实验室计算机化系统数据管理要求

恨我不成钢

Laboratory Data Management Software

实验室数据管理软件

Some analytical laboratories manage laboratory data using commercial software like LIMS or scientific data management systems. Whether the software is validated at the site, either by the vendor or by the user, the user is responsible for assuring its compliance with 21 CFR Part 11.  The Quality Unit should understand completely the functionality, features, and capability of the software. All automatic equipment used in pharmaceutical manufacturing environment, including computers used to test drug products, must also comply with 21 CFR Part 211.68. Regulatory expectations for computerized systems used in the manufacture of API are found in the ICH QJ Guidance for Industry (6,8,43).

一些分析实验室使用LIMS等商业软件或科学数据管理系统管理实验室数据。无论软件是在供应商还是由用户在现场验证，用户都有责任确保其符合21 CFR Part11的要求。质量部门应完全理解软件的功能，特性和能力。制药生产环境中使用的所有自动化设备，包括用于检验药品的计算机，也必须符合21 CFR Part 211.68。用于制造API的计算机化系统的法规要求见ICH Q7 Guidance for Industry（6,8,43）。

Browser-enabled user logins from multiple computers pose a potential risk. Login functionality is recommended to be properly challenged, mitigated, and verified. An additional layer of security should be embedded in the software that allows only user logins that have been verified by specific, permitted IP addresses as filter logins.

用户使用浏览器通过多台计算机登录存在潜在风险。 建议使用登录功能以进行适当的挑战，缓和和验证。 应对软件进行额外的安全控制，只允许特定IP的用户登录。

Laboratory data management software typically is  validated  using the  following steps  (not necessarily in this order):

实验室数据管理软件通常使用以下步骤进行验证 (不一定按此顺序):

• Document the software name and version number
  记录软件名称和版本号
• Define the period for software updates
  定义软件更新周期
• Check and validate e-signatures
  检查并验证电子签名
• Validate the software for its intended use
  验证软件符合其预期用途
• Determine capability of meeting 21 CFR Part 11 requirements in terms of audit trail and controls
  确定在审计追踪和控制方面满足21 CFR Part 11要求
• Test the software on the network for data transmission
  测试软件的网络数据传输
• Set up controls and traceability of printouts and define number of printouts allowed
  设置打印输出的控制和可追溯性，并定义允许的打印数量
• Check data and security of off shore and Cloud data
  检查离线数据和云数据的数据和安全性
• Validate Cloud-based data management system for security and possibility of compromise
  验证基于云的数据管理系统的安全性和泄漏的可能性
• Establish quality service agreement and contingency plan for Cloud-based systems and deter- mine exact physical location of servers
  对基于云的系统建立质量服务协议和应急计划，并确定服务器的确切物理位置
• Verify record and logic behind the algorithms used in calculations
  确认记录和用于计算的算法逻辑
• Calculate manually the common statistical computations used by software  {such  as  mean,  standard deviation, percentage of relative standard deviation to complex math like potency content, similarity factor (F2) values for dissolution analysis, and coefficient of variation for uniformity of dosage) and compare with software values
  对软件使用的常用统计计算（例如平均值，标准偏差，相对标准偏差与复杂数学的百分比，如有效含量，溶出度分析的相似因子（F2）值，以及剂量均匀性的变异系数）进行人工计算，并与软件数值进行比较
• Check data transmission and losses from instruments to attached computer
  
  检查从仪器到归档计算机的数据传输和丢失
• Check data transmission to computer, server, and interfaces in between, and validate for intended functionality of analysis, data acquisition, processing, reporting, tracking, and security
  检查数据传输到计算机，服务器的过程和它们之间的接口，并验证其预期功能，包括分析，数据采集，处理，报告，跟踪和安全性
• Ensure PDFs of any converted data files are not editable and bear a date-and-timestamp
  确保任何已转换数据文件的PDF都不可编辑，并带有日期和时间戳
• Confirm that intended software is compatible with COTS software for any laboratory instrument (e.g., HPLC, GC, and PSD).
  确认所需软件与任何实验室仪器（例如，HPLC，GC和PSD）的COTS软件兼容
  
  

Controls

控制

The following are the minimum controls needed to validate laboratory data management software:

以下是验证实验室数据管理软件所需的最低控制：

• Identify the person responsible for updates and maximum possible software updates to be performed by the software vendor and in-house ITpersonnel
  
  确定负责更新的人员以及由软件供应商和内部IT人员执行的最大允许软件更新
• Address any changes to software through change history
  对软件的任何更改需写入变更历史中
• Establish secure unique user login identifications and periodic change of passwords
  建立安全唯一的用户账户并定期更改密码
• Restrict permission to delete data to administrator or IT personnel
  限制管理员或IT人员删除数据的权限
• Maintain copies of older versions of software whenever version is  updated(recommended) and ensure that backed-up data from previous versions can still be accessed
  在更新版本（推荐）时保留旧版软件的副本，并确保仍可访问以前版本的备份数据
• Check software integrity on a periodic basis
  定期检查软件的完整性
• Maintain detailed list of roles, responsibilities, and privileges for all staff who use the laboratory data management software
  为使用实验室数据管理软件的所有员工保留详细的角色，职责和权限列表
  
  

Common Deficiencies that May Lead to Data Compromise

可能导致数据完整性问题的常见缺陷

• Browser-based interface enabling simultaneous logins with the same IDs without sufficient controls to prevent redundant data activity
  基于浏览器的界面，可以使用相同的ID同时登录，没有充分的控制来防止过多的数据活动
• Not investigating qualification errors or shortfalls according to nonconformance procedure
  未按照偏差程序调查数据错误或不足
• Not enabling, reviewing, or publishing audit trails
  未激活，审核或发布审计追踪
• Installing features without complete understanding, leading to data compromise
  没有完全理解安装功能，导致数据失效
• Lapses in training, e.g., lack of training or inadequate training for tasks being performed
  培训不足，例如缺乏培训或对正在执行的任务培训不足
  
  

syhorchid

学习一下

simonpeng1101

学习一下，谢谢分享！！！

Gavin迪

学习一下，谢谢分享！！！

小金库

谢谢分享。