrity vulnerabilities.
通过提供更详尽的方法指导、强调与验证活动的结合、提出风险缓解策略,并特别关注数据完整性方面的脆弱点,进一步强化了风险管理在系统生命周期中的核心地位。 |
Personnel
人员 | There should be close cooperation between all relevant personnel such as Process Owner, System Owner, Qualified Persons and IT. All personnel should have appropriate qualifications, level of access and defined responsibilities.
相关人员之间应密切协作,例如工艺负责人、系统负责人、合格人员(QP)及IT团队。所有人员都应具备相应的资质、访问权限等级以及明确的职责分工。 | 5. Personnel and Training:
5.1 Cooperation: Close cooperation among all relevant parties including process owner, system owner, users, subject matter experts (SME), QA, QP, internal IT, vendors, and service providers. 5.2 Training: All involved parties should have adequate system-specific training, appropriate qualifications, and experience corresponding to their assigned duties and access privileges.
5.人员与培训:5.1 协作:所有相关方应密切合作,包括工艺负责人、系统负责人、用户、主题专家(SME)、质量保证(QA)、合格人员(QP)、内部IT、供应商及服务提供商;5.2 培训:所有参与人员都应接受与系统相关的充分培训,具备相应资质与经验,并与其职责和访问权限相匹配。 | Expanded & Clarified
扩展与澄清 | Broadens the list of collaborating parties to reflect complex IT environments and explicitly mandates specific training for all involved personnel.
扩展了协作方的范围,以反映当前复杂的IT环境,并明确要求所有相关人员接受系统专属培训,确保其胜任职责。 |
Suppliers and Service Providers供应商和服务提供商 | Formal agreements required for third parties providing, installing, configuring, integrating, validating, maintaining, modifying or retaining a system or service. Agreements include clear responsibilities. Competence and reliability are key, audit based on risk. Documentation with COTS products reviewed. Quality system and audit information available to inspectors. IT departments considered analogous.
对于提供、安装、配置、集成、验证、维护、修改或保存系统或服务的第三方,应签订正式协议。协议中应明确各方职责。供应商的能力与可靠性至关重要,审计应基于风险进行。应审查商用现成(COTS)产品的相关文件。质量体系及审计信息应可供检查员查阅。IT部门在此类活动中也视同外部服务提供方。 | 7. Supplier and Service Management:
7.1 Responsibility: Regulated user remains fully responsible for requirements even when relying on third parties. <br>7.2 Audit: Conduct audits/assessments based on risk/criticality to determine adequacy of vendor/service provider procedures and documentation. 7.3 Oversight: Exercise effective oversight through defined Service Level Agreements (SLAs) and Key Performance Indicators (KPIs). 7.4 Documentation availability: Ensure documentation for required activities is accessible and explainable from the regulated user's facility. 7.5 Contracts: Requires detailed contracts/procedures outlining activities, regulatory requirements, reporting, oversight, audit conditions, inspection support, issue resolution, quality/security communication, an exit strategy for data control, and processes for new system versions and user testing.
7.供应商与服务管理:7.1 责任:即便依赖第三方,受监管用户仍需对相关法规要求负全责;7.2 审计:应根据风险或关键性开展审计/评估,以确认供应商或服务商的程序与文件是否充分;7.3 监督:通过明确定义的服务水平协议(SLA)和关键绩效指标(KPI)进行有效监督;7.4 文件可得性:受监管方应确保所有必要活动的相关文件在其场所可获得并可解释;7.5 合同要求:合同中应详细列明活动范围、法规要求、报告机制、监督职责、审计安排、检查支持、问题解决、质量/安全沟通机制、数据控制的退出策略、新版本管理流程及用户测试要求。 | Significantly Expanded & Strengthened
大幅扩展与强化 | Imposes much more stringent requirements for managing outsourced activities, emphasizing the regulated user's ultimate responsibility, detailed contractual obligations (including data exit strategies), and ongoing oversight using KPIs/SLAs.
对外包活动管理提出了更为严格的要求,强调受监管用户的最终责任、合同中需明确的细节义务(如数据退出策略),以及通过KPI/SLA实现的持续监督机制。 |
Validation / Qualification and Validation
确认/验证 | Validation documentation and reports should cover relevant lifecycle steps. Justify standards, protocols, acceptance criteria, procedures based on risk assessment. Documentation includes change control and deviation reports. Up-to-date system inventory and description for critical systems. User Requirements Specifications (URS) based on risk and GMP impact, traceable. System developed with appropriate quality management system, supplier assessed. Process for bespoke/customised systems. Evidence of test methods/scenarios (parameter/data limits, error handling). Validation includes checks for data alteration during migration.
验证文件与报告应覆盖系统相关生命周期阶段。所采用的标准、方案、接收标准和程序应基于风险评估进行合理说明。文档应包含变更控制和偏差报告。对于关键系统,应有最新的系统清单和系统描述。用户需求规范(URS)应基于风险和GMP影响制定,并具备可追溯性。系统应在适当的质量管理体系下开发,并对供应商进行评估。需有定制/个性化系统的控制流程。应提供测试方法/场景的证据(如参数/数据限值、错误处理)。验证内容包括迁移过程中数据更改的检查。 | 9. Qualification and Validation:
9.1 Principles: Follows GMP Annex 15, addressing standard, configured, and customised functionality. 9.2 Quality risk management: Decisions on scope and extent based on justified and documented risk assessment of requirements, considering product quality, patient safety, and data integrity. 9.3 Installation and configuration: Verifies correct installation, configuration, calibration, updated operating systems/platforms, and relevant security patches. 9.4 Evidence: Provides evidence via executed test scripts and screen dumps. 9.5 Traceability: Requires documented traceability between requirements, design specifications, and test cases, encouraging effective tools. 9.6 Focus: Increased focus on testing key functional requirements, GMP compliance, and data integrity functionality (e.g., access privileges, calculations, audit trails, error handling, alarms, reports, restore from backup). 9.7 Plan and approval: Activities conducted according to approved plans, protocols, and test scripts. 9.8 Completion prior to use: Successfully completed and reported prior to approval and use. Allows conditional approval with documented assessment that deficiencies will not impact product quality, patient safety, or data integrity. 9.9 Authorisation: Regulated user fully accountable for reviewing and authorizing documentation, even from external providers.
9. 确认与验证:9.1 原则:遵循《GMP附录15》,涵盖标准功能、配置功能和定制功能;9.2 质量风险管理:验证范围与深度应基于经合理说明和记录的风险评估,考虑产品质量、患者安全与数据完整性;9.3 安装与配置:确认正确安装、配置、校准、操作系统/平台更新及相关安全补丁的应用;9.4 证据:通过已执行的测试脚本和屏幕截图提供验证证据;9.5 可追溯性:要求需求、设计规范与测试用例之间具备文档化的可追溯性,鼓励使用有效的工具实现;9.6 重点关注:加强对关键功能要求、GMP合规性和数据完整性功能的测试(如访问权限、计算功能、审计追踪、错误处理、警报、报告、备份恢复等);9.7 计划与批准:所有活动应依据已批准的计划、方案与测试脚本开展;9.8 使用前完成:所有验证活动必须在系统批准与使用前成功完成并记录。如条件批准,则必须有记录证明相关缺陷不会影响产品质量、患者安全或数据完整性;9.9 授权:即使由外部方提供文件,受监管用户仍需对其进行审核与最终授权,承担全责。 | Expanded, Clarified & More Flexible
扩展、澄清且更具灵活性 | Strengthens the link to QRM and Annex 15, emphasizes data integrity testing and security patching, and introduces flexibility through conditional approval for system use, while reiterating user accountability for external documentation.
强化了与质量风险管理及《附录15》的衔接,强调数据完整性测试与安全补丁管理,同时引入“有条件批准”机制以增强灵活性,并重申用户对外部文件承担最终责任。 |
Data / Handling of Data
数据/数据处理 | Computerised systems exchanging data electronically should include appropriate built-in checks for correct and secure entry and processing. For critical data entered manually, an additional accuracy check is required (second operator or validated electronic means). Data should be secured by physical and electronic means against damage. Stored data checked for accessibility, readability, and accuracy; access ensured throughout retention.
进行电子数据交换的计算机化系统应具备适当的内置检查机制,以确保数据录入和处理的正确性与安全性。对于关键数据的人工录入,必须进行额外的准确性核查(可由第二操作员或经过验证的电子方式实现)。应通过物理和电子手段保护数据不受损坏。储存的数据应定期检查其可访问性、可读性和准确性,并确保在整个保存期限内均可访问。 | 10. Handling of Data:
10.1 Input verification: Systems should have plausibility verification for critical manual data inputs, alerting users when input is not plausible. 10.2 Data transfer: Critical data transfer should preferably be based on validated interfaces rather than manual transcriptions. If manual, effective measures for data integrity are required. 10.3 Data migration: Ad hoc critical data/database migration must be based on a validated process. 10.4 Encryption: Critical data should be encrypted on a system.
10. 数据处理:10.1 输入核查:系统应对关键的人工数据输入进行合理性核查,若输入不合理,应提示用户;10.2 数据传输:关键数据传输应优先使用经过验证的电子接口,而非人工转录。若采用人工方式,必须采取有效的数据完整性控制措施;10.3 数据迁移:临时执行的关键数据或数据库迁移必须基于已验证的流程进行;10.4 加密:关键数据在系统中应进行加密处理。 | Expanded, Clarified & Strengthened
扩展、澄清与强化 | Introduces more specific requirements for data input verification, strongly prefers validated electronic data transfers, mandates validated processes for data migration, and explicitly requires encryption for critical data.本节引入了更具体的数据输入核查要求,强烈建议使用验证过的电子数据传输方式,要求数据迁移过程经验证,并明确规定关键数据必须加密,全面强化了数据完整性与安全性要求。 |
Data Storage / Backup
数据存储/备份 | Regular back-ups of all relevant data should be done. Integrity and accuracy of back-up data and the ability to restore data should be checked during validation and monitored periodically.
所有相关数据应定期备份。在验证期间应检查备份数据的完整性与准确性,以及数据恢复能力,并应定期监控。 | 16. Backup: (New dedicated section) 16.1 Regular backup: Data and metadata regularly backed up to prevent loss from various incidents, including cyber-attacks. 16.2 Frequency and retention: Backups made at suitable intervals (e.g., hourly, daily) and retention determined by a risk-based approach. 16.3 Physical separation: Backups physically separated from the original data location and stored at a safe distance. 16.4 Logical separation: Backups not stored on the same logical network as original data. 16.5 Scope: Applications and system configurations may also need to be backed up based on criticality. 16.6 Restore test: Restore of data from backup must be tested and documented based on risk during validation and after changes to backup processes/tools.
16. 备份(新增专章):16.1 定期备份:应定期备份数据及元数据,以防数据因各种事件(包括网络攻击)而丢失;16.2 频率与保存:备份应按适当间隔执行(例如每小时、每天),保留期限应依据风险导向方法确定;16.3 物理隔离:备份应与原始数据的存储位置物理隔离,存放在安全距离之外;16.4 逻辑隔离:备份不应存储在与原始数据相同的逻辑网络上;16.5 备份范围:应根据关键性评估是否需同时备份应用程序及系统配置;16.6 恢复测试:数据恢复过程必须基于风险在验证期间及备份工具/流程变更后进行测试并留有记录。 | New Dedicated Section & Significantly More Detailed
新增专章,内容显著增强 | Elevates backup requirements into a standalone, highly detailed section, emphasizing frequency, retention, physical and logical separation, broader scope (including applications/configurations), and rigorous restore testing.
将备份要求提升为独立章节,详细规定了备份的频率、保存策略、物理与逻辑隔离要求、备份范围扩展(包含应用与配置),以及恢复测试的严格性,全面强化数据保护措施。 |
Printouts
打印输出 | It should be possible to obtain clear printed copies of electronically stored data. For records supporting batch release, printouts should indicate if any of the data has been changed since the original entry.
应能够清晰地打印出电子存储的数据副本。对于用于支持批放行的记录,打印件应标示出自原始录入以来是否有任何数据被更改。 | No direct standalone section. Requirements for data display and integrity are integrated into sections like Audit Trails
(12.9 Electronic copy, 12.4 Accommodate review) and Electronic Signatures (13.6 Manifestation).
无单独设立章节
与打印输出相关的要求未以独立章节呈现,而是整合进了诸如审计追踪(如 12.9 电子副本、12.4 便于审阅)及电子签名(如 13.6 显示方式)等章节中。 | Reorganized/Integrated
结构调整 / 要求整合 | The specific requirement for printouts as a primary output is de-emphasized. The focus shifts to ensuring data integrity and traceability, which includes the ability to display and understand data (including changes) electronically or in a printed format, as governed by audit trail and electronic signature principles.
不再强调“打印件”作为主要输出形式,重点转向确保数据的完整性与可追溯性,包括能否通过电子或打印方式显示并理解数据(包括其更改历史),这些要求受审计追踪与电子签名规范的共同约束。 |
Audit Trails
审计追踪 | Consideration should be given, based on a risk assessment, to building in a system-generated "audit trail" for all GMP-relevant changes and deletions. Reason should be documented for change or deletion of GMP-relevant data. Audit trails need to be available, convertible to a generally intelligible form, and regularly reviewed.应基于风险评估考虑为所有与GMP相关的更改与删除内建系统生成的审计追踪功能。对于GMP相关数据的更改或删除,必须记录更改的原因。审计追踪应可获取、可转换为通用可理解的形式,并定期进行审查。 | 12. Audit Trails:
12.1 Manual user interactions: Systems where users can create, modify, or delete data/settings, acknowledge alarms, or execute electronic signatures should have an audit trail functionality. 12.2 Who, what, when, why: Unambiguously capture user (role), what was changed (old/new value), date/time (time zone), recorded at time of events. Systems should automatically prompt for and register the reason for change. 12.3 No edit or deactivation: Audit trail functionality should be enabled and locked at all times, not editable. Changes to audit trail settings create an entry and only possible by a system administrator not involved in GMP activities. 12.4 Accommodate review: Must allow effective and efficient sorting and searching of data (who, what, when, why) within the system or by export. 12.5 Reviews: Conducted per documented procedure, encouraging tools, and significant variations investigated. 12.6 Independent review: Should be conducted by personnel not directly involved in the reviewed activities (peer review). 12.7 Scope of review: Targeted, risk-based, focusing on detecting deliberate or indeliberate changes, GMP violations, and verifying reasons for changes. 12.8 Timeliness of review: Conducted in a timely manner, prior to batch release unless justified. 12.9 Electronic copy: A complete electronic copy of system data, including audit trail data, should be obtainable and searchable/sortable. 12.10 Availability to QP: Audit trail reviews with direct impact on product release should be available to the QP at batch release.
12. 审计追踪:12.1 人工用户交互:凡用户可创建、修改或删除数据/设定、确认警报或执行电子签名的系统,均应具备审计追踪功能;12.2 谁、做了什么、何时、为何:审计追踪应明确记录用户(角色)、更改内容(旧值/新值)、日期/时间(含时区),并在事件发生时实时记录。系统应自动提示并记录更改原因;12.3 不可编辑或停用:审计追踪功能必须始终启用并锁定,不可编辑。变更审计追踪设定本身应被记录,且只能由不参与GMP活动的系统管理员执行;12.4 便于审查:系统内或通过导出方式,审计追踪应支持高效的数据筛选与搜索(包括谁、做了什么、何时、为何);12.5 审查活动:应按书面程序进行审查,鼓励使用辅助工具,并对重大偏差进行调查;12.6 独立性:审查应由未直接参与被审查活动的人员进行(同行审查);12.7 审查范围:应采用有针对性、基于风险的方法,重点识别有意或无意的更改、违反GMP的行为,并核实更改原因;12.8 审查时机:应及时完成审查,在批放行前完成,除非有合理说明;12.9 电子副本:应可获取包括审计追踪在内的完整系统数据电子副本,且可搜索与排序;12.10 QP 可用性:与产品放行直接相关的审计追踪审查结果应在批放行时提供给合格人员(QP) | Significantly Expanded & More Prescriptive
显著扩展且更具规范性 | Strengthens audit trail requirements from "consideration" to a mandate. Provides highly detailed specifications for audit trail content, system controls (un-editable, locked), review functionality, independence of review, timeliness (especially for batch release), and QP access, profoundly enhancing data integrity.本节将原先“建议考虑”的要求上升为强制性规定,细化了审计追踪内容、系统控制(不可编辑、需锁定)、审查功能、审查独立性、完成时限(尤其在批放行前)及合格人员获取权限,极大提升了数据完整性保障力度。 |
Change and Configuration Management
变更及配置管理 | Any changes to a computerised system including system configurations should only be made in a controlled manner in accordance with a defined procedure
对计算机化系统的任何变更(包括系统配置)必须按照既定程序以受控方式进行。 | 3.ii (Pharmaceutical Quality System): Any change to a computerised system (config, hardware, software, platform, OS) made in a controlled manner. Significant changes impacting quality/safety/integrity require re-qualification and validation.
6.6 (System Requirements - Configuration): Requires clarity on functionality modified by configuration and documentation of chosen configuration.详细内容:3.ii(药品质量体系):对计算机化系统(配置、硬件、软件、平台、操作系统)的任何变更,均须受控执行。对质量、安全或完整性有重大影响的变更,必须进行重新确认和验证;6.6(系统要求—配置):需明确说明通过配置修改的功能,并对所选配置进行文档记录。 | Reorganized & Strengthened
结构调整与强化 | Integrates change control into the Pharmaceutical Quality System, explicitly requiring re-qualification and validation for significant changes and specific documentation for system configuration.
将变更控制纳入药品质量体系管理,明确规定重大变更必须重新确认和验证,且对系统配置的变更必须有具体文档支持,进一步强化了变更和配置管理的规范性和可追溯性。 |
Periodic Evaluation / Periodic Reviews定期评估/定期审查 | Computerised systems should be periodically evaluated to confirm that they remain in a valid state and are compliant with GMP. Evaluations should include, where appropriate, the current range of functionality, deviation records, incidents, problems, upgrade history, performance, reliability, security and validation status reports.
计算机化系统应定期评估,以确认其仍处于有效状态且符合GMP要求。评估内容应包括(视情况而定)当前功能范围、偏差记录、事件、问题、升级历史、性能、可靠性、安全性以及验证状态报告。 | 14. Periodic Reviews:
14.1 Periodic reviews: Verifies if the system remains 'fit for intended use' and in 'a validated state', documenting findings and analysing for consequences on product quality, patient safety, and data integrity. 14.2 Scope of review: Significantly expanded to include: changes (hardware/software, config, platform, infrastructure, interfaces, documentation, combined effect of multiple changes, undocumented changes identification via configuration auditing). Also, follow-up on supporting processes (previous reviews/audits/inspections/CAPA, audit trail reviews, access reviews, risk assessments, incidents, security threats, maintenance, contracts/SLAs/KPIs, backup procedures/restore tests/DRP, archival adequacy, data integrity assessments, regulatory changes). 14.3 Frequency: Established and justified based on the risk the system poses to product quality, patient safety, and data integrity; a final review upon system retirement.
14.1 定期审查:验证系统是否仍“适合预期用途”且处于“已验证状态”,记录审查结果并分析对产品质量、患者安全和数据完整性的影响;14.2 审查范围:大幅扩展,涵盖硬件/软件、配置、平台、基础设施、接口、文档的变更,多项变更的综合影响,以及通过配置审计发现的未记录变更。同时包含对支持流程的跟踪,如之前的审查/审核/检查/CAPA,审计追踪审查,访问权限审查,风险评估,事件,安全威胁,维护,合同/SLA/KPI,备份程序/恢复测试/灾难恢复计划,归档适当性,数据完整性评估,法规变更等;14.3 频率:根据系统对产品质量、患者安全和数据完整性风险的评估设定并合理确定,系统退役时应进行最终审查。 | Significantly Expanded & More Detailed
显著扩展且更为详尽 | Transforms periodic evaluation into a comprehensive 'health check' for the system, with a much broader and more prescriptive scope covering all aspects of its operation, changes, and associated processes, throughout its entire lifecycle, including retirement.
将定期评估升级为系统的全面“健康检查”,覆盖系统生命周期内操作、变更及相关流程的各个方面,包括系统退役阶段,内容更加广泛且规范。 |
Security / Identity and Access Management & Security
安全/身份和访问管理与安全 | Physical and/or logical controls should be in place to restrict access to computerised system to authorised persons. Methods may include keys, pass cards, personal codes with passwords, biometrics, restricted access to computer equipment and data storage areas. Extent of security controls depends on criticality. Creation, change, and cancellation of access authorisations should be recorded. Management systems for data and for documents should be designed to record the identity of operators entering, changing, confirming or deleting data including date and time.
应通过物理和/或逻辑控制,限制计算机系统仅被授权人员访问。控制方式包括钥匙、门禁卡、个人密码、生物识别、限制对设备和数据存储区的访问等。安全措施的严密程度依据系统关键性确定。访问授权的创建、变更、撤销均须有记录。管理数据和文档的系统应记录操作人员身份及操作时间。 | 11. Identity and Access Management: (New dedicated section focusing on user access) 11.1 Unique accounts: All users must have unique and personal accounts; shared accounts generally violate data integrity. 11.2 Continuous management: User accesses and roles granted, modified, and revoked timely. <br> 11.3 Certain identification: Authentication identifies users with high certainty and effective protection (e.g., unique username/password, biometrics; token/smart card alone insufficient). <br> 11.5 Secure passwords: Passwords enforced by systems, secure (length, character mix), no dictionary words for critical systems. <br>11.6 Strong authentication: Remote authentication on critical systems from outside controlled perimeters must include multifactor authentication (MFA). 11.7 Auto locking: Accounts locked after failed attempts. <br> 11.8 Inactivity logout: Automatic inactivity logout required with re-authentication. 11.9 Access log: Systems should include a searchable/sortable access log. <br>11.10 Guiding principles: Emphasizes segregation of duties (no admin privileges for GMP users) and least privilege principle. <br> 11.11 Recurrent reviews: User accounts subject to recurrent reviews by managers to confirm continued access. <br> 15. Security: (New dedicated and significantly expanded section) <br> 15.1 Security system: Effective information security management system to safeguard and detect/prevent unauthorized access. <br> 15.2 Continuous improvement: Keep updated on new security threats and continuously improve measures. <br> 15.3 Training and tests: Recurrent security awareness training for users, evaluated by simulated tests. <br> 15.4 Physical access: Servers, computers, devices physically protected, limited access to server rooms (MFA). <br> 15.5 Disasters and disturbances: Data centers constructed to minimize risk/impact of disasters. <br>15.6 Replication: Critical data replicated to secondary data center at safe distance. <br> 15.7 Disaster recovery: Plan in place, tested, ensuring continuity of operation within a defined Recovery Time Objective (RTO). <br> 15.8 Segmentation and firewalls: Networks segmented, effective firewalls implemented with strict rules. <br> 15.10 Updated platforms: Operating systems and platforms updated timely. <br> 15.12 Unsupported platforms: Highly vulnerable, should be isolated. <br>15.13 Timely patching: Relevant security patches deployed timely, immediately for critical vulnerabilities. <br> 15.15 Strict control: Use of bidirectional devices (e.g., USB) strictly controlled. <br> 15.18 Anti-virus software: Installed, activated, continuously updated, effectiveness monitored. <br>15.19 Penetration testing: For critical internet-facing systems, regular penetration testing to evaluate security and identify vulnerabilities. <br> 15.20 Encryption: Secure and encrypted protocol for remote connections over the internet.
11. 身份与访问管理(新增独立章节,聚焦用户访问控制)11.1 唯一账户:所有用户必须拥有唯一且个人专属账户,共用账户一般视为数据完整性风险。11.2 持续管理:及时授予、变更、撤销用户访问权限和角色。11.3 可靠身份认证:需高确定性身份验证,如唯一用户名/密码、生物识别等;仅使用令牌或智能卡不足以满足要求。11.5 安全密码:密码需由系统强制执行安全策略(长度、字符复杂度),关键系统禁止使用字典词。11.6 强认证:关键系统的远程访问必须实施多因素认证(MFA)。11.7 自动锁定:多次失败登录后自动锁定账户。11.8 非活动自动注销:要求非活动自动注销并重新认证。11.9 访问日志:系统应含可搜索、可排序的访问日志。11.10 访问管理原则:强调职责分离(GMP用户无管理员权限)和最小权限原则。11.11 定期审查:管理人员需定期复审用户账户权限,确认访问的合理性。15. 信息安全(新增且大幅扩展)15.1 安全管理体系:建立有效的信息安全管理体系,防范和检测未经授权访问。15.2 持续改进:及时关注安全威胁,持续改进安全措施。15.3 培训和测试:定期开展安全意识培训并通过模拟测试评估效果。15.4 物理安全:服务器、计算机及设备须有物理防护,服务器机房访问受限并要求多因素认证。15.5 灾害防范:数据中心设计应最大限度降低灾害风险和影响。15.6 数据复制:关键数据需复制到物理安全距离的备份数据中心。15.7 灾难恢复计划:制定并测试灾难恢复计划,确保在规定恢复时间目标(RTO)内持续运行。15.8 网络隔离与防火墙:实施网络分段,配置严格的防火墙规则。15.10 平台更新:操作系统及平台应及时更新。15.12 不支持平台:不再支持的平台高度脆弱,应隔离使用。15.13 补丁管理:关键安全补丁需立即部署,其他补丁及时更新。15.15 设备控制:严格控制双向设备(如USB)使用。15.18 杀毒软件:安装并启用杀毒软件,持续更新和监控其有效性。15.19 渗透测试:针对关键互联网暴露系统,定期进行渗透测试以评估安全性。15.20 加密通信:互联网远程连接需使用安全加密协议。 | Significantly Expanded, Split into two major sections, & Highly Detailed
内容大幅扩展,拆分为两个主要章节,且极为详尽。 | This is a major overhaul. The 2025 draft introduces comprehensive requirements for identity/access management (unique accounts, MFA, strict password rules, access reviews) and a vast array of IT security measures including information security management systems, proactive threat management, physical security for data centers, network segmentation, rigorous patching, device control, anti-virus, and penetration testing. This reflects the increased criticality of cybersecurity in GMP.
2025版草案在身份与访问管理和信息安全方面进行了重大升级,内容更详尽全面,体现了GMP环境下网络安全日益重要的趋势。它强化了对唯一账户、多因素认证、密码强度及访问审查的要求,同时扩展了IT安全体系的覆盖面,包括物理安全、网络安全、补丁管理、设备使用控制和持续安全意识培训等,确保计算机系统的安全性和数据完整性。 |
Incident Management
事件管理 | All incidents, not only system failures and data errors, should be reported and assessed. The root cause of a critical incident should be identified and should form the basis of corrective and preventive actions.
事件管理作为药品质量体系的重要组成部分被重新整合和强化。所有在验证或运行过程中发生的偏差和事件均需记录,关键事件必须进行根本原因分析,并制定和验证纠正与预防措施(CAPA)的有效性。事件的跟踪和处理也被纳入周期性评审的范围,确保持续改进和合规性。 | 3.i (Pharmaceutical Quality System): All deviations during validation or operation are recorded and significant deviations investigated to determine root cause and impact on product quality, patient safety, or data integrity. Suitable Corrective and Preventive Actions (CAPA) identified and verified for effectiveness. <br> 14.2.vi (Periodic Reviews): Scope includes follow-up on actions from incidents, problems, deviations, security incidents, and new security threats.
3.i 药品质量体系):记录验证或运行过程中所有偏差,对重大偏差进行调查以确定根本原因及其对产品质量、患者安全或数据完整性的影响。识别并验证适当的纠正和预防措施(CAPA)的有效性。14.2.vi(周期性评审):评审范围包括对事件、问题、偏差、安全事件及新安全威胁相关措施的跟进 | Reorganized & Integrated
重组与整合 | Incident management is formalized as a critical component of the overall Pharmaceutical Quality System, linking directly to deviation handling and CAPA, and explicitly included in periodic reviews.
事件管理作为整体药品质量体系的重要组成部分被正式确立,直接关联偏差处理和CAPA,并明确纳入周期性评审范围。 |
Electronic Signature
电子签名 | Electronic records may be signed electronically. Expected to: a. have the same impact as hand-written signatures within the company, b. be permanently linked to their respective record, c. include the time and date that they were applied.电子记录可通过电子方式签名,要求:a. 在公司内部具有与手写签名同等的效力;b. 与其对应的记录永久绑定;c. 包含签署的时间和日期。 | 13. Electronic Signatures: <br> 13.1 Scope: Applies where GMP requires a signature. <br> 13.2 Open systems: Must meet national/international requirements (e.g., trusted services) if system owner lacks full control. <br> 13.3 Re-authentication: System must enforce full re-authentication for signature (at least same security as login); subsequent signatures can use password/biometrics only. Smart card/PIN alone not acceptable. <br> 13.4 Date and time: System automatically logs date, time, and where applicable, time zone. <br> 13.5 Meaning: Clear when executing, prompts user for meaning (e.g., reviewer or approver). <br> 13.6 Manifestation: Displayed manifestation (on screen or print) includes full name, username, role, meaning, date, time, and time zone. <br> 13.7 Indisputability: Indisputable and equivalent to hand-written signatures. 13.8 Unbreakable link: Permanently linked to record; controls ensure signed record cannot be modified or clearly appears unsigned if changed. <br> 13.9 Hybrid solution: Measures to ensure changes to electronic record invalidate a wet-ink signature (e.g., hash code on signature page).
13. 电子签名:13.1 适用范围:适用于GMP要求签名的场景。13.2 开放系统:若系统所有者无法完全控制,应符合国家/国际相关要求(如可信服务)。13.3 重新认证:系统必须对签名操作强制执行完整的重新认证(至少与登录安全级别相同);后续签名可仅使用密码或生物识别。单独使用智能卡/PIN不可接受。13.4 日期和时间:系统自动记录签名的日期、时间及适用时区。13.5 签名含义:执行签名时需明确提示用户签名的含义(例如审核人或批准人)。13.6 签名显示:在屏幕或打印件上显示签名信息,包括全名、用户名、角色、签名含义、日期、时间及时区。13.7 不可否认性:电子签名不可否认,与手写签名等效。13.8 不可破坏的链接:签名与记录永久绑定;系统控制确保签名记录不可被修改,若有修改则明显显示未签名状态。13.9 混合解决方案:采取措施确保对电子记录的任何更改都会使手写签名失效(例如,在签名页使用哈希码)。 | Expanded & More Prescriptive
扩展与更详细规定 | Significantly strengthens electronic signature requirements, particularly for re-authentication (multi-factor for first use), display information, and ensuring the unbreakable link and indisputability, including new considerations for open systems and hybrid solutions.
显著加强了电子签名的要求,特别是在重新认证(首次使用需多因素认证)、签名信息展示、确保签名与记录之间的不可破坏链接及不可否认性方面,同时增加了开放系统及混合解决方案的新要求。 |
Batch Release
批放行 | When a computerised system is used for recording certification and batch release, the system should allow only Qualified Persons to certify the release of the batches and it should clearly identify and record the person releasing or certifying the batches. This should be performed using an electronic signature.
当计算机化系统用于记录产品放行和批次释放时,系统应仅允许合格人员(Qualified Persons,QP)进行批次放行的认证,并应清晰识别和记录执行放行或认证的人员身份。该操作应通过电子签名完成。 | No standalone section. Relevant aspects are integrated:
9.6 (Qualification and Validation - Focus): Includes "release of products and results" as a key functional requirement to test. <br> 12.8 (Audit Trails - Timeliness of review): Audit trail review should be conducted prior to batch release, unless justification exists. <br> 12.10 (Audit Trails - Availability to QP): Audit trail reviews with direct impact on product release should be available to the QP at batch release. <br> Electronic signatures themselves are comprehensively covered in section 13.相关内容整合说明:
该要求没有独立章节,而是融入了其他相关条款中:9.6(资格鉴定与验证—重点):将“产品及结果放行”列为关键功能测试项。12.8(审计追踪—审查时效性):审计追踪应在批次放行前完成审查,除非有合理例外。12.10(审计追踪—合格人员访问):对产品放行有直接影响的审计追踪应在放行时供合格人员查看。
电子签名的相关要求详见第13章。 | Reorganized & Integrated
结构调整 / 要求整合 | The specific requirements for batch release are not removed but are deeply embedded within the enhanced requirements for validation, audit trails, and electronic signatures, emphasizing the QP's oversight role through access to critical data and reviews.
对批次放行的具体要求并未取消,而是深度融合进了验证、审计追踪及电子签名的增强规定中,强调合格人员通过访问关键数据和审查履行监督职责。 |
Business Continuity
业务可持续性 | Provisions should be made to ensure continuity of support for critical processes in the event of a system breakdown (e.g., manual or alternative system). Time required to bring alternative arrangements into use should be based on risk and appropriate. Arrangements should be adequately documented and tested.
应制定措施,确保在系统故障时关键流程的持续支持(例如,采用手动操作或备用系统)。启用替代方案所需的时间应基于风险评估并且适当。相关安排应有充分的文件记录并经过测试。 | 15.7 (Security - Disaster recovery): A disaster recovery plan should be in place, tested, and available, ensuring continuity of operation within a defined Recovery Time Objective (RTO). <br> 16.6 (Backup - Restore test): Restore of data from backup should be tested and documented.15.7(安全—灾难恢复):应制定灾难恢复计划,进行测试并保持可用,确保在预定的恢复时间目标(Recovery Time Objective,RTO)内实现业务连续性。16.6(备份—恢复测试):备份数据的恢复操作应进行测试并有记录。 | Reorganized & Clarified
结构调整 / 澄清 | Business continuity is now explicitly addressed as part of the broader security and backup strategies, with a new emphasis on a defined Recovery Time Objective (RTO).
业务连续性现作为安全和备份策略的重要组成部分得到明确强调,特别突出预定义恢复时间目标(RTO)的要求。 |
Archiving
归档 | Data may be archived. Archived data should be checked for accessibility, readability and integrity. If relevant changes are to be made to the system (e.g. computer equipment or programs), then the ability to retrieve the data should be ensured and tested.
数据可以进行归档。归档的数据应定期检查其可访问性、可读性和完整性。如果对系统(如计算机设备或程序)进行相关更改,应确保并测试数据的可检索性。 | 17. Archiving: <br>17.1 Read only: GMP data and metadata (including audit trails) protected from deletion and changes throughout the retention period, e.g., by changing status to read-only or moving to a dedicated archival system via a validated interface. <br>17.2 Verification: Data integrity verified with a high degree of certainty (e.g., checksum) when moving data, before deletion. Manual verification if not possible. <br> 17.3 Backup: Archived data on a server should be regularly backed up, physically and logically separated from the archived data. <br> 17.4 Durability: Long-term archival on volatile media follows a validated process, ensuring data is stored for a verified duration and securely transferred to new media if needed. <br>17.5 Retrieval: Archived data and metadata should be retrievable in a searchable and sortable format.详细归档要求(第17条):17.1 只读保护:GMP数据及元数据(包括审计追踪)在保存期内应受保护,防止删除和更改,例如通过设置为只读状态或通过验证的接口转移至专用归档系统。17.2 完整性验证:在数据转移和删除前,应以高可靠性方式(如校验和)验证数据完整性;如果自动验证不可行,应进行人工核查。17.3 备份:归档数据应定期备份,且备份与归档数据物理和逻辑隔离。17.4 耐久性管理:易失介质上的长期归档应遵循验证的流程,确保存储时间经过验证,并在必要时安全迁移至新介质。17.5 可检索性:归档的数据和元数据应能以可搜索和可排序的格式检索。 | Expanded & More Prescriptive
扩展和更规范 | Significantly strengthens archiving requirements with specific details on read-only protection, data integrity verification during transfer, backup of archived data, management of media durability, and ensuring robust retrieval capabilities.
归档要求显著强化,明确了只读保护、完整性验证、备份隔离、介质管理及数据检索等关键细节,确保归档数据安全、完整和可用。 |
Pharmaceutical Quality System (PQS)
药品质量体系 | Not a standalone section; underlying GMP principles apply across all relevant activities
非独立章节;基本GMP原则适用于所有相关活动 | 3. Pharmaceutical Quality System: (New dedicated section) <br>3.1 Pharmaceutical quality system: Regulated user implements a PQS covering all computerised systems and personnel. It ensures: deviations are recorded/investigated with CAPA, changes are controlled with re-qualification/validation for significant changes, internal audits are conducted, regular management reviews occur, and senior management oversees control, allocates resources, and promotes data integrity/security culture.
3. 制药质量体系(PQS):(新增专门章节)3.1 制药质量体系:受监管的使用方应实施覆盖所有计算机化系统及人员的制药质量体系。该体系确保:
偏差被记录和调查,并采取纠正和预防措施(CAPA);
变更得到控制,对于重大变更进行再确认和再验证;
进行内部审核;
定期开展管理评审;
高层管理负责监督控制,分配资源,推动数据完整性和安全文化。 | New Dedicated Section
新增专章 | Formally integrates the management of computerised systems into the overarching Pharmaceutical Quality System, emphasizing senior management's responsibility and the importance of a data integrity culture within the organization.
该章节正式将计算机化系统管理纳入整体制药质量体系,强调高层管理的责任以及组织内数据完整性文化的重要性。 |
Alarms
报警 | Not a standalone section. System functionality for error handling was mentioned under Validation.
非独立章节。系统功能中对错误处理已有涉及(在验证章节中提及)。
| 8. Alarms: (New dedicated section) <br>8.1 Reliance on system: Alarms implemented when users rely on system notification for events impacting product quality, patient safety, or data integrity.
8.2 Settings: Limits and delays justified, set within validated specifications, and managed by approved procedures with appropriate access privileges. <br> 8.3 Signalling: Visible and/or audible signals for timely reaction. <br> 8.4 Acknowledgement: Critical alarms acknowledged by authorized users with a comment on why. 8.5 Log: All alarms and acknowledgements automatically added to an uneditable log with detailed information (name, date/time, user, comment). 8.6 Searchability and sortability: Alarm logs should be searchable and sortable. 8.7 Review: Appropriate periodic reviews based on approved procedures to evaluate acknowledgment, action, and identify trends
8. 报警:(新增专门章节)8.1 系统依赖:当用户依赖系统通知影响产品质量、患者安全或数据完整性的事件时,应设置报警。8.2 设置:报警的限值和延迟应有合理依据,设定在已验证的规格范围内,并通过经批准的程序和适当的权限进行管理。8.3 信号:应有可见和/或可听的信号,以确保及时响应。8.4 确认:关键报警需经授权用户确认,并附带确认原因的备注。8.5 记录:所有报警及确认自动记录到不可修改的日志中,详细信息包括姓名、日期/时间、用户、备注。8.6 可搜索与排序:报警日志应支持搜索和排序功能。8.7 审查:根据批准程序定期进行适当的审查,评估确认情况、采取的措施,并识别趋势。
| New Dedicated Section
新增专章 | Elevates the management of alarms to a critical aspect of system control, providing comprehensive and detailed requirements for their implementation, logging (uneditable), acknowledgment procedures, searchability, and regular, risk-based review.
该章节将报警管理提升为系统控制的重要环节,规定了报警的全面且详细的实施要求,包括日志不可修改、确认流程、日志可检索性及基于风险的定期审查。 |
Glossary
术语 | Definitions for: Application, Bespoke/Customised computerised system, Commercial off-the-shelf software, IT Infrastructure, Life cycle, Process owner, System owner, Third Party.
定义:应用程序、定制/定制计算机化系统、商用现货软件、IT基础设施、生命周期、流程所有者、系统所有者、第三方。 | Expanded definitions and new terms for:
ALCOA+, Application, Audit trail, Backup, Change control, Commercial off-the-shelf, Computerised System, Configuration, Customisation, Electronic record, Infrastructure, Migration, Multifactor authentication (MFA), Operating system, Qualification, Regulated user, Specification, Test case, User, User requirement specifications (URS), Validation, Verification.
涵盖以下术语的扩展定义和新增术语:ALCOA+、应用程序、审计追踪、备份、变更控制、商业现成软件(COTS)、计算机化系统、配置、定制化、电子记录、基础设施、迁移、多因素认证(MFA)、操作系统、确认、受监管用户、规格说明、测试用例、用户、用户需求规格(URS)、验证、核实 | Expanded & Updated
扩展与更新 | Reflects the new and expanded concepts within the updated annex, providing clearer and more numerous definitions for key terminology in the context of modern computerised systems and data integrity.
反映了最新附录中新引入和扩充的概念,旨在针对现代计算机化系统和数据完整性环境,提供更加清晰且丰富的关键术语解释。 |
|手机版|蒲公英|ouryao|蒲公英
( 京ICP备14042168号-1 ) 增值电信业务经营许可证编号:京B2-20243455 互联网药品信息服务资格证书编号:(京)-非经营性-2024-0033
发表于 
置顶卡
变色卡