发帖
每发1个新帖
可以获得0.5个丁当奖励
回帖

【技术产业】欧盟GMP附录－计算机系统管理部分

只看楼主
页码直达：
直达末页

楼主

丁香园版主

1楼

这个帖子发布于14年零243天前，其中的信息可能已发生改变或有所发展。

因为在8月份报名参加了翻译小组，因此尽快交上自己的翻译作业。

注释：欧盟的GMP是我比较喜欢的；结构清楚，内容翔实；比美国鬼子的文件强多了。

欧盟GMP——计算机系统附录11：
COMPUTERISED SYSTEMS

Personnel
1. It is essential that there is the closest co-operation between key personnel and those involved with computer systems. Persons in responsible positions should have the appropriate training for the management and use of systems within their field of responsibility which utilises computers. This should include ensuring that appropriate expertise is available and used to provide advice on aspects of design, validation, installation and operation of computerised system.
Validation
2. The extent of validation necessary will depend on a number of factors including the use to which the system is to be put, whether the validation is to be prospective or retrospective and whether or not novel elements are incorporated. Validation should be considered as part of the complete life cycle of a computer system. This cycle includes the stages of planning, specification, programming, testing, commissioning, documentation, operation, monitoring and modifying.
System
3. Attention should be paid to the siting of equipment in suitable conditions where extraneous factors cannot interfere with the system.
4. A written detailed description of the system should be produced (including diagrams as appropriate) and kept up to date. It should describe the principles, objectives, security measures and scope of the system and the main features of the way in which the computer is used and how it interacts with other systems and procedures.
5. The software is a critical component of a computerised system. The user of such software should take all reasonable steps to ensure that it has been produced in accordance with a system of Quality Assurance.
6. The system should include, where appropriate, built-in checks of the correct entry and processing of data.
7. Before a system using a computer is brought into use, it should be thoroughly tested and confirmed as being capable of achieving the desired results. If a manual system is being replaced, the two should be run in parallel for a time, as a part of this testing and validation.
8. Data should only be entered or amended by persons authorised to do so. Suitable methods of deterring unauthorised entry of data include the use of keys, pass cards, personal codes and restricted access to computer terminals. There should be a defined procedure for the issue, cancellation, and alteration of authorisation to enter and amend data, including the changing of personal passwords. Consideration should be given to systems allowing for recording of attempts to access by unauthorised persons.
9. When critical data are being entered manually (for example the weight and batch number of an ingredient during dispensing), there should be an additional check on the accuracy of the record which is made. This check may be done by a second operator or by validated electronic means.
10. The system should record the identity of operators entering or confirming critical data. Authority to amend entered data should be restricted to nominated persons. Any alteration to an entry of critical data should be authorised and recorded with the reason for the change. Consideration should be given to building into the system the creation of a complete record of all entries and amendments (an "audit trail").
11. Alterations to a system or to a computer program should only be made in accordance with a defined procedure which should include provision for validating, checking, approving and implementing the change. Such an alteration should only be implemented with the agreement of the person responsible for the part of the system concerned, and the alteration should be recorded. Every significant modification should be validated.
12. For quality auditing purposes, it should be possible to obtain clear printed copies of electronically stored data.
13. Data should be secured by physical or electronic means against wilful or accidental damage, in accordance with item 4.9 of the Guide. Stored data should be checked for accessibility, durability and accuracy. If changes are proposed to the computer equipment or its programs, the above mentioned checks should be performed at a frequency appropriate to the storage medium being used.
14. Data should be protected by backing-up at regular intervals. Back-up data should be stored as long as necessary at a separate and secure location.
15. There should be available adequate alternative arrangements for systems which need to be operated in the event of a breakdown. The time required to bring the alternative arrangements into use should be related to the possible urgency of the need to use them. For example, information required to effect a recall must be available at short notice.
16. The procedures to be followed if the system fails or breaks down should be defined and validated. Any failures and remedial action taken should be recorded.
17. A procedure should be established to record and analyse errors and to enable corrective action to be taken.
18. When outside agencies are used to provide a computer service, there should be a formal agreement including a clear statement of the responsibilities of that outside agency (see Chapter 7).
19. When the release of batches for sale or supply is carried out using a computerised system, the system should allow for only a Qualified Person to release the batches and it should clearly identify and record the person releasing the batches.

邀请讨论

搜索

2006-08-18 20:30 浏览 : 940 回复 : 1

投票
收藏 1
打赏
引用
分享
- 微信扫一扫
- 新浪微博
- 丁香客
- 复制网址
举报
- 广告宣传推广
- 政治敏感、违法虚假信息
- 恶意灌水、重复发帖
- 违规侵权、站友争执
- 附件异常、链接失效
- 其他

• 理性讨论：2021主治考试到底难不难？

楼主

zhulikou431

丁香园版主

+1 积分
2楼

欧盟GMP——计算机系统附录11：

人员
主要人员与参与计算机工作的人员之间的紧密合作是非常有必要的。管理人员，若其工作领域需要使用到计算机系统，则应当接受合理管理和使用计算机系统的培训。这样的话，可以确保每个人接受并使用专业的计算机知识，并就计算机系统的设计、严整、安装和操作提供个人的建议。
验证
计算机系统验证的范围将根据一系列的因素来决定，包括在哪一个系统中使用的计算机，是否进行前验证还是回顾性验证，是否要将一些未知因素包含进计算机系统的验证等。验证应当被认为是计算机系统“生命循环”中的一个部分。这个“循环”包括企划、定标准、编程、测试、试运行、文档管理、操作、监控和更换等各个阶段。
系统
应当注意设备摆放的位置，应当摆放在合适的位置，这样防止外来因素干扰系统的工作。

应当为系统准备一份书面的详细介绍（如果合适的话，要包含图纸），并要随时更新。在书面介绍中，应当描述系统的使用原则、目的、安全措施和适用范围，计算机使用时的主要特征，及在与其他系统和程序怎样互相作用。

软件是计算机系统的重要组成部分。软件的使用者应当通过所有合理的步骤确保软件的生产符合质量保证的系统。

系统应当包含数据的正确输入和处理的内部复核功能。

在计算机化系统使用之前，应当对系统进行彻底的检验并确认通过系统可以获得理想的结果。当一个人工系统被取代时，两套系统（人工和计算机）应当同时进行操作，作为检验和验证的一部分。

数据的输入或修改只能由获授权的人员进行。应当采取措施来杜绝未经许可数据的输入、钥匙的使用、密码卡、个人密码和限制计算机终端的访问。应当有一个制定的规程来规定输入和修改数据，以及个人密码的权限的授予、取消和更改。同时应当考虑系统可以记录下那些企图访问数据的未经授权的人员。

当人工输入重要数据时（例如在称重过程中输入物料的重量和批号），应当复核输入记录的准确性。这个复核可以由另外一个操作人员执行或通过经验证的电子方式进行。

计算机系统应当记录下输入或确认重要数据的人员身份。修改已输入数据的权限只应局限于部分人员。每一次修改一个已输入的数据应当经过授权，并记录下更改数据的原因。应当考虑到使得系统能够建立一个完整的输入和修改记录（作为“审计跟踪”）。

系统的更换或者一个计算机程序的更换应当根据设定的规程来进行，这个规程应当包括对于验证、监察、审核和执行更换的规定。系统更换或者计算机程序的更换应当经过计算机系统的负责人员的认同，并且将更换记录下来。每一个重要的更改都应当经过验证。

为了进行质量检查，可能的话，可以将储存的电子数据做成打印文稿。

可以通过实物方法或电子方法保护数据，防止故意的或意外的损害，也要符合本法规的4.9条。所处损的数据应当检查其可访问性、耐久性和准确性。如果需要更换计算机设备或其程序，应当根据与其所使用的存储介质所相应的频度进行上述复核。

在常规时间间隔情况下，应当通过备份数据来保护数据。备份数据应当储存在另外一个分开的、安全的地点。

如果系统崩溃，应当为系统操作准备一个备用的方案。要将被用方案付诸使用的时间应当与需要使用的紧急程度相关。例如，需要召回产品就应当在短时间内立即完成。

一旦系统出现错误或崩溃，则应当按照一定的、经过验证操作规程来执行。所发生的错误和补救措施应当进行记录。

应当建立一个规程来记录和分析可能出现的错误，和应当采取的更正措施。

当使用到公司外包代理商提供计算机服务时，应当与外包商之间有正式的协议书，明确阐述外包商的职责（见第7章）。

当计算机系统用来放行销售产品时，计算机系统应当能够辨认只有授权人员能够放行产品，且能够辨认和记录放行产品的人员身份。

2006-08-18 20:35

投票
收藏 1
打赏
引用
分享
- 微信扫一扫
- 新浪微博
- 丁香客
- 复制网址
举报
- 广告宣传推广
- 政治敏感、违法虚假信息
- 恶意灌水、重复发帖
- 违规侵权、站友争执
- 附件异常、链接失效
- 其他

• 微塑料成为病原体和抗药性细菌的“中心”

科技动态

【技术产业】欧盟GMP附录－计算机系统管理部分

提示

丁香园旗下网站

关于丁香园

官方链接

科技动态

分享到：

微信扫一扫

【技术产业】欧盟GMP附录－计算机系统管理部分

微信扫一扫

微信扫一扫

提示

丁香园旗下网站

关于丁香园

官方链接