PDA-数据完整性行为守则要素

PDA-数据完整性行为守则要素(中/英对照版)

徐禾丰

2016-04-22 09:53 来自QQ空间日志

Parenteral Drug Association Points to Consider 注射剂协会考虑要点

Elements of a Code of Conduct for Data Integrity 数据完整性行为守则要素 Introduction

简介

Data Integrity has been and currently is a major global concern of Health Authorities and the pharmaceutical industry.Although not a new issue, numerous recent Health Authority enforcement actions such as Warning Letters, Import Alerts, Product Detentions, and suspension or revocation of Marketing Authorizations has focused attention on Data Integrity.Data Integrity can result from lack of awareness of regulatory requirements, employee errors, failure to check accuracy of data, software or system malfunction, or configuration problems with electronic data handling, or malfeasance by employees.To holistically address Data Integrity, the Parenteral Drug Association (PDA) is developing a set of tools in the form of PDA Technical Reports, PDA Training Program, Data Integrity Workshops, and Points to Consider documents that can be used by industry to address this serious issue.This document presents the views of the Parenteral Drug Association (PDA) on the benefits for companies to voluntarily adopt a Code of Conduct for assuring data integrity.

数据完整性目前已经成为全球卫生机构与制药行业所关注的重点。尽管不是一个新的问题，近期在很多卫生当局的执法行动例如警告信、进口警报、产品扣留，以及暂时取消或撤销上市许可中都非常关注数据完整性的问题。数据完整性可能由于缺乏法规要求意识、员工错误、无法核实数据准确性，软件或系统故障，或电子数据处理配置问题，或员工渎职行为导致。为了全面解决数据完整性问题，注射剂协会(PDA)正在开发一套面向行业的涵盖PDA技术报告、PDA培训程序、数据完整性研讨会，以及考虑要点文件的工具来解决这一严重问题。本文件代表注射剂协会(PDA)的观点，公司可自愿采用行为守则来确保数据完整性。 How to Use this Document 如何使用本文件

This document was developed by a team with expertise in the fields of quality, regulatory affairs, auditing, and manufacturing and reviewed by attorneys specialized in food, drug and labor law. This document is written for easy adoption, in part or in its entirety, by companies, if they so choose, without the need for extensive rewriting of the document. Therefore, the terms ‘shall’ and ‘must’ have been used to permit the Code to be enforceable by a company, if adopted. This document is intended to reinforce a culture of quality and trust within the pharmaceutical industry. It is not intended to be a regulatory standard or guidance, nor is it intended to supersede any country specific or local laws and regulations governing labor, privacy and/or employee rights.

本文档由在质量、药政事务、审计及制造有专业知识的团队起草，并由专业从事食品、药物及劳动法的律师进行审核。对于部分选择或全部选择该文件的公司，该文件的编写易于使用且不需要大量文件的重新编辑。因此，如果使用的话，公司可以根据术语“应(should)”与“必须(must)”明确可执行的守则。本文件目的是在制药行业内加强质量与信任文化。该文

件并不是药政标准或指南，也不打算取代任何国家特定或地方法律，以及监督劳动、隐私，和/或，雇员权利的法规。

In order for the language used below to be as globally applicable as possible, the document scope has been limited to drug and biological medicinal products. The same or similar concepts could be applied for device and combination products manufacturing. PDA is providing this document and these concepts as a service to members and an example of best practices to the pharmaceutical industry. Please see Section 2 below for more details on how to use this code. Section 3 begins the code of conduct provisions.

为了使下面使用的语言尽可能全球适用，该文件的范围仅限于药品与生物药品。相同或相似的概念也可以应用于医疗器械与组合产品的制造中。PDA将本文件和这些概念作为对会员的一种服务，并作为制药行业最佳实践的范例。关于如何使用本守则的更多详细内容请参考下面第二章。第三章是关于行为守则的条款。 1.0 PURPOSE AND SCOPE

第一章：目的与范围 1.1

The purpose of this document is to outline the key elements necessary to help ensure the reliability and integrity of information and data throughout all aspects of a product's lifecycle. The Code of Conduct for Data Integrity is intended to apply to employees and officers and third party suppliers and others acting on behalf or at the behest of the company, such as persons that develop, test, manufacture or submit marketing authorizations for pharmaceutical and biological products. Each company will establish their own Policies, Standards, Procedures, Code of Conduct, or other quality system elements that define the requirements for data integrity (including the principles outlined in the Code of Conduct including:

本文件目的在于概述必要的关键要素，以确保贯穿产品生命周期各个方面的信息和数据的可靠性与完整性。数据完整性行为守则旨在适用于员工、官员、第三方供应商以及代表公司或公司授意的其他行为，例如从事开发、检测、制造或提交药品或生物制品上市许可的人。每个公司应建立自己的方针、标准、规程、行为守则，或其他质量系统要素以明确数据完整性的要求(包括在行为守则中概述的基本原则): ·

Manufacturers of finished drug products for clinical trials, bioequivalence studies, and commercial distribution

临床试验、生物等效性研究和商业销售的制剂制造企业 ·

Companies that conduct clinical trials in support of new drug applications including, but not limited to: Investigational New Drug (IND), Clinical Trial Application (CTA), Investigational Medicinal Product Dossier (IMPD), Biologics License Application (BLA), Marketing Authorization Application (MAA), New Drug Application (NDA), and Abbreviated New Drug Application (ANDA) 开展临床试验以支持新药申请的公司，包括但不限于：研究用新药(IND)、临床试验申请(CTA)、研究用药品档案(IMPD)、生物制品许可申请(BLA)、上市许可申请(MAA)、新药申请(NDA)与简略新药申请(ANDA) ·

Laboratories that develop methods or formulations intended to support new drug applications or

laboratories that analyze samples generated from clinical trials

开发分析方法或配方以支持新药申请的实验室或进行临床试验样品分析的实验室 ·

Manufacturers of excipients, intermediates, or active pharmaceutical ingredients (APIs) 辅料、中间体或原料药(API)制造企业 ·

Contract manufacturing organizations (CMOs) 合同制造组织 (CMO) ·

Contract research organizations (CROs) 合同研究组织 (CRO) ·

Contract testing laboratories

合同检测实验室 ·

Contractors, consultants, suppliers and vendors that provide services and data that support the production and control of APIs, drug or biological products

提供支持API、药品或生物制品生产和控制的服务和数据的合同商、咨询顾问、供应商和卖方。 1.2

The Code of Conduct for Data Integrity is intended to apply to marketing authorization holders and pharmaceutical facilities performing services or providing products that are required to adhere to GXP practices in accordance with applicable laws, regulations and legislative directives of regulatory authorities including:

数据完整性行为守则适用于根据以下相关的法律、法规和药政当局立法指令，提供符合GXP法规要求的服务和产品的上市许可持有人及药厂，包括： ·

Good Manufacturing Practice (GMP) 药品生产质量管理规范 (GMP) ·

Good Clinical Practice (GCP)

药品临床试验质量管理规范(GCP) ·

Good Pharmacovigilance Practice (GVP) 药品警戒管理规范(GVP) ·

Good Laboratory Practice (GLP)

药品非临床试验质量管理规范(GLP) ·

Good Distribution Practices (GDP) 药品流通质量管理规范(GDP) ·

Good Tissue Practice (GTP)

组织质量管理规范(GTP) 1.3

The principles outlined below are intended to identify key data integrity elements that companies may choose to incorporate into their applicable systems that define the policies, standards and requirements for the conduct of company management and each of its employees. The elements listed below may be used to create a standalone Code of Conduct that is specific to Data Integrity for GXP operations. Alternatively, the identified elements may be incorporated into a broader Code of Conduct that encompasses other aspects of business values and ethics that are beyond data integrity. The data integrity elements may be integrated with existing policies, standards or other documents that define requirements for the conduct of company management and its employees (such as Quality Agreements with supply chain partners).

以下所述原则旨在辨识公司可能选择纳入其恰当系统的关键数据完整性要素，该系统用于明确公司管理层和每一个员工行为的方针、标准和要求。下列要素可用于建立独立的专门用于GXP操作的数据完整性行为守则。另外，被辨识的要素可以被纳入到更广泛的包括超越数据完整性的商业价值以及道德行为守则的行为守则中。数据完整性要素可以被合并在用于定义公司管理层及其员工行为要求的现有方针、标准或其他文件中（例如供应链合作伙伴的质量协议) 1.4

Manufactures are responsible for ensuring that quality system elements have been established at each of its third party suppliers that provide products or services on behalf of or at the behest of the manufacturer. Manufacturers need to ensure that suppliers (such as contract laboratories, CROs and CMOs) that operate as an extension of the manufacturer have defined the policies, standards and requirements for the conduct of company management and each of its employees. 制造企业有责任确保代表制造企业或制造企业授意提供产品或服务的第三方供应企业已经建立了质量体系要素。制造企业需要确保作为其延伸操作的供应企业(诸如，合同实验室、合同研究组织与合同制造组织)已经定义了公司管理层与每个员工的行为方针、标准与要求。 2.0PREAMBLE 第二章：序言 2.1

The pharmaceutical industry develops and manufactures drugs and biologics that help patients all over the world live longer, healthier lives. It is a privilege to work in an industry that makes a difference in the lives of patients. Every employee has a duty to engage in conduct to ensure that all stakeholders can trust employee decisions that are based on data and information that are accurate, truthful and complete.

制药行业开发与制造药品与生物制品，用以帮助全世界的患者更长、更健康地生活。改变患者的生活是在这个行业工作的特权。每个员工都有责任使所有的利益相关方相信其决策是基于准确、真实和完整的数据和信息的。 2.2

Senior Management must establish quality standards, requirements and procedures, and is obligated to maintain and monitor the performance of the quality system that helps to ensure availability of safe and effective drugs. The company must maintain operational management oversight to demonstrate that each product has been developed, manufactured or tested under conditions that are designed to assure the reliability and integrity of information and data used to

support its quality and fitness for use, and in accordance with applicable laws, regulations and legislative directives of the regulatory authorities. Ensuring data integrity means collecting, documenting, reporting, and retaining data and information in a manner that accurately, truthfully and completely represents what actually occurred.

高级管理层必须建立质量标准、要求与规程，并有义务保持与监测质量体系的性能从而有助于确保获得安全并有效的药物。公司必须保持对运营管理的监督，以证明每个产品均在被设计可保证信息与数据可靠和完整的条件下开发、制造或检测，这些信息和数据被用于支持其质量与使用的适用性，并符合药政当局相关的法律、法规与立法法令。确保数据完整性意味着通过准确、真实、完整地表示实际上发生的事件来收集、记录、报告与保存数据与信息。 2.3

Every employee at each company is responsible for his/her own conduct to maintain a bond of trust between the company and its stakeholders, namely the patients, health care providers, and regulators (i.e., to prevent a broken bond due to data integrity issues). Employees have a duty to perform their GXP functions in an ethical manner that meets company requirements and industry standards as articulated in company requirements, and in accordance with all relevant laws, regulations or legislative directives of regulatory authorities.

每个公司的每一位员工应对自身的行为负责，从而保持公司与利益相关方，即患者、卫生保健提供者与监督者之间的信任(也就是防止由于数据完整性问题破坏这一纽带)。员工有责任以道德的方式履行其GXP职能，以满足在公司要求中清楚表达的公司要求与行业标准，并符合所有药政当局相关法律、法规或立法指令。 2.4

Every employee is required to collect, analyze, report and retain information and data in a manner that accurately, truthfully and completely represents what actually occurred in either paper or electronic format in accordance with the company policies and procedures and applicable law.

每一位员工需要按照公司方针、规程和适合的法律采用纸质或电子方式准确、真实、完整地收集、分析、报告与保存代表实际发生事件的信息与数据。 2.5

By adopting a voluntary Code of Conduct for Data Integrity (Code of Conduct) senior management is committed, as required by applicable law, to notify applicable licensing/regulatory authority(s) if the company discovers that a pending or approved marketing authorization or other submission to a regulatory authority contains an untrue statement of material fact or omits material facts (e.g. information is false, misleading, inaccurate or incomplete). If data, not submitted, but used to determine whether a product batch met specifications are later found to be false, misleading, inaccurate or incomplete, a company is committed to file the appropriate notifications to health authorities (i.e. Field Alert, Biological Product Deviation Report (BPDR) or notification under the Falsified Medicines Directive(FMD)). Where warranted, management is committed to; (1) providing full disclosure, (2) verifying that a full investigation is conducted, (3) implementing corrective and preventative actions to prevent recurrence, and (4) verifying the validity and reliability of the data and information filed with regulatory agencies. This includes correcting material facts (information and data that were filed previously, if found to be incorrect, untruthful, misleading or incomplete).

通过自愿采用数据完整性行为守则(行为守则)，高级管理层应依据适当的法律要求承诺，如果本公司发现某暂停或已经批准的上市许可或其他提交给药政机构的文件中存在不真实的重要事实声明或省略的重要事实(例如，虚假、误导、不准确或不完整的信息)，将通知相关的许可/药政当局。对于未提交，但被用来确定产品批次是否符合规格标准的数据，如果之后发现是虚假、误导、不准确或不完整的，公司承诺向卫生当局提交恰当的通知(例如，现场警报、生物产品偏差报告 (BPDR) 或在伪造药品法令(FMD)通知)。如必要，管理层应承诺; (1)充分披露信息，(2)确认开展全面调查，(3)实施纠正与预防措施，以防止再次发生，以及(4)确认已经提交给药政当局的数据与信息的有效性与可靠性。包括纠正重要事实(已经提交的信息与数据，如果发现存在不正确、不真实、误导或不完整的情况)。 3.0 ELEMENTS of a CODE OF CONDUCT FOR DATA INTEGRITY 第三章：数据完整性行为守则要素 3.1

Applicability

适用性 3.1.1

Each company that develops, tests and manufactures APIs, intermediates, or pharmaceutical and biological products or vendors/suppliers that provide supporting data may adopt a company Code of Conduct for Data Integrity which establishes standards of ethical behavior for all employees and officers of the company.

每个开发、检测与制造原料药、中间体，或药品与生物制品的公司或提供支持数据的供应商/供应方可采用公司数据完整性行为守则，从而建立适合公司全体员工与管理层的道德行为标准。 3.1.2

In support of this code companies will establish programs that: (1) promote an organizational culture that encourages ethical conduct; (2) demonstrates the company's commitment to compliance with applicable laws; and (3) requires the prevention and detection of data integrity lapses.

为了支持该守则，公司需建立的程序包括：(1)提倡一种鼓励道德操守的组织文化；(2)证明公司的承诺符合恰当的法律；以及(3)对数据完整性失误的预防与监测。 3.1.3

The company will establish requirements and implement programs to provide all employees with training on the fundamental principles of Data Integrity including employee conduct as a condition of performing GXP functions. Each employee shall receive annual refresher training on the Code of Conduct for Data Integrity

公司应建立要求并实施程序，向所有员工开展有关数据完整性基本原则的培训，包括作为实施GXP职能条件的员工行为。每位员工需每年接受数据完整性行为守则的再培训。 3.1.4

Each employee will provide annually a signed certification statement confirming that during the past year he/she has adhered to the Code of Conduct for Data Integrity including attestation that he/she has reported to company management wrongful act that raises a question about the integrity of data about which he/she became aware.

每一位员工每年应提供签名的认证声明确认在过去一年里其遵守数据完整性守则，包括宣誓已经向公司管理层报告任何自身已经知晓的有关数据完整性问题的不法行为。

3.2

Data Collection, Analysis, Reporting and Retention 数据采集、分析、报告与保存 3.2.1

The company will establish procedures and documentation systems designed to assure all information and data are collected, analyzed, reported, and retained in a manner that accurately, truthfully and completely represents what actually occurred.

公司应建立规程与记录系统以确保所有的信息和数据以准确、真实和完整地表示实际发生情况的方式进行收集、分析、报告，与保存。 3.2.2

The company shall establish documentation control systems and practices to maintain data integrity as well as providing mechanisms for preventing data integrity lapses and detecting instances of non-compliance. Such systems help to ensure that all raw data from development studies and production and control activities for GXP activities are maintained in bound notebooks or controlled worksheets (pre-numbered approved forms)for paper records or in validated computer systems with appropriate security, audit trails, validation, and oversight for electronic records.

公司应建立文件控制系统与规范，以保持数据完整性，并提供防止数据完整性失误与监测不合规事件的机制。该系统可帮助确保所有针对GXP开展的开发研究、生产、控制活动的原始数据已经采用纸质记录或电子记录的方式被保存在装订的笔记本或受控的工作表(预先编号的批准的格式)中，对于电子记录应采用经验证有适当的安全性、审计追踪、验证和监督的计算机系统。 3.2.3

Employees will adhere to the requirements of the established documentation systems and shall not be permitted to record raw data on unofficial forms, writing pads or other uncontrolled media. Such procedures will describe documentation control practices and retention requirements and practices for both paper and electronic records including retention periods that comply with requirements of applicable regulatory authorities. Paper and electronic records shall be retained either as originals or as true copies (such as photocopies) or other accurate reproductions of the original record (such as electronic scanning). 员工需遵守既定的文件系统要求，且不允许在非正式表格、手写板或其他非受控媒介上记录原始数据。该规程将描述适用于纸质与电子记录的文件控制规范，保存要求和规范，包括符合相关药政当局要求的保留期。纸质和电子记录的保存应采用正本或真实副本(例如影印件)或其它正本记录的准确复印件 (例如电子扫描)。 3.2.4

Employees will adhere to established company procedures that describe the documentation control and retention requirements, and applicable laws, regulations and legislative directives of regulatory authorities that apply to paper and electronic documents and records. Employees shall not discard, destroy, or modify in any way raw data or original records (other than at the end of prescribed retention period as provided by approved procedures). Employees shall not delete raw data or alter original records in a manner that obscures or obliterates the original entries. If changes are needed to correct errors, the original entries shall be retained along with

entries that identify the person making the correction, and the date and reason for the correction.

员工需遵守已建立的有关纸质与电子文件和记录的文件控制与保存要求、恰当的法律、法规与药政当局立法法令的公司规程。员工不应以任何方式丢弃、销毁或修改原始数据或原始记录(除非根据批准的程序在规定的保留期结束时)。员工不得删除原始数据或以模糊或涂改原始记录的方式改变原始记录。如果需要通过变更来纠正错误，应保留原始记录连同识别进行纠正的人员身份的内容，日期及纠正的原因。 3.2.5

In order to verify paper records of GXP activities, the company shall establish and maintain Signature and Initial Logs for employees that work in GXP areas that include a handwritten specimen of the signature/initials of each employee. Employees must sign or initial original records in a contemporaneous manner, and must enter the date (and time if required by procedure) to accurately reflect who performed or witnessed the activity or who entered results or verified the accuracy of entries. Employees shall never record the signature or initials of another person or pre-date or back date entries on any record (either paper or electronic). 为了确认纸质记录的GXP 活动，公司需建立并保存在GXP领域工作的员工签名与初始日志，包括每个员工签名/首字母的手写样本。员工必须以同步的方式在原始记录上签字或签首字母，且必须注明日期(如果规程要求还需要注明时间)以准确地反映谁实施或见证了该活动，或谁输入结果或确认输入内容的准确性。员工不应在记录上签其他人的签名或首字母，或将日期提前或拖后(纸质或电子)。 3.2.6

The company shall maintain readily available records for an authorized inspection by regulatory authorities. The company shall provide access to all records that are required by applicable laws, regulations or legislative directives for GXP activities upon request by a duly authorized regulatory official who has the legal authority to inspect such records. Employees shall not delay, deny or limit access to records or refuse to permit inspection by duly authorized officials of regulatory authorities, except as may be specified in a written procedure [e.g., to immediately notify executive management when an inspector arrives]. 公司应确保在药政机构检查中记录的迅速获取。一旦被授权有合法权限检查此记录的药政官员提出要求，公司应提供所有与GXP行为相关的法律、法规或立法指令要求的记录。员工不得拖延、拒绝或限制记录的获取或拒绝药政当局授权官员的检查，除非在书面程序中有特殊规定[例如，当检查官到达时应立即通知高级管理层]。 3.2.7

The company will establish procedures to verify the accuracy, completeness and truthfulness of data and information used to release APIs, finished pharmaceutical products and biological products to the commercial market including verification that the supporting data and information conform to the commitments contained in marketing applications that have been approved by regulatory authorities (where applicable). Employees who perform review batch production and control records as a condition of batch release shall adhere to established procedures and shall confirm that the records supporting batch release have been second person verified for accuracy, truthfulness and completeness. 公司应建立程序确保用于放行原料药、药品和生物制品上市销售的数据和信息的准确性、完整性和真实性，包括对符合获批上市申请中的承诺（如使用）的支持性数据和信息的确认。

作为批放行的条件之一，执行批生产和控制记录审核的员工，应遵守既定的程序并证实用于支持批放行的记录已由第二人对其准确性、真实性和完整性进行了确认。 3.3

Electronic Data Acquisition Systems

电子数据采集系统 3.3.1

If electronic data acquisition systems for GXP data are established, the company must ensure that the systems are configured, validated, and maintained in accordance with established industry standards intended to assure data integrity. The business processes shall include the establishment of written procedures that govern the collection, analysis, reporting and retention of electronic data including:

如果已经建立了GXP数据的电子数据采集系统，该公司必须确保已经根据既定的旨在保证数据完整性的行业标准进行系统的安装、验证与维护。业务流程需包括书面程序的建立以管理电子数据的收集、分析、报告和保存，包括： 3.3.1.1

Procedural controls covering the use, correction, and movement of data, ensuring that data can be traced through every phase of its lifecycle. If the transfer of data is authorized, it must be controlled in a manner that provides traceability and retention for a period of time prescribed by applicable laws, regulations or legislative directives or longer if required by company policies and procedures. 涉及数据使用、纠正与转移的过程控制，应确保在数据生命周期的每个阶段均能进行数据追踪。如果数据转移经过授权，这个行为的控制必须有追溯性，并根据相关法律、法规或立法法令规定的时间或公司方针与规程要求的更长的时间进行保存。 3.3.1.2

Security controls to prevent and detect data deletion, over-writing, manipulation and/or omission of data.

安全控制应能防止和监测数据的删除、覆盖、篡改和/或数据遗漏。 3.3.1.3

Secure date and time stamps to permit detection and to prevent manipulation of records. 安全日期和时间戳应能监测并防止记录的篡改。 3.3.1.4

Secure data retention storage locations to prevent data from being saved to unauthorized file storage locations including removable devices.

安全数据保存位置应能防止将数据从被保存的位置转移至未经授权的文件储存位置，包括可移动设备。 3.3.1.5

System and procedural controls to provide for the reporting and evaluation of all data generated. 系统与程序控制应能对所有生成的数据提供报告与评价。 3.3.2

The company shall establish appropriate security, audit trails, validation, and oversight for electronic records and signatures in compliance with applicable laws, regulations or legislative directives. Electronic records shall be attributable, legible, contemporaneous, traceable, time/date stamped and permanent.

公司应根据相关的法律、法规或立法法令对电子记录和签名建立恰当的安全、审计追踪、验证和监督。电子记录应是可归属的、清晰的、同步的、可追踪的、有时间/日期戳和永久的。 3.3.3

The company will maintain and review audit trails for electronic GXP data that is required by company procedures or regulatory requirement. Such reviews will include periodic review of system audit trail logs against entries in transactional logs to verify that all events and data (including meta data) are being accurately and completely captured, reported and retained. 根据公司规程或法规要求，公司应该对电子GXP数据的审计追踪进行维护和审查。该审核包括按照事务日志中的输入内容对系统审计跟踪日志进行定期审核以确证所有的事件和数据(包括元数据)已经被准确完整地捕获、报告与保存。 3.3.4

Employees who enter data or verify data accuracy or perform other activities involving GXP data (such as collection, analysis, reporting or retention functions) shall contemporaneously enter data in accordance with established policies and procedures. Employees shall accurately enter and completely report all required data. Employees shall not engage in any conduct that calls into question the integrity of data (such as falsifying data, making unauthorized changes, or destroying, deleting or over-writing data). Employees who review or evaluate electronic data shall follow established procedures and verify that all required data and information have been included in relevant records and reports. Employees shall always enter data and information in a manner that accurately, truthfully and completely represents what actually occurred, and includes all testing results (if applicable).

负责输入数据，确认数据准确性或执行其他涉及GXP 数据活动(例如收集、分析、报告或保存职能)的员工应该根据已经建立的方针和程序同步录入数据。员工应准确输入并完整报告所有所需的数据。员工不得进行任何对数据完整性造成疑问的行为(如，伪造数据、进行未经授权的变更，或销毁、删除或覆盖数据)。审核或评估电子数据的员工需遵循既定规程并确认所有要求的数据与信息已经被涵盖在相关的记录和报告中。员工应该采用准确、真实、完整表示实际发生事件的方式录入数据和信息，并包括所有的检测结果(如果适用)。 3.4

Electronic Access Security Measures

电子访问安全措施 3.4.1

Any computer data acquisition systems shall be established with secure access to prevent unauthorized changes to electronic data. The company will adopt and strictly enforce procedures that require secure access to computer systems for each computer user who enters data or has access to electronic GXP data. Security measures shall include strict controls to prevent unauthorized access to computer system including use of unique user names and passwords or other biometric means to identify authorized users such as facial recognition, fingerprint readers, and iris scanners.

任何计算机数据采集系统需建立安全访问以防止对电子数据未经授权的更改。对于每一个需要录入数据或访问GXP电子数据的电脑用户，公司应采用并严格执行计算机系统安全访问规程。安全措施应包括对防止计算机系统未授权访问的严格控制，包括使用唯一的用户名和密码或其它生物特征手段来识别已经授权的用户，诸如，人脸识别、指纹识别器和虹膜扫描

仪等。 3.4.2

Consistent with the Code of Conduct for Data Integrity, employees adhere to established procedures that describe requirements of security controls for accessing electronic data. Employees must not disclose and/or share their user name and /or passwords with others, or use the username or password of another person to access computer files. 与数据完整性行为守则一致，员工应遵守既定的描述电子数据访问安全控制要求的规程。员工不得泄露，和/或，与其他人分享其用户名，和/或，密码，或使用其他人的用户名或密码访问计算机文件。 3.5

Auditing of Quality System for Data Integrity 数据完整性质量体系审计 3.5.1

The company shall establish and execute as part of its internal audit program provisions to periodically evaluate the elements of the quality system used for collecting, analyzing, reporting and retaining information and data.

作为其内部审计程序的一部分，公司应对用于收集、分析、报告和保存信息和数据的质量系统要素进行定期的评估。 3.5.2

The audit program will include periodic audits to confirm adherence to established requirements for data integrity. Such shall utilize independent auditors who are qualified by education, experience and training to evaluate data integrity.

审计程序应包括定期审计从而确保符合既定数据完整性的要求。该审计应由接受并拥有数据完整性评估的教育、经验和培训的独立审计人员进行。 3.5.3

Employees who conduct data integrity audits will maintain a current awareness of applicable laws, regulations and legislative directives that pertain to documentation and record keeping requirements.

执行数据完整性审计的员工应了解现行的与文件和记录保存要求相关的法律、法规和立法指令。 3.6

Investigations of Wrongful Acts 不法行为的调查 3.6.1

The company shall establish and follow procedures to investigate any alleged falsification, fabrication, or other conduct that raises a question about the integrity of data. Such investigations shall include a documented in-depth review, conducted in a fair and balanced manner, by independent personnel.

公司应建立并按照规程对任何涉嫌导致数据完整性问题的造假、伪造或其他行为进行调查。此类调查应包括以公正平衡的方式由独立的人员对记录的深入审核。 3.6.1.1

Companies may engage legal counsel to help investigators ensure that documents are properly identified and preserved, and that the company receives appropriate advice and counsel

regarding the conduct of the investigation. The investigator(s) shall possess the education, experience and training to evaluate data integrity issues.

公司可聘请法律顾问协助调查员确保文件被恰当地识别并妥善保存，且公司收到有关调查行为的恰当建议和咨询。调查员应接受并拥有数据完整性评估的教育、经验和培训。 3.6.1.2

An independent investigation will serve to identify potential gaps in systems, processes, procedures and/or practices by individuals or the organization that could raise a question about data integrity. Such investigations will also serve to assess the legal implications of known or suspected wrongful acts, and possible reporting obligations to regulatory authorities.

独立调查可以用于识别由于个人或组织产生的在系统、工艺、规程和/或规范中潜在的差距，这些差距可能会导致有关数据完整性的问题。此调查也将有助于评估已知或怀疑的不法行为的法律内涵，以及向药政当局可能的报告义务。 3.6.1.3

Independent investigations into conduct that raises a question about the integrity of data shall identify all persons found during the investigation to be involved and describe in detail their actions or activities related to the conduct. Such investigation must determine the scope of the questionable conduct. For example, whether the same or similar conduct or practices may have happened in other instances or could have impacted other data. If so, the investigation needs to be extended to these events, activities, practices and/or other collected data company-wide as well.

对于在独立调查中发现的有关数据完整性的问题，应识别出在调查过程中发现的所有涉及的人员，并对有关该调查的相关活动或行为进行详细地描述。该调查必须明确可疑行为的范围。例如，在其他情况下是否可能发生相同或类似的行为或惯例，或者可能影响其它数据。如果如此，应将调查扩展到这些事件、活动、惯例，和/或公司范围采集的其它数据上。 3.6.1.4

Company procedures shall contain specific requirements for documenting the investigation, including potential impact on applications and distributed product. company procedures shall also contain specific requirements for reports to senior management and periodic checks to ensure that senior management reporting mechanisms are effective.

公司规程应包含对调查进行记录的具体要求，包括对申请与已销售产品的潜在影响。公司规程中还应该包含向高级管理层报告以及定期检查的具体要求，以确保向高级管理层报告的机制是有效的。 3.6.2

Employees shall cooperate with the company during an investigation of an incident, event or test result that does not conform to established requirements. Employees shall provide factual information about any incident/event for which that he/she may have firsthand knowledge. The information and details provided by employees during such investigations shall be accurate, truthful and complete to the best of their knowledge.

在对某不符合既定要求的事故、事件或检测结果进行调查的过程中，员工应该与公司配合。员工应提供真实的有关该事故/事件可能的第一手资料。在此调查期间，基于其最佳的知识水平，员工所提供的信息与详细情况应该是准确、真实和完整的。 3.7

Reporting Wrongful Acts

不法行为的报告 3.7.1

The company will establish requirements for employees to notify management if they become aware of data falsification, unauthorized change, destruction, or other conduct that calls into question the integrity of data. The notification requirements including reporting mechanism shall be clearly stated in applicable written policies, standards, procedures, code of conduct, or other documents.

公司应要求员工在发现数据造假、未授权的更改，销毁，或其它导致数据完整性的行为时向管理层报告。涵盖报告机制的通知要求中应清楚规定恰当的书面方针、标准、规程、行为守则或其他文件。 3.7.2

Employees shall notify responsible management of the company if they become aware of any potential issue that impacts data integrity such as those attributable to errors, omissions, or wrongful acts regardless of the cause. For example, employees shall immediately notify management if they become aware of or have reason to suspect others have falsified data, made unauthorized changes, destroyed data or other conduct that calls into question the integrity of data. The notification shall follow procedures established in applicable policies, standards, procedures, Code of Conduct, or other documents. Employees shall have the option to report such issues anonymously if they so choose and if local laws permit.

当员工知晓任何可能影响数据完整性的问题，诸如，由于过失、遗漏或无论什么原因的不法行为所导致的问题，员工应该向公司负责的管理层报告。例如，如果员工已经知道或有原因怀疑其他人存在数据造假、未授权更改、销毁数据或其它导致数据完整性的行为时，员工应立即通知管理层。该通知应遵循符合恰当方针、标准、规程、行为守则，或其它文件的程序进行。根据员工的选择和当地法律的要求，员工可以选择匿名报告。 3.7.3

The company will protect from retaliation any employee who notifies responsible management about conduct of other employees that is known or suspected to involve falsification, destruction of data, unauthorized data changes, or other wrongful acts, including non-contemporaneous reporting of data.

如果员工向负责的管理层报告其他员工存在已知或被怀疑的涉及造假、数据销毁、未授权数据更改，或其它不法行为，包括未同时进行数据报告的行为，公司应保护员工免受报复。 3.8

Disciplinary Actions for Employees due to Wrongful Acts 员工由于不法行的惩戒措施 3.8.1

The company shall establish a written policy/standard for disciplinary action when the conduct of an employee calls into question the integrity of data. The company shall inform its employees of its policies/standards for employee conduct including its policy for disciplinary action due to wrongful acts. Any deliberate data falsification, unauthorized change, destruction, or other conduct that calls into question the integrity of data shall be reviewed by responsible management, Human Resources (HR) and Legal against applicable company policies, standards, procedures, Code of Conduct, and applicable laws. Appropriate disciplinary action will be

imposed for conduct that is confirmed as not conforming to the applicable written requirements or law(s). Disciplinary action will be based on the nature of the conduct and may include termination of employment when warranted. The company shall document the disciplinary action taken when the conduct of a company employee or third party employee acting on behalf or at the behest of the company is found to be in violation of the company’s policy/standards or procedures related to data integrity.

对于员工行为导致的数据完整性问题，公司应该建立书面的有关惩戒措施的方针/标准。公司应该向员工告知其员工行为方针/标准，包括由于不法行为导致的惩戒措施。需由负责的管理层、人力资源(HR)与法律部门按照恰当的公司方针、标准、规程、行为守则，以及恰当的法律来审核任何蓄意的数据伪造、未授权的更改、销毁或其它导致数据完整性问题的行为。适当的惩戒措施将被强制用于经确认不符合恰当的书面要求或法律的行为上。惩戒措施应基于行为的性质包括在需要时可能的雇佣关系终止。当发现某公司员工或第三方员工代表公司或在公司授意下的行为违反公司有关数据完整性的相关方针/标准或规程时，公司应记录所采取的惩戒措施。 3.8.2

The company shall establish requirements for employees to notify management of known or suspected data integrity problems and shall inform employees that failure to report known or suspected data integrity problems will subject the employee to disciplinary action. 公司应要求员工向管理层通知已知或怀疑的数据完整性问题，并告知不报告已知或怀疑的数据完整性问题将导致其受到惩戒措施。 3.9

Notifying Regulatory Authorities about Data Integrity Issues

向药政当局通知数据完整性问题 3.9.1

The company will establish procedures to verify the accuracy and completeness of data and information submitted to regulatory authorities and will establish controls to verify that submissions are made in accordance with laws, regulations or legislative directives of regulatory authorities.

公司需要建立规程确认提交给药政当局的数据和信息的准确性与完整性，并建立控制确认该提交符合法律、法规或药政当局的立法法令。 3.9.2

The company is committed to complying with regulatory requirements for submitting data and information to regulatory authorities. In the event that a pending or approved marketing authorization or other submission to a regulatory authority contains (or omits) an untrue statement of material fact the company will promptly notify the applicable regulatory authority(s) as required by applicable law. In such instances the company will take corrective actions needed to confirm the accuracy, completeness and truthfulness of all the data and information contained in the submission(s) and provide the regulatory authority with corrected or additional data or information as applicable. Material facts are the significant or essential evidence that is used to support conformance to the company policies, standards or procedures or conformance to applicable laws, regulations or legislative directives of regulatory authorities. Material facts means the subject matter and information are significant to decisions to be made by the company or Regulatory Authorities who rely on such data and information (as opposed to

insignificant, trivial or unimportant details).

公司承诺向药政当局提交的数据与信息符合药政要求。如果某暂停或已经批准的上市许可，或其它提交给药政当局的文件中包含(或遗漏) 重要事实的不真实陈述，公司应按照恰当法律要求及时通知相关的药政当局。在这种情况下公司应采取纠正措施对提交中包含的所有数据和信息的准确性、完整性和真实性进行确认，并向药政当局提供纠正的或额外的数据或信息，如果适用。重要事实是用来支持符合公司方针、标准或规程或符合相关法律、法规或药政立法法令的重要或必要的证据。重要事实对于依赖此数据和信息制定决策的公司或药政当局是重要的(而不是微不足道的、琐碎的或不重要的细节)。 3.9.3

Employees must comply with procedures that describe reporting requirements for regulatory authorities, and must immediately notify company management if they become aware that a pending or approved marketing authorization or other submission to a regulatory authority contains an untrue statement of material fact or omits material facts (e.g., information is false, misleading, inaccurate or incomplete).

员工必须遵守向药政当局进行报告的规程，并在他们知晓某暂停或已经批准的上市许可或其它向药政当局提交的文件中包含重要事实的不真实陈述或遗漏重要事实(例如，信息虚假、误导、不准确或不完整)时，立即通知公司管理层。 3.9.4

The company will consult with legal counsel in the event that data integrity lapses are detected but do not involve untrue statements of material fact having been omitted from a pending or approved marketing authorization or other submission to a regulatory authority. Counsel should be experienced with laws, regulations or legislative directives of regulatory authorities. The company, with advice of Counsel, will decide whether self-disclosure of data integrity lapses to regulatory authorities is prudent for those situations where the laws, regulations or legislative directives of the regulatory authorities do not require notification.

如果发现数据完整性问题但是并未涉及已经从某暂停或已批准的上市许可或其他向法规当局提交的文件中删除的重要事实的不真实陈述，公司需要向其法律顾问进行咨询。该法律顾问应具备法律、法规或药政当局立法法令的经验。根据法律顾问的建议，该公司需要决定在法律、法规，或药政当局立法法令没有要求进行通知的情况下是否应该主动向药政当局披露该数据完整性失误。 3.10

Data Integrity of Outsourced Services & Purchased Raw Materials 外包服务与采购原料的数据完整性 3.10.1

The company shall establish agreements with affiliates, CMOs, service providers or suppliers that define the data integrity requirements that are applicable to the specific raw material supplied or to the activity or services that are provided. 公司应该与子公司、合同制造组织、服务提供商或供应商签署协议以明确适合所供应的具体物料或所提供的活动或服务的数据完整性要求。 3.10.2

The company will, as part of it Vendor/Supplier Qualification program, confirm that, contractors, vendors or other third party suppliers of products or services who act on behalf or at the behest

of the company have established Policies, Standards, Procedures, Code of Conduct, or other documents that define the requirements for data integrity (including the principles outlined in this Code of Conduct for Data Integrity. Employees of Third Party suppliers shall adhere to their own data integrity requirements and take appropriate action to verify the accuracy, truthfulness, and completeness of the data and information provided to its customers.

作为供应商确认程序的一个部分，公司应确认承包企业、供应商或其他代表公司或公司授意产品或服务第三方供应商已经建立方针、标准、规程、行为守则，或其他文件以明确数据完整性的要求(包括在本数据完整性行为守则中概述的原则)。第三方供应商的员工需遵守其自身的数据完整性要求，并采取适当的措施来确证向其客户提供的资料与数据的准确性、真实性与完整性。 3.11

Employee Training

员工培训 3.11.1

The company shall establish and maintain an employee learning management system that includes the fundamental training requirements that pertain to documentation of GXP activities including concepts and principles of data integrity such as those contained in the Elements of Code of Conduct for Data Integrity, and how employees are to report suspected data integrity issues to company management. The company must provide all employees with the information and learning needed for employees to understand company requirements for data integrity as well as the requirements of regulatory agencies that relate to their respective GXP job functions. 公司需建立并保持员工学习管理系统，包括有关GXP文件活动的基础培训要求，其中应包括诸如在数据完整性行为守则要素中包含的数据完整性概念与原则以及员工应如何向公司管理层报告可疑的数据完整性问题。公司必须为所有员工提供需要的信息与学习，使员工理解公司的数据完整性要求，以及与其GXP工作职能相关的药政当局要求。 3.11.2

The company shall establish procedures that require all employees to have received the required training on fundamentals of documentation and data integrity before being permitted to perform GXP activities, and that each employee must receive annual refresher training.

公司需制定规程要求所有员工在允许进行GXP活动前已经接受了所要求的有关文件与数据完整性的基础培训，并且每名员工必须接受年度再培训。 3.11.3

Management shall review at least annually the records of training on fundamentals of documentation and data integrity to confirm that employees received required training before being permitted to perform GXP activities, and to verify that each employee has received annual refresher training.

管理层需至少每年对文件与数据完整性基本要求培训记录进行审核，确认员工在允许实施GXP活动前已经接受了所要求的培训，并确认每名员工已经接受了年度再培训。 4.0 GLOSSARY 第四章：词汇表 Data 数据

Information derived or obtained from raw data, for example a reported analytical result (MHRA,

2015)

由原始数据衍生或取得的信息，例如，报告的分析结果(MHRA, 2015) Data Integrity 数据完整性

The extent to which all data are complete, consistent and accurate throughout the data lifecycle. 所有数据在整个数据生命周期中保持完整、一致与准确的程度。 Senior Management 高级管理层

Senior Management are person(s) who direct and control a company or site at the highest levels with the authority and responsibility to mobilise resources within the company or site. (ICH Q10 based in part on ISO 9000:2005)

高级管理层指在最高层次上指导和控制一家公司或现场的人，其有权并负责在公司或现场内部移动资源。(ICH-Q10 基于部分的ISO 9000:2005) GXP

GXP is a general term to describe any number of good quality practices that are covered by guidelines or regulations where G means \as GMP means Good Manufacturing Practices.

GXP是描述任何被指南或法规涵盖的质量管理规范的通用术语，G是“良好”意思，X 是一个描述符，P是“规范”，诸如GMP是药品生产质量管理规范。 Material Facts

重要事实

Material Facts are crucial to the intetpretation of a phenomenon or a subject matter, or to the determination of an issue at hand this is a specific type of confirmed or validated event, item of information, or state of affairs (Black's Law Dictionary, 2nd Ed.)

重要事实对于某现象或事物的解释，或对于某现有问题的确认是至关重要的，是一类被确认或验证的事件、信息，或事物状态的特殊类型（布莱克法律字典，第 2 版）。 Meta Data

元数据

Meta Data are data used to describe other data. It can be used to describe information such as file type, format, author, user rights, etc. and is usually attached to files, but invisible to the user. (ISPE, GAMP 5)

元数据是用来描述其它数据的数据。其可以用来描述诸如，文件类型、格式、作者、用户权利等信息，并通常附属于文件，但用户不可见(ISPE, GAMP 5)。 Quality System

质量体系

Quality System is the sum of all aspects of a system that implements quality policy and ensures that quality objectives are met.(ICH Q9)

质量体系是实施质量方针，确保符合质量目标所有方面的总合(ICH Q9)。 Raw Data 原始数据

Original records and documentation, retained in the format in which they were originally generated (i.e. paper or electronic), or as a ‘true copy’. Raw data must be contemporaneously and accurately recorded by permanent means. In the case of basic electronic equipment which

does not store electronic data, or provides only a printed data output (e.g. balance or pH meter), the printout constitutes the raw data. (MHRA, 2015)

以原始生成的格式（即，纸质或电子形式）或以“真实副本”进行保留的原始记录与文件。原始数据必须以能永久保存的形式同步并准确地记录。对于一些不能存储电子数据或仅有数据打印输出的简单电子设备（例如天平或pH计），打印数据构成原始数据(MHRA, 2015)。 Wrongful Act 不法行为

Wrongful Act - is any act that may subvert the integrity of the review process. A wrongful act includes, but is not limited to, submitting a fraudulent application, offering or promising a bribe or illegal gratuity, or making an untrue statement of material fact. A wrongful act also includes submitting data that are otherwise unreliable due to, for example, a pattern of errors whether caused by incompetence, negligence, or a practice such as inadequate standard operating procedures or a system-wide failure to ensure the integrity of data submissions. A wrongful act may be evidenced in a document, including informal documents such as correspondence or memoranda, or verbally, such as in telephone conversations or in one-on-one meetings. Regardless of the means, each suspected incident of a wrongful act should be reported and investigated to determine whether they raise significant questions regarding data integrity and reliability with respect to a regulated product. [FDA, \

不法行为-是可能颠覆审核过程完整性的任何行为。不法行为包括，但不是限于，提交一个欺诈性的申请、提供或承诺贿赂或非法酬金、或进行重要实事的不真实陈述。不法行为还包括因为无能力、疏忽、标准操作规程不充足或系统范围模式错误不能确保提交数据完整性的不可靠数据。不法行为可在文件中证明，包括非正式的文件，例如书信或备忘录，或在口头上，例如电话交谈或在一对一的会议。无论如何，应该报道并调查每个可疑不法行为事件，以确定是否带来监管产品方面的重大数据完整性和可靠性问题。[FDA，“Application Integrity Policy”，1998 年 3 月 5 日]

本文来源：https://www.bwwdw.com/article/w2dw.html