ECA新闻:关于审计跟踪审核的重要问答—第2部分
翻译:julia 来源:Julia法规翻译
声明:所有翻译内容均不代表本人观点,原文版权、内容、观点均由原网站及作者所有和持有。翻译不代表赞同,请持不同意见者慎入。如对翻译有异议,欢迎指正。
18.10.2017
Important Questions and Answers concerningthe Audit Trail Review - Part 2
关于审计跟踪审核的重要问答—第2部分
In partone of this news you alreaday received the first set of questions and answersfrom the webinar on Audit Trail Review conducted back in February. Followingyou can read what further questions were asked and what Dr. Wolfgang Schumacherresponded subsequently as time during the webinar did not allow to answer allof them.
在此新闻的第一部分你已经看到了2月的审计跟踪审核在线研讨会问答第一部分。以下是研讨会中Dr.Wolfgang Schumacher对于当时未及回复的问题的答复:
28. How doyou justify the reintegration of chromatograms versus the method specificationin the audit trail?
Answer: A reintegration should only be necessary if the analysis wasn't carriedout for one reason or another. The reason has to be specified and must besigned by the management. The laboratory employee is not allowed to take thedecision himself.
问:你要怎么论证色谱的重新积分VS审订追踪中的方法说明?
答:只有在分析由于某种原因未能执行时才有必要进行重新积分。该理由必须说明,且必须由管理人员签字。化验室员工是不允许私自做出此决定的。
29. Whatis important for machine manufacturers in the area of audit trails especiallyas concerns the continuous production? What has to be taken into consideration?What must be included?
Answer: This question is difficult to answer as concerns a machine manufacturersince the answer depends on the product manufactured with the equipment (forinstance a critical, highly effective product or a non toxic excipient). Thepharmaceutical producer must carry out the risk analysis.
问:对于机器生产商来说,特别是在持续生产方面,审计跟踪领域有哪些重要的问题?必须要考虑哪些内容?必须要包括哪些内容?
答:这个问题比较难回答,因为每个机器生产商情况不一样,其回答要取决于采用该设备所生产的产品(例如,一个关键的、高效的产品还是一个非毒性辅料)。药品生产商必须进行风险分析。
30. Page7: How has data to be classified that concerns products which are manufacturedfrom blood components and that is part of the donation process (donormanagement)? I consider them as critical data with influence on SQuiPP.
Answer:Just the way I see it.
问:第7页:对于采用血液成分生产的产品,以及作为捐献过程(捐献者管理)部分的产品,数据要如何分类?我认为这些数据是关键数据,因其对SQuiPP有影响。
答:我同意。
31. Audittrail review only for critical data: Does this mean that it has to be carriedout only for systems with data which influence the product directly? And notfor systems which only have an indirect influence?
Answer: You decide this by yourself by means of the risk analysis. No audittrail review is required for a training system for example.
问:审计跟踪审核只是针对关键数据:这是否意味着只需要对含有直接影响产品的数据的系统执行审计跟踪呢?而不需要对仅有间接影响的系统?
答:你要依据风险分析的方法来自己做出决定。例如,对于培训系统应没有审订跟踪审核的要求。
32. How doyou decide which data require the 4-eyes-principle? Can this be decided bymeans of a classification of "direct" versus "indirect"influence?
Answer:Yes, this is the first approach, together with the criticality of the system.
问:你是如何确定哪个数据需要执行双人原则的呢?这是否可以采用分类为“直接”VS“间接”影响的方法来决定?
答:是,这是首选方法,与系统的关键程度一起。
33. Page35: This means that in the course of the periodic reviews it is only reviewedwhether the process is still functioning - hence, if the audit trail data isstill recorded?
This means no selection= random sampling of data sets?
Answer: A review by means of examples of data should also be part of thecontrol of functionality (SYSTEM Audit Trail). This means that random samplingis useful.
问:第35页:这意味着在定期审核期间,只需要审核流程功能是否正常,也就是说审计跟踪数据是否仍被记录?这意味着没有选择=从数据序列中随机取样?
答:数据样本审核也应该是功能控制的一部分(系统审计跟踪)。这意味着随机取样是有用的。
34. Page44: Why are only global systems in the scope? Usually the most critical systemsin production and QC exist on local basis.
Answer: This was only supposed to be an example. Naturally, local systems areas important as global ones.
问:第44页:为什么只有全球系统是在范围内的?通常生产和QC中最关键的系统是本地系统。
答:这只是举例而已。一般来说,本地系统与全球系统同样重要。
35. How orwhere (guidance document) is it advisable to define raw data?
Answer: (Unfortunately) there is no uniform definition. This means you areflexible to define this for your company.
问:哪儿有对于原数据的建议(指南文件)?
答:(很不幸),并没有统一的定义。这意味着你可以灵活地为你的公司定义原数据。
36. Whenare the final FDA, MHRA etc Guidances to be expected?
Answer:It is doubtful whether the MHRA Guidance will be applicable at all, in light ofthe Brexit. The FDA Guidance is to be expected by the end of 2017 at theearliest, but it is more likely that it will be 2018.
问:FDA、MHRA等指南的最终版本预期什么时间定稿?
答:鉴于英国脱欧事件,MHRA指南是否会应用尚未可知。FDA指南预期最早在2017年年底定稿,但很可能会在2018年。
37. Whenparts of data are printed it becomes static data. But the audit trail reviewhas to be carried out for all critical and electronically produced data in thesystem. It is not possible to refer to the printed version!?
Answer:Static data is data the user cannot change. It is only important if the userhad the possibility to change the data PRIOR to the data being printed. I donot think that a reference to the paper record will be accepted.
问:当数据部分打印出来时,它就成了静态数据。但必须要对系统中所有电子生成的关键数据执行审计跟踪审核。是否不能引用打印出的版本呢?
答:静态数据是用户不能修改的数据。只有当用户有可能在数据打印出来之前对数据进行修改的情况下才是重要的。我不认为引用纸质记录能被接受。
38. How doyou assess the situation for API manufacturers?
Answer:You have to decide yourself whether you produce critical APIs. If so, I see nochance to renounce to the audit trail review in the long run. But it won't havethe same priority as in the case of a manufacturer of a finished medicinalproduct.
问:你如何评价API生产商的情形呢?
答:你必须自己确定你生产的是否关键API。如果是,我认为长期来讲你并没有机会拒绝进行审计跟踪审核。但与制剂生产商相比,其优先排序会不一样。
39. Canthe review of a printout of the drying temperature profile be considered to bepart of the audit trail review of the batch?
Answer: In my opinion this is a good example for static data for which no audittrail review has to be carried out. The reason is that the user cannot changeor access this data.
问:干燥温度概况的打印件审核是否可以作为是对该批审计跟踪审核的一部分?
答:我的观点来说,这是一个静态数据的好例子,这里不需要进行审计跟踪审核。理由是用户并不能改变或进入此类数据。
40. Isanalytical data (raw data, metadata) from the validation of analyticalprocedures classified as being non critical? Do we interpret your slide number3 "What other data is there?" correctly? In this case the audit trailreview would not be required.
Answer: The validation of analytical procedures precedes the daily analyses forthe batch release and constitutes the basis for them. The validation data isreleased with a report. The audit trail review is not required.
问:分析方法验证中的分析数据(原数据、元数据)是否分类为非关键?我们对你的第3张幻灯片中的“这里有哪些其它数据?”的解释正确吗?在这种情况下是不需要审计跟踪审核的。
答:分析方法的验证发生在批放行日常分析之前并且是它的基础。验证数据采用报告方式放行,不需要审计跟踪审核。
41. Staticdata - dynamic data:
a. May we define entriesin our CDS such as standard concentrations, densities, dilution factors, ...,hence parameters used for the quantification of content and purity as staticdata? Or are these entries also part of the dynamic data such as the(re)integration of peaks?
Answer: In my opinion this is also dynamic data the user can influence orchange.
问:静态数据—动态数据:
A.我们可否定义我们CDS里的输入如标准浓度、密度、稀释因子……,然后在含量纯度定量测试中作为静态数据使用?还是说这些输入也是动态数据如峰(重新)积分?
答:我认为这也是动态数据因为用户可以影响或修改它们。
42. Staticdata - dynamic data:
b. Is it possibleto shorten the audit trail review by taking the status of the analyticalsequence and controlling the recorded parameters (such as concentration of thestandards, ...) at the end of the analysis and by stating that all changes andcorrections carried out in the meantime are part of the analysis and evaluationand must consequently not be commented?
Answer: In my view this is acceptable as long as a control is carried out andconfirmed by a second person.
问:静态数据—动态数据:
B.是否可以通过缩短审计跟踪审核?
答:我认为只要有执行了某种控制,并且由第二人确认过,这样是可以接受的。
43. Is itacceptable that a user has the entitlement for reintegration at a GC system orshould the laboratory manager be the only person authorised to do this? Arethere any relevant requirements or recommendations?
Answer: This should be regulated internally in an SOP. Preference should begiven to the laboratory manager since he has a control function. I know nothingabout any requirements concerning this.
问:如果一个用户被授权可以在GC系统里重新积分是否可以接受呢?还是说化验室经验是唯一有权限做此事的人?是否有相关要求或建议?
答:这应该在内部的SOP里规定。最好是将权限委派给化验室经理,因为他具有控制责任。我不知道关于此有何要求。
44. It wasmentioned in the seminar that the audit trail review is part of the PeriodicReview. What other points are included in the Periodic Review?
Answer:
Roles and Responsibilities
Service Agreements
Validation/Qualification and Project Deliverables:
System Control Procedures
Audit Trail management
Incidents, Problems
Changes, Upgrades
Security, User Access, User Administration
User Guides
Backup, BCP, Performance, Reliability Monitoring
System Access Training
Archived Data
问:在研讨会中提到审计跟踪审核是定期审核的一部分。定期审核中还包括其它哪些点呢?
答:
角色和职责
服务协议
验证/验证和项目可交付物
系统控制程序
审计跟踪管理
事件、问题
变更、升级
安全、用户权限、用户管理
用户指南
备份、BCP、性能、可靠性监测
系统权限培训
归档的数据
45. InAnnex 11 as well as in other guidelines is required the "regular"revision of the audit trail. But is it really defined in any guideline thatthis has to be performed prior to the release of the product?
Answer:This is implied in Annex 11: The authors (inspectors) cite this again and againas explanation since this is the most critical data of all.
问:在附录11以及其它指南中,要求对审计跟踪进行“定期”修订。但是否在哪个指南里真的有定义说必须在产品放行之前要执行此操作呢?
答:此要求在附录11里有暗含:作者(检查人员)反复引用了此点,因为正如所解释的这是全部数据中最为关键的数据。
46. Or isthis rather the case since "regularly" is interpreted in this way bynow?
I understand that onemay reach this conclusion after a risk assessment. But it could also bedifferent, couldn't it?
Answer:Your own analysis of the critical data may well reach another conclusion. Theown result defines the procedure.
问:还是说由于“定期”在现在是这样解释的,所以是这样?我理解我们可以在风险评估之后得出此结论。但结论也可能是不同的,对吗?
答:你自己对关键数据的分析可以很好地得出另一种结论。依自己的结果来定义程序。
47. If Ihave implemented a role concept for example and trained all staff membersthoroughly as concerns the topic DI won't it then be sufficient to carry out areview of the audit trail on a random basis and to carry out the review priorto the batch release only in the case of irregularities such as OOSresults?
Answer:It is acceptable to carry out a review on the basis of the system's"exception" reports. These exception reports always must be checkedanyway. It is not acceptable to carry out a review only on a random basis (butultimaltey, this is defined by the risk analysis).
问:如果我已经实施了一个角色概念,并且对所有员工进行了DI主题方面的彻底培训,那是不是就可以采用随机方式执行审计跟踪审核,并且只有在发生异常情形如OOS结果时才在批放行之前执行审核呢?
答:可以接受基于系统的“例外”报告进行审核。此例外报告都必须经过检查。只是以随机方式执行审核是不被接受的(但最终这还是要由风险分析来定义)。
48. Whichmeasures may be taken if the audit trail (as well as the actual data) can bedeleted or changed at the level of Windows?
Answer: In the case of systems that can store locally on the HD of the user itis possible to set up two local user profiles. Then, for instance, the systemstores data only on the profile the user cannot access.
问:如果审计跟踪(以及实际数据)可以在WINDOWS里删除或修改,可以采取哪些措施?
答:如果系统可以存贮的用户本地的硬盘上,则可以设置2个本地用户权限。然后,例如,将数据存贮在不能进入的那个用户下面。
49. Is itpossible at all to have analytical data in the manufacture of activepharmaceutical ingredients that must be classified as GxP critical (= direct influenceon the quality/integrity of the product) if it is known that the API and thefinished product will be reviewed again in the subsequent manufacture offinished products? Or is this irrelevant and if so, why?
Answer: If you reach the conclusion in the risk assessment that none of theAPIs are critical a complete exclusion from the audit trail review would beconceivable. But this will hardly be accepted in practice as there are highlypotent small molecules and very critical biotechnological active pharmaceuticalingredients.
问:如果已知API及其成品在后续成品生产中还要进行重新复核,是否有可能将API生产的分析数据都必须列为GXP关键(=对产品质量/完整性有直接影响)?还是说其实根本不相关?如果不相关,又是为什么?
答:如果你在风险评估中得出结论说没有API是关键的,那你就能得到关于审计跟踪审核的完整结论。但在实践中这是很难接受的,因为还有高效价小分子以及非常关键的生物技术API。
50. Or, topose the question in another way: Do you think it is conceivable that in thecourse of the release process of the analytical results no audit trail reviewis carried out with one of the CDS systems used for the manufacture of APIs? Ifno, which analysis (raw material, final product, proof of identity of the API,IPC, proof of efficacy) would always have to be classified as being critical?
Answer:I recommend to carry out an audit trail review for the critical APIs at least.The analysis of the final product surely is the most important one, since herethe tests will be comprehensive.
问:或者用另一个方式来问这个问题:你觉得在分析结果放行过程中,用于API生产的一个CDS系统如果没有执行审计跟踪审核的话,是否可以相信呢?如果不能,哪种分析(原料、成品、API鉴别证明、IPC、有效性证明)必须永远都分类为关键呢?
答:我建议至少于关键API的审计跟踪执行审核。成品的分析当然是最重要的一个,因为在这里的检测是综合性的。
51. Whenassessing the criticality of data the influence of the data on the dataintegrity is mentioned as one criterion apart from the influence on the productquality. There seems to be a direct influence on the integrity of data almostalways. How can this criterion be further substantiated in order to be able touse it in a differentiated way?
Answer:This is like going round in circles. The quality of the product always is ofthe highest importance. The criterion "data integrity" by itself isnot meaningful but has to be specified by attributes such as "accesssecurity", "duration of storage until destruction" etc.
问:在评估数据关键性时,提到除了对产品质量的影响外,还将数据对数据完整性的影响作为一个标准。貌似数据对于数据完整性总是会有直接影响的。这个标准要如何来证明才能以差异化方式使用它呢?
答:这有点像是车轱辘话。产品质量总是最重要的。“数据完整性”标准本身并没有意义,需要赋予其属性如“登录安全性”、“存贮直到销毁的时间段”等才是有意义的。
52. Iwould like to know what you think about the relevance of the audit trail andthe audit trail review for an eDMS which also generates, stores and manages TMFdocuments (eTMF) (with Approval Workflows)?
Answer:It is important for an eTMF that no changes can be carried out. I think that anaudit trail review is out of the question since the data already has the formof a report. The access security to the eTMF itself is an important element inorder to ensure that no data can be "changed" after the first submission.
问:我想要知道你是如何看待eDMS的审计跟踪和审计跟踪的相关性的?它也会生成、存贮和管理TMF文件(eTMF)(依据批准的工作流程)?
答:对于一个eTMF来说不能进行修改是非常重要的。我认为不需要考虑审计跟踪,因为数据已经是报告的形式了。为了确保首次提交之后,不能对数据进行“修改”,对于eTMF本身的权限安全就是一个重要要素。
53. Thesecond question points in the same direction but concerns an eDMS in which GMPdocuments are stored and versioned by means of Approval Workflows withe-signature (such as CMC documents: specifications, laboratory methods or batchrecords: product master manufacturing record; or also validation documents)
Answer:The audit trail review is senseless for an eDMS as the persons signing adocument read it prior to signing. During the validation of a system it ischecked that no data can be "changed" (version control).
问:第二个问题方向相同,但是关于eDMS中GMP文件存贮以及采用电子签名进行批准的工作流版本管理(例如,CMC文件:质量标准、化验室方法或批记录、产品主生产记录、还有验证文件)
答:审计跟踪审核对于eDMS来说是没有意义的,因为给一份文件签字的人以签字之前已经读过了。在一个系统的验证期间,要检查没有数据能被“修改”(版本控制)。
We wouldlike to thank Dr Schumacher for taking the time to answer all questionscomprehensively.
在此谨感谢Dr Schumacher花费时间全面回答了所有问题。
Of course,this webinaris also available as a recording.
当然这个研讨会也可以在网上找到录制内容。
Pleasealso read Part 1 of the Questionsand Answers concerning Audit Trial Review
也请参见第一部分。