来源:北京齐力佳整理
OMCL Network of the Council of Europe
QUALITY ASSURANCE DOCUMENT
PA/PH/OMCL (08) 69 3R
VALIDATION OF COMPUTERISED SYSTEMS
计算机化系统的验证
CORE DOCUMENT
核心文件
SCOPE 范围
This guideline defines basic principles for thevalidation of computerised systems used within Official Medicines ControlLaboratories (OMCLs) with impact on quality of results. The purpose of thisvalidation is to guarantee the confidence in scientific results obtained witheach computerised system. A validated system ensures accurate results andreduces the risk of failure of the system.
本指南给出了在OMCL化验室使用的计算机化系统验证的基本原则。本验证的目的是保证由每个计算机化系统所得到的科学结果的可信性。一个验证过的系统会保证准确的结果,降低系统失败的风险。
This document covers in-house and commercial softwarefor calculation, database computerised systems, Laboratory InformationManagement Systems (LIMS), Electronic Laboratory Notebooks (ELN) and computersas part of test equipment.
本文件包括了内控和商业计算软件,数据库计算机化系统,化验室信息管理系统(LIMS),化验室电子笔记本(ELN)和作为检测仪器一部分的计算机。
INTRODUCTION 介绍
This guideline outlines general validation principlesfor computerised systems of OMCLs in accordance with ISO/IEC 17025. It givesgeneral requirements and it also lists the minimum elements required for thevalidation of different types of software. Actually, due to the great varietyof software, it is not possible to state in one single document all thespecific validation elements that are applicable.
本指南给出了根据ISO/IEC 17025 制订的OMCL计算机化系统通用验证原则的纲要。它给出了通用要求,同时列出了对不同软件类型的验证所需的最低要素清单。实际上,由于软件之间差异巨大,不可能在一个文件中给出所有实用的特定的验证要素。
This guideline is intended for use by OMCLs workingunder Quality Management Systems based on the ISO/IEC 17025 standard, which usecomputerised systems for a part or the totality of the processes related to thequality control of medicines, and it is not addressed to manufacturers workingunder GMP requirements.
本指南仅用于采用计算机系统作为药品质量控制过程的一部分或全部,在基于ISO/IEC 17025标准的质量管理系统下进行工作的OMCL,不是针对在GMP要求下工作的供应商。
In order to simplify the management of the guideline,the present document contains only a general introduction and generalrequirements for different types of computerised systems. The core document issupplemented with system-related annexes, containing additional requirementsand/or practical examples of validation documentation, which are to be used incombination with the general recommendations given in the core document.
为了简化指南的管理,本文件仅包括通用介绍和不同计算机化系统类型的通用要求。本核心文件增补有系统相关附件,包括额外要求和/或部分验证文件举例,这些可以与核心文件中给出的通用推荐结合使用。
The list of annexes, included in this document, willbe updated as soon as new annexes are issued.
一旦新的附件签署,包括在本文件的附件清单将会被更新。
This document should be considered as a guide to OMCLsfor planning, performing and documenting the validation of their computerisedsystems. It should not be taken as a list of compulsory requirements. It isleft to the professional judgement and background experience of each OMCL todecide on the most relevant procedures to be undertaken in order to giveevidence that their computerised systems are working properly and areappropriate for their intended use.
应将本文作为OMCL计划、实施和记录计算机化系统验证时的指南,而不是作为一个强制的清单。为了给出证据说明各实验室的计算机化系统正常工作并适合其用途,应该由专家判断和每个OMCL背景经验来决定,哪些最相关的程序是需要执行的。
DEFINITIONS 定义
Computer system: Computer hardware components assembled to perform inconjunction with a set of software programmes, which are collectively designedto perform a specific function or group of functions.
计算机系统:组装起来的计算机硬件组件,与一系列软件程序相关联,组合设计可以实施一个特定功能或一组功能。
Computerised system: a computer system plus the controlled function thatit operates. Includes hardware, software, peripheral devices, personnel, anddocumentation; e.g., manuals and Standard Operating Procedures (SOPs).
计算机化系统:一个计算机系统和其操作的控制功能。包括硬件、软件、外围设备、人员和文件,例如手册和标准操作程序(SOPs)。
Commercial (off-the-shelf,configurable) software: Configurable programmes that can be configured to specific userapplications by “filling in the blanks”, without altering the basic programme.
商业(现成的、已设定参数)软件:可以由指定用户通过“填写空白”设定程序的参数,不改变基本程序
In-house developed software: system developed by the user (or by a contractedcompany), with the purpose of specifically meeting a defined set of userrequirements.
自主开发的软件:由用户自己(或由合同公司)开发的系统,可以满足用户设定的专用目的
Electronic laboratory notebook(ELN): software programme designedto replace paper laboratory notebooks.
化验室电子笔记本(ELN):设计用于代替纸质化验室笔记本的软件程序
Laboratory InformationManagement System (LIMS): Automated laboratory systems that collect and manage data.
化验室信息管理系统(LIMS):可以收集和管理数据的自动化实验室系统
1. HARDWARE 硬件
The hardware used shall fulfil the technicalrequirements so that the work to be completed can be carried out. Suchrequirements include e.g. minimum system requirements indicated by themanufacturer of the equipment. These requirements should be predefined inaccordance with the intended use.
使用的硬件应满足技术规格要求,使得需要完成的工作可以实施。这些规格要求包括,例如由仪器供应商指出的最低系统要求。这些要求应根据用途预先设定。
The hardware components shall be installed by skilledpersonnel (e.g. staff from the Information Technology (IT) Unit, the technicianfrom the manufacturer of the equipment, or other trained personnel), and shallbe checked for their functionality and compared with the requirements.
硬件组件应由熟练的人员安装(例如IT部门的员工,设备供应商的技术人员,或其它经过培训的人员),应检查组件的功能并与规格要求相比较。
Computerised systems that are part of test equipmentmust be labelled unambiguously.
作为检测仪器的一部分的计算机化系统必须清楚地进行标识。
For computerised systems which are components of testequipment, records must be kept on hardware configuration, installation andchanges. These records can be entered in the logbook of the test equipment.
对于作为检测仪器组件的计算机化系统,必须保存硬件参数、安装和变更的记录。这些记录可以输入检测仪器的日志中。
2. GENERAL REQUIREMENTS FOR SOFTWARE 软件通用要求
Inventory 系统清单
An inventory or listing of all computerised systemsshould be available.
应保存计算机化系统的清单
The following minimum information should be includedin the computerised systems inventory:
计算机化系统清单应至少包括以下内容:
unique identification
唯一识别号
Purpose
目的
validation status
验证状态
physical or storage (drive and files path) location of the software andrelated documentation
软件和相关文件的物理或贮存(驱动器和文件路径)位置
responsible or contact person
负责人或联系人
In the case of local installation (workstation), eachcopy of the software needs its own unique identification.
如果在本地进行安装(工作站),每个软件的复制件均需要其唯一的识别号。
In the case of software related to scientificequipment (e.g. HPLC) its identification (such as license number or serialnumber, and version number) should be independent from the equipmentidentification, whenever possible.
如果软件与科学仪器相关(例如HPLC),只要是在可能的情况下,其识别号(例如许可号或序列号,和版本号)应独立于仪器识别号。
Validation of the software 软件验证
Prior to routine use, the software should bevalidated.
在日常使用前,软件需要进行验证。
Validation consists in confirmation by examination andprovision of objective evidence that software specifications conform to userneeds and intended uses, and that the particular requirements implementedthrough software can be consistently fulfilled.
验证包含在相关的检查确认和客观证据内容中,包括软件规格是否符合用户需求和所设定的使用目的,以及软件应用的特殊规格要求可以持续地得到满足。
Change control 变更控制
In case of changes in the software, the validationstatus needs to be re-established. If a revalidation analysis is needed, itshould be conducted not just for validation of the individual change, but alsoto determine the extent and impact of that change on the entire computerisedsystem.
如果变更是针对软件的,验证状态需要更新。如果需要一个再验证分析,则应进行再验证分析,这个分析不仅是针对单个的变更的验证,同时应确认其验证程度和变更对整个计算机化系统的影响。
In the same way, changes in the computer environmentcould have an impact on the software running. In this case, a revalidationcould be required.
同样,对于计算机环境的变更可能会影响到软件运行。在此情况下,可能需要进行再验证。
In both cases, the extent of the revalidation will dependon the nature of the change. The nature of the changes should be documented.
两种情况下,再验证的深度均取决于变更的性质。变更的性质应有记录。
Automatic updates should ideally be controlled by ITor a system administrator and installed at pre-defined dates to minimize bothdisruption and unexpected behaviour of the system. Following installation ofupdates, verification should be carried out, the extent of which will depend onthe extent of the update(s). Each update should be documented.
自动升级的理想情况是由IT来控制,或者由系统管理员控制,并在预订的日期进行安装,以最大程度减小对系统的干扰和意外行为。在升级安装完成后,应进行验证,验证的程度取决于升级的程度。每一次升级均应该记录。
Note: this does not necessarily apply to servicepatches for commercial office software.
注:对于商业办公软件的服务补丁,可能不需要这些工作。
Verification of the software 软件确认
Commercial software should be checked at installation.
商业软件在安装时应进行检查。
Concerning in-house software, it should be verifiednot only at installation but also on a regular basis to avoid any error andguarantee good results. The regularity of the verification depends on softwaresafety, usage frequency and the possible impact, if there is a failure.
对于自主开发的软件,应不仅要对安装进行确认,还要进行常规确认,以避免任何错误及保证良好结果。确认的常规性取决于软件的安全性,使用频次和如果有失败时可能的影响。
In both cases, the OMCL’s policy should be describedin a procedure.
OMCL的政策应在某个程序中描述以上两种情况。
Protection of the software 软件保护
Software must be protected against any intrusion thatcould generate wrong scientific results. One way could be to secure software orcomputers/systems access by a password. It must also be protected against anyexternal interference that could change the data and affect the final results.
软件应受到保护,使其不会受到干扰而产生错误的科学结果。保护软件或计算机/系统的一个方法是使用密码登录。同时还必须保护使其不受到任何外来的可能改变数据和影响最终结果的干扰。
Backup 备份
Traceability must be ensured from raw data to results.If all or part of the traceability of parameters relevant for the quality ofthe results is available only in electronic form, a backup process must beimplemented to allow for recovery of the system following any failure whichcompromises its integrity. Back up frequency depends on data criticality,amount of stored data and frequency of data generation.
必须保证从原始数据到结果的可追溯性。如果与结果质量相关的参数的所有或部分追溯性仅采用电子形式,则需要有备份程序以允许在任何危及其完整性的失败后进行系统恢复。备份频次取决于数据是否关键,存贮数据的数量和数据产生的频次。
The OMCLs should have a policy and procedure in placefor ensuring the integrity of backups (secure storage location, adequatelyseparated from the primary storage location, etc) – this may be part of a moregeneral “disaster recovery plan”.
OMCL应制订政策和程序以保证备份的完整性(保护贮存位置,与原始存贮位置有充分分开等)--这可能是“灾难恢复计划”的一部分。
A procedure for regular testing of backup data(restore test), to verify the proper integrity and accuracy of data, should bealso in place.
对于备份数据应有一个常规测试的程序(恢复测试),以确认数据完整性和准确性。
Archive of superseded software versions 软件被替代版本的存档
Superseded versions of software should be archived (ifrequired for access to historical data) for at least 5 years[1] ina retrievable and readable electronic format.
软件的前版本应进行保存(如果需要进入历史数据)至少5年,且应是可以恢复和可读的电子格式。
Note: this requirement is not applicable to commercialoff-the-shelf office software (including service patches), software that isarchived by a qualified subcontractor or when historical data (raw data andresults) are documented in paper format
注:这个要求不适用于商业现成的应用办公软件(包括服务补丁),不适用于由有资质的分包商进行存档的软件或当历史数据采用纸质方式存档的情况(原始数据和结果)。
Identification of software version 软件版本的识别
The version and name of the software should bedisplayed to the user at an appropriate stage of the operation of the software(e.g. on the screen when opening the application) and it should be traceable inany reports generated by the software.
软件的名称和版本号应在进行软件操作过程适当的进程中显示给用户(例如当启动应用软件时显示在屏幕上),且在软件形成的任何报告中均应可追溯。
For laboratory software on computers as part of testequipment, software updates including the version number should be traceable inthe equipments’ log book.
对于作为检测仪器一部分的计算机上的化验室软件,软件升级,包括版本号均应在仪器的日志上可追溯。
Review of computerised systems 计算机化系统回顾
Risk management activities and/or audits should beperformed on a regular basis for computerised systems.
应对计算机化系统进行常规的风险管理活动和/或审计。
Training of software operators 软件操作人员的培训
Correct operation of the software should be ensured.This may be done either by appropriate and documented training or throughdetailed information in the relevant SOPs.
必须要保证软件的正确操作。这可以通过适当的,有记录的培训来进行,或通过在相关SOP中所载的详细信息。
3. VALIDATION OF CALCULATION SOFTWARE 计算软件的验证
Commercial or in-house developed software may be usedfor calculation and data analysis.
商业或自主开发软件都可能会被用于计算和数据分析。
The requested documentation/information, applicable toboth commercial and for in-house developed software for calculations, is shownin Table I.
要求的文件/信息显示在表1中,适用于商业软件和自主开发的计算软件。
a) Commercial software 商业软件
If several pieces of commercial software areavailable, the laboratory should select the one that better fits the intendedpurpose.
如果有几个商业性软件均可用,实验室应选择更适用于其用途的一个。
According to ISO/IEC 17025 standard, commercialoff-the-shelf software (e.g. word-processing, database and statisticalprogrammes), in general use within their designed application range, may beconsidered to be sufficiently validated. However, laboratory softwareconfigurations/modifications should be validated.
根据ISO/IEC 17025标准,商业现成的应用软件(例如文字处理软件,数据库和统计程序),一般在其设计的应用范围内使用,可以作为已经过充分验证。但是,化验室软件参数配置/修改需要进行验证。
A reduced validation procedure (of theseconfigurations/modifications) is acceptable if the documentation supplied withthe commercial off-the-shelf product has been reviewed and considered asfulfilling the user requirements.
如果商业现成的应用产品提供的文件已经过审阅,并被认为满足用户需求的话,可以接受只进行简化的验证程序(对这些参数配置/修订)。
b) In-house software自主开发的软件
If in-house software are used, they are under thesupervision of the main user; they must be validated, checked and secured. Formore details on validation, see Annex 1.
如果使用了自主开发的软件,则应处于主使用者的监督之下,还必须进行验证、检查和保护。关于验证的细节,参见附件1.
General requirements: 一般要求
Concerning spreadsheets (e.g. Excel), for security reasons, all cellsincluding calculations must be locked in such a way that formulas are not accidentallyoverwritten. Free access should only be given to cells to be filled in withdata. Formulas should also be protected from accidental input of inappropriatedata type (e.g. text in a numeric field).
关于应用表格(例如EXCEL),出于安全原因,所有包括计算的单元格必须锁定,以免其中的计算公式被意外改写。仅需要输入数据的单元格才可以被输入内容。另外还需要设定对不适当数据类型的意外输入(例如在数字区域输入文本)。
Each calculation algorithm should be tested with another validatedsoftware (the software version used for the calculations should be traceable inthe records) or by a pocket calculator and documented or in comparison withpublished data.
每个计算的运算程序应采用另一个验证过的软件进行测试(用于计算的该软件版本应在记录中可追溯),或者采用手工计算器,并记录与发布的数据进行比较。
A known dataset should be used for the verification of the software, forwhich the expected final results are identified.
应使用一个已知的数据集来对软件进行确认,该软件中应给出期望的最终结果。
Table I: Softwaredocumentation 表1:软件文件
Information/documentation that should be available 需要的信息/文件 | | |
Name, version and unique identification of the software 软件名称、版本和唯一识别 | | |
Original files (CD-ROM…) or storage location to install the software and software to manage the computer environment 原始文件(CD-ROM…)或安装软件的存贮位置,管理计算机环境的软件 | | |
Date at which the software was put into operation 软件投入使用的日期 | | |
Current physical location, where appropriate 目前的物理存贮位置,如适用 | | |
Responsible person in charge of the software 管理软件的负责人 | | |
Manufacturer’s name, license number and serial number or other unique identification 供应商名称、许可证号和序列号或其它唯一的识别号 | | |
Conditions under which the software runs, where applicable (hardware, operating system….) 软件运行的条件,适用时(软件、操作系统…) | | |
Manufacturer’s certificate of validation, if available 供应商的验证证明,如有 | | |
Manufacturer’s instructions, if available, or reference to their location 供应商提供的指南,如有,或其位置的索引号 | | |
Documentation on validation of configurations/modifications performed by the user that may impact the results (see Annexes) 用户修改后或重新设置参数后可能会影响结果的参数/修订的验证文件(见附件) | | |
Name of the person who developed and validated the software, and the date of validation 研发和验证软件的人员姓名,验证日期 | | |
Source code, if available 源代码,如有 | | |
Operating rules, where appropriate 操作规则,如适用 | | |
Documentation on software regular verification 软件日常确认的文件 | | |
Documentation on software validation (see Annexes) 软件验证文件(见附件) | | |
Follow-up of encountered failures, maintenance of the process, updated versions and , where appropriate, configuration management 遭遇失败、过程维护、版本升级(如适用)、参数配置管理的跟踪 | | |
4. VALIDATION OF DATABASE COMPUTERISED SYSTEMS 计算机化系统数据库的验证
Databases used for the storage and retrieval of test resultsand preparation of test reports, which have been developed in-house by usingcommercial software (e.g. Access), in its normal configuration, are consideredto be sufficiently validated.
用于检验结果存贮和恢复以及检验报告制作的数据库,如果是公司采用商业软件(例如Access)进行了自主开发,在其常规参数配置时,可以认为是已经过了充分验证。
Nevertheless, the following minimumdocumentation/information has to be kept up to date, in the corresponding fileof each database:
然而在每个数据库的相应文件中,应至少使以下文件/信息保持最新。
A schematic representation of the database.
数据库的纲要表述
Changes to forms, queries, macros, field types or properties that couldhave an impact on the quality of results should be traceable.
表格的变更,询问,宏,域类型或可能会对质量结果造成影响的特性需要是可追踪的
Each user should have a personal access code.
每个用户应有一个个人进入代码
User rights should be defined.
用户权限应进行定义
Operating rules should be recorded.
操作规则应记录
Any modification for improvement or failure should be documented.
所有的改进性修订或失败均应进行记录
5. VALIDATION OF LIMS and ELN 化验室信息管理系统和电子笔记本的验证
For commercial Laboratory Information ManagementSystem (LIMS) and Electronic Laboratory Notebook (ELN), system validation mustensure that the entire system has been properly tested. For more details onvalidation, see Annex 2.
对于商业化验室信息管理系统(LIMS)和实验室电子笔记本(ELN),系统验证必须要保证整个系统经过适当测试。验证的细节参见附件2.
Validation of any modification, configuration orcalculation that may have an impact on the results are under the users’responsibility (see chapter 3.a and table 1 for commercial software).
对于任何可能会对结果产生影响的修改、参数配置或计算的验证应归属于使用者的职责范围。(见第3章a和表1商业软件)
6. VALIDATION OF COMPUTERS AS PART OF TEST EQUIPMENT 作为检验仪器一部分的计算机的验证
In some test methods (e.g. HPLC, particle counting),test equipment is used, which is controlled by computerised systems. In doingso, the raw data are in general also evaluated directly via the computer. Thequality of such test results is thus largely dependent on the correct use ofthe software and the functionality of the computerised system. For more detailson validation, see Annex 3.
在一些检测方法中(例如HPLC,粒径计数),使用了由计算机化系统控制的检测设备。在这样做的时候,原始数据一般也会由计算机直接评价。这些检验结果的质量因而很大程度上取决于对软件及计算机化系统功能的的正确使用。更多验证细节参见附件3.
As part of the equipment qualification, thecomputerised system, together with the software relating to it must bevalidated with regard to reliability, accuracy, and reproducibility (it mayhowever be sufficient to qualify the testing equipment with the software as awhole).
作为仪器确认的一部分,计算机化系统和与其相关的软件必须验证其可靠性、准确性和重复性(将仪器和软件作为一个整体进行确认也可能是足够的)。
A revalidation is required if modifications to thecomputerised systems (hardware or software) might influence the quality of thetest results.
如果对计算机化系统(硬件或软件)进行了可能影响检测结果的质量的修订,则需要进行再验证。
REFERENCES 参考文献
For all references, the latest version applies.
所有参考文献均以最新版本为准
1) Good Automated Manufacturing Practices (GAMP).
优良自动化生产规范
2) Good Practices for Computerized Systems inregulated “GXP” environments. Pharmaceutical InspectionConvention/Pharmaceutical Inspections Co-operation Scheme (PIC/S).
优良规范“GXP”环境下的计算机系统规范,药物检查委员会/药物合作框架检检查(PIC/S)
3) EU Guidelines to Good Manufacturing Practice (GMP).Annex 11. Computerized Systems.
欧盟GMP指南,附件11,计算机化系统
4) OECD Series on Principles of Good LaboratoryPractices and Compliance Monitoring. Number 10. The Application of thePrinciples of GLP to Computerized Systems. Environment Monograph no. 116.
OECD系列:优良实验室规范原则和符合性监控,第10,计算机化系统的GLP原则实践,环境各论第116号
美国FDA软件验证通用原则,FDA计算机化系统和软件研发术语
LIST OF ANNEXES (the latest version applies):附件清单(适用最新版本)
Annex 1: Validation of computerised calculationsystems - PA/PH/OMCL (08) 87
附件1:计算机化计算系统的验证- PA/PH/OMCL (08) 87
Annex 2: Validation of databases, Laboratory InformationManagement Systems (LIMS) and Electronic Laboratory Notebooks (ELN) -PA/PH/OMCL (08) 88
附件2:数据库、化验室信息管理系统(LIMS)和电子实验室笔记本(ELN)的验证- PA/PH/OMCL (08) 88
Annex 3: Validation of computers as part of testequipment - PA/PH/OMCL (08) 89
附件3:计算机作为检测设备的一部分的验证- PA/PH/OMCL (08) 8
|手机版|药群论坛
( 蜀ICP备15007902号 )
收藏
支持
反对