Document 12162232

advertisement
实验室数据完整性风险评估
Regulation 法规要求
作为风险管理系统的一部分,应根据合理的并有文件记录的计算机系统
风险评估来决定验证的范围和数据完整性的控制手段。
Regulation 法规要求
MHRA Data Integrity Definitions and Expectations, Revision 1.1 March 2015
 The data governance system should be integral to the pharmaceutical quality system described in
EU GMP chapter 1. The effort and resource assigned to data governance should be
commensurate with the risk to product quality, and should also be balanced with other quality
assurance resource demands. As such, manufacturers and analytical laboratories are not
expected to implement a forensic approach to data checking on a routine basis, but instead design
and operate a system which provides an acceptable state of control based on the data integrity
risk, and which is fully documented with supporting rationale.
数据管理体系应该与欧盟EU GMP第一章所述的质量体系相结合。投入到数据管理的精力和资源应
与其产品的风险等级相对应,同时还应该权衡其他质量保证工作的资源需求。因此, 生产者和分析
实验室并不是要刻板地进行常规的数据核对,而是要设计出并运行一套管理体系,来控制数据完整
性的风险,而且详细记录这个体系合理性的支持依据。
Risk Management & Risk Assessment
Planning & Criteria
ID Hazardous Situations
Impact/ likelihood/detectable
Compare to Criteria
Reduce Occurrence
Benefit vs. Risk
Document & Approve
Update as Needed
风险管理与风险评估
进计划并预设可接受标准
识别危害
严重程度/可能性/可检测性
与可接受的风险相比
减少风险发生
风险和收益的均衡
记录并批准
及时更新
QC Data Sources 实验室数据来源
简单
复杂
No software
无软件
Simple Software
简单软件
Complex Software
复杂的软件
固件(FirmWare)
单机版设备
网络版软件
pH 计
紫外分光光度计
液相色谱-质谱联用
天平
红外光谱仪
HPLC系统(网络版)
实验室调查系统
SAP系统
熔点仪
TLC系统
红外光谱仪(网络版)
CAPA系统
ERP系统
沸点仪
原子吸收光谱仪
(卡尔费休)滴定仪
HPLC系统(单机版)
LIMS
紫外分光光度计
(网络版)
 人工观测后进行的纸质记录,
 从简单的设备直至复杂的高度配置的计算机系统产生的图谱和数据;数据完整性的内在
风险也因此有所不同,这取决于数据(或系统生成的或使用的数据)的可配置的程度及
由此而被造假的可能性程度
Risk identification 风险识别
Does the data has a quality impact in that it affects product quality,
safety or compliance with authority GXP regulations?
数据是否影响到产品质量和安全,或者与任何一个法规相关?
Non-GxP or Low Risk Requirements are typically then marked NA and think it is low risk
data or data process.
如果和任何一个GXP法规都无关,或者是低风险等级的法规要求,可以标注不适用,认为
该数据或者处理数据的过程为低风险;
Risk identification 风险识别
所有数据必须满足ALCOA+要求
A
Attributable
归属性(可追溯的)
L
Legible
可辨性 (清晰可读的)
C
Contemporaneous (=same time)
同时期(及时性)
O
A
Original
原始性 (原始的)
Accurate
准确性
ALCOA+
Enduring
持久
按数据类型保存期限,在数据整个生命周期保存
可检索数据
Complete
完整
包含所有数据
Available
可用
数据便于随时访问
Consistent
一致
数据兼容,无变动和冲突
Risk identification 风险识别
a Failure Mode and Effects Analysis (FMEA) technique can be used to
identify and record the GAP/Risk from: 通常用FMEA来识别并记录差距/
风险
可采用其它辅助工具识别风险:
 头脑风暴法 (Brainstorming)
 鱼骨图 (Fishbone diagram)
 流程图(Process flow charts)
 核查表(Checklist)
思考点:
 纸质、电子或混合系统
 静态数据或动态数据
 人工与电子原始数据
Risk Analysis 风险分析
风险识别后,对FMEA清单中的所有风险因素进行风险分析,并对每一项风险因素
的得分与预先在FMEA方法中设定的风险可接受限度相比较,
 思考 ALCOA+要求
 考虑数据完整性的关键组成部分:
1.
2.
3.
4.
5.
6.
7.
良好文档规范
数据审核检查
有效验证
电子系统账户管理和安全
数据保存:存储、备份和归档
系统设计
……
Risk Analysis 风险分析
Risk Evaluation 风险评价
Category
Description
Attributable 可追溯
Who performed an action and when. If a record is changed who did it and why. It should be clear who
created a record and when. Likewise, it should be clear as to who amended a record, when, and why.
何时由谁产生的数据,如果改变数据,谁更改的,为什么;能明确找到记录的时间和由谁生成的。
同样,能清晰的追溯谁更改了数据,什么时间更改的,为什么更改。
Legible 清晰可读
Data must be recorded permanently in a lasting form and easily readable.
数据应记录永久记录在一个专用表格中并易于读取。
Contemporaneous 及时性
The data must be record at the time the work is performed and data/time stamps should follow in order.
操作后应及时记录,数据应按时间顺序记录
This means the evidence or test results are recorded as they are observed, therefore allowing
reconstruction of the events around the data 这要求证据或者检验结果就应该与事实一致,可以根据
数据重现当时的情况
The recorded information must be the original data or a certified true copy. Data should not be
transcribed from one source to another without justification and control certification processes in place.
记录的信息必须是原始数据或者一个正确的副本。除非有正当理由并有受控的过程证明,数据不可
以从一个原始地方转录到另一个。
Original 原始的
Accurate 精确的
No errors or editing performed without documented amendments.
The information recorded is correct. 数据没有错误,或者书面记录更正的情况后才能修改
Risk Evaluation 风险评价
Impact 影响
Level
10
9
8
7
6
5
4
3
2
1
Criticality 严 重 性
Failure affects safety and involves major non-complicance with government regulation
such as performance, reliability
严重影响到产品的安全性和法规符合性;如功效,可靠性
* extremely serious impact on the analysis process or product quality attributes;
严重影响分析过程和质量属性;
* 100% of product will be discarded based on wrong results;
错误的结果将导致所有产品的报废
* extremly serious impact on patient safety or on the toxicity assessment of the material .
严重的影响病人的安全或物料的毒理评估
Very high degree of patient dissatisfaction and will probably result in patient complaint.
极高程度的引起病人的不满及可能造成病人的投诉
* major impact on the analysis process or product quality attributes;
主要影响分析过程和质量属性;
* unnecessary reprocessing based on wrong results, portion of the product may have to be
scrapped;
错误的结果导致额外的再处理过程,或部分产品报废
* potential impact on patient safety or on the toxicity assessment of the material.
潜在影响病人的安全或物料的毒理评估
Failure causes some dissatisfaction. Patient is made uncomfortable or is annoyed by the failure
可能引起一些不满,病人会感到不舒服或恼火
* low impact on the analysis process or product quality attributes;
较低的影响分析过程和质量属性
* potential reprocessing based on wrong results, portion of the product may have to be scrapped;
错误的结果会导致潜在的再处理过程,或可能导致部分产品报废
* no impact on patient safety or on the toxicity assessement of the material.
不影响病人的安全或物料的毒理评估
Failure causes only a slight patient annoyance.
进会造成病患的细微的不满。
* minor impact on the analysis process or product quality attributes;
轻微的影响分析过程或产品质量属性
* effect of offset results is easily to overcome;
结果的偏移是很容易克服的
* no impact on patient safety or on the toxicity assessement of the material.
不影响病人的安全或物料的毒理评估
Minimal effect 最小限度的影响
* absolutely no impact on the analysis process, product quality attributes;
绝对不影响分析过程或产品质量属性
* absolutely no impact on patient safety or on the toxicity assessment of the material.
绝对不影响病人的安全或物料的毒理评估
Probability可能性
Level
10
Probability 可能性
More than once per day 每天多余1次
9
One every 3-4 days 每3-4天1次
8
Once per week 每周1次
7
Once per month 每月1次
6
Once every 3 months 每3个月1次
5
Once every 6 months 每6个月1次
4
Once per year 每年1次
3
Once every 1-3 years 每1-3年1次
2
Once every 3-6 years 每3-6年1次
1
Once every 6-100 years 每6-100年一次
Detectability可检出性
Level
10
9
Detectability 可检出性
0% likelihood that the potential failure will be detected or prevented before the product is released to
the market, 0%发现缺陷的可能性,及失败模式缺陷不能被检测或在上市前阻止
8
7
25% likelihood 25%发现缺陷的可能性
6
5
50% likelihood 50%发现缺陷的可能性
4
3
75% likelihood 75%发现缺陷的可能性
2
90% likelihood 90%发现缺陷的可能性
1
100% likelihood 100%发现缺陷的可能性
Risk Priority Number(RPN) 风险系数
RPN value
风险系数
Description
描述
Corrective actions
改进措施
0-70
Tolerable
可接受的
No corrective action is required but may be still installed, if defined
and feasible.
不要求有改进措施,但如果有可执行的改进措施,那么就去执行。
71 – 299
ALARP range
安全风险处在最
低合理可行状态
Corrective actions should be defined, if any are possible.
If no corrective actions are possible in this range the remaining risk
needs to be justified.
如果可能,需要制定改进措施。
在此阶段内没有制定改进措施的情况下,需要对残存的风险进行合
理的评估
300 – 1000
Intolerable
不可接受
Corrective actions have to be defined to bring the RPN down to at
least the ALARP range.
If no corrective actions are possible or the RPN remains in this
region the product/method of this particular design should not be
used.
必须要制定改进措施来降低风险系数,最起码要打到ALARP的要求。
如果不能制定改进措施或风险系数依旧存在,那么请停用与此相关
的设计或流程。
Data lifecycle 数据的生命周期
• The Design of the
analytical process and
how data is collected
设计分析过程和数据采
集方案
• What is the process of
data/metadata transfer
数据的传送过程
Data
Archive
数据保留
• Objective reporting
客观报告
• Transparency in failures
失误的透明化管理
• Tracking and trending
failure追踪并分析失误的
趋势
• How do we process our
data如何处理数据的
• How do we identity data
handing failures 如何识别
数据处理失误
Data
Collection
数据采集
Data
Processing
数据处理
Data
Reporting
完成报告
Data
Reviewing
数据审核
• Do we review source data
是否审核源数据
• Do we review
reprocessing events 是否
会注意重新处理的情况
• How do we manage
failures 如何管理失误
Checklist example核查表举例
Reference
1.1
1.1
1.1
1.1
1.1
1.1
1.1
1.1
1.1
1.1
1.1 Laboratory Systems: Quality Control
实验室系统:质量控制
List existing laboratory equipment. Respond to each question for each unit. Units may
be bundled where appropriate.
罗列所有实验室的仪器。并为每个仪器回答每一个问题,
如适用,可以将多个仪器合并起来回答。
Is this unit linked to an electronic lab management system (Yes/No) Describe
用YES或No来描述每个仪器是否与电子实验室管理系统相关联?
Is the unit part 11 compliant?
该仪器是否遵循Part 11?
How was this determined? Describe why this conclusion was made?
怎样判定的? 是否描述了为什么做这样的决定?
Are there audit trails for all? Yes/No, describe.
是否有所有的历史记录? 用Yes或者No来回答
If yes, are audit trails periodically reviewed? Describe what is done.
如果Yes, 那么历史记录是否进行了周期性复核? 描述做了什么
Is raw data contained with the analytical record and subject to review as part of the
release process
原始数据是否包含在分析记录中, 是否是放行过程中复核的对象?
Does each of these have a related log book? Yes/No. Is the logbook audited or verified
either periodically or as a routine? If so, please describe what is done.
用Yes或者No来说明是否这些都有相应的记录日志?这些记录日志是否被周期性
地或者规律性地审查或者确认? 如果是,请描述做了什么?
Confirm all units have been qualified, operating under GMP.
确认所有仪器都经过了确认,并且按照GMP要求来操作。
Comment
Item
Checklist example核查表举例
1.1
1.1 Laboratory Systems: Quality Control
实验室系统:质量控制
1.11
QA Unit: QA部门
1.11
1.11
1.11
1.11
1.11
1.11
1.11
1.11
1.11
Is QA involved in QC?
QA 是否参与到QC中?
What is the role of the QA unit?
QA人员是什么样的角色?
Is QA a defined and independent review and approval function?
QA是否是拥有规定的和独立的复核和批准功能?
Describe this process and the standards used for review/approval of documents and golive process for equipment utilization.
描述文件复核/批准的过程与标准,以及仪器设施启用的流程
Is QA made aware of changes to data, invalidated data, laboratory investigations? Be
specific with as to what is notified to QA and what they are obligated to take, if any.
QA是否能够察觉到数据改变,无效数据,实验室调查? 如果有任何上述问题,
应具体到哪些通知到QA,他们中谁有职责去做的这些?
Describe process and attach relevant
procedure documents
Describe instances where raw data is not maintained or reviewed
Discuss
举例说明哪些原始数据没有被维护或者复核
Describe conditions under which data can be altered, updated, changed, etc.
Discuss and attach procedure
描述在哪些情况下,数据能够被筛选,被更新,被改变等
Indicate the number of stability chambers that exist. Confirm that each are qualified and Discuss
that alarm conditions exist. Describe what happens in the case of excursions? How is
the raw monitoring data collected? Is it available for audit?
指明存在的稳定性箱体的数量。 证实每一个都经过了确认和存在报警系统。
描述超限案例的处置。原始监控数据如何被收集? 是否有历史记录?
Checklist example核查表举例
Reference
1.1
1.12
1.12
1.12
1.12
1.12
1.12
1.12
1.12
1.12
1.12
1.12
1.12
Comment
1.1 Laboratory Systems: Quality Control
实验室系统:质量控制
Document management文件管理
Availability of Procedures and General Controls:
流程和基本控制的有效性:
Are the relevant SOPs in place for data handling, management, record retention and
good documentation practices?
关于数据处理,管理,记录存档和良好的文档规范的SOPs应准备就绪。
For raw data mgt: are printouts kept for all non computerized or hybrid systems (e.g.
balances etc)? Are these automatically time- and date-stamped?
对于原始数据的管理:是否所有非计算机化或单一系统的打印条都被保存(如天
平)?这些是否被自动的打印出时间和日期?
Are equipment and system inventories available and kept current?
所有仪器和系统的列表是可获得的,并且被保存至今
Is validation documentation up to current standards and involve both periodic and event
based evaluation?
验证文件是否满足最新的标准的要求,并包含周期性评估或基于事件的评估?
Do formal operational processes exit for
以下管理是否存在正式的操作流程:
Data management?
数据管理
Incident management?
事件管理
Change management?
变更管理
User account management?
用户账号管理
Calibration management?
校准管理
Please describe existing processes
and attach relevant procedure
documents
Item
Checklist example核查表举例
Reference
1.1
1.13
1.13
1.13
1.14
1.14
1.14
1.14
1.14
1.14
1.14
1.14
1.14
Comment
1.1 Laboratory Systems: Quality Control
实验室系统:质量控制
E-compliance 电子合规
Is ERES (Part11 – Electronic records, Electronic Signatures and Audit trails), handled
and appropriately managed at the local, operational and equipment level?
电子记录和电子报告是否按照本地水平,操作水平和仪器水平来进行处理和适当
的管理?
Is the retirement of computerized systems/equipment defined?
计算机化系统或仪器是否制定了退役流程?
User Accounts: 用户账户:
Are passwords controlled and access rights reviewed periodically? Describe process for
maintenance of controls. For example:
密码是否是受控的,权限是否周期性复核? 描述控制的维护流程。例如:
Are the activation of user accounts and changes are approved by line manager and
documented accordingly?
用户账户的激活与变更是否由直线经理批准并做相应记录。
Are user accounts personalized in the respective applications accordingly?
在每个独立的应用中,用户账户被相应地单独设立的
Is Administrator access restricted according to its business function?
根据商业功能,是否管理员权限被严格限制?
Are Administrator accounts limited to operational tasks only by exception?
管理员账户是否例外地被限制去执行日常任务?
Are system administrators (able to generate, change or even delete data) in the lab who
have additional operational functions in data review? If yes, is the review process as well
as data handling adequately defined in procedures?
系统管理员是否有能力产生、变更、或甚至删除数据,是否在数据复核中有额外
的操作功能,是否是受实验室管理?如果是,数据的复核和处理流程应恰当地定
义在程序中。
Are periodic reviews conducted to ensure appropriate user access?
是否执行周期性复核来确认用户访问权限的适用性?
Is sufficient training conducted for employees before activation? Describe procedures
used
受雇者在授权前是否接受了充分的培训? 描述使用的流程。
Describe procedures and attach.
Describe and attach procedure
document
Describe and provide procedure
documents
Item
Next step—risk control
Planning & Criteria
ID Hazardous Situations
Impact/ likelihood/detectable
Compare to Criteria
Reduce Occurrence
Benefit vs. Risk
Document & Approve
Update as Needed
Next step—risk control 下一步—风险控制
进行计划并预设可接受标准
识别危害
严重程度/可能性/可检测性
与可接受的风险相比
减少风险发生
风险和收益的均衡
记录并批准
及时更新
Download