ISPE 的数据完整性成熟度等级自评-双语版

2018-05-18 10:33:00
gmpfan
转贴 2402
DATA INTEGRITY MATURITY LEVEL CHARACTERIZATION
Maturity Area Maturity Factors Maturity   Level Characterization


Level 1 Level 2 Level 3 Level 4 Level 5
Cluture





•  DI   Understanding and awareness
   
    •  对数据完整性的理解和认识 		Awareness   of the importance of data integrity, and understanding of data integrity   principles
   
    对数据完整性的重要性的认识,以及对数据完整性原则的理解 		Low   awareness, limited to SMEs and specialists
   
    认识不足,仅来自于SMEs和专家  		General   awareness of the topic, but not fully reflected in working practices
   
    对主题有一定的认识,但没有充分反映在工作中  		Principles   reflected in working practices, but not consistently applied
   
    对原则的理解反映在工作中,但是不能持续的应用  		Data integrity   principles fully incorporated and applied in established processes and   practices
   
    数据完整性原则在既定的过程和实践中充分纳入和应用  		Formal   ongoing awareness programme, proactively keeping abreast of industry   developments
   
    制定正式的持续改进计划,积极跟进行业发展
•  Corporate culture and   working environment
   
    •  企业文化与工作环境 		A   culture of willing and open reporting for errors, omissions and abnormal   results, and willing collaboration to achieve data integrity objectives
   
    一种愿意和公开报告错误、遗漏和异常结果的文化,并愿意协作以实现数据完整性目标  		Unwillingness   or no motivation to report errors and abnormal results.
   
    不愿意或没有动机报告错误和异常结果 		DI   problems may be reported but mitigation is either inadequate or ignored  
   
    可能会报告数据完整性问题,但 缓解 要么不够充分,要么被忽略 		Policies   and procedures encourage openness, but not implemented in all cases.   Mitigation generally limited to the specific instance
   
    政策和程序鼓励暴露问题,但不适用于所有情形。 缓解 通常局限于具体的实例 		Full   openness and collaboration achieved through such behaviour being motivated by   management behaviour. Mitigation considers wider implication
   
    通过管理行为激励实现了充分的开放和协作。 缓解 考虑更广泛的影响 		Anticipating   potential future DI weaknesses and applying appropriate controls
   
    预测未来潜在的数据完整性弱点并应用合适的控制
•  Quality Culture
   
    •  质量文化 		An   environment in which employees habitually follow quality standards, take   taking quality-focused actions, and consistently see others doing so.
   
    员工习惯遵循质量标准的环境,采取以质量为中心的行动,并且周围人也在这样做 		Low   awareness and application of quality principles and standards. A culture of   not reporting what management would rather not hear
   
    对质量原则和标准的认识和应用不足。管理层不愿听到的就不报告的文化 		Ad-hoc   quality. Activities performed, but relying on individual efforts
   
    仅为这次的质量文化。开展活动,但是仅依赖于个人的努力 		General   application of some quality principles, but not fully ingrained or   consistent.
   
    普遍应用一些质量原则,但不完全彻底和一致 		Quality   considerations incorporated in normal working practice
   
    质量因素纳入日常工作实践 		Quality   and continuous improvement incorporated in normal working practice
   
    质量和持续改进纳入日常工作实践
Governance and Organization
   
    治理与组织
   
   





•  Leadership
   
    •  领导力
    		Objectives   defined and communicated by executive management.
   
    目标界定和行政管理沟通 		Leadership   silent or inconsistent on the need for data integrity. Other business   priorities typically override.
   
    领导对数据完整性的需求保持沉默或不一致。其他业务优先级通常高于数据完整性 		Leadership   state need for DI, but do not lead by example.
   
    领导强调需要数据完整性,但不以身作则 		Objectives   defined in policies and high level statements, but not always fully reflected   in management priorities.
   
    政策和高级别声明中定义了数据完整性的目标,但并非总是充分反映在管理优先事项中 		Management   actions and priorities fully reflect stated objectives
   
    管理行为和优先级充分反映所规定的数据完整性目标 		DI   aspects routinely addressed and improved as part of management review
   
    数据完整性的常规处理和改进作为管理评审的一部分
•  Sponsorship
   
    •  资源支持 		Executive   management providing appropriate resources and support.
   
    行政管理提供合适的资源支持 		Appropriate   resources only made available in emergencies (e.g. critical citation).
   
    仅在紧急情况下提供资源(如 关键引文 		Appropriate   resources available in principle, but often not be available in practice due   to other pressures.
   
    原则上有适当的资源,但由于其他方面的压力,通常不可用在实践中 		Appropriate   resources available, but may be diverted or diluted due to other pressures.  
   
    适当的可用资源,但由于其他压力,可能被转移或稀释 		Required   and planned resources are available and safeguarded due to ongoing commitment   to data integrity
   
    由于持续致力于数据完整性,所需和计划的资源得到保障。 		Management   looking ahead to identify future resource needs, based on experience
   
    管理层展望未来,根据经验确定未来的资源需求
•  Structure
   
    •  结构 		Appropriate   roles and reporting structures.
   
    适当的角色和报告结构 		No   consideration of specific data governance in roles and responsibilities.  
   
    不在角色和职责制定中考虑数据管理 		Data   governance roles only recently established, or in flux.
   
    最近才建立数据管理角色,或一直在变化 		Data   governance roles established, but not always effective.
   
    建立数据管理角色,但是不是一直有效 		Data   Governance roles are well integrated into the management structures and   systems
   
    数据管理的角色很好地融入管理结构和系统 		Management   reviewing and adapting organizational structures based on experience
   
    基于经验的管理评审与组织结构调整
•  Stakeholder Engagement  
   
    •  相关人员参与 		Engagement   of business Process Owners, Quality Assurance, and key supporting technical   groups (e.g. IT)
   
    参与业务流程所有者、质量保证和关键支持技术组织(例如:IT)  		Data   integrity and governance seen as either an IT issue or a Quality Issue. No   real Process Owner involvement
   
    数据完整性和治理视为IT问题或质量问题。没有真正的过程所有者参与 		Ad-hoc   involvement of Process Owners, and Quality Assurance. High person dependence.  
   
    过程所有者和QA
    “仅仅这次”参与。高度依赖于人 		Process   Owners, and Quality Assurance typically involved, but not consistently
   
    过程所有者和QA通常涉及,但不是一贯的 		Process   Owners, Quality Assurance, and IT work together through the data and system   life cycles
   
    过程所有者、QA和IT在数据和系统生命周期中一起协作 		All   stakeholders consistently work together to identify further co-operation   opportunities, based on experience.
   
    所有利益相关者不断合作,根据经验确定进一步的合作机会
•  Data Ownership
   
   
    •  数据所有权 		Clear   ownership of data and data-related responsibilities
   
    明确数据所有权和数据相关的责任 		Process,   system, and data owners not defined
   
    没有定义过程、系统和数据的所有者 		Process,   system, and data owners identified in few areas.
   
    在小范围内定义过程、系统和数据的所有者 		Process,   system, and data owners typically defined in many, but not all cases, and   responsibilities not always clear
   
    过程、系统和数据所有者在大范围内定义,但是并非所有情况下,而且职责也不是一直都清晰, 		Process,   system, and data owners are well defined and documented.
   
    流程、系统和数据所有者都被很好的定义并且文档化 		Process,   system, and data owner responsibilities considered and clarified during   management review.
   
    在管理评审中对过程、系统和数据所有者的职责进行考虑和阐述
•  Policies and   Standards
   
    •  政策和标准 		Defined   polices and standards on data integrity
   
    定义关于数据完整性的政策和标准 		No   established policies and standards for data integrity
   
    没有建立政策和标准用于数据完整性 		Ad-hoc   policies and standards for data integrity in some cases
   
    在某些情况下有用于数据完整性的政策和标准 		Polices   and standards exist, but not fully integrated into the QMS and business   process.
   
    政策和标准存在,但没有完全纳入质量管理体系和业务流程 		Policies   and standards fully integrated into the QMS and fully reflected in business   processes and practices
   
    政策和标准完全纳入质量管理体系并且充分反映在业务流程和实践中 		Policies   and standards regularly reviewed and improved based on experience
   
    基于经验。定期评审和改进政策和标准
•  Procedures
   
    •  规程 		Established   procedures defining key activities and processes
   
    建立规程描述关键活动和流程  		No   established procedures for key data integrity related activities
   
    没有建立管理数据完整想相关活动的规程 		Ad-hoc   procedures for data integrity in some cases
   
    针对数据完整性的某些情况制定了有限的规程 		Some   procedures and standards exist, but not covering all data integrity related   activities.
   
    有一些规程,但是没有覆盖所有的数据完整性相关活动 		Procedures   for all key areas fully integrated into the QMS and reflecting established   policies and standards.
   
    将所有关键领域的规程充分纳入质量管理体系并反映既定的政策和标准  		Procedures   regularly reviewed and improved based on experience
   
    基于经验。定期评审和改进规程
•  Awareness and Training  
   
    •  认识和培训 		Awareness   and training on regulatory requirements and organizational polices and   standards.
   
    对法规要求、组织政策、标准的认识和培训 		No   real awareness of regulatory requirements and company policy in this area  
   
    在这方面没有真正意识到法规要求和公司政策 		Some   awareness of regulatory requirements and company policy, in pockets.
   
    对于法规要求和公司政策,有一些局限的认识 		General   awareness of well-known regulations, and the existence of company policies  
   
    普遍了解众所周知的法规,以及公司政策的存在 		Comprehensive   training program ensures an appropriate level of knowledge of specific   regulatory and company requirements
   
    综合培训计划确保对特定的规章制度和公司要求有适当的了解 		Formal   training needs analysis, taking into account regulatory developments.   Training effectiveness assessment for ongoing improvement
   
    考虑到法规的发展,进行正规培训需求分析。持续改进的培训效果评估
Quality Management System
   
    质量管理体系 		Established   and effective Quality Management System, focused on patient safety, product   quality and data integrity.
   
    建立有效的质量管理体系,关注患者安全,产品质量和数据的完整性  		Few   procedures in place focused on patient safety, product quality and data   integrity.
   
    几乎没有规程关注患者安全,产品质量和数据的完整性 		Some   procedures and quality control processes, but not consistently achieving   quality goals.
   
    一些规程和质量控制过程,但不能始终如一地实现质量目标 		Established   Quality Management System, but compliance and data integrity activities are   not fully effective
   
    建立了质量管理体系,但合规性和数据完整性活动并不完全有效 		Established   and effective Quality Management System, consistently achieving data   integrity goals in support of patient safety and product quality
   
    建立有效的质量管理体系,始终如一地实现数据完整性目标,以保证病人安全和产品质量 		QMS   subject to regular management review and continuous improvement
   
    定期管理评审和持续改进的质量管理体系
Business process definition
   
    业务流程定义  		Clear   and accurate definitions of regulated business processes, covering all key   GxP areas
   
    规范业务流程的清晰和准确的定义,涵盖所有GxP关键领域 		Few   business processes formally defined and documented
   
    几乎没有业务流程被正式定义和文档化 		Some   business processes formally defined and documented on an ad-hoc basis, either   by project or operational groups
   
    一些业务流程被定义和文档化 		Most   business processes defined, but not consistently following conventions or   standards, and not always complete and up-to-date.
   
    定义了大多数业务流程,但不是一贯遵循惯例或标准,并不总是完整的和最新的 		Business   processes defined following established conventions and standards.
   
    业务流程定义遵循既定惯例和标准 		Business   processes defined and supported by appropriate tools, and consistently   maintained.
   
    业务流程通过适当工具定义和支持,并一直维护
Supplier and service provider management
   
    供应商和服务提供商管理 		Assessment   of suppliers and service providers against agreed standards, and setting up   and monitoring of contracts and agreements to deliver those standards.
   
    根据商定的标准评估供应商和服务供应商,并建立和监测合同和协议,以交付这些标准 		Many   suppliers and providers with a potential impact on data integrity not   assessed or managed
   
    许多供应商和供应商对数据完整性的潜在影响没有评估或管理 		Some   suppliers and providers with a potential impact on data integrity informally   assessed
   
    一些供应商对数据完整性的潜在影响进行评估 		Established   process for supplier management, but not applied consistently. Data integrity   implications not always fully covered by assessments or agreements
   
    建立供应商管理流程,但不是一贯地应用。数据完整性的影响并不总是完全覆盖评估或协议 		Established   process for supplier management, consistently applied, and including a data   integrity risk review.
   
    建立供应商管理的过程,始终如一地应用,包括数据完整性风险审查 		Effectiveness   of supplier management subject to regular management review based on   metrics.
   
    对供应商管理的有效性是基于度量的定期管理评审
Strategic Planning and Data Integrity Program
   
    战略规划和数据完整性计划





•  Planning
   
    •  计划 		Executive   level strategic planning and programs for improving and/ or maintaining data   governance and data integrity.
   
    领导层级别的战略规划,用于改进 和/或 维护数据管理和数据完整性 		No   planning for data integrity or data governance at executive level
   
    没有领导层级的针对数据管理和数据完整性的计划 		Limited   planning for data integrity or data governance, typically driven by   emergencies
   
    有限的数据完整性和数据治理规划,通常由突发事件驱动的  		Specific   Data Integrity program or equivalent underway.
   
    特定数据完整性程序或等效运行 		Successful   Data Integrity programs achieving stated objectives
   
    成功的数据完整性程序达到既定目标 		Data   integrity integral to ongoing organizational strategic planning
   
    数据完整性是正在进行的组织战略规划的组成部分
•  Communication
   
    •  沟通
    		Communication   and change management processes, supported by a suitable repository of   information and resources.
   
    沟通和变更管理过程,由适当的信息资源库支持 		No   communication and change management process for DI
   
    没有针对数据完整性的沟通和变更管理过程 		Some   informal and person dependent communication and change management.
   
    一些非正式和依赖个人的沟通和变更管理 		Formal   communication and change management for DI in place, but on a per-project or   per-site basis, with ad hoc repositories.
   
    对数据完整性进行正式的沟通和变更管理, 但在每一个项目或每一个站点基础上,使用临时资源库  		Communication   and change management for DI integral to QMS, supported by tools and central   repository.
   
    在工具和中央资源库的支持下,针对数据完整性的沟通和变更管理纳入质量管理体系 		Communication   and change management for DI subject to review and improvement, supported by   defined metrics.
   
    对数据完整性进行沟通和变更管理,在定义的指标支持下进行评审和改进
Regulatory
   
    法规





•   Awareness
   
    •   认识 		Awareness   of applicable regulatory requirements
   
    对适用法规要求的认识 		No   awareness of key regulatory requirements.
   
    没有关键法规要求的意识 		Some   awareness of detailed regulatory requirements, based on individual experience   and effort.
   
    基于个人的经验和努力,对监管要求的细节有一些认识 		Formal   regulatory awareness-raising underway, including training on regulations and   guidance.
   
    正在进行正式的监管意识提高,包括法规和指导方面的培训 		All   staff aware of regulatory requirements affecting their work.
   
    全体员工意识到监管要求影响他们的工作 		Formal   training needs analysis and action, taking into account regulatory and   industry developments.
   
    考虑到法规和行业发展,正式培训需求分析和行动
•  Traceability
   
    •  可追溯性 		Traceability   to applicable regulatory requirements from, e.g., Quality Manual, polices or   procedures
   
    可追溯到适用的法规要求,例如质量手册、政策或规程 		No   traceability to regulations
   
    不可追溯到法规  		Little   traceability of policies and procedures to specific regulations.
   
    政策和程序对具体法规的可追溯性很小  		Traceability   in place, but limited to key regulatory requirements.
   
    可追溯,但限于关键监管要求 		Full   traceability, e.g. from Quality Manual or policies, to specific regulatory   requirements.
   
    完整的可追溯性,如从质量手册或政策到具体的监管要求 		Traceability   effectively maintained and updated taking into account regulatory   developments
   
    考虑到法规的发展,对可追溯性进行有效地维护和更新
•  Inspection   readiness
   
    •  检查准备 		Preparation   for inspection, including responsibilities, and inspection readiness   documentation.
   
    检查准备工作,包括责任,检查准备文档 		No   inspection readiness preparation
   
    无检查准备 		Limited   inspection readiness preparation - ad-hoc and dependent on individual Process   and System Owners
   
    检查准备有限,是“仅仅这次”的和依赖过程和系统所有者个人的  		Inspection   readiness activities in place, but inconsistent in level, content, and   approach
   
    检查准备活动到位,但水平、内容和方法不一致 		Established   process for inspection readiness covering all systems maintaining regulated   data and records.
   
    建立了过程检验准备覆盖所有系统维护管理数据和记录  		Inspection   readiness processes regularly reviewed and refined based on regulatory and   industry developments.
   
    根据监管和产业发展情况,定期检查准备过程回顾和改进
•  Regulatory Relationship   and communications
   
    •  监管关系和沟通 		Effectiveness   of communication with regulatory authorities, and effectiveness of dealing   with concerns and citations.
   
    与监管部门沟通的有效性,以及处理关注点和引用的有效性 		No   communication except during inspections, when specific citations are   addressed.
   
    没有沟通除非检查期间 		Ad-hoc   , informal communication as-and-when required, not following a defined   procedure.
   
    临阵磨枪式的沟通,而不是遵循规程 		Communication   as-and-when required, following a defined procedure.
   
    按照既定的规程,在需要时进行沟通 		Effective,   consistent, communication with regulatory bodies following a defined   procedure.
   
    有效、一致、与监管机构按照既定程序进行沟通 		Clear   communication lines to key regulatory bodies, with internal specialists   following an established process. Concerns and citations are proactively   managed.
   
    明确与关键监管机构的沟通渠道,内部专家遵循既定程序。主动管理关注和引用。
Data Life Cycle
   
    数据生命周期





•  Data life cycle   definition
   
    •  数据生命周期定义 		Data   life cycle(s) defined in standards and/or procedures
   
    在标准和/或规程中定义的数据生命周期 		Data   life cycles not defined.
   
    数据生命周期没有定义 		Some   data life cycles defined on an ad-hoc basis.
   
    一些数据生命周期被临时定义 		Data   life cycles generally defined following procedures. Not consistently applied.  
   
    数据生命周期通常
    在规程中定义,不是一致的应用 		Data   life cycle defined in procedures, and applied consistently to all key   regulated data and records.
   
    在规程中定义数据生命周期,并始终适用于所有关键规范数据和记录 		Data   life cycles defined f and maintained, supported by effective automated tools  
   
    数据生命周期的定义和维护,由有效的自动化工具支持
•  Quality Risk   Management
   
    •  质量风险管理 		Application   of risk management (including justified and documented risk assessments)   through the data life cycle.
   
    通过数据生命周期应用风险管理(包括合理和有记录的风险评估) 		No   documented and justified assessment of risks to data integrity
   
    对数据完整性的风险没有记录和合理的评估  		Limited   data integrity risk assessments performed on an ad-hoc basis.
   
    有限的数据完整性风险评估是在临时性的基础上进行的 		Data   integrity considered in risk assessment procedures, but not performed to a   consistent level.
   
    风险评估过程中考虑到的数据完整性,但没有达到一致的水平 		Data   integrity risk management established as an integral part of the data life   cycle and system life cycle.
   
    数据完整性风险管理是数据生命周期和系统生命周期的一个组成部分 		Quality   Risk Management activities subject to continuous improvement
   
    持续改进的质量风险管理活动
•  Data Management   processes and tools
   
    •  数据管理流程和工具 		Established   data management processes, supported by appropriate tools.
   
    建立适当的工具支持的数据管理流程 		No   data management processes
   
    没有数据管理流程 		Some   data management processes defined by individual Process Owners
   
    由个体流程所有者定义的一些数据管理过程 		Data   management procedures defined, but not always effectively implemented
   
    定义了数据管理规程,但并不总是有效地执行 		Well   established and effective data management processes.
   
    建立数据管理流程 ,并有效的执行 		Well   established common data management processes, maintained, updated, supported   by appropriate automated tools
   
    已建立的通用数据管理流程,通过适当的自动化工具维护、更新
•  Master and reference   data management
   
    •  主数据和引用数据管理 		Established   processes to ensure the accuracy, consistency, and control of master and   reference data.
   
    建立规程以确保主数据和引用数据的准确性、一致性和控制 		No   master/reference data management processes
   
    没有主数据引用数据的管理规程 		Some   master/reference data management processes defined by individual Process   Owners
   
    由独立的进程所有者定义的一些主/引用数据管理规程 		Master/reference   Data management procedures defined, but not always effectively   implemented
   
    建立了主/引用数据管理规程,但并不总是有效地执行  		Well   established and effective master/reference data management processes.
   
    建立了主/引用数据管理规程,并得到有效执行  		Well   established common master/reference data management processes, maintained,   updated, supported by appropriate automated tools
   
    已建立的通用主/引用数据管理规程,通过适当的自动化工具维护、更新
•  Data Incident and   Problem Management
   
    •  数据事件和问题管理 		Established   processes to deal with data incidents and problems, linked with change   management and deviation management as appropriate.
   
    建立处理数据事件和问题的规程,并与变更管理和偏差管理联系在一起 		No   formal data incident and data problem management process
   
    没有正式的数据事件和数据问题管理规程.  		Some   data incident and data problem management processes defined by individual   Process/System Owners
   
    由独立的进程/系统所有者定义的一些数据事件和数据问题管理规程  		Data   incidents and problems typically effectively dealt with as a part of normal   system or operational incident management, but with limited consideration of   wider DI implications.
   
    数据事件和问题通常作为正常系统或操作事件管理的一部分有效地处理,但? 		Established   data incident and problem management process linked to CAPA and deviation   management where necessary.
   
    建立数据的事件和问题管理规程,并在需要的地方和CAPA和偏差管理联系在一起 		Established   data incident and problem management process, supported by tools and   appropriate metrics, leading to process improvement.
   
    建立数据事件和问题管理流程,由工具和适当的度量支持,过程改进
•  Access and Security   management
   
    •  访问和安全管理 		Establishing   technical and procedural controls for access management and to ensure the   security of regulated data and records.
   
    为访问管理建立技术和程序控制,并确保受管制数据和记录的安全性 		Lack   of basic access control and security measures allowing unauthorized changes  
   
    缺乏基本的访问控制和安全措施,允许未经授权的更改 		Some   controls, but group logins and shared accounts widespread. Password polices   weak or not enforced
   
    有一些控制,但组登录和共享账户普遍。密码策略弱或不强制执行 		Established   standards and procedures for security and access control, but not   consistently applied
   
    建立安全和访问控制的标准和规程,但不总是应用 		Established   system for consistent access control and security management, including   regular review of security breaches and incidents
   
    建立一致的访问控制和安全管理体系,包括定期审查安全漏洞和事件 		Established   integrated system for consistent access control and security management,   supported by appropriate tools and metrics for continuous improvement.
   
    建立一致的访问控制和安全管理的集成系统,支持适当的工具和持续改进的指标
•  Archival and retention  
   
    •  档案和保留 		Establishing   processes for ensuring accessibility, readability and integrity of regulated   data in compliance with regulatory requirements including retention periods.  
   
    根据法规要求,建立规程确保受管制数据的可访问性、可读性和完整性,包括档案的保存期。 		No   consideration of long term archival and retention periods
   
    没有考虑长期归档和保留时间  		No   effective process for identifying and meeting regulatory retention   requirements. Few archival arrangements in place.
   
    没有识别和满足法规对于保留要求的有效规程。很少有档案安排到位 		Retention   policy and schedule defined covering some, but not all regulated records.   Some systems with no formal archival process.
   
    保留策略和计划定义覆盖一些,但不是所有的监管记录。有一些系统做了非正式的归档 		Retention   Schedule includes all regulated records, and those policies supported by   appropriate archival processes and tools.
   
    保留时间表包括所有受管制的记录,以及那些由适当的档案过程和工具支持的政策。 		Archival   and data retention policies and processes regularly reviewed against   regulatory and technical developments
   
    对归档和数据保留政策和规程相关的法规和技术发展进行定期的审查
•  Electronic Signatures  
   
    •  电子签名 		Effective   application of electronic signatures to electronic records, where approval,   verification, or other signing is required by applicable regulations.
   
    电子签字在电子记录中的有效应用,如适用条例所要求的批准、验证或其他签字  		No   control of electronic signatures.
   
    无电子签名控制 		Lack   of clear policy on signature application, and lack of consistent technical   support for e-signatures.
   
    对签名应用的缺乏明确的政策,缺乏对电子签名的一致性技术支持 		Policies   in place. Compliant e-signatures in place for some, but not all relevant   systems.
   
    政策到位,电子签名在一些地方合规,但并不是所有相关系统  		Compliant   e-signatures in place for all relevant systems, supported by consistent   technology where possible
   
    电子签名在所有相关系统中均合规,并得到一致性的技术支持 		Electronic   signature policies and processes regularly reviewed against current best   practice and technical developments
   
    针对现行最佳实践和技术发展定期审查电子签字政策和程序
•  Audit trails
   
    •  审计追踪 		Usable   and secure audit trails recording the creation, modification, or deletion of   GxP data and records, allowing effective review either as part of normal   business process or during investigations.
   
    使用和安全审计跟踪记录的创建,修改,或删除GXP的数据和记录,允许有效的审查作为正常业务过程的一部分或在调查期间 		Lack   of effective and compliant audit trails
   
    缺乏有效的合规的审计追踪 		Some   limited use of audit trails. Often incomplete or not fit for purpose (e.g. in   content and reviewability). Not typically reviewed as part of normal business   process.
    有限的使用审计追踪。往往不完整或不适用(例如在内容和审查)。通常不作为正常业务流程的一部分进行评审 		Audit   trail in place for most regulated systems, but with undefined and   inconsistent use within business processes in some cases.
   
    对大多数受监管系统进行审计跟踪,但在某些情况下业务流程未定义审计追踪或不一致使用 		Effective   audit trail in place for all regulated systems, and use and review of audit   trail included in established business processes.
   
    为所有受管制的系统进行有效的审计追踪,以及对既定业务流程中的审计追踪的使用和审核 		Audit   trail policies and use regularly reviewed against regulatory and technical   developments
   
    根据法规和技术发展,定期审查审计追踪政策和使用情况
Data Life Cycle Supporting Processes
   
    数据生命周期支持过程





•  Auditing
   
    •  审计 		Auditing   against defined data quality standards, including appropriate techniques to   identify data integrity failures
   
    对定义的数据质量标准进行审计,包括确定数据完整性故障的适当技术 		No   data quality or integrity audits performed
   
    没有执行数据质量或完整性审计 		Some   audits performed on an ad-hoc and reactive basis, but no established process   for data quality and integrity auditing.
   
    有一些审计是在临时和被动基础上进行的,但没有建立数据质量和完整性审计的过程。 		Data   quality and integrity process defined, but audits not always effective and   the level of follow-up inconsistent.
   
    定义了数据质量和完整性过程,但审计并不总是有效的,后续的水平不一致 		Effective   data auditing fully integrated into wider audit process and schedule.
   
    有效的数据审计完全集成到更广泛的审计过程和计划中 		Auditing   process and schedule for subject to review and improvement, based on audit   results and trends.
   
    根据审计结果和趋势进行审核,并改进审核过程和进度表 
•  Metrics
   
    •  度量 		Measuring   the effectiveness of data governance and data integrity activities
   
    衡量数据治理和数据完整性活动的有效性 		No   data related metrics captured.
   
    没有捕获与数据相关的指标 		Limited   metrics captured, on an ad-hoc basis
   
    有限指标捕获,在一个特设的基础上
    		Metrics   captured for most key systems and datasets. Level, purpose, and use   inconsistent.
   
    为大多数关键系统和数据集捕获的度量。水平、用途和使用不一致 		Metrics   captured consistently, according to an established process.
   
    根据既定的过程,一致地度量指标
    		Metrics   captured consistently, and fed into a continuous improvement process for data   governance and integrity
   
    度量一致地被捕获,并加入到数据治理和完整性的持续改进过程中。
•  Classification and   assessment
   
    •  分级和评估 		Data   and system classification and compliance assessment activities
   
    数据和系统分类以及合规性评估活动 		No   data classification.
   
    无分级 		Limited   data classification, on an ad-hoc basis. No formal process
   
    有限的数据分级,临时的。非正式规程 		Data   classification performed (e.g. as a part of system compliance assessment),   but limited in detail and scope.
   
    执行的数据分类(如系统遵从性评估的一部分),但细节和范围有限  		Established   process for data classification, based on business process definitions and   regulatory requirements.
   
    基于业务流程定义和监管要求,建立数据分级规程 		Classification   process subject to review and improvement, based outcomes and trends.
   
    根据结果和趋势,审查和改进分级规程
•  CS Validation and   compliance
   
    计算机化系统验证和合规性 		Established   framework for achieving and maintaining validated and compliant computerized   systems
   
    建立框架持续归档和维护计算机化系统验证和合规性  		Systems   supporting or maintaining regulated records and data are not validated
   
    支持或维护受管制记录和数据的系统未经验证 		No   formal process for CS validation, The extent of validation and evidence   dependent on local individuals.
   
    没有正式的计算机化系统验证过程,验证的程度和证据依赖于当地个人 		Most   systems supporting or maintaining regulated records and data are validated   according to a defined process, but approach is not always consistent between   systems and does not fully cover data integrity risks
   
    多数支持或维护受管制的记录和数据的系统都是按照定义的过程进行验证的,但是系统之间的方法并不总是一致的,也不能完全覆盖数据完整性风险 		Established   process in place for ensuring that all systems supporting and maintaining   regulated records and data are validated according to industry good practice,   and fully compliant with regulations, including effective and documented   management of data integrity risks.
   
    建立适当的程序,以确保所有系统支持和维护受管制的记录和数据,根据行业惯例进行验证,并完全符合规章,包括有效和记录的数据完整性风险管理 		CS   Validation policies and processes regularly reviewed against regulatory and   industry developments
   
    针对法规和行业发展定期审查计算机化系统验证政策和流程
•  Control strategy
   
    •  控制策略 		Proactive   design and selection of controls aimed at avoiding failures and incidents,   rather than depending on procedural controls aimed at detecting failure  
   
    主动设计和选择控制,以避免故障和事件,而不是依赖于旨在检测故障的过程控制。 		No   consideration of potential causes of data integrity failures and relevant   controls
   
    不考虑数据完整性失效的潜在原因和相关控制 		Some   application of controls, typically procedural approaches aimed at detecting   failures
   
    有一些控制策略的应用,通常旨在检测故障的过程方法 		Technical   and procedural controls applied, but dependent on individual project or   system
   
   
    应用技术和程序控制,但依赖于单个项目或系统 		Technical   and procedural controls are applied in most cases, based on an established   risk-based decision process
   
    基于既定的以风险为基础的决策过程,应用技术和程序控制在大多数情况下被应用 		Integrity   fully designed into processes before purchase of systems and technology,   including appropriate controls
   
    在购买系统和技术之前,设计完整的过程,包括适当的控制
IT Architecture
   
    IT架构  		Appropriate   IT architecture to support regulated business processes and data integrity  
   
    合理的IT架构来支持业务流程的合规性和数据完整性 		No   consideration of IT architecture strategy
   
    没有考虑IT架构策略 		IT   architecture strategy and decisions not documented, and dependent on local   SMEs.
   
    IT架构策略和决策没有文档化,依赖于本地SMEs 		IT   architecture considered, and generally supports data integrity and   compliance, but is typically defined on a system by system basis.
   
    考虑IT架构,并通常支持数据完整性和合规性,但是通常只是临时性的考虑  		Established   IT architecture policy and strategy, with full consideration on how this   supports data integrity.
   
    建立IT架构政策和策略,充分考虑了如何支持数据完整性 		IT   architecture strategy regularly reviewed against industry and technical   developments.
   
    根据行业和技术发展,定期审查IT架构 
IT Infrastructure
   
    IT基础设施 		Qualified   and controlled IT infrastructure to support regulated computerized systems  
   
    经确认的和受控的IT基础设施以支持受监管的计算机化系统 		No   infrastructure qualification performed
   
    无基础设施确认
   
    		No   established process for infrastructure qualification. Some performed,   dependent on local SMEs.
   
    没有建立基础设施确认规程。有一些,依赖于当地SMEs 		Infrastructure   generally qualified, according to an established process, but is often a   document driven approach, sometimes applied inconsistently
   
    基础设施一般经过确认的,按照一个既定的过程,但往往是文档驱动的方法,有时应用不一致 		Established   risk-based infrastructure qualification process, ensuring that current good   it practice is applied, supported by tools and technology
   
    建立了基于风险的的基础设施确认规程,确保目前良好的IT实践得到应用,并得到工具和技术的支持 		Infrastructure   approach regularly reviewed against industry and technical   developments.
   
    根据行业和技术发展,定期审查IT基础设施 


订阅博客
博客分类