FDA指南:《数据完整性和GMP符合性问答》-2018终稿(中英文对照版)
2018年12月12日,FDA发布了行业指南<Data Integrity and Compliance With Drug CGMP数据完整性和GMP符合性问答>终稿,期中包括18个问题的解答,如下:
1. Please clarify the following terms as they relate to CGMP records:
1.因涉及CGMP记录,请明确以下术语:
a. What is “data integrity”?
a. 什么是“数据完整性”
For the purposes of this guidance, data integrity refers to the completeness, consistency, and accuracy of data. Complete, consistent, and accurate data should be attributable, legible, contemporaneously recorded, original or a true copy, and accurate (ALCOA).5
就本指南而言,数据完整性是指数据的完全性、一致性和准确性。完全、一致和准确的数据应当具有可归属性(attributable)、清晰可辨性(legible)、即时性(contemporaneously)被记录、原始性(original)或真实有效副本,和准确性(accurate)(ALCOA)。
These characteristics are important to ensuring data integrity and are addressed throughout the CGMP regulations for drugs. For attributable, see §§ 211.101(d), 211.122, 211.186, 211.188(b)(11), and 212.50(c)(10); for legible, see §§ 211.180(e) and 212.110(b); for contemporaneously recorded (at the time of performance), see §§ 211.100(b) and 211.160(a); for original or a true copy, see §§ 211.180 and 211.194(a); and for accurate, see §§ 211.22(a), 211.68, 211.188, and 212.60(g).
这些特性对于可确保数据完整性非常重要,并在药品CGMP法规中得到解决。对于归属性,参见see §§ 211.101(d)、211.122、211.186、211.188(b)(11),和212.50(c)(10);对于清晰可辨性,参见§§ 211.180(e)和212.110(b);对于(在操作当场)即时性被记录,参见§§ 211.100(b)和211.160(a);对于原始或真实有效副本,参见§§ 211.180和211.194(a);对于准确性,参见§§ 211.22(a)、211.68、211.188和212.60(g)。
Data integrity is critical throughout the CGMP data life cycle, including in the creation, modification, processing, maintenance, archival, retrieval, transmission, and disposition of data after the record’s retention period ends.6 System design and controls should enable easy detection of errors, omissions, and aberrant results throughout the data’s life cycle.
数据完整性在CGMP 数据生命周期中至关重要, 包括数据的创建、修改、加工、保存、归档、检索、传输和在记录保存期结束后的处置。系统设计和控制应确保数据在整个生命周期内易于检测错误、遗漏和异常结果。
b. What is “metadata”?
b. 什么是“元数据”
Metadata is the contextual information required to understand data. A data value is by itself meaningless without additional information about the data. Metadata is often described as data about data. Metadata is structured information that describes, explains, or otherwise makes it easier to retrieve, use, or manage data. For example, the number “23” is meaningless without metadata, such as an indication of the unit “mg.” Among other things, metadata for a particular piece of data could include a date/time stamp documenting when the data were acquired, a user ID of the person who conducted the test or analysis that generated the data, the instrument ID used to acquire the data, material status data, the material identification number, and audit trails.
元数据是了解数据所需的上下文信息。没有关于数据的附加信息,数据值本身是没有意义的。元数据通常被描述为有关数据的数据。元数据是描述、解释或以其它方式更容易地获取、使用或管理数据的结构化信息。例如,数字“23”在没有元数据的情况下,如单位“mg”,是毫无意义的。此外,一条特定数据的元数据可以包括记录数据获取时间的日期/时间戳、执行产生数据的检验或分析人员的用户ID、用于采集数据的仪器ID、物料状态数据、物料标识编码和审计跟踪等。
Data should be maintained throughout the record’s retention period with all associated metadata required to reconstruct the CGMP activity (e.g., §§ 211.188 and 211.194). The relationships between data and their metadata should be preserved in a secure and traceable manner.
数据应在整个记录的保存期内保持,并包含重建CGMP活动(例如,§§ 211.188 and211.194)所需的所有相关元数据。数据及其元数据之间的关系应以安全和可追踪的方式加以保存。
c. What is an “audit trail”?
c. 什么是“审计追踪”
For purposes of this guidance, audit trail means a secure, computer-generated, time-stamped electronic record that allows for reconstruction of the course of events relating to the creation, modification, or deletion of an electronic record. For example, the audit trail for a high performance liquid chromatography (HPLC) run should include the user name, date/time of the run, the integration parameters used, and details of a reprocessing, if any. Documentation should include change justification for the reprocessing.
就本指南而言,审计追踪是指安全的、计算机生成的、带时间戳的电子记录,允许重建与电子记录创建、修改或删除相关的事件过程。例如,高效液相色谱(HPLC)运行的审计追踪应包括用户名、运行日期/时间、使用的积分参数,以及再处理(如有)的详细信息,包括再处理的变更理由。
Audit trails include those that track creation, modification, or deletion of data (such as processing parameters and results) and those that track actions at the record or system level (such as attempts to access the system or rename or delete a file).
电子审计追踪包括那些对数据(例如处理参数和结果)创建、修改或删除的跟踪以及那些在记录和系统层面的跟踪行动(例如试图访问系统或重命名或删除文件)。
CGMP-compliant record-keeping practices prevent data from being lost or obscured and ensure that activities are documented at the time of performance (see §§ 211.68, 211.100, 211.160(a), 211.188, and 211.194). Electronic record-keeping systems, which include audit trails, can support these CGMP requirements.
符合CGMP的记录保存做法防止数据丢失或模糊,并确保在执行活动时记录(见§§ 211.160(a), 211.194, and212.110(b))。电子记录保存系统,其中包括审计追踪,能够满足这些CGMP要求。
d. How does FDA use the terms “static” and “dynamic” as they relate to record formats?
d. 当涉及到记录形式时,FDA如何使用术语“静态”和“动态”?
For the purposes of this guidance, static is used to indicate a fixed-data record such as a paper record or an electronic image, and dynamic means that the record format allows interaction between the user and the record content. For example, a dynamic chromatographic record may allow the user to change the baseline and reprocess chromatographic data so that the resulting peaks may appear smaller or larger. It also may allow the user to modify formulas or entries in a spreadsheet used to compute test results or other information such as calculated yield.
就本指南而言,静态用于表示固定数据的文件,例如纸质记录或电子图像,动态指记录形式允许用户和记录内容之间进行交互。例如,动态色谱记录可以允许用户更改基线、重新处理色谱数据从而使得所得到峰可能更大或更小。还允许用户修改电子表格中用于计算测试结果或其它信息(例如计算出的结果)的公式或条目。
e. How does FDA use the term “backup” in § 211.68(b)?
e. FDA如何使用§ 211.68(b)中的术语“备份”?
FDA uses the term backup in § 211.68(b) to refer to a true copy of the original record that is maintained securely throughout the record retention period (e.g., § 211.180). Backup data must be exact, complete, and secure from alteration, inadvertent erasures, or loss (§ 211.68(b)). The backup file should contain the data (which includes associated metadata) and should be in the original format or in a format compatible with the original format.
FDA使用§ 211.68(b)中的术语“备份”用来指在整个记录保存期间安全地保存的原始数据的真实有效副本(例如,§211.180)。备份文件应包含数据(包括相关元数据),并应以原始格式或与原始格式兼容的格式保存。
FDA’s use of the term backup is consistent with the term archive as used in guidance for industry and FDA staff General Principles of Software Validation.
FDA在行业指南和软件验证一般原则草案中对 备份 一词与 归档 一词的使用是一致的。
Temporary backup copies (e.g., in case of a computer crash or other interruption) would not satisfy the requirement in § 211.68(b) to maintain a backup file of data.
临时备份副本 (例如, 在计算机崩溃或其他中断的情况下) 不符合§ 211.68(b) 中保存数据备份文件的要求。
f. What are the “systems” in “computer or related systems” in § 211.68?
f. § 211.68中,在“计算机或相关系统”中的“系统”是什么?
The American National Standards Institute (ANSI) defines systems as people, machines, and methods organized to accomplish a set of specific functions.7 Computer or related systems can refer to computer hardware, software, peripheral devices, networks, cloud infrastructure, personnel, and associated documents (e.g., user manuals and standard operating procedures).8
美国国家标准学会(ANSI)定义系统为包括人、机器和方法形成的组织以完成一系列的特定功能。计算机或相关系统指计算机硬件、软件、外围设备、网络、云基础设施、人员和相关文件(例如,用户手册和标准操作规程)。
2. When is it permissible to invalidate a CGMP result and exclude it from the determination of batch conformance?
2.何时允许将CGMP数据判定为无效并不考虑作为批次符合性的判定?
Data created as part of a CGMP record must be evaluated by the quality unit as part of release criteria (see §§ 211.22 and 212.70) and maintained for CGMP purposes (e.g., § 211.180).9 Electronic data generated to fulfill CGMP requirements include relevant metadata required to reconstruct the CGMP activity captured in the record. Invalidating test results to exclude them from quality unit decisions about conformance to a specification requires a valid, documented, scientifically sound justification. See, for example, §§ 211.160(b), 211.188, 211.192, and 212.71(b) and the guidance for industry Investigating Out-of-Specification (OOS) Test Results for Pharmaceutical Production. Even if test results are legitimately invalidated on the basis of a scientifically sound investigation, the full CGMP batch record provided to the quality unit would include the original (invalidated) data, along with the investigation report that justifies invalidating the result. The requirements for record retention and review do not differ depending on the data format; paper-based and electronic data record-keeping systems are subject to the same requirements.
作为CGMP记录的一部分所创建的任何数据必须作为放行标准的一部分由质量部门评估(见§§211.22和212.70),并予以保存以符合CGMP(例如,§ 211.180)。为满足CGMP要求产生的电子数据应包括用以重建所记录CGMP活动的相关元数据。若要判定检测结果无效并不考虑作为批次符合性标准的判定,必须有一个有效的、有据可查的、科学合理上的理由(见参见§§8 211.160(b)、第211 188、211. 192 和 212.71(b)和
9 For purposes of this guidance, the term quality unit is synonymous with the term quality control unit. For the definition of quality control unit, see § 210.3(b)(15).
9 在本指南中, 质量部门 一词是 质量控制部门 一词的同义词。有关质量控制部门的定义, 请参见§ 210.3(b)(15)。
In computer science, validation refers to ensuring that software meets its requirements. However, this may not meet the definition of process validation as found in guidance for industry Process Validation: General Principles and Practices: “The collection and evaluation of data … which establishes scientific evidence that a process is capable of consistently delivering quality products.” See also ICH guidance for industry Q7 Good Manufacturing Practice Guide for Active Pharmaceutical Ingredients, which defines validation as providing assurance that a specific process, method, or system will consistently produce a result meeting predetermined acceptance criteria. For purposes of this guidance, validation is being used in a manner consistent with the above guidance documents.
在计算机科学中, 验证是指确保软件满足其要求。然而, 这可能FDA行业指南<工艺验证:一般原则和规范>中对工艺验证的定义:数据的收集和评估,建立工艺能够持续生产出符合其质量的产品的科学证据。另请参阅ICH Q7 关于活性药物成分GMP指南, 该指南将验证定义为保证特定的工艺、方法或系统将持续产生预先制定的接受标准的结果。因此,验证的使用方式与上述指导文件一致。
3. Does each CGMP workflow on a computer system need to be validated?
3.我们计算机系统上的每个工作流均需要被验证吗?
Yes, a CGMP workflow, such as creation of an electronic master production and control record (MPCR), is an intended use of a computer system to be checked through validation (see §§ 211.63, 211.68(b), and 211.110(a)). The extent of validation studies should be commensurate with the risk posed by the automated system. When the same system is used to perform both CGMP and non-CGMP functions, the potential for non-CGMP functions to affect CGMP operations should be assessed and mitigated appropriately.10
是的,工作流,例如电子主生产和控制记录(MPCR)的创建,是需要通过验证来检查的计算机系统预期用途(见§§211.63,211.68(b)和 211.110(a))。验证研究的范围应与自动化系统带来的风险相称。当使用同一系统同时履行CGMP和非CGMP功能时, 应适当评估和减轻非CGMP功能影响CGMP操作的可能性。
If you validate the computer system but you do not validate it for its intended use, you cannot know if your workflow runs correctly.11 For example, qualifying the Manufacturing Execution System (MES) platform, a computer system, ensures that it meets its relevant requirements and specifications; however, it does not demonstrate that a given MPCR generated by the MES contains the correct calculations. In this example, validating the workflow ensures that the intended steps, requirements, and calculations in the MPCR are accurate and perform properly. This is similar to reviewing a paper MPCR and ensuring all supporting procedures are in place before the MPCR is implemented in production (see §§ 211.100, 211.186, and 212.50(b) and the guidance for industry PET Drugs—Current Good Manufacturing Practice (CGMP)).
如果你验证了计算机系统,但是没有验证其预期用途,你无法得知你的工作流是否正确运行。例如,确认制造执行系统(MES)平台(一种计算机系统),以确保其符合需求和标准;然而没有证明由MES产生的MPCR包含正确的计算。在此例中,工作流可确保MPCR中的预期步骤、要求和计算是准确的,并得到正确执行。这类似于审查纸质MPCR并确保MPCR在车间实施之前,所有支持性规程都能到位。(见§§ 211.100,211.186,212.50(b),和
FDA recommends you implement appropriate controls to manage risks associated with each element of the system. Controls that are appropriately designed to validate a system for its intended use address software, hardware, personnel, and documentation.
FDA建议采取适当的控制以管理与系统每个要素相关的风险。采取适当的控制以验证系统符合其预期用途,包括软件、硬件、人员和文档。
4. How should access to CGMP computer systems be restricted?
4.如何限制对CGMP计算机系统的访问?
You must exercise appropriate controls to assure that changes to computerized MPCRs or other CGMP records or input of laboratory data into computerized records can be made only by authorized personnel (§ 211.68(b)). Other examples of records for which control should be restricted to authorized personnel include automated visual inspection records, electronic materials management system records, and automated dispensing system weighing records. FDA recommends that you restrict the ability to alter specifications, process parameters, data, or manufacturing or testing methods by technical means where possible (e.g., by limiting permissions to change settings or data).
你必须采取适当的控制以确保对计算机化MPCR或其它CGMP记录的更改,或将实验室数据输入计算机化记录,仅能由经授权人员执行(§ 211.68(b))。其它应仅限于经授权人员的记录示例包括,自动灯检记录、电子物料管理系统记录和自动配药系统称量记录。FDA建议,如果可能,通过技术手段限制对标准、工艺参数、数据,或生产或检验方法的更改(例如,限制设置或数据的更改权限)。
The system administrator role, including any rights to alter files and settings, should be assigned to personnel independent from those responsible for the record content. To assist in controlling access, it is important that manufacturers establish and implement a method for documenting authorized personnel’s access privileges for each CGMP computer system in use (e.g., by maintaining a list of authorized individuals) (see § 211.68(b)).
系统管理员角色 (包括更改文件和设置的任何权限) 应分配给独立于对记录内容负责的人员。为控制访问, 生产商必须建立并实施一种方法,用于记录授权人员对使用中的每个CGMP计算机系统的访问权限(例如,通过维护授权个人的列表)(参见§211.68(b))。
5. Why is FDA concerned with the use of shared login accounts for computer systems?
5.为什么FDA关注计算机系统共用登录账户的使用?
When login credentials are shared, a unique individual cannot be identified through the login and the system would not conform to the CGMP requirements in parts 211 and 212. FDA requires that system controls, including documentation controls, be designed in accordance with CGMP to assure product quality (e.g., §§ 211.100 and 212.50). For example, you must implement documentation controls that ensure that the actions as described in question 4 are attributable to a specific individual (see §§ 211.68(b), 211.188(b)(11), 211.194(a)(7) and (8), and 212.50(c)(10)).
当使用共享账号,无法通过登录识别唯一的个人,并且系统也不符合Part211和Part212的CGMP要求。FDA要求系统控制,包括文件控制,应按照CGMP((例如, §§21.100 和 211.100))设计以确保产品质量 。例如,你必须实施文件控制,以确保问题4中描述的操作可追溯至特定的个人(见 211.68(b)、211.188(b)(11)、211.194(a)(7) 和 (8) 和 212.50(c)(10))。
Shared, read-only user accounts that do not allow the user to modify data or settings are acceptable for viewing data, but they do not conform with the part 211 and 212 requirements for actions, such as second person review, to be attributable to a specific individual.
共享账户,但是不允许用户修改数据或设置的只读帐户以查看数据是可以接受的, 但它们的某些活动(如第二人审核),是不符合第211和212部分关于可追溯至特定个人的操作要求的。
6. How should blank forms be controlled?
6.应如何控制空白文件?
There must be document controls in place to assure product quality (see §§ 211.100, 211.160(a), 211.186, 212.20(d), and 212.60(g)). For example, bound paginated notebooks, stamped for official use by a document control group, provide good document control because they allow easy detection of unofficial notebooks as well as any gaps in notebook pages. If used, blank forms (e.g., electronic worksheets, laboratory notebooks, and MPCRs) should be controlled by the quality unit or by another document control method. As appropriate, numbered sets of blank forms may be issued and should be reconciled upon completion of all issued forms. Incomplete or erroneous forms should be kept as part of the permanent record along with written justification for their replacement (see, e.g., §§ 211.192, 211.194, 212.50(a), and
212.70(f)(1)(vi)). All data required to recreate a CGMP activity should be maintained as part of the complete record.
必须有文件控制以确保产品质量(见§§ 211.100,211.160(a),211.186,212.20(d)和212.60(g))。例如,装订有页码的记录本,由文件控制小组盖章才可正式使用,提供了良好的文档控制,因为它们可以方便地检测非正式的记录本以及记录本中的任何缺页。FDA建议,如果使用的话,空白表格(如记录表电子版、实验室记录本和MPCR)应由质量部门或由其它文件控制方法控制。可酌情发放编好号的一套空白表格,并在完成后对所有已发放的表格进行核对。不完整或错误的表格应作为永久记录的一部分留存,并附有更换这些表格的书面说明(例如,见§§ 211.192,211.194,212.50(a)和212.70(f)(1)(vi))。用以重建CGMP活动所需的所有数据都应作为完整记录的一部分加以保存。
7. Who should review audit trails?
7.谁应该审核审计追踪?
Audit trail review is similar to assessing cross-outs on paper when reviewing data. Personnel responsible for record review under CGMP should review the audit trails that capture changes to data associated with the record as they review the rest of the record (e.g., §§ 211.22(a), 211.101(c) and (d), 211.103, 211.182, 211.186(a), 211.192, 211.194(a)(8), and 212.20(d)). For example, all production and control records, which includes audit trails, must be reviewed and approved by the quality unit (§ 211.192). The regulations provide flexibility to have some activities reviewed by a person directly supervising or checking information (e.g., § 211.188). FDA recommends a quality system approach to implementing oversight and review of CGMP records.12
审计追踪类似于在审核数据时评估纸质版上面的划线删除。负责记录审核的人员应审核审计追踪以捕捉与记录相关的数据更改(e.g., §§ 211.22(a), 211.101(c) and (d), 211.103, 211.182, 211.186(a), 211.192, 211.194(a)(8), and 212.20(d))。例如, 所有生产和控制记录, 包括审计跟踪, 都必须由质量部门审核和批准 (第211.192 节)。法规提供了灵活性,可以由直接监督或检查信息的人员来审核某些活动(例如,§211.188)。 FDA建议采用质量体系方法来实施对CGMP记录的监督和审查。
8. How often should audit trails be reviewed?
审计追踪应当多久审核一次?
If the review frequency for the data is specified in CGMP regulations, adhere to that frequency for the audit trail review. For example, § 211.188(b) requires review after each significant step in manufacture, processing, packing, or holding, and § 211.22 requires data review before batch release. In these cases, you would apply the same review frequency for the audit trail.
如果CGMP规定了数据审核频率,请按照该频率进行审计追踪审核。例如,§211.188(b) 要求在生产、加工、包装或贮存的每个重要步骤之后进行审核, §211.22 要求在批放行之前进行数据审核。在这些情况下, 需要对审核跟踪使用相同的审核频率。
If the review frequency for the data is not specified in CGMP regulations, you should determine the review frequency for the audit trail using knowledge of your processes and risk assessment tools. The risk assessment should include evaluation of data criticality, control mechanisms, and impact on product quality.13
如果CGMP法规中没有规定数据的审核频率, 则应应用工艺知识和风险评估工具来确定审计追踪的审核频率。风险评估应包括对数据关键性、控制机制,以及对产品质量的影响的评价。
Your approach to audit trail review and the frequency with which you conduct it should ensure that CGMP requirements are met, appropriate controls are implemented, and the reliability of the review is proven.
审计追踪审核的方法以及执行的频率应确保符合CGMP要求, 实施适当的控制, 并证明审核的可靠性。
See the audit trail definition in 1.c. above for further information on audit trails.
有关审计追踪的更多信息, 请参见上文 1. c. 中的审计追踪定义。
9. Can electronic copies be used as accurate reproductions of paper or electronic records?
电子拷贝能否作为纸质或电子记录的准确复制品?
Yes. Electronic copies can be used as true copies of paper or electronic records, provided the copies preserve the content and meaning of the original record, which includes all metadata required to reconstruct the CGMP activity and the static or dynamic nature of the original records.
可以。电子拷贝可以作为纸质或电子记录的真实副本,前提是该拷贝中保存了原始记录的内容和内涵,其中应包括重现CGMP活动所需的所有元数据以及原始记录的静态或动态属性。
True copies of dynamic electronic records may be made and maintained in the format of the original records or in a format that allows for the content and meaning of the original records to be preserved if a suitable reader and copying equipment (e.g., software and hardware, including media readers) are readily available (§§ 211.180(d) and 212.110).
动态电子记录的真实拷贝件可以以原始记录的格式来创建和保存,或者,若有配备适当的阅读器和拷贝设备时(例如软件、硬件,包括媒体阅读器)(§211.180(d)和212.110),以允许原始记录的内容和含义均得以保存的格式来创建和保存。
10. Is it acceptable to retain paper printouts or static records instead of original electronic records from stand-alone computerized laboratory instruments, such as an FT-IR instrument?
对于单独的计算机化实验室仪器,例如FT-IR(傅立叶变换红外光谱)仪,保存纸质打印记录或静态记录而不是原始电子记录是否可接受?
A paper printout or static record may satisfy retention requirements if it is the original record or a true copy of the original record (see §§ 211.68(b), 211.188, 211.194, and 212.60). During data acquisition, for example, pH meters and balances may create a paper printout or static record as the original record. In this case, the paper printout or static record, or a true copy, must be retained (§ 211.180).
如果是原始记录或原始记录的真实拷贝,纸质打印记录或静态记录可满足保存要求(见§§211.68(b),211.188,211.194和212.60)。在数据采集过程中,例如,pH计和天平可能产生纸质打印记录或静态记录作为原始记录。在这种情况下,纸质打印记录或静态记录,或真实有效副本必须被保存(§211.180)。
However, electronic records from certain types of laboratory instruments—whether stand-alone or networked—are dynamic, and a printout or a static record does not preserve the dynamic record format that is part of the complete original record. For example, the spectral file created by FT-IR (Fourier transform infrared spectroscopy) is dynamic and can be reprocessed. However, a static record or printout is fixed and would not satisfy CGMP requirements to retain original records or true copies (§ 211.180(d)). Also, if the full spectrum is not displayed in the printout, contaminants may be excluded.
然而,某些类型的实验室仪器(不论是单机的或联网的)产生的电子记录是动态的,而打印记录或静态记录无法以动态记录格式保存,动态记录格式又是完整原始记录的一部分。例如,FT-IR(傅里叶变换红外光谱法)产生的光谱文件是动态的且可进行后处理。然然而静态记录或打印输出的记录是固定不变的且不能满足CGMP对于保存原始数据或真实副本的要求((§ 211.180(d)))。另外,如果打印记录没有显示全波段光谱,污染物的光谱可能会被排除在外。
You must ensure that original laboratory records, including paper and electronic records, are subject to second-person review (§ 211.194(a)(8)) to make certain that all test results and associated information are appropriately reported. Similarly, in microbiology, a contemporaneous written record is maintained of the colony counts of a petri dish, and the record is then subject to second-person review.
你必须确保原始实验室记录(包括纸质和电子记录)由他人进行审核,从而确保正确的报告了所有的检测结果和相关的信息。同样的,在微生物检验中,保持培养皿的菌落计数的同时书面记录,然后记录提交给第二个人员审核。
Document control requirements in § 211.180 pertain only to CGMP records.
§211.180中的文件控制要求仅适用于CGMP记录。
For more information on static and dynamic records, see 1.d. in this guidance. For PET drugs, see the guidance for industry PET Drugs—Current Good Manufacturing Practice (CGMP) for discussion of equipment and laboratory controls, including regulatory requirements for records.
更多静态和动态记录相关信息,请参见本指南1.d部分。对于PET药品,请参见PET药品行业指南—cGMP对设备和实验室控制的讨论,包括对记录的监管要求。
11. Can electronic signatures be used instead of handwritten signatures for master production and control records?
对于主生产和控制记录,可否使用电子签名替代手写签名?
Yes, electronic signatures with the appropriate controls can be used instead of handwritten signatures or initials in any CGMP required record. Although § 211.186(a) specifies a “full signature, handwritten,” an electronic signature with the appropriate controls to securely link the signature with the associated record fulfills this requirement (21 CFR 11.2(a)). See part 11, which establishes criteria for when electronic signatures are considered the legally binding equivalent of handwritten signatures. Firms using electronic signatures should document the controls used to ensure that they are able to identify the specific person who signed the records electronically.
可以,任何CGMP要求的记录均可用适当受控的电子签名代替手写签名或首字母缩写。尽管§ 211.186(a)指定“完整签名,手写”,适当受控的能够安全地链接到相关记录的电子签名可满足这一要求(21 CFR 11.2(a))。这与Part 11一致,在这一部分建立了何时电子签名与手写签名具有同等法律效力的标准。使用电子签名的企业应记录用于确保其能够识别出对这些记录签署电子签名的特定人员的控制措施。
There is no requirement for a handwritten signature for the MPCR in the PET CGMP regulations (21 CFR part 212).
在PET CGMP法规(21 CFR 212)中没有对MPCR的手书签名要求。
12. When does electronic data become a CGMP record?
电子数据何时成为CGMP记录?
When generated to satisfy a CGMP requirement, all data become a CGMP record.14 You must document, or save, the data at the time of performance to create a record in compliance with CGMP requirements, including, but not limited to, §§ 211.100(b) and 211.160(a).
所有为满足CGMP要求而生成的数据均为CGMP记录。在执行创建符合GCMP要求(包括但不限于§§ 211.100(b)和211.160(a))的记录时,你必须记录或保存这些数据。
FDA expects processes to be designed so that data required to be created and maintained cannot be modified without a record of the modification. For example, chromatographic data should be saved to durable media upon completion of each step or injection (e.g., peak integration or processing steps; finished, incomplete, or aborted injections) instead of at the end of an injection set, and changes to the chromatographic data or injection sequence should be documented in an audit trail. Aborted or incomplete injections should be captured in audit trails and should be investigated and justified.
FDA期望企业能够设计出一套能防止要求创建和维护的质量数据在没有修改记录的情况下被修改的程序。例如,色谱图应在每一步骤或每一次进样(例如峰值积分或处理步骤;完成,未完成,或终止进样)完成后,而不是在一个进样组运行结束后,即被保存至耐用的媒介。色谱数据或进样顺序的变化应在审计追踪中被记录。终止或未完成的进样针应该在审计追踪时被识别并进行调查和论证。
It is not acceptable to record data on pieces of paper that will be discarded after the data are transcribed to a permanent laboratory notebook (see §§ 211.100(b), 211.160(a), and 211.180(d)). Similarly, it is not acceptable to store electronic records in a manner that allows for manipulation without creating a permanent record.
将数据记录在纸片上,随后誊抄到永久实验记录本上并将纸片丢弃的行为是不允许的(参考§§ 211.100(b), 211.160(a),和315 211.180(d))。同样地,在创建永久记录前,以允许操作而不创建永久记录的方式存储电子记录是不允许的。
You may employ a combination of technical and procedural controls to meet CGMP documentation practices for electronic systems. For example, a computer system, such as a Laboratory Information Management System (LIMS) or an Electronic Batch Record (EBR) system, can be designed to automatically save after each entry. This would be similar to indelibly recording each entry contemporaneously on a paper batch record to satisfy CGMP requirements. The computer system described above could be combined with a procedure requiring data be keyed in or otherwise entered immediately when generated.
可以综合使用技术手段和程序控制来满足CGMP对电子系统的文档规范。例如,计算机系统,如电子信息管理系统(LIMS)或电子批记录(EBR)系统,可以被设计为每次录入后自动保存。这与同时在纸质批记录上不可去除的记录每个条目以满足CGMP的要求是类似的。上述计算机系统可以与一个要求数据产生后立即键入或以其他方式录入的程序相结合。
For PET drugs, see the “Laboratory Controls” section of the guidance for industry PET Drugs—Current Good Manufacturing Practice (CGMP).
对于PET药品,见PET药品—现行CGMP行业指南的“实验室控制”部分。
14 Under section 704(a) of the FD&C Act, FDA inspections of manufacturing facilities “shall extend to all things therein (including records, files, papers, processes, controls, and facilities) bearing on whether prescription drugs [and] nonprescription drugs intended for human use ... are adulterated or misbranded ... or otherwise bearing on violation of this chapter.” Accordingly, FDA routinely requests and reviews records not intended to satisfy a CGMP requirement but which nonetheless contain CGMP information (e.g., shipping or other records that may be used to reconstruct an activity).
根据FD&C法案第704(a)节,FDA对生产设施的检查“应扩展到其中的所有内容(包括记录,文件,文件,工艺,控制和设施),与处方药[和]非处方药是否用于 人类使用......掺假或贴错标签......或以其他方式违反本章。“因此,FDA定期要求和审核不是为了满足CGMP要求但仍包含CGMP信息(例如,运输或其他记录)的记录 可用于重建活动)。
13. Why has FDA cited use of actual samples during “system suitability” or test, prep, or equilibration runs in warning letters?
为什么FDA要在警告信中引述在“系统适用性”或测试、预运行、或平衡运行中使用实际样品的行为?
FDA prohibits sampling and testing with the goal of achieving a specific result or to overcome an unacceptable result (e.g., testing different samples until the desired passing result is obtained). This practice, also referred to as testing into compliance, is not consistent with CGMP (see the guidance for industry Investigating Out-of-Specification (OOS) Test Results for Pharmaceutical Production). In some situations, use of actual samples to perform system suitability testing has been used as a means of testing into compliance. FDA considers it a violative practice to use an actual sample in test, prep, or equilibration runs as a means of disguising testing into compliance.
FDA禁止为实现特定结果或避免不可接受的结果而进行取样和测试(例如检测不同的样品直到获得满意的结果)。这种做法,也被称为检测至合格(testing into compliance),是不符合CGMP的(参考<对药品生产中出现超标(OOS)检验结果进行调查的行业指南>)。在某些情况下,使用实际样品来进行系统适用性测试已被作为检测至合格的一种方式。FDA认为在测试、预运行或平衡运行中使用实际样品作为掩盖检测至合格的手段是一种违规行为。
According to the United States Pharmacopeia (USP), system suitability tests must include replicate injections of a standard preparation or other standard solutions to determine if requirements for precision are satisfied (see USP General Chapter <621> Chromatography). System suitability tests should be performed according to the firm’s established written procedures—which should include the identity of the preparation to be injected and the rationale for its ion—and the approved application or applicable compendial monograph (§§ 211.160 and 212.60).
根据美国药典的要求,系统适用性测试必须进行标准试剂或其他标准溶液的重复进样,以确定是否满足精密度要求(参见美国药典通则<621>色谱法)。系统适用性测试应根据公司的既定书面程序- 应包括待进样溶液的鉴别和选择依据—和已批准的申请或适用的药典专论来进行。(§§ 211.160 和 212.60)
If an actual sample is to be used for system suitability testing, it should be a properly characterized secondary standard, written procedures should be established and followed, and the sample should be from a different batch than the sample(s) being tested (§§ 211.160, 211.165, and 212.60). CGMP original records must be complete (e.g., §§ 211.68(b), 211.188, 211.194) and subjected to adequate review (§§ 211.68(b), 211.186(a), 211.192, and 211.194(a)(8)). Transparency is necessary. All data—including obvious errors and failing, passing, and suspect data—must be in the CGMP records that are retained and subject to review and oversight. An investigation with documented, scientifically sound justification is necessary for data to be invalidated and not used in determining conformance to specification for a batch (see §§ 211.160, 211.165, 211.188, and 211.192).
如果在系统适用性测试中使用实际样品,实际样品应当是经过适当鉴定的工作标准品,应建立并遵守书面规程,样品应来自于与待检样品不同的批次。(§§211.160,211.165,和212.60)。CGMP原始记录必须完整(例如,§§211.68(b),211.188,211.194)并进行适当的审核(§§211.68(b),211.186(a),211.192和211.194(a)(8))。透明度是必要的。所有数据(包括明显错误以及不合格,合格和可疑数据)必须存在于保留的CGMP记录中,并且需要进行审核和监督。对于无效并且不用于判定批是否符合质量标准的数据,必须进行科学充分的证明的调查并进行记录(参见§§211.160,211.165,211.188和211.192)。
For more information, see the ICH guidance for industry Q2(R1) Validation of Analytical Procedures: Text and Methodology and VICH guidances for industry GL1 Validation of Analytical Procedures: Definition and Terminology and GL2 Validation of Analytical Procedures: Methodology.15
更多信息参见ICH行业指南Q2(R1)分析程序验证:文本和方法,VICH工业指南GL1分析程序的验证:分析程序的定义和术语,及GL2验证:方法。
VICH=Veterinary International Conference on Harmonisation.
VICH=兽医国际协调会。
14. Is it acceptable to only save the final results from reprocessed laboratory chromatography?
仅保留从再处理的实验室色谱中得到的最终结果是否可接受?
No. Analytical methods should be accurate and precise.16 For most lab analyses, reprocessing data should not be regularly needed. If chromatography is reprocessed, written procedures must be established and followed and each result retained for review (see §§ 211.160, 211.165(c), 211.194(a)(4), and 212.60(a)). FDA requires complete data in laboratory records, which includes but is not limited to notebooks, worksheets, graphs, charts, spectra, and other types of data from laboratory instruments (§§ 211.194(a) and 212.60(g)(3)).
不可以。分析方法应准确且精确16。对于多数实验室分析,应该无需经常对数据进行再处理。如果对色谱进行了再处理,则必须建立和遵循书面程序,并保留每一结果供审核(见第211.160、211.165(C)、211.194(A)(4)和212.60(A)节)。FDA要求实验室记录中有完整的数据,包括但不限于笔记本、工作表、图表、光谱和其他类型的实验室仪器数据(§211.194(A)和212.60(G)(3)。
15. Can an internal tip or information regarding a quality issue, such as potential data falsification, be handled informally outside of the documented CGMP quality system?
有关质量问题的内部建议或信息能否在CGMP质量系统文件控制之外非正式地处理,例如潜在的数据造假?
No. Regardless of intent or how or from whom the information was received, suspected or known falsification or alteration of records required under parts 210, 211, and 212 must be fully investigated under the CGMP quality system to determine the effect of the event on patient safety, product quality, and data reliability; to determine the root cause; and to ensure the necessary corrective actions are taken (see §§ 211.22(a), 211.125(c), 211.192, 211.198, 211.204, and 212.100).
不可以。无论是意图还是收到信息的方式或对象,可疑的或已知的造假行为或记录的修改(210,211,212所要求的)必须在CGMP质量系统下充分调查以确认对病人安全、产品质量和数据可靠性影响,找出导致问题发生的根本原因;并且保证采取必要的纠正措施。(见§§211.22(a), 211.125(c), 211.192, 211.198, 211.204, and 212.100)。
FDA invites individuals to report suspected data integrity issues that may affect the safety, identity, strength, quality, or purity of drug products at DrugInfo@fda.hhs.gov. “CGMP data integrity” should be included in the subject line of the email. This reporting method is not intended to supersede other FDA reports (e.g., field alert reports or biological product deviation reports that help identify drug products that pose potential safety threats).
FDA欢迎公众举报可疑的数据完整性问题至DrugInfo@fda.hhs.gov,这些问题可能会影响药物的安全性,鉴别,效力,质量或纯度。邮箱标题应写明“CGMP 数据完整性”。该报告方法无意取代其他FDA报告(例如,有助于识别潜在安全威胁的药品的警戒报告或生物制品缺陷报告)。
16. Should personnel be trained in preventing and detecting data integrity issues as part of a routine CGMP training program?
阻止和识别数据完整性问题应作为人员CGMP常规培训计划的一部分吗?
Yes. Training personnel to prevent and detect data integrity issues is consistent with the personnel requirements under §§ 211.25 and 212.10, which state that personnel must have the education, training, and experience, or any combination thereof, to perform their assigned duties.
是的。对人员培训以阻止和发现数据完整性问题是与§§211.25和212.10中对人员的要求相一致,该法规规定人员需要具有一定的教育背景,接受过培训并具有工作经验,或者能结合以上要求以履行他们被赋予的职责
17. Is FDA allowed to look at electronic records?
允许FDA看电子记录吗?
Yes. All records required under CGMP are subject to FDA inspection. This applies to records generated and maintained on computerized systems, including electronic communications that support CGMP activities. For example, an email to authorize batch release is a CGMP record that FDA may review.
是的。CGMP要求的所有记录都是FDA检查范围。这适用于在计算机化系统上生成和维护的记录,包括支持CGMP活动的电子通信。 例如,授权放行的电子邮件是FDA可能审核的CGMP记录。
You must allow authorized inspection, review, and copying of records, which includes copying of electronic data (§§ 211.180(c) and 212.110(a) and (b)). See also the guidance for industry Circumstances that Constitute Delaying, Denying, Limiting, or Refusing a Drug Inspection and section 704 of the FD&C Act. Procedures governing the review of electronic records are described in chapter 5 of the Investigations Operations Manual (IOM) at https://www.fda.gov/iceci/inspections/iom/default.htm.
你必须允许经授权的检查、核实和复制记录,包括电子数据的复制(§§211.180(c),212.110(a)和(b))。另见<构成延迟,拒绝,限制或拒绝药物检查的行业情况>指南和FD&C法案第704节。 关于电子记录审查的程序见<调查操作手册>(IOM)第5章。网址:
18. How does FDA recommend data integrity problems be addressed?
FDA如何就数据完整性问题给出建议?
FDA encourages you to demonstrate that you have effectively remediated your problems by investigating to determine the problem’s scope and root causes, conducting a scientifically sound risk assessment of its potential effects (including impact on data used to support submissions to FDA), and implementing a management strategy, including a global corrective action plan that addresses the root causes. This may include retaining a third-party auditor and removing individuals responsible for data integrity lapses from positions where they can influence CGMP-related or drug application data at your firm. It also may include improvements in quality oversight, enhanced computer systems, and creation of mechanisms to prevent recurrences and address data integrity breaches (e.g., anonymous reporting system, data governance officials and guidelines).
FDA 鼓励公司证明已针对此问题采取行之有效的修复措施:调查确定问题的范围和根本原因,对其可能的影响(包含对已提交给FDA的辅助数据的影响)执行科学全面的风险评估纠正措施计划,实施管理策略:包含解决根本原因的全面的纠正措施计划,这可能包含保留第三方审计人员和开除对数据完整性失效有责任的相关岗位人员(可能影响公司的CGMP相关或药物申请数据的职位)。还可能包括改进质量监督,加强计算机系统,以及建立防止再次发生和解决数据完整性破坏的机制(例如,匿名报告系统,数据管理人员和指南)。
These expectations mirror those developed for the Application Integrity Policy. For more detailed information, see Points To Consider for Internal Reviews and Corrective Action Operating Plans at
这些期望反映出了数据完整性政策的实际应用。更多详细信息见“内审和纠正行动执行计划考虑要点”,在
http://www.fda.gov/ICECI/EnforcementActions/ApplicationIntegrityPolicy/ucm134744.htm.
