

  • 停用的用户应在系统中保留。

  • 应在整个系统生命周期中维护活动用户和非活动用户的列表。


Access and privileges


11.6. There should be a documented systemin place that defines the access and privileges of users of systems. Thereshould be no discrepancy between paper records and electronic records wherepaper systems are used to request changes for the creation and inactivation ofusers. Inactivated users should be retained in the system. A list of active andinactivated users should be maintained throughout the system life cycle.


11.7. Access and privileges should be inaccordance with the role and responsibility of the individual with theappropriate controls to ensure data integrity (e.g. no modification, deletion orcreation of data outside the defined privilege and in accordance with theauthorized procedures defining review and approval where appropriate).


11.8. A limited number of personnel, withno conflict of interest in data, should be appointed as system administrators.Certain privileges such as data deletion, database amendment or systemconfiguration changes should not be assigned to administrators without justification– and such activities should only be done with documented evidence of authorizationby another responsible person. Records should be maintained and audit trailsshould be enabled in order to track activities of system administrators. As aminimum, activity logging for such accounts and the review of logs by designatedroles should be conducted in order to ensure appropriate oversight.


11.9. For systems generating, amending orstoring GxP data, shared logins or generic user access should not be used. Thecomputerised system design should support individual user access. Where a computerisedsystem supports only a single user login or limited numbers of user logins andno suitable alternative computerised system is available, equivalent control shouldbe provided by third-party software or a paper-based method that providestraceability (with version control). The suitability of alternative systemsshould be justified and documented (8). The use of legacy hybrid systems shouldbe discouraged and a priority timeline for replacement should be established.




  • 专业的GMP合规性研究组织


  • 国内外制药行业GMP监管动态;


