计算机化系统验证要点分析

目录TableofContents3.新建及遗留计算机化系统验证示例分析CaseStudyforValidationofNewandLegacyComputerizedSystems2.新建计算机化系统验证流程介绍

IntroductiontoValidationProcessofNewComputerizedSystem目录TableofContents1.计算机化系统相关法规ComputerizedSystemRelatedRegulations计算机化系统验证要点分析

Key-PointAnalysisofComputerizedSystemValidationAnwar奥星设备与工艺系统事业部验证总监计算机化系统相关法规ComputerizedSystemRelatedRegulations第一部分Part1相关法规和指南总览

RelevantRegulationsandGuidelines(USFDA)21CFRPart11美国联邦法规21篇第11部分电子记录与电子签名(USFDA)21CFRPart11:Electronicrecordandelectronicsignature(USFDA)工业指南11部分

电子记录与电子签名-范围和应用(USFDA)GuidanceforIndustry,Part11Electronicrecordandelectronicsignature–scopeandapplication

(USFDA)联邦法规第21篇第210211部分，成品药的现行生产质量管理规范(USFDA)21CFRPart210and211,cGMPforfinishedpharmaceuticals

(ISPE)良好自动化生产实践指南，遵从GxP计算机化系统监管的风险管理方法(ISPE)GAMP,Arisk-basedapproachtoaGxPcompliantComputerizedsystem(ISPE)GAMPGPG良好实践指南，GAMP架构下的系列良好实践指南(ISPE)GAMPGPG,GPGundertheframeworkofGAMP(EU)欧盟药事法规第4卷GMP，附录11《计算机化系统》

EUGuidelinestoGoodManufacturingPractice:(Volume4),annex11ComputerizedSystem

(PIC/S)GMP指南，药用产品良好生产实践指南(TGA)GMP，药用产品良好生产实践指南(PIC/S)在“GxP”监管环境下的计算机化系统良好实践（检查官指南）PIC/SComputerizedsystemgoodpracticesunderGxPregulation(Inspectorguideline)(WHO)

GMP2003,Annex4(WHOTechnicalReportSeries,No.908)(CFDA)2010年版GMP及征求意见稿《计算机化系统》CFDAGMP-2010and“ComputerizedSystem”(draftforcomment)(CFDA)GSP附录二附录三《药品经营企业计算机系统》《温湿度自动监测》(CFDA)GSPAnnex2andAnnex3“ComputerizedSystemofPharmaceuticalTradingEnterprises”and“AutomaticTemperatureandHumidityMonitoring”CFDAGMP及附录CFDAGMPandAnnexes第一百六十三条使用电子数据处理系统的，只有经授权的人员方可输入或更改数据，更改和删除情况应当有记录；应当使用密码或其他方式来控制系统的登录；关键数据输入后，应当由他人独立进行复核。用电子方法保存的批记录，应当采用磁带、缩微胶卷、纸质副本或其他方法进行备份，以确保记录的安全，且数据资料在保存期内便于查阅。Article163 Ifanelectronicdataprocessingsystemisused,onlyauthorizedpersonscaninputorchangedata,thechangeanddeletionrecordsshallbekept,thesystem’slogginginshallbecontrolledbythewayofinputtingapasswordorothermethods;afterinputtingkeydata,itshallbedoublecheckedbyanotherpersonindependently.Thebatchrecordstoredelectronicallyshallbebackedupwithamagnetictape,amicrofilm,apaperduplicateorothermethods,toensurethesafetyoftherecordandtheconveniencetoreviewduringthepreservationperiod.附录1第七十条采用自控和监测系统的，应当经过验证，保证符合关键工艺的要求。Article70,Annex1Whereautomationandmonitoringsystemsareusedfortheseapplicationstheyshouldbevalidatedtoensurethatcriticalprocessrequirementsaremet.CFDAGMP征求意见稿《计算机化系统》

CFDADraftforcomment“Computerizedsystem”第四条应使用科学的风险评估方法来决定计算机化系统验证的范围与程度。应当将验证看作计算机化系统“生命周期”的一个组成部分。Article4Sciencebasedriskassessmentapproachesshallbeusedtodeterminethescopeandextentofcomputerizedsystemvalidation.Thevalidationshallbeconsideredasapartofthe“lifecycle”ofacomputerizedsystem.第七条软件是计算机化系统的重要组成部分。软件的使用者应当根据风险评估的结果，对于所采用软件进行分级管理（如针对软件供应商的审计），保证软件的编制过程符合质量保证系统的要求。Article7Softwareisanimportantpartofacomputerizedsystem.Usersofsoftwareshallperformdifferentiatedmanagement(suchasforauditstosoftwaresuppliers)tothesoftwareusedbasedontheriskassessmentresults,toensuretheprogrammingprocessofsoftwareconformstotherequirementsofthequalityassurancesystem.第十条数据的输入或修改只能由经许可的人员进行。杜绝未经许可的人员输入数据的手段有：使用钥匙、密码卡、个人密码和限制对计算机终端的访问。Article10Onlyanauthorizedpersonisallowedtoinputorchangedata.Meanstopreventunauthorizedpersonnelfrominputtingdataincludes:key,ciphercard,personalpasswordandrestrictiontoaccesstocomputerterminals.EUGMP

Annex11《计算机化系统》4.6定制计算机系统的验证，应有一个适当的过程保证在系统所有生命周期的阶段进行正式的评估和质量和性能测试的报告。4.6Forthevalidationofcustomizedcomputerizedsystemsthereshouldbeastepinplacethatensurestheformalassessmentandreportingofqualityandperformancemeasuresforallthelife-cyclestagesofthesystem9.审计跟踪AuditTrails9.应该基于风险评估来考虑给系统加入一种可以生成记录的功能，来记录所有与GMP相关的变更和删除（系统生成的“审计跟踪”）。Considerationshouldbegiven,basedonriskassessment,tobuildingintothesystemafunctionforthecreationofarecordofallGMP-relevantchangesanddeletions(an"audittrail"generatedbythesystem).12.1应该使用物理和/或逻辑控制来严格控制计算机系统的权限，其权限只给经过授权的人。12.1Physicaland/orlogicalcontrolsshouldbeinplacetorestricttheaccesstoacomputerizedsystemonlytoauthorizedpersons.US21CFRPart211211∙68自动化设备、机械化设备和电子设备应对计算机或有关系统采取适当控制，以确保生产及控制主记录或其它记录由授权人员制定变更内容。配方、其它记录或数据在计算机或有关系统输入和输出时，应核查其准确性。211∙68Automationequipment,mechanicalequipmentandelectronicequipmentAppropriatecontrolsshallbeusedforacomputerortherelatedsystemstoassurethatchangesinthemasterproductionandcontrolrecordsorotherrecordsareinstitutedonlybyauthorizedpersonnel.Inputtoandoutputfromthecomputerortherelatedsystemofformulasorotherrecordsordatashallbecheckedforaccuracy.US21CFRPart11SubB//11.10/a系统的验证以保证准确、可靠、稳定地预期性能，有能力识别无效的和被改变的记录。

SubB//11.10/aValidationofsystemstoensureaccuracy,reliability,consistentintendedperformance,andtheabilitytodiscerninvalidoralteredrecords.SubB//11.10/e使用安全的、计算机产生的、时间印记的审计跟踪以便独立地记录操作者登录和建立、修改、或删除电子记录的行为的日期和时间。)

SubB//11.10/eUseofsecure,computer-generated,time-stampedaudittrailstoindependentlyrecordthedateandtimeofoperatorentriesandactionsthatcreate,modify,ordeleteelectronicrecords.Recordchangesshallnotobscurepreviouslyrecordedinformation.SubB//11.10/g使用验证检查以保证只有被授权用户才可以使用系统，以电子方式签署记录，使用操作或计算机系统的输入输出设备，改变记录或手工执行操作。SubB//11.10/gUseofauthority

checkstoensurethatonlyauthorizedindividualscanusethesystem,electronicallysignarecord,accesstheoperationorcomputersysteminputoroutputdevice,alterarecord,orperformtheoperationathand.WHOGMP15.9使用电子数据处理系统的，只有经授权的人员方可输入或更改数据，更改和删除情况应当有记录；应当使用密码或其他方式来控制系统的登录；关键数据输入后，应当由他人独立进行复核。用电子方法保存的批记录，应当采用磁带、缩微胶卷、纸质副本或其他方法进行备份，以确保记录的安全，且数据资料在保存期内便于查阅。15.9Ifelectricdataprocessingsystemisused,onlyauthorizedpersoncouldinputorchangedata,thechangeanddeletionrecordsshallbekept;thesystem’slogginginshallbecontrolledbythewayofinputtingpasswordorothermethods;afterinputtingkeydata,itshallbedoubleexaminedbyotherpersonindependently.Thebatchrecordstoredinelectronicmethodshallbebackedupwithmagnetictape,microfilm,paperduplicateorothermethods,toensurethesafetyoftherecordanditisconvenienttoreviewdataduringthepreservationperiod.ISPEGAMPGAMP5（GoodAutomatedManufacturingPractice-Rev5）GAMP是由国际制药工程协会主编的针对计算机化系统合规的实践指南。旨在提供一套基于现有行业规范的行之有效的方法，使计算机化系统符合预定用途并满足现有法规的要求。自90年代以来，不断改版的《良好自动化生产实践指南》已被广泛使用并得到国际监管部门的公认。它是计算机化系统验证的指导方针。GAMP5是目前的最新版本，于2008年2月发布。GAMPispracticeguidelineeditedbyISPEaimingtoregulatorycomplianceofcomputerizedsystem.GAMPguidanceaimstoachievecomputerizedsystemsthatarefitforintendeduseandmeetcurrentregulatoryrequirements,bybuildinguponexistingindustrygoodpracticeinanefficientandeffectivemanner.Since1990s,constantlyrevisedGMAPhasbeenwidelyusedandrecognizedbyinternationalregulatoryauthorities.Itistheguidelinetocomputerizedsystemvalidation.SinceitsissuanceinFebruary2008,GMAP5isthelatestversionuptonow.五个关键概念Fivekeyconcepts：基于质量管理体系的生命周期方法LifecycleapproachwithinaQMS可增减的生命周期活动Scaleablelifecycleactivities流程和产品的理解.Productandprocessunderstanding基于科学的质量风险管理Sciencebasedqualityriskmanagement充分利用供应商活动.Leveragingsupplierinvolvement法规、GMP、验证相关术语

Regulations,GMP,Validationrelatedglossary术语Abbr.名称NameCFDAChinaFoodandDrugAdministration国家食品药品监督管理总局WHOWorldHealthOrganization世界卫生组织EUEuropeanUnion欧洲联盟（欧盟）PIC/SPharmaceuticalInspectionConventionandPharmaceuticalInspectionCo-operationScheme药品检查合作计划(药品检查协会）FDAU.S.FoodandDrugAdministration美国食品药品监督管理局ICHInternationalConferenceonHarmonizationofTechnicalRequirementsforRegistrationofPharmaceuticalsforHumanUse国际人用药品注册和医药技术协调会议ISPEInternationalSocietyForPharmaceuticalEngineering国际制药工程协会RARiskAssessments

风险评估SIASystemImpactAssessment

系统影响性评估术语Abbr.名称NameCCAComponentCriticalityAssessment部件关键性评估FAT/SATFactoryAcceptanceTest/SiteAcceptanceTest工厂/现场验收测试DQ/IQ/

OQ/PQDesign/Installation/Operational/PerformanceQualification设计/安装/运行/性能确认CPPCriticalProcessParameter关键工艺参数CQACriticalQualityAttribute关键质量属性ERESElectronicRecord;ElectronicSignature电子记录与电子签名计算机化系统验证常见术语1

CommonGlossaryforComputerizedSystemValidation1名称缩写英文验证主计划VMPValidationMasterPlan质量及项目计划QPPQualityandProjectPlan用户需求说明URSUserRequirementSpecification功能说明FSFunctionSpecification硬件设计说明HDSHardwareDesignSpecification软件设计说明SDSSoftwareDesignSpecification软件模块说明SMSSoftwareModuleSpecification设计确认DQDesignQualification源代码审核SCRSourceCodeReview软件模块测试SMTSoftwareModuleTest工厂验收测试FATFactoryAcceptanceTest现场验收测试SATSiteAcceptanceTest安装确认IQInstallationQualification运行确认OQOperationQualification性能确认PQPerformanceQualification计算机化系统验证常见术语2

CommonGlossaryforComputerizedSystemValidation12名称缩写Abbr.英文可追溯矩阵TMTraceabilityMatrix验证总结报告VSRValidationSummaryReport国际制药工程协会ISPEInternationalSocietyOfPharmaceuticalEngineering良好自动化生产实践指南GAMPGoodAutomatedManufacturingPractice质量管理系统QMSQualityManagementSystem可编程逻辑控制器PLCProgrammableLogicController集散控制系统DCSDistributedControlSystem数据采集与监视系统SCADASupervisoryControlAndDataAcquisition企业资源计划ERPEnterpriseResourcePlanning实验室信息管理系统LIMSLaboratoryInformationManagementSystem生产执行系统MESManufacturingExecutionSystems楼宇管理系统BMSBuildingManagementSystem环境监视系统EMSEnvironmentMonitoringSystem计算机系统验证CSVComputerSystemValidation不间断电源UPSUninterruptiblePowerSupply新建计算机化系统验证流程介绍IntroductiontoValidationProcessofNewComputerizedSystem第二部分Part2CSV经典V-Model图及其总流程CSVclassicV-Modelandgeneralflowchart流程逐一步骤的良好实践Goodpracticesofprocesssteps计算机化系统验证生命周期V-Model

V-Modelofcomputerizedsystemvalidationlifecycle验证生命周期文件架构

Lifecycledocumentationframework计算机化系统验证总流程

Generalflowofcomputerizedsystemvalidation确认计算机化系统Computerizedsystemdefinition初步系统评估确定系统影响，判定GxP系统Performinitialsystemassessmentanddeterminesystemimpacts,andGxPsystem供应商评估确定其能力及参与评估点Performsupplierassessmentanddeterminetheircapacityandinvolvementassessmentpoints软硬件分类评估确定其复杂性和新颖性Performhardwareandsoftwarecategorizationassessmentanddeterminetheircomplexityandnovelty.结合供应商能力，系统复杂性和新颖性、GxP影响制定适宜V-ModelMakeanappropriateV-Modelinconjunctionwithsuppliercapacity,systemcomplexityandnoveltyandGxPimpacts按照既定的V-Model实施确认PerformverificationasestablishedintheV-Model流程良好实践1-1ProcessGoodPractices通过网络结构图，找到接口界面“云图”的方式划分界定系统Definesystemsthroughnetworkstructurechart,andinterface“cloudpicture确认计算机化系统Computerizedsystemdefinition流程良好实践1-2ProcessGoodPractices1-2确认计算机化系统ComputerizedsystemdefinitionWhennetworkarchitecture

diagramisnotavailablefornosupplierperformssecondarydevelopmentattheinitialstage,thecomputerizedsystemsummarylistisconsideredasthebasisfordefiningsystems.项目初期没有供应商二次开发无法得到网络架构图时，可考虑采用计算机化系统清单汇总作为界定划分系统的依据流程良好实践2ProcessGoodPractices2SelectGxPcriticalsystemsthroughGxPriskassessmentquestions

通过GxP评估问题筛选出GxP关键系统PerforminitialriskassessmentanddetermineGxPcriticalsystems初步风险评估判定GxP关键系统Doesthesystemgenerate,manipulateorcontroldatasupportingregulatorysafetyandefficacysubmissions?系统是否生成、处理或控制用于支持法规安全性和功效提交文件的数据？Doesthesystemcontrolcriticalparametersanddatainpreclinical,clinical,development,ormanufacturing?系统是否控制临床前、临床、开发或生产相关关键参数和数据？Doesthesystemcontrolorprovidedataorinformationforproductrelease?系统是否控制或提供有关产品放行的数据或信息？Doesthesystemcontroldataorinformationrequiredincaseofproductrecall?系统是否控制与产品召回相关要求的数据或信息？系Doesthesystemcontroladverseeventorcompliantrecordingorreporting?统是否控制不良事件或投诉的记录或报告？Doesthesystemsupportpharmacovigilance?系统是否支持药物安全监视？Criticalsystemsaresubjecttovalidation,andnon-criticalsystemsaresubjecttoGEPcommissioningonly.

关键系统做验证，非关键系统GEP调试即可流程良好实践3供应商评估确定其能力及参与平衡点对每一受GxP监管的计算机化系统和服务的供应商进行正式的评估，来确认计算机系统能够以高标准满足他们的技术、商业及法规要求，同时确认能够充分利用供应商的知识、经验和文件。通过供应商审计来识别供应商QMS以及其能力水平方面的风险，被监管公司对计算机系统和服务供应商的质量和可靠性进行确认，要求有文件化的证据来证明该计算机系统能够如所预期的持续运行，并确保软件结构和功能的完整性。ProcessGoodPractices3PerformsupplierassessmentanddeterminetheircapacityandinvolvementbalancepointFormalassessmentisperformedtoeachsupplierofcomputerizedsystemandserviceundertheregulationofGxP,toverifythatthecomputerizedsystemcanmeettheirtechnical,commercialandregulatoryrequirements,andatthesametimemakethebestuseofsupplier’sknowledge,experienceanddocuments.Risksofsupplier’sQMSandcapacityareidentifiedthroughasupplieraudit.Thecompanyundertheregulationverifythequalityandreliabilityofsupplierofcomputerizedsystemandservices,anddocumentedevidenceisrequiredtoprovethecomputerizedsystemcanruncontinuouslyasintended,andensuretheintegrityofsoftwarestructureandfunction.流程良好实践4-1软硬件分类评估确定其复杂性和新颖性硬件分2类软件分4类通过识别软硬件类别来识别复杂性和新颖性带来的风险，从而确定出适宜的可增减周期策略ProcessGoodPractices4-1Performhardwareandsoftwarecategorizationassessmentanddeterminetheircomplexityandnovelty.Hardwareisdividedintotwocategories.Softwareisdividedintofourcategories.Identifyrisksfromcomplexityandnoveltythroughidentifyinghardwareandsoftwarecategories,todetermineproperextendablelifecyclestrategy.流程良好实践4-2硬件类别类别典型方法1,标准硬件部件通过文件记录下生产厂家或供应商的详情、序列号和版本号确认正确的安装适用配置管理和变更控制2,定制制造的硬件部件上述内容再加上：设计说明验收测试适用配置和变更控制ProcessGoodPractices4-2HardwareCategoriesCategoryTypicalApproach1.StandardHardwareComponentsDocumentmanufacturerorsupplierdetail,serialnumberandversionnumberCorrectinstallationtobeverifiedConfigurationManagementandChangecontrolapply2.CustomBuiltHardwareComponentsTheaboveplus:DesignspecificationAcceptancetestingConfigurationandChangecontrolapply流程良好实践4-3硬件类别硬件类别第二类定制制造部件第一类标准部件ProcessGoodPractices4-3HardwareCategoriesHardwareCategoryCategory2CustomBuiltHardwareComponentsCategory1StandardHardwareComponents流程良好实践4-4软件类别ProcessGoodPractices4-4SoftwareCategoriesTypeGAMP5GAMP51OperatingsystemInfrastructureSoftware2FirmwareOutofuse3StandardsoftwarepackageNon-configured4ConfiguredsoftwarepackageConfigured5Custom(reserved)softwareCustom流程良好实践4-5

软件类别类别说明典型示例典型方法1,基础设施软件分层式软件用于管理操作环境的软件操作系统数据库引擎中间件编程语言电子制表软件版本控制给你工具网络监控工具记录版本号，按照所批准的安装规程验证正确的安装方式。3,非配置软件可以输入并储存运行参数，但是并不能对软件进行配置以适合业务流程基于固件的应用程序COTS软件简化的生命周期法URS用户需求说明基于风险的供应商审计/评估记录版本号，验证正确的安装方式基于风险进行测试有用于维持系统符合性的规程ProcessGoodPractices4-5SoftwareCategoriesCategoryDescriptionTypicalexamplesTypicalApproach1.InfrastructureSoftwareLayeredsoftwareSoftwareusedtomanagetheoperatingenvironmentOperatingsystemsDatabaseenginesMiddlewareProgramminglanguagesSpreadsheetsVersioncontroltoolsNetworkmonitoringtoolsRecordversionnumber,verifycorrectinstallationbyfollowingapprovedinstallationprocedure3.Non-configuredRuntimeparametersmaybeenteredandstored,butthesoftwarecannotbeconfiguredtosuitthebusinessprocessFirmwarebasedapplicationsCOTssoftwareCOTSAbbreviatedLifecycleapproachURSRiskbasedapproachtosupplierassessmentRecordversionnumber,verifycorrectinstallationRiskbasedtestProcedureinplaceformaintainingcompliance流程良好实践4-6

软件类别类别说明典型示例典型方法4,可配置这种软件通常非常复杂，可以由用户来进行配置以满足用户具体业务流程的特殊要求。这种软件的编码不能更改。SCADADCSBMSHMILIMSERPClinicaltrailmonitoring生命周期法基于风险的供应商审计/评估供应商的质量管理系统记录版本号，验证正确的安装方式在测试环境中根据风险进行测试在业务流程中根据风险进行测试具有维持符合性的规程5,定制定制设计和编码以适于业务流程的软件内部和外部开发的IT应用程序内部和外部开发的工艺控制应用程序定制功能逻辑定制固件电子制表软件（宏）与第4类相同，再加上更严格的公用设施评估，包括进行供应商审计完整的生命周期设计和源代码回顾ProcessGoodPractices4-6SoftwareCategoriesCategoryDescriptionTypicalexamplesTypicalApproach4.ConfiguredSoftware,oftenverycomplex,thatcanbeconfiguredbytheusertomeetthespecificneedsoftheuser’sbusinessprocess.Softwarecodeisnotaltered.DAQsystemsSCADADCSBMSHMILIMSERPClinicaltrailmonitoringLifecycleapproachRiskbasedapproachtosupplierassessmentSupplierQMSRecordversionnumber,verifycorrectinstallationRiskbasedtestinginatestenvironmentRiskbasedtestingwithinthebusinessprocessProcedureinplaceformaintainingcompliance5.CustomSoftwarecustomdesignedandcodedtosuitthebusinessprocess.Internally,externallydevelopedITapplications.Internally,externallydevelopedprocesscontrolapplications.CustomladderlogicCustomfirmwareSpreadsheet(macro)Sameascat4plusMorerigoroussupplierassessment,withpossiblesupplierauditPossessionoffulllifecycleDesignandsourcecodereview流程良好实践5GxP评估—患者安全、产品质量、数据完整性—做与不做验证—定范围软硬件分类评估—复杂性和新颖性—可增减的策略1—定深度或程度供应商评估—供应商能力水平带来的风险—可增减的策略2—定工作参与平衡点结合供应商能力、系统复杂性新颖性、GxP影响制定适宜V-Model规范阶段基于风险可增减确认阶段基于风险可增减ProcessGoodPractices5GxP

assessment—PatientSafety,ProductQualityandDataIntegrity—Validationrequiredornot—definescope

Softwareandhardwareclassificationassessment—complexityandnovelty—expandablestrategy1—definedepthorextentSupplierassessment—risksfromsuppliercapacitylevel—expandablestrategy2—defineworkinvolvementbalancepointMakeanappropriateV-Modelinconjunctionwithsuppliercapacity,systemcomplexityandnoveltyandGxPimpactRegulationstagebasedonriskscalablityVerificationstagebasedonriskscalablity流程良好实践6按照既定的V-Model实施确认验证ProcessGoodPractices6PerformverificationbasedontheestablishedV-Model新建及遗留计算机化系统验证示例分析CaseStudyofNewandLegacyComputerizedSystemValidation第三部分Part3示例分析1-确定系统（参考）接口界面面的选择取决于供应商施工接口及科学的经验CaseStudy1-Systemdefinition

(reference)Interfaceselectiondependsonsupplier’sconstructioninterfaceandscientificexperience.示例分析2-确定GxP系统（参考）YNNNYYorNY/N判定结果取决于其真实用途是否涉及GxP相关功能CaseStudy2-DetermineGxPsystems（reference)YNNNYYorNY/NdependsonwhetheritsrealuseinvolvesanyGxPrelatedfunctions.示例分析3-确定软硬件类别（参考）项目软件名称软件描述软件分类操作员站WINXPSP3计算机操作系统1WinCCV7.0西门子人机界面软件1配置软件TTBMS_WINCC项目文件4S7314PLC不可配置软件PLC卡件3配置软件TTBMS_PLC项目文件4项目硬件名称硬件描述硬件分类操作员站电脑主机及显示器用于操作员人机交互1控制站接线配置用于提供电力或信号2软件分类需要结合供应商的经验以及系统的定制程度CaseStudy3-Softwareandhardwarecategorization（reference）Project

SoftwareDescription

CategoryOperatorstationWINXPSP3Operatingsystem1WinCCV7.0SimensHMIsoftware1ConfiguratedsoftwareTTBMS_WINCCprojectdocument4S7314PLCNon-configuratedsoftwarePLCcard3ConfiguratedsoftwareTTBMS_PLCprojectdocument4Project

HardwareDescription

CategoryOperatorstationHostcomputerandmonitorForhuman-computerinteraction1ControlstationWiringconfigurationForsupplyofpowerandsignal2Softwareiscategorizedinconjunctionwithsupplier’sexperienceandsystemcustomizationdegree.示例分析4-确定供应商的能力（参考）供应商质量体系工程技术能力GxP合规能力分值评价AAA710724待定，加强GMPBBB46616＜20，直接否决CCC84719＜20，直接否决DDD97925待定，加强GEP通过审计打分的方法，甄别合适的供应商，同时找到关注重点及工作参与平衡点CaseStudy4-determinesuppliercapacity（reference）SupplierQSEngineeringtechnicalcapacityGxP

compliancecapacityScoreComment

AAA710724Undetermined,GMPcapacityshallbestrengthened.BBB46616＜20，rejectCCC84719＜20，rejectDDD97925Undetermined,GEPcapacityshallbestrengthened通过审计打分的方法，甄别合适的供应商，同时找到关注重点及工作参与平衡点Identifyappropriatesupplierbymeansofauditingandscoring,findfocusandworkinvolvementbalancepoint.示例分析5质量风险管理五步流程CaseStudy5QualityRiskManagementProcess示例分析5功能性风险评估功能性风险评估确定其GxP关键功能1.识别系统使用到的功能（或部件）2.通过问题判定的方式识别GxP关键功能（或部件）3.实施FMEA，分析功能（或部件）的优先级RPN14.识别控制措施并实施5.实施FMEA，分析优先级RPN2审查风险是否可接受RPN风险优先级CaseStudy5FunctionalRiskAssessmentFunctionalriskassessmentisperformedtodetermineGxPcriticalfunctions.1.Identifyfunctions(orcomponents)usedinthesystem2.IdentifyGxPcriticalfunctions(orcomponents)throughaseriesofstandardquestions3.ImplementFMEA

toanalyzeRPN1offunctions(orcomponents)4.Identifyandimplementcontrolmeasures5.ImplementFMEA

toanalyzeRPN1reviewriskisacceptableornot.RPNreferstoriskprioritynumber示例分析6确定适宜的生命周期URSFSHDSSCS配置FATSAT-IOQVSRVPQPP公司QMSTMCCDMPart11RA支持包含风险管理整个过程结合示例分析3和4的结果，我们定义如下参考的周期：一个四类系统的模型假定以分值高低最终选择了DDD供应商，我们需要加强现场施工技术方面的监管及设计审查，文件和合规方面可充分利用供应商的活动CaseStudy6DetermineAppropriateLifecycleURSFSHDSSCS配置FATSAT-IOQVSRVPQPP公司QMSTMCCDMPart11RA支持包含风险管理整个过程CombiningresultsofCaseStudy3and4,wedefinethefollowinglifecycleforreference:amodelforacategory4system.SupposetheDDDsupplerisfinallychosenasperscores,weneedtoenhancethesupervisionanddesignreviewregardingsiteconstructiontechnique,asfordocumentandregulatorycompliance,supplier’sactivitiescanbefullyused.示例分析

7支持流程Part11符合性

SystemName系统名称

SystemNo.系统编号SIADocNo.系统评估文件号21CFRPart11–ApplicabilityReview适用性审核:StatementApplicable

是否适用声明

(Yes/No/N/A):Thesystemmaintainsrecordsthatarerequiredbypredicate

rules(e.g.21CFRPart210,211,etc.),inelectronicformat(e.g.informationstoredwithinSQLdatabase)inplaceofpaperformat.

系统用以维持规定规则（例如21CFRPart210,211等）所要求的，用于替代纸质版格式文件的电子版格式（例如在SQL数据库中所存储信息）的记录。Note:Permanentcopiesofrecordsmaintainedelectronicallyinapaperequivalentformat(e.g.PDF)arenotconsideredelectronicrecords.

备注：以与纸质版等同的电子版格式（例如PDF）维护的永久性记录复件并不被认定为是电子记录。Thesystemmaintainsrecordsthatarerequiredbypredicaterulesinelectronicformat,inadditiontopaperformat,andarereliedupontoperformregulatedactivities.

系统用于维持规定规则所要求的，除了以纸质格式还需以电子格式维持，并需要据其执行法规要求工作的记录。Note:Ifthesystemgeneratespaperrecordswhicharethentheonlyrecordsusedtoperformregulatedactivities,thenthisstatementdoesnotapply.

备注：如果系统会生成纸质版记录，而这种记录是用于进行法规要求工作的唯一记录，那么此项声明并不适用。ThesystemmaintainsrecordssubmittedelectronicallytoFDAunderpredicaterules.

系统用于维持根据规定规则要求需要以电子版形式提交给FDA的记录。Note:Statementappliesregardlessiftherecordisspecificallyidentifiedinagencyregulationsornot.

备注：无论在FDA法规中是否具体列出了这种记录此项声明均适用。Note:Usingarecordingeneratingasubmissiondoesnotinferapplicabilityofpart11tothatrecord.

备注：在编写一份提交文件是用到了某记录，并不会使得该记录需要适用part11的要求。Thesystemmaintainselectronicsignaturesthatareintendedtobetheequivalentofhandwrittensignatures,initials,andothergeneralsigningsrequiredbypredicaterules.

系统用于维持预期等同于规定规则所要求的手写签名、首字母签名和其它一般签名的电子签名。Result结果:Iftheanswertostatements1–4is“No”thentheequipmentisnotwithinthescopeof21CFRPart11.

如果对第1-4号声明的回答均是“否”，那么该设备不适用于21CFRPart11的范围。NoIftheanswertoanyoftheabovestatementsis“Yes”,thentheequipmentiswithinthescopeof21CFRPart11.

如果对第1-4号声明中任何一项的回答是“是”，那么该设备适用于21CFRPart11的范围。N/A评估系统是否适用Part11-----适用ER，适用ER&ES,还是均不适用？CaseStudy7,SupportingProcess

Part11

Compliance

SystemName系统名称

SystemNo.系统编号SIADocNo.系统评估文件号21CFRPart11–ApplicabilityReview适用性审核:StatementApplicable

是否适用声明

(Yes/No/N/A):Thesystemmaintainsrecordsthatarerequiredbypredicate

rules(e.g.21CFRPart210,211,etc.),inelectronicformat(e.g.informationstoredwithinSQLdatabase)inplaceofpaperformat.

系统用以维持规定规则（例如21CFRPart210,211等）所要求的，用于替代纸质版格式文件的电子版格式（例如在SQL数据库中所存储信息）的记录。Note:Permanentcopiesofrecordsmaintainedelectronicallyinapaperequivalentformat(e.g.PDF)arenotconsideredelectronicrecords.

备注：以与纸质版等同的电子版格式（例如PDF）维护的永久性记录复件并不被认定为是电子记录。Thesystemmaintainsrecordsthatarerequiredbypredicaterulesinelectronicformat,inadditiontopaperformat,andarereliedupontoperformregulatedactivities.

系统用于维持规定规则所要求的，除了以纸质格式还需以电子格式维持，并需要据其执行法规要求工作的记录。Note:Ifthesystemgeneratespaperrecordswhicharethentheonlyrecordsusedtoperformregulatedactivities,thenthisstatementdoesnotapply.

备注：如果系统会生成纸质版记录，而这种记录是用于进行法规要求工作的唯一记录，那么此项声明并不适用。ThesystemmaintainsrecordssubmittedelectronicallytoFDAunderpredicaterules.

系统用于维持根据规定规则要求需要以电子版形式提交给FDA的记录。Note:Statementappliesregardlessiftherecordisspecificallyidentifiedinagencyregulationsornot.

备注：无论在FDA法规中是否具体列出了这种记录此项声明均适用。Note:Usingarecordingeneratingasubmissiondoesnotinferapplicabilityofpart11tothatrecord.

备注：在编写一份提交文件是用到了某记录，并不会使得该记录需要适用part11的要求。Thesystemmaintainselectronicsignaturesthatareintendedtobetheequivalentofhandwrittensignatures,initials,andothergeneralsigningsrequiredbypredicaterules.

系统用于维持预期等同于规定规则所要求的手写签名、首字母签名和其它一般签名的电子签名。Result结果:Iftheanswertostatements1–4is“No”thentheequipmentisnotwithinthescopeof21CFRPart11.

如果对第1-4号声明的回答均是“否”，那么该设备不适用于21CFRPart11的范围。NoIftheanswertoanyoftheabovestatementsis“Yes”,thentheequipmentiswithinthescopeof21CFRPart11.

如果对第1-4号声明中任何一项的回答是“是”，那么该设备适用于21CFRPart11的范围。N/AEvaluatewhetherthesystemappliestoPart11-----appliestoERorER&ES,orneitherERES相关知识探讨57/100记录三种形式“纯”纸质记录保证三种要求如：手写的报表人工介入的电子记录123123如：打印的电子数据报表“纯”电子记录如：存储在电脑中的纯电子报表文件安全性完整性可追溯性如：访问控制如：变更控制如：审计跟踪ERES均不适用适用ER，ES不适用ERES均适用DiscussiononERESKnowledge58/100Record3types“Pure”paperrecordAssurance3requirementsSuchas：handwrittenreportE-recordwithhumanintervention123123Suchas：printedelectronicdatareport“Pure”e-recordSuchas：pureelectronicreportssavedinthecomputerSafetyIntegrityTraceabilitySuchas：AccesscontrolSuchas：ChangecontrolSuchas：audittraceNeitherERnorESappliesER