PIC／S 受法規(guī)約束的GMP和GDP環(huán)境下數(shù)據(jù)管理和完整性優(yōu)良規(guī)范（中英文）

PIC/S 受法規(guī)約束的GMP/GDP環(huán)境下數(shù)據(jù)管理和完整性優(yōu)良規(guī)范（中英文）PIC/S GUIDANCEPIC/S指南PIC/S：國際藥品監(jiān)查合作計劃GOOD PRACTICES FOR DATA MANAGEMENT AND INTEGRITY IN REGULATEDGMP/GDP ENVIRONMENTS受法規(guī)約束的GMP/GDP環(huán)境下數(shù)據(jù)管理和完整性優(yōu)良規(guī)范 PIC/S August 20162016年8月Reproduction prohibited for commercial purposes.Reproduction for internal use is authorised, provided that the source is acknowledged.TABLE OF CONTENTS目錄1. Document history文件歷史2. Introduction引言3. Purpose目的4. Scope范圍5. Data governance system數(shù)據(jù)管理系統(tǒng)5.1 What is data governance什么是數(shù)據(jù)管理5.2 Data governance systems數(shù)據(jù)管理系統(tǒng)5.3 Risk management approach to data governance數(shù)據(jù)管理的風(fēng)險管理方法5.4 Data criticality數(shù)據(jù)關(guān)鍵度5.5 Data risk數(shù)據(jù)風(fēng)險5.6 Data governance system review數(shù)據(jù)管理體系審核6. Organisational influences on successful data integrity management公司對數(shù)據(jù)完整性管理成功與否的影響6.1 General概述6.2 Code of ethics and policies道德和方針準(zhǔn)則6.3 Quality culture質(zhì)量文化6.4 Modernising the Pharmaceutical Quality Management System藥物質(zhì)量管理體系現(xiàn)代化6.5 Regular management review of quality metrics質(zhì)量尺度的定期管理評審6.6 Resource allocation資源配置6.7 Dealing with data integrity issues found internally內(nèi)部發(fā)現(xiàn)的數(shù)據(jù)完整性問題處理7. General data integrity principles and enablers一般數(shù)據(jù)完整性原則和推進(jìn)者8. Specific data integrity considerations for paper-based systems紙質(zhì)系統(tǒng)特定數(shù)據(jù)完整性考慮8.1 Structure of QMS and control of blank forms/templates/recordsQMS結(jié)構(gòu)和空白表格/模板/記錄的控制8.2 Why is the control of records important?為什么記錄的控制如此重要？8.3 Generation, distribution and control of template records模板式記錄的產(chǎn)生、分發(fā)和控制8.4 Expectations for the generation, distribution and control of records產(chǎn)生、分發(fā)和控制記錄的要求8.5 Use and control of records within production areas生產(chǎn)區(qū)域內(nèi)記錄的使用和控制8.6 Filling out records記錄填寫8.7 Making corrections on records記錄更正8.8 Verification of records記錄核查8.9 Maintaining records記錄維護(hù)8.10 Direct print-outs from electronic systems從電子系統(tǒng)中直接打印出的記錄8.11 True copies真實備份8.12 Limitations of remote review of summary reports遠(yuǎn)程審核報告摘要的局限性8.13 Document retention文件保存8.14 Disposal of original records原始記錄的廢棄9. Specific data integrity considerations for computerised systems計算機(jī)化系統(tǒng)特定數(shù)據(jù)完整性考慮9.1 Structure of QMS and control of computerised systemsQMS結(jié)果和計算機(jī)化系統(tǒng)的控制9.2 Qualification and validation of computerised systems計算機(jī)化系統(tǒng)的確認(rèn)和驗證9.3 System security for computerised systems計算機(jī)化系統(tǒng)的系統(tǒng)安全9.4 Audit trails for computerised systems計算機(jī)化系統(tǒng)的審計追蹤9.5 Data capture/entry for computerised systems計算機(jī)化系統(tǒng)的數(shù)據(jù)捕獲/輸入9.6 Review of data within computerised systems計算機(jī)化系統(tǒng)內(nèi)的數(shù)據(jù)審核9.7 Storage, archival and disposal of electronic data電子數(shù)據(jù)的存貯、歸檔和廢棄10. Data integrity considerations for outsourced activities外包活動的數(shù)據(jù)完整性考慮10.1 General supply chain considerations一般供應(yīng)鏈考慮10.2 Routine document verification日常文件核查10.3 Strategies for assessing data integrity in the supply chain供應(yīng)鏈中數(shù)據(jù)完整性評估策略11. Regulatory actions in response to data integrity findings數(shù)據(jù)完整性缺陷引發(fā)的法規(guī)行動11.1 Deficiency references缺陷參考11.2 Classification of deficiencies缺陷分類12. Remediation of data integrity failures數(shù)據(jù)完整性失敗時的彌補(bǔ)方法12.1 Responding to significant data integrity issues對重大數(shù)據(jù)完整性問題響應(yīng)12.2 Indicators of improvement改善指標(biāo)13. Definitions定義14. Revision history版本歷史1 DOCUMENT HISTORY文件歷史Draft 1 of PI 041-1 presented to the PIC/S Committee at its meeting in Manchester4-5 July 2016曼徹斯特會議期間PI 041-1草案提交給PIC/S委員會2016年7月4-5日Consultation of PIC/S Participating Authorities on publication of the Good Practices as a draft and implementation on a trial basis18 July 31 July 2016公布PIC/S草案征求參與藥監(jiān)機(jī)構(gòu)意見及試行2016年7月18日31日Minor edits to Draft 11 9 August 2016第1版本草案輕微修訂2016年8月1-9日Publication of Draft 2 on the PIC/S website10 August 2016第2版本草案在PIC/S網(wǎng)站上公布2016年8月10日Implementation of the draft on a trial basis and comment period for PIC/S Participating Authorities10 August 2016 28 February 2017試驗實施和征求PIC/S參與藥監(jiān)機(jī)構(gòu)意見階段2016年8月10日-2017年2月28日Review of comments by PIC/S Participating AuthoritiesPIC/S參與藥監(jiān)機(jī)構(gòu)審核所收到的意見Finalisation of draft草稿定稿Adoption by Committee ofPI 041-1DatePI 041-1被委員會采納Entry into force ofPI 041-1DatePI 041-1生效2 INTRODUCTION引言2.1 PIC/S Participating Authorities regularly undertake inspections of manufacturers and distributors of API and medicinal products in order to determine the level of compliance with GMP/GDP principles. These inspections are commonly performed on-site however may be performed through the remote or off-site evaluation of documentary evidence, in which case the limitations of remote review of data should be considered.PIC/S參與藥監(jiān)機(jī)構(gòu)定期對原料藥和制劑生產(chǎn)商和銷售商進(jìn)行檢查，以確定其GMP/GDP符合性水平。這些檢查通常是在現(xiàn)場實施，但也可以通過遠(yuǎn)程或離廠文件證據(jù)評估進(jìn)行，這時要考慮遠(yuǎn)程數(shù)據(jù)審核的局限性。2.2 The effectiveness of these inspection processes is determined by the veracity of the evidence provided to the inspector and ultimately the integrity of the underlying data. It is critical to the inspection process that inspectors can determine and fully rely on the accuracy and completeness of evidence and records presented to them.這些檢查流程的有效性是由提供給檢查員的證據(jù)的真實性所決定的，并最終決定于數(shù)據(jù)背后的完整性。檢查員可以確定并完全依賴呈交給他們的證據(jù)和記錄的完整性和準(zhǔn)確性對于檢查過程來說非常關(guān)鍵。2.3 Good data management practices influence the integrity of all data generated and recorded by a manufacturer and these practices should ensure that data is accurate, complete and reliable. While the main focus of this document is in relation to data integrity expectations, the principles herein should also be considered in the wider context of good data management.優(yōu)良數(shù)據(jù)管理規(guī)范影響生產(chǎn)商所產(chǎn)生和記錄的所有數(shù)據(jù)，這些做法應(yīng)能保證數(shù)據(jù)是準(zhǔn)確的、完整的和可靠的。盡管此文件主要關(guān)注的是數(shù)據(jù)完整性要求，在更廣的優(yōu)良數(shù)據(jù)管理環(huán)境下也應(yīng)考慮此指南所述原則。2.4 Data Integrity is defined as “the extent to which all data are complete, consistent and accurate, throughout the data lifecycle”11 and is fundamental in a pharmaceutical quality system which ensures that medicines are of the required quality. Poor data integrity practices and vulnerabilities undermine the quality of records and evidence, and may ultimately undermine the quality of medicinal products.數(shù)據(jù)完整性定義為“所有數(shù)據(jù)在整個生命周期均完整、一致和準(zhǔn)確的程度”，它在藥物質(zhì)量體系中是基本的要求，它確保藥品具備所需的質(zhì)量。不良的數(shù)據(jù)完整性做法和弱點會削弱記錄和證據(jù)的質(zhì)量，并最終可能破壞藥品質(zhì)量。2.5 Data integrity applies to all elements of the Quality Management System and the principles herein apply equally to data generated by electronic and paper-based systems.數(shù)據(jù)完整性適用于質(zhì)量管理體系的所有要素，此中原則等同適用于電子和紙質(zhì)系統(tǒng)產(chǎn)生的數(shù)據(jù)。2.6 The responsibility for good practices regarding data management and integrity lies with the manufacturer or distributor undergoing inspection. They have full responsibility and a duty to assess their data management systems for potential vulnerabilities and take steps to design and implement good data governance practices to ensure data integrity is maintained.數(shù)據(jù)管理和完整性優(yōu)良規(guī)范的職責(zé)由接受檢查的生產(chǎn)商或銷售商承擔(dān)。他們負(fù)有全部職責(zé)和義務(wù)來評估其數(shù)據(jù)管理體系，發(fā)現(xiàn)潛在弱點，設(shè)計和實施優(yōu)良數(shù)據(jù)管理規(guī)范來確保數(shù)據(jù)完整性得到維護(hù)。3 PURPOSE目的3.1 This document was written with the aim of:本文件編制的目的是：3.1.1 Providing guidance for inspectorates in the interpretation of GMP/GDP requirements in relation to data integrity and the conduct of inspections.為檢查員提供與數(shù)據(jù)完整性相關(guān)的GMP/GDP要求詮釋及實施檢查相關(guān)指南。3.1.2 Providing consolidated, illustrative guidance on risk-based control strategies which enable the existing requirements for data integrity and reliability as described in PIC/S Guides for GMP2and GDP3to be implemented in the context of modern industry practices and globalised supply chains.對基于風(fēng)險的控制策略提供詳細(xì)解說的整合指南，促使GMP和GDP的PIC/S指南中所述的現(xiàn)有數(shù)據(jù)完整性要求和可靠性在現(xiàn)代化工業(yè)做法和全球化供應(yīng)鏈的環(huán)境下得到實施。3.1.3 Facilitating the effective implementation of data integrity elements into the routine planning and conduct of GMP/GDP inspections; to provide a tool to harmonise GMP/GDP inspections and to ensure the quality of inspections with regards to data integrity expectations.促進(jìn)數(shù)據(jù)完整性要素在日常規(guī)劃和實施GMP/GDP檢查中有效實施，提供一個工具讓GMP/GDP檢查保持一致，保證數(shù)據(jù)完整性要求方面的檢查質(zhì)量。3.2 This guidance, together with inspectorate resources such as aide memoire (for future development) should enable the inspector to make an optimal use of the inspection time and an optimal evaluation of data integrity elements during an inspection.本指南與檢查團(tuán)資源，例如備忘錄（用于進(jìn)一步展開）一起讓檢查員優(yōu)化使用檢查時間，在檢查中更好地評估數(shù)據(jù)完整性要素。3.3 Guidance herein should assist the inspectorate in planning a risk-based inspection relating to data integrity.本指南應(yīng)協(xié)助檢查組織規(guī)劃基于風(fēng)險的數(shù)據(jù)完整性相關(guān)檢查。3.4 This guide is not intended to impose additional regulatory burden upon regulated entities, rather it is intended to provide guidance on the interpretation of existing PIC/S GMP/GDP requirements relating to current industry practice.本指南無意對受法規(guī)規(guī)范的主體形成強(qiáng)制的法規(guī)責(zé)任，它意在為目前行業(yè)規(guī)范相關(guān)的已有PIC/S GMP/GDP要求提供詮釋。3.5 The principles of data integrity apply equally to both manual and computerized systems and should not place any restraint upon the development or adoption of new concepts or technologies. In accordance with ICH Q10 principles, this guide should facilitate the adoption of innovative technologies through continual improvement.數(shù)據(jù)完整性原則等同適用于手動和計算機(jī)化系統(tǒng)，不應(yīng)該對發(fā)展和采用新概念或技術(shù)形成限制。根據(jù)ICH Q10原則，本指南應(yīng)有助于通過持續(xù)改進(jìn)采納創(chuàng)新技術(shù)。3.6 This version of the guidance is intended to provide a basic overview of key principles regarding data management and integrity. The PIC/S Data Integrity Working Group will periodically update, amend and review this guidance in light of inspectorate feedback, experience in using the guide and any other developments.本版本指南意在為數(shù)據(jù)管理和完整性核心原則提供基本概貌。PIC/S數(shù)據(jù)完整性工作組將定期進(jìn)行更新，根據(jù)檢查團(tuán)的反饋、使用本指南的經(jīng)驗以及任何其它發(fā)展修訂和審核本指南。4 SCOPE范圍4.1 The guidance has been written to apply to both on-site and remote (desktop) inspections of those sites performing manufacturing (GMP) and distribution (GDP) activities. The guide should be considered as a non-exhaustive list of areas to be considered during inspection.本指南適用于現(xiàn)場和遠(yuǎn)程（桌面）檢查那些實施生產(chǎn)（GMP）和銷售（GDP）活動的場所。本指南應(yīng)作為檢查期間要考慮領(lǐng)域的未盡清單。4.2 Whilst this document has been written with the above scope, many principles regarding good data management practices described herein have applications for other areas of the regulated pharmaceutical and healthcare industry.盡管此文件寫就時覆蓋上述范圍，但其中許多關(guān)于優(yōu)良數(shù)據(jù)管理規(guī)范的原則亦可應(yīng)用于受法規(guī)規(guī)范的藥品和保健行業(yè)的其它領(lǐng)域。4.3 This guide is not intended to provide specific guidance for “for-cause” inspections following detection of significant data integrity vulnerabilities where forensic expertise may be required.本指南無意為重大數(shù)據(jù)完整性漏洞引起的“有因”檢查提供特定指南。在有因檢查中，可能需要具有調(diào)查技巧的專家。5 DATA GOVERNANCE SYSTEM數(shù)據(jù)管理體系5.1 What is data governance?什么是數(shù)據(jù)管理？5.1.1 Data governance is the sum total of arrangements which provide assurance of data integrity. These arrangements ensure that data, irrespective of the process, format or technology in which it is generated, recorded, processed, retained, retrieved and used will ensure a complete, consistent and accurate record throughout the data lifecycle.數(shù)據(jù)管理是為數(shù)據(jù)完整性提供保障的所有安排的總和。這些安排保證數(shù)據(jù)，不管其產(chǎn)生、記錄、處理、保存、恢復(fù)和使用的過程、格式或技術(shù)如何，均能在數(shù)據(jù)的整個生命周期中保證完整、一致和準(zhǔn)確的記錄。5.1.2 The data lifecycle refers to how data is generated, processed, reported, checked, used for decision-making, stored and finally discarded at the end of the retention period. Data relating to a product or process may cross various boundaries within the lifecycle. This may include data transfer between manual and IT systems, or between different organisational boundaries; both internal (e.g. between production, QC and QA) and external (e.g. between service providers or contract givers and acceptors).數(shù)據(jù)生命周期指數(shù)據(jù)如何產(chǎn)生、處理、報告、檢查、用于決策、存貯和在保存期結(jié)束后最終廢棄。與一個藥品或工藝相關(guān)的數(shù)據(jù)可能在其生命周期內(nèi)會穿越不同邊界。這可能包括手工和IT系統(tǒng)之間的數(shù)據(jù)轉(zhuǎn)移，不同公司界限之間的數(shù)據(jù)轉(zhuǎn)移，內(nèi)部（例如生產(chǎn)、QC和QA之間）和外部（例如，服務(wù)提供商或合同發(fā)包方和接受方之間）的數(shù)據(jù)轉(zhuǎn)移。5.2 Data governance systems數(shù)據(jù)管理系統(tǒng)5.2.1 Data governance systems should be integral to the pharmaceutical quality system described in PIC/S GMP/GDP. It should address data ownership throughout the lifecycle, and consider the design, operation and monitoring of processes / systems in order to comply with the principles of data integrity, including control over intentional and unintentional changes to, and deletion of information.數(shù)據(jù)管理系統(tǒng)應(yīng)整合于PIC/S GMP/GDP所述的藥物質(zhì)量體系中。它應(yīng)該說明數(shù)據(jù)在其生命周期中的所有者身份，考慮對過程/系統(tǒng)進(jìn)行設(shè)計、運(yùn)行和監(jiān)測，以符合數(shù)據(jù)完整性原則，包括對有意和無意修改和刪除信息的控制。5.2.2 The data governance system should ensure controls over data lifecycle which are commensurate with the principles of quality risk management. These controls may be:數(shù)據(jù)管理系統(tǒng)應(yīng)保證在數(shù)據(jù)生命周期進(jìn)行控制?？刂茟?yīng)與質(zhì)量風(fēng)險管理原則相稱。這些控制可以是：lOrganisational從公司角度nprocedures, e.g. instructions for completion of records and retention of completed paper records;n程序，例如，記錄完整的指令和完整紙質(zhì)記錄的保存；ntraining of staff and documented authorisation for data generation and approval;n培訓(xùn)人員和記錄數(shù)據(jù)產(chǎn)生權(quán)限并批準(zhǔn)；ndata governance system design, considering how data is generated recorded, processed retained and used, and risks or vulnerabilities are controlled effectively;n數(shù)據(jù)管理系統(tǒng)的設(shè)計應(yīng)考慮數(shù)據(jù)是如何產(chǎn)生、記錄、處理、存貯和使用的，應(yīng)對風(fēng)險和漏洞進(jìn)行有效控制；nroutine data verification;n日常數(shù)據(jù)核查；nperiodic surveillance, e.g. self-inspection processes seek to verifiy the effectiveness of the data governance policy.n定期監(jiān)管，例如自檢過程中核查數(shù)據(jù)管理方針的有效性。lTechnical技術(shù)角度ncomputerised system control,n計算機(jī)化系統(tǒng)控制nAutomationn自動化5.2.3 An effective data governance system will demonstrate Managements understanding and commitment to effective data governance practices including the necessity for a combination of appropriate organisational culture and behaviours (section 6) and an understanding of data criticality, data risk and data lifecycle. There should also be evidence of communication of expectations to personnel at all levels within the organisation in a manner which ensures empowerment to report failures and opportunities for improvement. This reduces the incentive to falsify, alter or delete data.一個有效的數(shù)據(jù)管理系統(tǒng)將證明管理者對有效數(shù)據(jù)管理規(guī)范的了解和承諾，包括適當(dāng)?shù)墓疚幕托袨椋ǖ?部分）和對數(shù)據(jù)關(guān)鍵程度、數(shù)據(jù)風(fēng)險和數(shù)據(jù)生命周期的了解。還應(yīng)有證據(jù)證明在公司內(nèi)以一定方式將要求溝通傳達(dá)至各層次人員，保證更大的權(quán)力來報告失敗和改進(jìn)機(jī)會。如此可以減少偽造、篡改和刪除數(shù)據(jù)的誘因。5.2.4 The organisations arrangements for data governance should be documented within their Quality Management System and regularly reviewed.公司對數(shù)據(jù)管理的安排應(yīng)記錄在其質(zhì)量管理體系內(nèi)，并定期審核。5.3 Risk management approach to data governance數(shù)據(jù)管理的風(fēng)險管理方法5.3.1 Senior management is responsible for the implementation of systems and procedures to minimise the potential risk to data integrity, and for identifying the residual risk, using the principles of ICH Q9. Contract Givers should perform a similar review as part of their vendor assurance programme, (refer section 10)高級管理層對實施系統(tǒng)和程序以降低數(shù)據(jù)完整性潛在風(fēng)險，識別殘留風(fēng)險，使用ICH Q9原則承擔(dān)責(zé)任。合同發(fā)包方應(yīng)實施類似的審核，作為其供應(yīng)商保證計劃的一部分（參見第10部分）。5.3.2 The effort and resource assigned to data governance should be commensurate with the risk to product quality, and should also be balanced with other quality resource demands. Manufacturers and analytical laboratories should design and operate a system which provides an acceptable state of control based on the data integrity risk, and which is fully documented with supporting rationale.為數(shù)據(jù)管理所做的工作和所配置的資源應(yīng)與產(chǎn)品質(zhì)量風(fēng)險相稱，同時也要與其它質(zhì)量資源需求相平衡。生產(chǎn)商和分析化驗室應(yīng)設(shè)計和運(yùn)行一個體系，為數(shù)據(jù)完整性風(fēng)險提供可接受的控制狀態(tài)，并全面記錄支持性原理。5.3.3 Where long term measures are identified in order to achieve the desired state of control, interim measures should be implemented to mitigate risk, and should be monitored for effectiveness. Where interim measures or risk prioritisation are required, residual data integrity risk should be communicated to senior management, and kept under review. Reverting from automated / computerised to paper-based systems will not remove the need for data governance. Such retrograde approaches are likely to increase administrative burden and data risk, and prevent the continuous improvement initiatives referred to in paragraph 3.5.如果認(rèn)為需要采取長期措施，以達(dá)到想要的控制狀態(tài)，則應(yīng)實施臨時措施來將緩解風(fēng)險，并監(jiān)測其有效性。如果需要采取臨時措施或者是提高風(fēng)險優(yōu)先度，則應(yīng)與高級管理層溝通所殘留的數(shù)據(jù)完整性風(fēng)險，保持審核。從自動化/計算機(jī)化轉(zhuǎn)化為紙質(zhì)系統(tǒng)不能解除對數(shù)據(jù)管理的需求。此種降解方式可能會增加行政負(fù)擔(dān)和數(shù)據(jù)風(fēng)險，阻止第3.5段中提提出的持續(xù)改進(jìn)倡議。5.3.4 Not all data or processing steps have the same importance to product quality and patient safety. Risk management should be utilised to determine the importance of each data/processing step. An effective risk management approach to data governance will consider:不是所有數(shù)據(jù)和處理步驟都對藥品質(zhì)量和患者安全具有等同的重要性。應(yīng)使用風(fēng)險管理來確定每個數(shù)據(jù)/處理步驟的重要性。對數(shù)據(jù)管理的有效風(fēng)險管理方法應(yīng)考慮：lData criticality (impact to decision making and product quality) andl數(shù)據(jù)關(guān)鍵程度（對制訂決策和產(chǎn)品質(zhì)量的影響）以及l(fā)Data risk (opportunity for data alteration and deletion, and likelihood of detection / visibility of changes by the manufacturers routine review processes).l數(shù)據(jù)篡改和刪除的數(shù)據(jù)風(fēng)險（機(jī)會），修改被生產(chǎn)商的日常審核流程所發(fā)現(xiàn)/可見的可能性）From this information, risk proportionate control measures can be implemented.從此信息中可知，可以實施與風(fēng)險相當(dāng)?shù)目刂拼胧?.4 Data criticality數(shù)據(jù)關(guān)鍵程度5.4.1 The decision that data influences may differ in importance, and the impact of the data to a decision may also vary. Points to consider regarding data criticality include:受數(shù)據(jù)影響的決策可能會在重要程度上有所有不同，數(shù)據(jù)對決策的影響度可能也不同。關(guān)于數(shù)據(jù)關(guān)鍵程度要考慮的要素包括：l?Which decision does the data influence?數(shù)據(jù)影響了什么決策？For example: when making a batch release decision, data which determines compliance with critical quality attributes is of greater importance than warehouse cleaning records.例如，當(dāng)作出批放行決策時，確定符合關(guān)鍵質(zhì)量屬性的數(shù)據(jù)比倉庫清潔記錄要重要。l?What is the impact of the data to product quality or safety?數(shù)據(jù)對藥品質(zhì)量或安全有什么影響？For example: for an oral tablet, active substance assay data is of generally greater impact to product quality and safety than tablet friability data.例如，對于口服特此證明，活性物質(zhì)含量數(shù)據(jù)一般要比脆碎度數(shù)據(jù)對藥品質(zhì)量和安全影響更大。5.5 Data risk數(shù)據(jù)風(fēng)險5.5.1 Data risk assessment should consider the vulnerability of data to involuntary or deliberate alteration, falsification, deletion, loss or re-creation, and the likelihood of detection of such actions. Consideration should also be given to ensuring complete data recovery in the event of a disaster. Control measures which prevent unauthorised activity, and increase visibility / detectability can be used as risk mitigating actions.數(shù)據(jù)完整性應(yīng)考慮數(shù)據(jù)在有意和無意修改、偽造、刪除、丟失或重新創(chuàng)建，以及被察覺可能性方面的弱點。還要考慮保證在災(zāi)難發(fā)生時恢復(fù)完整數(shù)據(jù)。防止未經(jīng)授權(quán)的活動，增加可視性/檢出能力的控制措施可以用作風(fēng)險降低措施。5.5.2 Examples of factors which can increase risk of data integrity failure include complex, inconsistent processes with open ended and subjective outcomes. Simple tasks which are consistent, well defined and objective lead to reduced risk.可能會增加數(shù)據(jù)完整性失敗的風(fēng)險的因素例子包括復(fù)雜的不一致的工藝，有開放型結(jié)果和主觀結(jié)果。定義明確、客觀、一致的簡單任務(wù)則會降低風(fēng)險。5.5.3 Risk assessments should focus on a business process (e.g. production, QC), evaluate data flows and the methods of generating data, and not just consider IT system functionality or complexity. Factors to consider include:風(fēng)險評估應(yīng)關(guān)注一個業(yè)務(wù)流程（例如，生產(chǎn)、QC），評估數(shù)據(jù)流和數(shù)據(jù)產(chǎn)生方法，而不僅是評估IT系統(tǒng)功能和復(fù)雜性。要考慮的因素包括：lProcess complexity;l工藝復(fù)雜性；lMethods of generating, storing and retiring data and their ability to ensure data accuracy, legibility, indelibility;l數(shù)據(jù)生成、存貯和退役的方法以及其保證數(shù)據(jù)準(zhǔn)確性、清晰、不能消除的能力；lProcess consistency and degree of automation / human interaction;l工藝一致性和自動/人工互動程度；lSubjectivity of outcome / result (i.e. is the process open-ended or well defined?); andl結(jié)果的主觀性（即工藝是開放式的還是明確定義的；以及l(fā)The outcome of a comparison between of electronic system data and manually recorded events could be indicative for malpractices (e.g. apparent discrepancies between analytical reports and raw-data acquisition times).l電子系統(tǒng)數(shù)據(jù)和人工記錄事件之間比較的結(jié)果可能對于不良規(guī)范來說具有指示性（例如，分析報告和原始數(shù)據(jù)獲得時長之間有明顯的差距）。5.5.4 For computerised systems, manual interfaces with IT systems should be considered in the risk assessment process. Computerised system validation in isolation may not result in low data integrity risk, in particular when the user is able to influence the reporting of data from the validated system.對于計算機(jī)化系統(tǒng)，在風(fēng)險評估過程中應(yīng)考慮人工與IT系統(tǒng)的界面。計算機(jī)化系統(tǒng)驗證單獨(dú)可能不會導(dǎo)致較低的數(shù)據(jù)完整性風(fēng)險，尤其是當(dāng)用戶可以影響來自經(jīng)過驗證的系統(tǒng)中的數(shù)據(jù)報告時。5.5.5 Critical thinking skills should be used by inspectors to determine whether control and review procedures effectively achieve their desired outcomes. An indicator of data governance maturity is an organisational understanding and acceptance of residual risk, which prioritises actions. An organisation which believes that there is no risk of data integrity failure is unlikely to have made an adequate assessment of inherent risks in the data lifecycle. The approach to assessment of data lifecycle, criticality and risk should therefor