欧盟GMP中的计算机系统验证

1、欧盟GMP计算机系统附录11：COMPUTERISED SYSTEMS计算机系统PrincipleThe introduction of computerised systems into systems of manufacturing, including storage, distribution and quality control does not alter the need to observe the relevant principles given elsewhere in the Guide. Where a computerised system replaces a

2、 manual operation, there should be no resultant decrease in product quality or quality assurance. Consideration should be given to the risk of losing aspects of the previous system which could result from reducing the involvement of operators.在生产系统中，包括仓储、发放和质量控制中，所应用到的计算机系统，并不意味着因此可以改变本法规内其他条款下所给出的相

3、应原则。只要是由计算机系统代替人工操作的地方，都应当不会因此降低对产品质量或质量保证的要求。应当考虑到，减少生产人员的参与而可能带来前一个系统（有人员参与操作的系统）的某方面的损失的风险。Personnel人员It is essential that there is the closest co-operation between key personnel and those involved with computer systems. Persons in responsible positions should have the appropriate training for th

4、e management and use of systems within their field of responsibility which utilises computers. This should include ensuring that appropriate expertise is available and used to provide advice on aspects of design, validation, installation and operation of computerised system.主要人员与参与计算机工作的人员之间的紧密合作是必须

5、的。管理人员，若其工作领域需要使用到计算机系统，则应当接受合理管理和使用计算机系统的培训。这样的话，可以确保每个人接受并使用专业的计算机知识，并就计算机系统的设计、严整、安装和操作提供个人的建议。Validation验证2. The extent of validation necessary will depend on a number of factors including the use to which the system is to be put, whether the validation is to be prospective or retrospective and

6、whether or not novel elements are incorporated. Validation should be considered as part of the complete life cycle of a computer system. This cycle includes the stages of planning, specification, programming, testing, commissioning, documentation, operation, monitoring and modifying.计算机系统验证的范围将根据一系列

7、的因素来决定，包括在哪一个系统中使用的计算机，是否进行展望性验证还是回顾性验证，是否要将一些未知因素包含进计算机系统的验证等。验证应当被认为是计算机系统“生命循环”中的一个部分。这个“循环”包括企划、定标准、编程、测试、试运行、文档管理、操作、监控和更换等各个阶段。System系统3. Attention should be paid to the siting of equipment in suitable conditions where extraneous factors cannot interfere with the system.应当注意设备摆放的位置，应当摆放在合适的位置，

8、这样防止外来因素干扰系统的工作。4. A written detailed description of the system should be produced (including diagrams as appropriate) and kept up to date. It should describe the principles, objectives, security measures and scope of the system and the main features of the way in which the computer is used and how

9、it interacts with other systems and procedures.应当为系统准备一份书面的详细介绍（如果合适的话，要包含图纸），并要随时更新。在书面介绍中，应当描述系统的使用原则、目的、安全措施和适用范围，计算机使用时的主要特征，及在与其他系统和程序怎样互相作用。5. The software is a critical component of a computerised system. The user of such software should take all reasonable steps to ensure that it has been pr

10、oduced in accordance with a system of Quality Assurance.软件是计算机系统的重要组成部分。软件的使用者应当通过所有合理的步骤确保软件的生产符合质量保证的系统。6. The system should include, where appropriate, built-in checks of the correct entry and processing of data.系统应当包含数据的正确输入和处理的内部复核功能。7. Before a system using a computer is brought into use, it s

11、hould be thoroughly tested and confirmed as being capable of achieving the desired results. If a manual system is being replaced, the two should be run in parallel for a time, as a part of this testing and validation.在计算机化系统使用之前，应当对系统进行彻底的检验并确认通过系统可以获得理想的结果。当一个人工系统被取代时，两套系统（人工和计算机）应当同时进行操作，作为检验和验证的一

12、部分。8. Data should only be entered or amended by persons authorised to do so. Suitable methods of deterring unauthorised entry of data include the use of keys, pass cards, personal codes and restricted access to computer terminals. There should be a defined procedure for the issue, cancellation, and

13、alteration of authorisation to enter and amend data, including the changing of personal passwords. Consideration should be given to systems allowing for recording of attempts to access by unauthorised persons.数据的输入或修改只能由获授权的人员进行。应当采取措施来杜绝未经许可输入数据、钥匙的使用、密码卡、个人密码和限制计算机终端的访问。应当有一个制定的规程来规定输入和修改数据，以及个人密码

14、的权限的授予、取消和更改。同时应当考虑系统可以记录下那些企图访问数据的未经授权的人员。9. When critical data are being entered manually (for example the weight and batch number of an ingredient during dispensing), there should be an additional check on the accuracy of the record which is made. This check may be done by a second operator or by

15、 validated electronic means.当人工输入重要数据时（例如在称重过程中输入物料的重量和批号），应当复核输入记录的准确性。这个复核可以由另外一个操作人员执行或通过经验证的电子方式进行。10. The system should record the identity of operators entering or confirming critical data. Authority to amend entered data should be restricted to nominated persons. Any alteration to an entry of

16、 critical data should be authorised and recorded with the reason for the change. Consideration should be given to building into the system the creation of a complete record of all entries and amendments (an audit trail).计算机系统应当记录下输入或确认重要数据的人员身份。修改已输入数据的权限只应局限于部分人员。每一次修改一个已输入的数据应当经过授权，并记录下更改数据的原因。应当考

17、虑到使得系统能够建立一个完整的输入和修改记录（作为“检查跟踪”）。11. Alterations to a system or to a computer program should only be made in accordance with a defined procedure which should include provision for validating, checking, approving and implementing the change. Such an alteration should only be implemented with the agre

18、ement of the person responsible for the part of the system concerned, and the alteration should be recorded. Every significant modification should be validated.系统的更换或者一个计算机程序的更换应当根据设定的规程来进行，这个规程应当包括对于验证、监察、审核和执行更换的规定。系统更换或者计算机程序的更换应当经过计算机系统的负责人员的认同，并且将更换记录下来。每一个重要的更改都应当经过验证。12. For quality auditing

19、purposes, it should be possible to obtain clear printed copies of electronically stored data.为了进行质量检查，可能的话，可以将储存的电子数据做成打印文稿。13. Data should be secured by physical or electronic means against wilful or accidental damage, in accordance with item 4.9 of the Guide. Stored data should be checked for acce

20、ssibility, durability and accuracy. If changes are proposed to the computer equipment or its programs, the above mentioned checks should be performed at a frequency appropriate to the storage medium being used.可以通过实物方法或电子方法保护数据，防止故意的或意外的损害，也要符合本法规的4.9款。所处损的数据应当检查其可访问性、耐久性和准确性。如果需要更换计算机设备或其程序，应当根据与其所

21、使用的存储介质所相应的频度进行上述复核。14. Data should be protected by backing-up at regular intervals. Back-up data should be stored as long as necessary at a separate and secure location.在常规时间间隔情况下，应当通过备份数据来保护数据。备份数据应当储存在另外一个分隔的、安全的地点。15. There should be available adequate alternative arrangements for systems which

22、need to be operated in the event of a breakdown. The time required to bring the alternative arrangements into use should be related to the possible urgency of the need to use them. For example, information required to effect a recall must be available at short notice.如果系统崩溃，应当为系统操作准备一个备用的方案。要将被用方案付诸使用的时间应当与需要使用的紧急程度相关。例如，需要召回产品就应当在短时间内立即完成。16. The procedures to be followed if the system fails or breaks down should be defined and validated. Any failures and remedial action taken should b