• 当前位置: 博客首页
  • APIC
  • APIC发布《数据完整性-问答(FAQ)》-2025年10月

APIC发布《数据完整性-问答(FAQ)》-2025年10月

2025-10-21 08:59:00
gmpfan
转贴 478
摘要:转自GMP办公室,如有侵权请联系删除

Digital and electronic signatures:

数字签名和电子签名:


Q1: What is the difference between a digital and an e-signature?

问 1:数字签 名和电子签名有什么区 别?


A: A digital signature is attached to an electronic file and not maintained within an electronic system and stays with the data and moves with the data. The signature can be verified by the recipient. An e-signature is executed and maintained within a validated electronic system and stays in the electronic system. The e-signature can only be verified in the source system.

答: 数字签名附加在电子文件上,不在电子系统内维护,随数据移动,接收者可以验证。电子签名在经过验证的电子系统内执行和维护,只能在源系统中验证。


Q2: What is the best practice to handle hybrid signature? (Hybrid signature is mixing handwritten or ‘wet’ signatures and digital signatures/e-signature on the same document)

问 2:处理混合签名的最佳做法是什么?(混合签名指在同一文档上同时使用手写签名(或 “湿签名”)与数字签名 / 电子签名)


A: It is the preference to sign off documents fully wet or fully digital. Hybrid signature should be more exceptional if there are no other options. In that case the handwritten signature (s) must be applied first and afterwards the document can be prepared for digital signature (s). In that way the metadata for the digital signature (s)/e-signature (s) can be maintained. The fully signed electronic document is the official GXP document. (a printout doesn’t contain the metadata and verification of digital signatures/e-signatures can’t be done) The wet or a true copy of the wet signature and e-signed copy must be kept as a linked document in a secure, validated for intended use, environment, in line with the company’s record management policy.

答: 最佳做法是文档要么完全使用手写签名,要么完全使用数字签名 。若没有其他选择,混合签名应仅作为特例使用。在这种情况下,必须先签署手写签名,之后再为文档准备数字签名。这样才能保留数字签名 / 电子签名的元数据。经完整签署的电子文档为正式的 GXP 文档(打印件不包含元数据,无法对数字签名 / 电子签名进行验证)。手写签名原件或其真实副本与电子签名副本必须作为关联文档,保存在安全且经验证符合预期用途的环境中,且符合公司的记录管理政策。


Q3: Is it acceptable to use a scanned image of a wet signed document as GXP? (internal use)

问 3:可以将手写签名文档的扫描图像用作 GXP 文档吗?(内部使用)


A: It is only acceptable if the scanned image is a verified true copy of the original wet signed record and allowed by your local, legal and regulatory requirements. The wet or a true copy of the wet signature must be retrievable, reproducible and unaltered for the retention period of the record.

答: 只有当扫描图像是经核实的手写签名原始记录的真实副本,且符合当地法律法规要求时,才可以接受。在记录的保存期限内,手写签名原件或其真实副本必须可检索、可重现且未被篡改。


Q4: How do I need to handle a document with a scanned image of a wet signed document that I also need to sign? (external use, e.g. with third parties, working on different locations)

问 4:对于包含手写签名文档扫描图像且自己也需要签署的文档,应如何处理?(外部使用,例如与第三方合作、在不同地点工作时)


A: This document can be used if the party who’s sending this scanned document has an established true copy process in place and the scanned document is already verified and attested as a true copy. The sender should have and an established document retention policy in line with your expectations.

答: 如果发送该扫描文档的一方已建立真实副本流程,且该扫描文档已被验证并证明为真实副本,则可以使用该文档。发送方应制定符合你方预期的文档保留政策。


Q5: How do we handle digitally signed documents in an electronic document management system? (e.g. loading an Adobe digitally signed document into your document management systems without loosing the digital signature certificate)

问 5:在电子文档管理系统中如何处理数字签名文档?(例如,将 Adobe 数字签名文档加载到文档管理系统中且不丢失数字签名证书)


A: The document management system should be validated for this intended use, verifying that the digital signature is maintained in the system and that it is possible to retrieve it when necessary. This process should be defined and documented. If it is not possible to maintain this digital signature in the system, the digitally signed document should be stored in a secure validated environment.

答: 文档管理系统应针对此预期用途进行验证,以确认数字签名在系统中得到保留,且在需要时可检索。此流程应予以定义并形成文件。如果无法在系统中保留该数字签名,则数字签名文档应存储在安全且经过验证的环境中。


Password management:

密码管理:


Q1: When I logged into a system, do I need to re-authenticate myself for every data entry?

问 1:当我登录系统后,每次输入数据时都需要重新验证身份吗?


A: No, it depends upon the criticality of the data/action. This criticality should be based upon process mapping and a risk assessment as explained in the guide. Criticality of the data and/or responsibility associated with the action should be taken into account when evaluating electronic signature requirements.

答: 不需要,这取决于数据 / 操作的重要性。此重要性应基于流程映射和指南中所述的风险评估。在评估电子签名要求时,应考虑数据的重要性和 / 或与该操作相关的责任。


Q2: What are the requirements for e-signature components?

问 2:电子签名组成部分的要求是什么?


A: This practice is described in 21CFR11, chapter 11.200 ‘e-signature and components’:(i) When an individual executes a series of signings during a single, continuous period of controlled system access, the first signing shall be executed using all electronic signature components (= user ID and password or biometrics); subsequent signings shall be executed using at least one electronic signature component that is only executable by, and designed to be used only by, the individual.(ii) When an individual executes one or more signings not performed during a single, continuous period of controlled system access, each signing shall be executed using all of the electronic signature components

答: 该操作在《联邦法规汇编》第 21 篇第 11 部分(21CFR11)第 11.200 章 “电子签名及组成部分” 中有规定:(i)当个人在一次连续的受控系统访问期间执行一系列签名操作时,首次签名应使用所有电子签名组成部分(即用户 ID 和密码或生物识别信息);后续签名应使用至少一个仅可由该个人执行且设计为仅供该个人使用的电子签名组成部分。(ii)当个人执行的一次或多次签名操作不是在一次连续的受控系统访问期间进行时,每次签名都应使用所有电子签名组成部分。


Q3: Is the storage of passwords in the internet browser allowed for GXP applications?

问 3:对于 GXP 应用程序,允许在互联网浏览器中存储密码吗?


A: No, ideally this feature should be deactivated in all browsers used for GXP applications.

答: 不允许,理想情况下,所有用于 GXP 应用程序的浏览器都应禁用此功能。


Access management:

访问管理:


Q1: Can I use generic accounts for 3rd party support employees? (e.g. lab technicians, on-line support SAP)

问 1:可以为第三方支持人员使用通用账户吗?(例如,实验室技术人员、SAP 在线支持人员)


A: No. The account should be attributable to the person executing the actions and there should be processes and systems in place to manage this.

答: 不可以。账户应可追溯到执行操作的个人,且应有相应的流程和系统来管理此事。


Q2: Can we extend the time of a user session before this is automatically locked for inactivity because of a HSE (health-safety-environment) concern? (e.g people need to interact in case of emergency in a DCS-distributed control system in production)

问 2:出于健康、安全与环境(HSE)方面的考虑,能否延长用户会话因闲置而自动锁定的时间?(例如,在生产中的分布式控制系统(DCS)出现紧急情况时,人员需要进行操作)


A: The inactive time of a user session should be managed by the user locking their computer station when they move away for an extend period of time to prevent unauthorised actions been taken by other persons. The automatic lock is a security measure. A reasonable amount of time should be supported by a risk assessment.This type of HSE concern should be managed independently of the GXP system with an emergency stop button as an example. If this is approach is not feasible, the computerized system should be designed as such that a fast intervention is possible. It is best practice for a system like a DCS to be configured in such a way that the screen does not completely goes into operating system lock and actions can be taken by clicking on the valve or object and entering a password to confirm the action.

答: 当用户需要长时间离开时,应通过手动锁定电脑来管理用户会话的闲置时间,以防止他人进行未授权操作。自动锁定是一项安全措施。合理的自动锁定时间应基于风险评估确定。此类 HSE 相关问题应独立于 GXP 系统进行管理,例如可设置紧急停止按钮。如果这种方法不可行,则计算机化系统应设计为允许快速干预。对于像 DCS 这样的系统,最佳做法是进行如下配置:屏幕不会完全进入操作系统锁定状态,通过点击阀门或相关对象并输入密码确认操作,即可执行相应动作。


Record life cycle management:

记录生命周期管理:


Q1: How to protect critical paper records? Is it necessary to scan all records or is physical protection (fire protected cabinets, location of the paper record archive (s)) sufficient?

问 1:如何保护重要纸质记录?是否需要扫描所有记录,还是物理防护(防火柜、纸质记录档案存放位置)就足够了?


A: Records should be protected and retrievable for the appropriate retention period. There is no need to scan under the condition that the documents are stored in a safe and secure environment.

答: 记录应在规定的保存期限内得到保护且可检索。若文档存放在安全可靠的环境中,则无需进行扫描。


Q2: Is it allowed to replace a physical paper archive if your scan your records? Can the paper records be destroyed afterwards?

问 2:若对记录进行扫描,是否可以用扫描件替代纸质档案?之后能否销毁纸质记录?


A: In practice this is possible if the digital copy is a true copy, however you need to comply with local legal and regulatory requirements to decide if you can destroy the paper records or not.

答: 实际上,若数字副本为真实副本,则可用其替代纸质档案,但需遵守当地法律法规要求,以确定是否可销毁纸质记录。


Q3: If hardware and/or software packages are not supported anymore (Windows updates, application software), is it possible to print out the electronic data or do you need to keep the ‘old’ systems up and running? (with the risk that you’re not able to see the electronic data anymore in case of soft and hardware errors)

问 3:若硬件和 / 或软件不再受支持(如 Windows 系统更新、应用程序停止支持),是否可以将电子数据打印出来,还是需要维持 “旧” 系统正常运行?(存在软硬件故障后无法查看电子数据的风险)


A: A print-out is only allowed if it is a true copy with all raw data and meta-data. In practice this is very difficult. The first option is to migrate those data to an appropriate system. Another option is to create a virtual environment where you can run the legacy system in a validated state and where all data can be retrieved.

答: 仅当打印件包含所有原始数据和元数据且为真实副本时,才允许打印。实际上,这一点很难实现。首选方案是将这些数据迁移到合适的系统中。另一种方案是创建虚拟环境,在经验证的状态下运行旧系统,确保所有数据均可检索。


Q4: If approved forms and templates that are part of a procedure are printed out of an electronic system just before use (e.g. training attendees sheets, checklists, housekeeping checklists, …), is it necessary to have controlled issuance of those templates and forms, and to have a systematic audit trail review of those printing activities?

问 4:若作为流程组成部分的已批准记录表格和模板在使用前才从电子系统中打印(例如,培训签到表、检查表、内部检查表等),是否需要对这些模板和表格进行受控发放,并对打印活动进行系统性审计追踪审查?


A: The term “FORM” should be used to refer to the controlled copies (blank forms) obtained from approved TEMPLATES stored as paper or through and electronic system.

答: “记录表格“FORM”一词应用于指代从批准的模板(以纸质或电子系统存储)中获取的受控副本(空白表格)。


If the form is printed and data is collected on paper, various provisions are to be taken to assure proper adherence to ALCOA+ principles; paper may not fully effective to prevent falsification. When the data are collected with electronic means, the controls has to be provided by the electronic system itself.

若记录表格经打印后以纸质形式收集数据,需采取各类措施确保严格遵守 ALCOA + 原则(数据完整性原则,涵盖可归因性、清晰性、同时性、原始性、准确性及额外的完整性、一致性、持久性、可用性);纸质形式可能无法完全有效防止数据篡改。若以电子方式收集数据,则需由电子系统本身提供相应控制措施。


The criticality of forms should be defined, and controls should be based on criticality

应明确记录表格的重要性等级,且控制措施需以重要性等级为依据。


A. Different levels of controls can be put in place to discourage falsification. For critical forms means to increase data integrity assurance include control the issuance of those documents, including controlled access for printing, reasoning for reprint, authentication of the original copy (e.g with stamps or signatures), control of distribution, binding in logbooks, second person review, reconciliation also through the audit trail review.

A. 可实施不同等级的控制措施以防范数据篡改。对于重要的记录表格,提升数据完整性保障的措施包括:对这些文件的发放进行控制(包括打印权限控制、重新打印的原因说明、原始副本认证,如盖章或签字)、分发控制、装订成册、双人审核、通过审计追踪审查进行核对等。


Not all the above controls have to be put in place for all forms, in order to put the highest effort on most critical forms.

无需对所有记录表格均实施上述全部控制措施,目的是将主要精力投入到最重要的表格上。


B. The criticality of forms can be defined based on the criticality of data they will record (i.e if they are used for production and release activities or for supporting processes), but also based on the probability that a falsification takes place (e.g. a printed form that is shared between different departments and personnel or printed by an independent department is less prone to falsification than a form that is printed and used by the same department and by a limited number of people); the level of redundancy of the data that the form will capture (i.e. if it captures primary raw data or it summarizes or refer to data recorded also elsewhere) can also be considered in the form criticality assessment.

B. 记录表格的重要性等级可根据其将记录数据的重要性来定义(例如,表格用于生产和放行活动,还是用于支持性流程),也可根据数据篡改发生的可能性来定义(例如,在不同部门和人员间共享或由独立部门打印的表格,比由同一部门、少数人打印并使用的表格更不易被篡改);表格所采集数据的冗余程度(例如,采集的是原始数据,还是对其他地方已记录数据的汇总或引用)也可纳入表格重要性等级评估。


As per the example in the question, for the lower criticality blank forms (e.g. training attendees sheets), controlled printing only can be applied; for checklists, the control strategy should be designed based on the criticality of the data being collected.

结合问题中的示例,对于重要性较低的空白表格(如培训签到表),仅需实施打印控制即可;对于检查表,则需根据所收集数据的重要性等级设计相应的控制策略。


Finally, forms should carefully designed to avoid potentials for data integrity issue including

最后,表格设计应严谨,以避免潜在的数据完整性问题,具体包括:


• Clearly defined fields to record data that allows the operator to understand how the datashould be entered including specification limits and/or exempla

•  明确定义数据记录字段,确保操作人员理解数据录入方式(包括规格限值和 / 或示例)


• Instructions on what to do if data do not fit the expectations

•  说明数据不符合预期时的处理方法


• Logic time sequencing

符合逻辑的时间顺序


•Company Recognizable and standardized pattern/frame

具有公司可识别的标准化格式 / 框架


• Archiving rules

明确归档规则


Various:

其他事项:


Q1: How to deal with analytical testing where data is a visual check? (appearance, insoluble matter testing, TLC, …)

问 1:对于数据需通过目视检查获取的分析测试(如外观检查、不溶性物质检测、薄层色谱分析等),应如何处理?


A: See table 1 ‘Minimum system requirements based on categories’ in the guide.

答: 请参考指南中的表 1 “基于类别划 分的最 低系统要求”。



注:表格中“X¹” 表示 “Access control only for securing time and date settings(仅用于保护时间和日期设置的访问控制)”。

Q2: Is it allowed to use a personal notes in a lab or production environment? (personal notes: containing training info/attention points you documented during training or during discussions with colleagues, …)

问 2:在实验室或生产环境中是否允许使用个人笔记?(个人笔记:包含培训信息、你在培训期间或与同事讨论时记录的注意事项等)


A: No. All information needed to perform activities in a GXP environment should be described in controlled procedures and work instructions. Any data supporting a GXP batch must be controlled, maintained and reviewed.

答: 不允许。在 GXP 环境中执行操作所需的所有信息,均应在受控的规程和作业指导书中明确说明。任何支持 GXP 批次的相关数据,都必须经过控制、保存和审核。

根据指南总结如下:


  • 文件提及 记录表格和模板在使用前才从电子系统中打印(例如,培训签到表、检查表、内部检查表等),是否需要对这些模板和表格进行受控发放,并对打印活动进行系统性审计追踪审查? 表示: 应明确记录表格的重要性等级,且控制措施需以重要性等级为依据。 可实施不同等级的控制措施 以防范数据篡改。 对于重要的记录表格,提升数据完整性保障的措施包括:对这些文件的发放进行控制(包括打印权限控制、重新打印的原因说明、原始副本认证,如盖章或签字)、分发控制、装订成册、双人审核、通过审计追踪审查进行核对等。 无需对所有记录表格均实施上述全部控制措施,目的是将主要精力投入到最重要的表格上。 对于重要性较低的空白表格(如培训签到表),仅需实施打印控制即可;对于检查表,则需根据所收集数据的重要性等级设计相应的控制策略。

  • 记录表格的重要性等级可根据其将记录数据的重要性来定义(例如, 表格用于生产和放行活动,还是用于支持性流程 ),也可根据数据篡改发生的可能性来定义(例如, 在不同部门和人员间共享或由独立部门打印的表格,比由同一部门、少数人打印并使用的表格更不易被篡改 );表格所采集数据的冗余程度(例如, 采集的是原始数据,还是对其他地方已记录数据的汇总或引用 )也可纳入表格重要性等级评估。

  • 关于 混合签名,文件指出, 最佳做法是文档要么完全使用手写签名,要么完全使用数字签名 。若没有其他选择,混合签名应仅作为特例使用。在这种情况下,必须先签署手写签名,之后再为文档准备数字签名。这样才能保留数字签名 / 电子签名的元数据。经完整签署的电子文档为正式的 GXP 文档(打印件不包含元数据,无法对数字签名 / 电子签名进行验证)。手写签名原件或其真实副本与电子签名副本必须作为关联文档,保存在安全且经验证符合预期用途的环境中,且符合公司的记录管理政策。

  • 文件提及是 否可以使用签名的扫描图像用作GXP(签名)使用? (内部使用),表示: 只有在签名扫描图像是原始签名的经认证的真实副本,并且符合当地法律和监管要求时才可接受。湿签名或其真实副本必须在记录保存期限内可检索、可复制且未被篡改。

  • 文件提及 当对方(其他公司)发来需要我也签名的文件扫描版,如何保证合规 ,表示: 如果发送扫描文件的一方已建立真实副本流程,并且扫描文件已认证并证明为真实副本,则可以使用该文件。发送文件的一方应有符合所期望的文件保存政策。

  • 文件提及 是否允许在互联网浏览器中存储GXP应用程序的密码? 表示: 不允许,理想情况下,此功能应在所有用于GXP应用程序的浏览器中禁用。

  • 文件提及 是否可以为第三方支持人员(例如,实验室技术人员,在线支持SAP)使用通用账户?  表示: 不可以。账户应可追溯至执行操作的个人,并且应有流程和系统来管理此操作。

  • 文件提及 如何保护关键纸质记录?是否需要扫描所有记录,还是物理保护(防火柜,纸质记录档案的位置)就足够了? 表示: 记录应得到保护,并在适当的保存期限内可检索。在文件存储在安全和受保护的环境中时,无需扫描。

  • 文件提及 扫描记录是否可以替换物理纸质归档?扫码之后可以销毁纸质记录吗? 表示: 如果数字副本是真实副本,则可以这样做,但需要符合当地法律和监管要求,以决定是否可以销毁纸质记录。

  • 文件提及 如果硬件和/或软件包不再支持(Windows更新,应用程序软件),是否可以打印出电子数据,还是需要保持“旧”系统运行? (如果软硬件出现错误,可能无法再查看电子数据)表示: 只有在打印出的副本是包含所有原始数据和元数据的真实副本时,才允许打印(不维持旧系统)。在实践中,这非常困难。首选选项是将这些数据迁移到适当的系统。另一个选项是创建一个 虚拟环境,在其中可以通过经验证的状态运行旧系统,并可以检索所有数据。

  • 文件提及 是否允许在实验室或生产环境中使用个人笔记? 表示: 不允许。执行GXP环境中活动所需的所有信息都应描述在受控程序和工作规程中。支持GXP批次的任何数据都必须受控、维护和审核。



订阅博客
博客分类