IQ协会《数据完整性风险评估工具/模板》(中英文对照版)!
近日,国际药物开发创新与质量协会(IQ)发布了《数据完整性风险评估工具》,以帮助药物研发人员评估计算机化分析数据采集和处理软件的数据完整性风险。国际药物开发创新与质量协会(IQ)的工作组希望新的风险评估工具能够促进标准化和统一化,从而使进入药品研发分析市场的仪器和软件供应商能够更好地了解该行业的期望并满足其客户的需求。同时,该工具也适用于其他GxP环境。 风险评估工具分为系统控制和访问;数据保护,控制和法规符合性;审计追踪,元数据和数据审查;存档,检索,备份,灾难恢复和应急计划;和电子签名五个部分,全文翻译如下:IQ Consortium Data Integrity Risk Assessment ToolIQ协会数据完整性风险评估工具The tool is intended to assess data integrityrisks associated with GxP use of non-enterprise computerized analytical dataacquisition and processing software systems deployed in anR&D environment that generate electronic data stored in persistent storage.该工具用于评估在研发环境中可生成电子数据存储在永久内存中的非企业级分析数据采集和处理软件系统与 GxP 使用相关的数据完整性风险。Summary总结#Questions问题Guidance指南System control and access系统控制和权限1.1Is Access to the system via individual login credentials made up of a combination of aunique user id and user generated password?是否通过由唯一的用户ID和用户密码组成的个人登录凭证访问系统?Use of generic passwords (when absolutely necessary) should be procedurally controlled.通用密码的使用(不可避免时)应从程序上控制。1.2Are any non-person system accounts(generic accounts), such as those shipped with the system, or service accounts,disabled?是否禁用了任何非人员系统帐户(通用帐户),例如随系统一起提供的帐户或服务帐户?Accounts should be turned off, disabled,or have access revoked if determined to be unnecessary for system operations.If such accounts should be used to run the application, then procedure should specify that activities performed under such account are traceable to the individual who performed the activities in an automated manner.如果确定该账户没有必要进行系统操作,应关闭、禁用帐户或注销访问权限。如果必须使用此类帐户来运行程序,则规程应规定在此类帐户下所执行的活动应以自动的方式追溯至执行活动的个人。1.3If system is configured to use the Operating System's user credentials to login into software, are user groups defined in the software to ensure only authorized users are able to access the instrument/software?如果系统配置为使用操作系统的用户凭据来登录软件,是否在软件中定义了用户组,以确保只有授权用户才能访问仪器/软件?If there is no ability to prevent access to instrument/software then is access readonly or no ability to make changes/delete? Is user access tracked in audit trail?如果没有能力来防止对仪器/软件的访问,那么访问是只读或无法进行更改/删除?用户访问是否记录于审计追踪中?1.4Is there a Procedure that requires maintaining a list of system users andtheir access privileges, as well as retention and continuous availability of historical information regarding system users and administrators, and their access level,according to an applicable retention schedule? Is there a Procedure to ensure records are maintained that demonstrate the current and historical access levels granted to individuals, including approvals?是否有程序需要维护系统用户及其访问权限的列表,以及根据适用的保存计划保存与系统用户、管理员及其访问水平有关的历史信息并确保持续可用性?是否有程序确保记录得到维护可以显示授予个人的当前和历史访问级别,包括其批准?If historical information is not continuously available then can it be recovered and is there a process to review periodically?如果历史信息不是持续可用,那么是否可以恢复,是否有定期审查的流程?1.5Is there a Procedure to grant, record,approve, and deactivate system access(users and administrators) based on specific individual role, responsibilities,qualification, and verified training? Is there a Procedure to ensure records are maintained that demonstrate the current and historical access levels granted to individuals, including approvals?是否有根据特定个人的角色、职责、资质和经确认的培训来授予、记录、批准和停用系统访问权限的程序?是否有程序确保记录得到维护,以显示授予个人的当前和历史访问级别,包括其批准?1.6Are there standards for system password strength/complexity and expiry defined and documented?是否有系统密码强度/复杂性和失效期的定义和记录?1.7Are the User and administrator roles and access levels defined and documented?是否有用户和管理员角色及其权限级别的定义和记录?Ensure that people have access only to functionality that is appropriate for their job role.确保用户只能访问适合其工作角色的功能。1.8Does the system lock users out after a defined period of time of user inactivity,via computer screen saver or application?系统是否通过计算机屏幕保护程序或应用程序在用户不活动一段时间后锁定用户?1.9Is the system configured to minimize physical and logical access to ports used for remote diagnostic and configuration functions?系统是否配置为:最大限度减少对用于远程诊断和配置功能的端口的物理和逻辑访问?.1.10Is the system configured that ports not necessary for business operations which are capable of being disabled have been disabled or otherwise access controlled,based on risk?系统是否配置为:业务操作不需要的端口可以禁用的已禁用或以其他方式控制访问,基于风险?Port examples include USB drive,external device, etc. Remote access is acceptable but access should be controlled.端口示例包括 USB 驱动器、外部设备等。远程访问是可以接受的,但访问应受控。1.11Does the system lock out users after no more than a defined number of consecutive unsuccessful login attempts?系统是否在连续登录失败不超过规定次数后锁定用户?Once lockout is triggered, the system should not allow another login for aminimum of 'x' minutes (appropriatetime), or until an administrator enables the account一旦触发锁定,系统至少在'x'分钟(适当时间)内不应允许再次登录,或直到管理员授权该帐户1.12Does the system maintain a history (log) of the changes to individual user accounts(e.g., when user account is created, when rights are modified, when access is removed)?系统是否保存用户帐户更改的历史记录(日志)(例如,用户帐户创建、权限修改、访问被删除)?May be in an administrative audit trail可以在管理性审计追踪中1.13If a user locks themselves out of the system, does the system administrator have the ability to reset the user account?如果用户将自己账号锁定,系统管理员是否能够重置该用户帐户?1.14Does the system obscure passwords during entry?系统在登录过程中是否对密码进行遮盖?If the system does not enforce this, a procedure may be put in place to instruct users to obscure display of their passwords.如果系统不支持此功能,可能需要一个程序来指示用户遮盖其密码显示。1.15Does the system enforce users to change password upon first initial login?系统是否强制用户在首次初始登录时更改密码?If the system does not enforce this, a procedure should be put in place that users update their password on initial logon. Passwords for accounts that do not grant access to Sensitive, Confidential or production data (i.e. test accounts) are exempt from this requirement.如果系统不支持此功能,需要一个程序来让用户在初始登录时修改其密码。不具备对敏感、机密或生产数据(例如,测试帐户)访问权限的帐户密码可以免此要求。1.16Does the system log capture user account activity in a manner that ensures such activity is traceable to a unique user?系统日志是否以确保此类活动可追溯到唯一用户的方式捕获用户帐户活动?1.17Does the system encrypt or otherwise limit visibility of passwords when stored electronically?以电子方式存储时,系统是否加密或以其他方式限制密码的可见性?1.18Do procedures exist to define Administrator responsibilities and activities allowed to be performed by system administrator that do not require a formal change control process?是否有程序规定了管理员的职责以及不需要正式变更控制流程的系统管理员活动?1.19Does the system prevent an unauthorized user from generating data?系统是否防止未经授权的用户生成数据?1.20Recommended. Is the system set up where the lock screen does not reveal clues that could enable an unauthorized user gaining access the system建议项。系统是否设置为锁屏界面不显示可能使未经授权的用户访问系统的线索Where technically feasible, the system should not display information about the system or application until successful login is complete.如果技术上可行,系统在成功登录完成之前不应显示与系统或应用程序有关的信息。Data protection, controls and compliance数据保护,控制和符合性2.1Is what constitutes the complete primary GMP data record clearly defined for the system (e.g., raw data files, processed datafiles, audit logs, methods, etc.)?系统是否明确定义的什么是完整的主 GMP 数据记录(如,原始数据文件、处理的数据文件、审计日志、方法等)?Provide a statement in the validation documentation.在验证文件中提供声明。2.2Is the source and location of all components of the complete primary GMP data record clearly defined for the system?系统是否定义了构成完整主 GMP 数据记录的所有来源和位置?Validation documentation to include mapping of the data flow (if appropriate)including meta data, audit trail,configuration flow验证文件,以包括数据流程图(如适用),包括元数据、审计追踪、配置流2.3When the primary data record consists of electronic data files: Does the system generate accurate and complete copies of the electronic record that preserve the content and meaning in human readable format?当主数据记录由电子数据文件组成时:系统是否生成准确、完整的电子记录副本,以人类可读格式保留内容和含义?2.4Are there controls to prevent raw data deletion, modification or overwriting using the instrument/device software?是否有措施来防止通过仪器/设备软件对原始数据进行删除、修改或覆盖?Implement technical controls (system configuration) where possible.Procedural / process control maybe used to supplement remediation.尽可能实施技术控制(系统配置)。可以使用程序/流程控制作为补充措施。2.5Are all electronic records (raw data,metadata, audit trails) protected from deletion, modification, or being overwritten from outside the software application (e.g., using Windows Explorer)by non-administrators?所有电子记录(原始数据、元数据、审计追踪)是否都受到保护,以免被管理员以外的其他人员不通过该软件的情况下进行删除、修改或覆盖(例如,使用 Windows 资源管理器)?Implement technical controls (i.e.;system configuration) where possible.Procedural / process control may be usedto supplement remediation尽可能实施技术控制(即系统配置)。可以使用程序/流程控制作为补充措施。2.6Does the system record including printout sindicate change(s) to GMP data since its original entry?系统记录(包括打印输出)是否显示了GMP数据自原始录入以来的变化?Audit trail requirements should include old and new value. Procedural control may be used to supplement audit trail.审计追踪要求应包括新的和旧的值。可以使用程序控制作为审计追踪的补充。2.7Is each re-integration/re-processing of data tracked, reported by the system and managed via SOP or other means?每一次数据的重新积分/重新处理是否由系统进行跟踪、报告,并通过SOP或其他方式进行管理?Testing into compliance or orphan data is not allowed. There should be procedures/ controls governing re-integration / reprocessing.测试直至合格或孤立数据是不被允许的。应该有程序/控制以管理重新积分/重新处理。2.8If manual data processing steps (e.g.,manual integration) are permitted, are the actions driven via a procedure outlining justification and requirements?如果允许手动数据处理步骤(例如手动积分),是否有规程说明适用理由及其要求?Testing into compliance is not allowed.There should be procedures / controls governing manual data processing steps(e.g., manual integration).测试直至合格是不被允许的。应有程序/控制来管理手动数据处理步骤(例如手动积分)。2.9Is a documented system in place for the data reviewer to review appropriate electronic and hardcopy data (including metadata, relevant audit trails, etc.)generated by the instrument/system?Includes hybrid equipment (those systems that require both electronic and hardcopy records to be a complete record) also.是否已建立文件化系统,供数据审查人员查看由仪器/系统生成的相应的电子和硬拷贝数据(包括元数据,相关的审计追踪等)?包括混合型设备(那些既需要电子记录又需要硬拷贝记录作为完整记录的系统)The data review procedure should have a requirement to review paper and electronic records, inclusive of applicable audit trails.数据审查程序应要求审查纸质和电子记录,包括相应的审计追踪。a) The level of review for intermediate result sets (where reprocessing was needed) should be included and where less than the rigor required for final reported data supported by rationale.应包括对中间结果集(需要重新处理时)的审查水平,如其审查的严格程度低于最终报告数据,需要说明理由。b) Where there are both paper and electronic records there should be appropriate linkage and coordination of changes between the paper and electronic records maintained.在既有纸质记录又有电子记录的情况下,所保存的纸质记录和电子记录之间的变化应适当地关联和协调。2.10If true copies of original records are retained in place of the original record(e.g., scan of a paper record): Is the record a complete record (i.e., includes all raw data, metadata, relevant audit trails, result files, and all data processing parameters,including methods) and reviewed for completeness?如果保留了原始记录的真实副本以代替原始记录(例如,纸质记录的扫描件):该记录是否为完整记录(例如,包含所有原始数据、元数据、相关审计追踪、结果文件和所有数据处理参数,包括方法),并且是否审查其完整性?If the process of generating a true copy is not validated, then there should be aprocedure ensuring the true copy is reviewed for completeness. If the original data is dynamic, then a static copy should include all critical data needed to render the static version equivalent to a true dynamic copy based on risk.如果生成真实副本的过程没有未验证,那么应该有一个程序来确保真实副本的完整性得到审查。如果原始数据是动态的,则静态副本应包含基于风险呈现静态版本等同于动态数据真实副本所需的所有关键数据。Audit trails, metadata, and data review审计追踪,元数据,和数据审核3.1Has the scope of the audit trail been identified and procedures exist for there view of audit trails/meta data before final approval of the record?审计追踪的范围是否已确定?是否有在记录最终批准之前,审计追踪/元数据的审查程序?3.2Is there a procedure that defines the elements of data integrity for this particular software control strategy and rigor of review required?是否有程序定义此特定软件控制策略的数据完整性元素,以及所需的审查严格程度?3.3Is the audit trail function always enabled and can be accessed in human readable format (intelligible form) to support the review of electronic records?是否始终启用审计追踪功能,并且可以以人类可读格式(可理解的形式)访问,以支持电子记录的审查?3.4Does the system prevent audit trails from being edited, disabled or deleted?系统是否可以阻止对审计追踪的编辑、禁用或删除?3.5Does the audit trail include: User ID/identity of individual performing activity, Time / Date stamp, old and new value and reason for change?审计追踪是否包括:执行活动的人员的用户 ID/身份、时间/日期戳、原数值和新的值和修改原因?3.6Is the audit trail automatically generated at the time of the transaction?审计追踪是否在发生时自动生成?3.7Are audit trails retrievable and unaltered for the retention period of the record?在记录保存期限内,审计追踪是否可检索且不变?3.8Does the audit trail provide for automatically applied time stamp which are locked and use an unambiguous format?审计追踪是否提供自动应用的时间戳,这些时间戳已锁定并使用明确的格式?3.9Does the data review procedure provide guidance as to what steps to take in the event an error or data integrity issue is detected (i.e. not reporting all data, testing into compliance)?数据审查程序是否就发现错误或数据完整性问题时(例如,不报告所有数据、测试合规性)采取哪些步骤提供指导?3.10Is the data review documented, including audit trail? If so, describe how / where.数据审查是否有文件记录,包括审计追踪?如果有,描述如何记录/在哪里记录。Archive, retrieval, back-up, disaster recovery/contingency plans存档、检索、备份、灾难恢复/应急计划4.1Are complete electronic records backedup?是否备份完整的电子记录?Backup in a separate location from the original to ensure data is recoverable在独立的位置备份以确保数据可恢复4.2Do backups include Libraries (if applicable)?备份是否包含数据库(如适用)?Clarification of libraries vs. data management system区分数据库和数据管理系统4.3Is the original record including all configuration parameters, audit trails and the like available in the backup so as to preserve its original content and meaning to permit reconstruction of an activity?是否备份原始记录(包括所有配置参数、审计追踪等),以保留其原始内容和含义,以便允许重建活动?4.4Is completion of back-up verified and is a test performed periodically for restoration?备份是否已验证,并且是否定期执行恢复测试?NOTE: Manual backups should be proceduralized. All back-ups should be verified periodically to ensure continued backup of all associated electronic records注:手动备份应制定规程。所有备份应定期确认,以确保持续备份所有相关电子记录4.5Do you have a data backup SOP?是否有数据备份的SOP?4.6Do data backups or copies (true copies)have the same level of controls to prohibit unauthorized access to changes or deletions of data?数据备份或副本(真实副本)是否具有相同的控制级别,以禁止未经授权访问更改或删除数据?4.7Is archived data checked periodically for readability?是否定期检查已归档数据是否可读?4.8Do you have an SOP on data archival?是否有数据归档的SOP?4.9Are processes or procedures in place for the disposal of data records that reach the end of their required retention period?在数据记录的保存期限届满时,是否有流程或程序来处理该数据记录?4.10Are backed up and/or archived data stored in a separate physical location?已备份和/或已归档的数据是否储存于一个独立的物理位置?4.11Is there a disaster recovery plan in place where all primary GMP data are secured and recoverable?是否有灾难恢复计划,确保所有主 GMP 数据安全且可恢复?Consideration should be given for paper and electronic data.考虑纸质和电子数据。Electronic signatures电子签名5.1Does the system utilize electronic signatures, as configured?系统是否按配置使用电子签名?Indicate if the system is capable of electronic signature (or sign-off) and, if so, if they are being utilized. In the case electronic signatures are available but not used, this should be justified.指出系统是否能够进行电子签名(或签批),如果可以,说明它们是否被使用。如电子签名可用但未使用,应说明理由。5.2Do electronic signatures prompt the user for a password (or biometric signature)when signing?电子签名在签名时是否提示用户输入密码(或生物识别签名)?Electronic signatures should prompt the user for at least a password when the signature is executed*. If this feature does not exist, it is not a true electronicsignature system. Address any risk asappropriate.执行签名时,电子签名应提示用户至少输入密码*。如无此功能,则它不是真正的电子签名系统。尽快解决任何风险。* When a series of signings are required during a single, continuous period of controlled system access, the first signing should include all electronic signature components; subsequent signings require at least one electronic signature component.当对受控系统访问的单个连续期间内需要一系列签名,则第一个签名应包括所有电子签名组件;随后的签名需要至少一个电子签名组件。5.3Are signatures attributable to an individual?签名是否可以追溯至个人?Electronic signatures should include the user ID, the name of the individual, the date, the time and the reason for the signature. If any of these elements are missing, then it is not a true electronic signature system. Address any risks as appropriate.电子签名应包含用户ID、人员姓名、日期、时间和签名原因。如果缺少这些元素中的任何一个,那么它就不是一个真正的电子签名系统。应适当处理任何风险。5.4Once a signature has been applied, is the data locked such that it cannot be modified?应用签名后,数据是否锁定,无法修改?Measures should be put in place to secure approved/signed data from modification or deletion without having to be reapproved (and reason for change documented). Address any risks as appropriate.应采取措施,确保已批准/签名的数据不会受到未经批准(或缺乏修改理由)的修改或删除。应适当处理任何风险。5.5Is the electronic signature linked and retained with the signed record?电子签名是否关联并保存至已签署的记录?Electronic Signatures should be permanently linked and retained with the associated data record. Address any risksas appropriate电子签名应与相关数据记录永久关联和保存。应适当处理任何风险。5.6Is the time/date of the signature recorded?是否记录签名的时间/日期?See comment on 5.2. Address any risks as appropriate请参阅 5.2 的评论。应适当处理任何风险。5.7Do the signed records ensure attributability of the person signing?签名记录能确保签名人员的可归属性吗?Consider adding capabilities to the system to visually label signed/approved records. Address any risks as appropriate请考虑向系统添加功能,以直观地标记已签名/已批准的记录。应适当处理任何风险。5.8If there are multiple levels of signature applied (e.g. analyst, reviewer,administrator), is the meaning of signature clearly recorded and visible?如果应用了多个级别的签名(例如分析人员、审核人员、管理员),签名的含义是否清晰记录并可见?The signature meaning should be clearly visible (human readable) and/or documented via standard or procedure.Address any risks as appropriate.签名的含义应清晰可见(人类可读),并/或通过标准或程序形成文件。应适当处理任何风险。5.9Are signatures protected from being modified, deleted or copied?签名是否保护免受修改、删除或复制?Electronic signature should be protected from modification and deletions, nor shall the system allow signatures to be copied. The system should be capable of producing an audit trail associated to the electronic signature. Address any risks as appropriate应保护电子签名免受修改和删除,系统也不应允许复制签名。系统应能够产生与电子签名相关的审计追踪。应适当处理任何风险。