PA/PH/OMCL(08) 88 R5 计算机化系统的验证—附录2 复杂计算机化系统的验证
生效日期:2018-08-01
ANNEX 2 OF THE OMCL NETWORK GUIDELINE “VALIDATION OF COMPUTERISED SYSTEMS”
“计算机化系统的验证”附录2
VALIDATION OF COMPLEX COMPUTERISED SYSTEMS
复杂计算机化系统的验证
Note: Mandatory requirements in this guideline and its annexes are defined using the terms «shall» or «must». The use of «should» indicates a recommendation. For these parts of the text other appropriately justified approaches are acceptable. The term «can» indicates a possibility or an example with non-binding character.
注:本指南及其附录中的强制要求采用术语“应”或“必须”进行定义。使用“应”表示是建议,其下所列要求可采用经过适当论证的其它方法来实施。术语“可”表示一种可能性,或非强制特性举例。
1. INTRODUCTION
前言
This is the 2nd Annex of the core document “Validation of Computerised Systems”, and it should be used in combination with the latter when planning, performing and documenting the validation steps of complex computerised systems Excel spreadsheet validation is described in the 1st Annex of the core document and not subjected here.
本文是“计算机化系统的验证”核心文件的附录2,在规划、实施和记录复杂计算机化系统的验证步骤中应与该核心文件联合使用。EXCEL表格的验证在核心文件附录1中进行了描述,不包括在此文中。
2. USER REQUIREMENTS SPECIFICATIONS (URS)
用户需求手册(URS)
The selection and purchase of new software and the associated computer and laboratory equipment should follow a conscious decision-making process based on the requirements for the intended use of the computerised system. A User Requirements Specification (URS) should describe the functional and technical requirements of the computerised system, as defined by the OMCL, in terms of both software and hardware. It should also cover the aspects of information security and data integrity.
新软件及相关计算机和化验室设备的选择和采购应遵照基于计算机化系统既定用途需求的简洁决策流程。应按OMCL定义,在用户需求手册(URS)中描述计算机化系统里软件和硬件的功能性和技术性需求。URS还应覆盖安全信息和数据完整性方面要求。
Some of the items that can be included are:
可以包括的项目有:
a) Description of the software used (e.g. Excel, Access, Oracle), including version;
所用软件的描述(例如,EXCEL、ACCESS、ORACLE),包括版本
b) Requirements on hardware components and operating system;
硬件部件和操作系统的要求
c) Description of functions;
功能描述
d) Description of the attributes of data;
数据属性描述
e) Terminology (e.g. important especially for the consistent description of input masks /fields);
术语(例如,特别是对输入掩码/域比较重要的术语)
f) Database design, including masks and fields as well as a map of the data relationships;
数据库设计,包括掩码和域以及数据关系图
g) Specifications of macros, formulas and control commands;
宏、公式和控制命令的标准
h) Specifications of the data inputs (e.g. format, decimal places, units);
数据录入标准(例如,格式、小数位、单位)
i) Specification of the mandatory fields for data;
数据强制域标准
j) Specifications of the protection of masks, working sheets or the whole application;
掩码保护、工作表保护和整个应用软件保护标准
k) Planning of the data migration, if applicable;
数据迁移规划(如适用)
l) Specifications for traceability of data entry and changes (audit trail) of interfaces to other system components, if applicable.
数据录入和与其它系统组件接口修改的可追溯性(审计追踪)标准
The URS shall be released by a responsible person. Changes to the requirements are possible but the changes should be traceable and the URS document should be version controlled or an equivalent system established in order to ensure traceability. New or changed requirements should be communicated to all persons involved.
URS应由负责人放行。可以对需求进行修改,但修改应可追溯,且URS文件应有版本控制,或有相当的既定系统以确保其可追溯性。应与涉及人员沟通新的或修改后的需求。
3. INSTALLATION QUALIFICATION (IQ)
安装确认(IQ)
The correct installation of the system in the IT environment with defined hardware and operating software shall be documented and tested. Detailed installation procedures should be available and carried out by well-trained personnel only.
将系统正确地安装在具有既定硬件和操作软件的IT环境中的过程应有记录并应进行测试。应有详细的安装程序,并仅由经过良好培训的人员执行。
Checklists with predefined installation steps and acceptance criteria can ensure the correct installation of the system and the traceable qualification of the installation.
检查清单和预定的安装步骤及可接受标准可以确保系统的正确安装,以及安装确认的可追溯性。
In most cases, the computerised system is connected to a computer network with interfaces to other software (other applications) and hardware (computer equipment or laboratory equipment). It must be ensured that the system is correctly integrated and that all components are operative.
在大多数情形下,计算机化系统会接入计算机网络,与其它软件(或应用程序)和硬件(计算机设备和实验室设备)有接口。必须确保系统正确结合,并且所有组件均可正常运行。
The IQ typically includes:
IQ一般包括:
a) A check of the required system resources both of the server and client, when applicable (e.g. supported operating system, database engine, performance of the processor, free space on the hard disk, memory, access rights for installations);
检查所需系统资源,包括服务器和客户(适用时)(例如,支持用操作系统、数据库引擎、处理器性能、硬盘上可用空间、内存、安装权限);
b) Documentation of the components of the system (as a minimum, a description of the components and version of the relevant components with date of implementation);
系统组件的文件记录(最低要求,组件描述和相关组件的版本及其实施日期)
c) List of users or user groups with access to the application, including type of access;
用户或用户组清单,及其对应用软件的权限,包括权限类型
d) Integration test and/or communication test for the interfaces to other systems/equipment.
与其它系统/设备接口的集成测试和/或联通测试
e) Often the installation is supported by the supplier and the internal IT unit.
安装通常是由供应商和内部IT部门来支持的
4. OPERATIONAL QUALIFICATION (OQ)
运行确认(OQ)
The proper functioning of the software shall be checked by testing the key functions, e.g. calibration and quantification (internal standards, external standards), peak identification, and calculation of system suitability parameters.
软件的功能是否恰当应通过对关键功能进行测试来检查,例如,校正和定量(内部标准、外部标准)、峰识别和系统适用性参数计算。
Ideally, a raw data set can be used for which the results are known. These raw data sets are often provided by the supplier of the software, are processed by the software and the results are then compared to the expected values.
理想情况是使用一套已知结果的原数据系列。这些原数据系列通常是由软件供应商提供的,由软件进行处理,然后将结果与预期值进行比较。
If no such data sets are available, example raw data sets can be acquired by running typical samples. The results of the processed raw data sets should be verified by recalculating the key parameters (e.g. calibration curves from peak areas of standards) using standard (e.g., spreadsheet) software.
如果没有此类数据系列,可通过运行典型样品来获取原数据系列。原数据处理结果应通过使用标准(例如,表格)软件计算关键参数进行核对(例如,用标准品的峰面积制作校正曲线)
Raw data from the testing of functions affecting the measurement result and its associated measurement uncertainty (input and output data, screenshots) shall be documented within the qualification report.
影响测量结果及其相关测量不确定度的函数测试所得原数据(输入和输出数据、截屏)应在确认报告里进行记录。
Operational qualification should be repeated in a risk-based approach after installation of new software modules, new software versions, new service packs, patch updates, or after major changes in the software structure of the computer (e.g. new anti-virus software). A similar approach should be taken for every change in hardware platform or system upgrades.
在新软件模块安装后、新的服务包、补丁更新,或计算机软件结构重大变更(例如,新的防病毒软件)后,确认应采用基于风险的方法重复进行运行确认。硬件平台或系统更新的每个变更应采取类似方法。
5. PERFORMANCE QUALIFICATION (PQ)
性能确认(PQ)
The aim of the performance qualification is to demonstrate that a computerised system is suitable for its intended purpose in the user’s own environment as defined in the URS. The user requirements shall be tested in the PQ phase to cover the overall business use of the system in the daily routine.
性能确认的目标是证明一个计算机化系统在用户自己的环境下适合其在URS中定义的既定目标。应在PQ阶段测试用户需求以覆盖日常工作中系统的全面业务使用。
The PQ typically includes:
PQ一般包括:
a) Tests of functions (e.g. with a data set to ensure each feature of the application is tested);
功能测试(例如,有一个数据系列确保会测试应用程序的每个特征)
b) Negative or limit test (e.g. input of values outside the specified range);
否定或限度测试(例如,录入超出指定范围的值)
c) Test of alarm displays, if applicable (e.g. display of an OOS result);
报警显示测试,适用时(例如显示OOS结果)
d) Unauthorised input of data and access to the application;
未经授权的数据输入和进入应用软件
e) Tests of aberrant data (e.g. input of data in the wrong data format);
非法数据测试(例如,以错误数据格式录入数据)
f) Backup system and restore test;
备份 系统和恢复测试
g) Verification of data migration, if applicable;
数据迁移确认,适用时
h) Conformity with requirements of data protection, if applicable;
符合数据保护需求,适用时
i) Black box test as acceptance testing of the whole system.
可以对整个系统进行黑盒子测试
Each test scenario should be traceable to the URS being tested and should describe the expected results, the acceptance criteria and the observed results. Each deviation from the expected results and acceptance criteria must be discussed in the test report. A deviation can either lead to a change in the system and the test being run again or be accepted and documented with an update of the corresponding URS. Raw data from the testing (input and output data, screenshots) shall be documented within the qualification report.
每个测试场景应可追溯至正接受测试的URS,且应描述预期结果、可接受标准和所观察到的结果。每个偏出预期结果和可接受标准的情形均必须在测试报告中进行讨论。偏差可能会引发系统变更,和改变正进行或已接受的测试,并且并记录对应URS的更新情况。测试中获得的原数据(数据输入和输出,截屏)应记录在确认报告中。
6. RELEASE FOR USE
放行供使用
A summary of all the test findings shall be presented in a validation report, including any deviation and the corrective actions taken. When all deviations are resolved or accepted, a formal release of the system is issued.
应在验证报告中呈交一份对所有测试结果的摘要,包括所有偏差和所采取的纠正措施。如果所有偏差均已解决或接受,则签发一份正式的系统放行报告。
7. ARCHIVING
归档
All documentation related to specification and qualification of complex computerised systems must be retained as long as the application is in use, plus a defined retention period covering all applicable archiving obligations. This obligation can be covered by a contract with the software provider.
所有与复杂计算机化系统规格和确认有关的文件记录均必须保存至应用软件使用周期,加上一定的保存时间覆盖所有适用的归档义务。此义务可包括在与软件提供商的合同内。
译文仅供参考,中英文PDF版本点击阅读原文下载,英文原文参见官网https://www.edqm.eu/sites/default/files/guidelines-omcl-computerised-systems-annex2-march2018.pdf
转自微信: Julia法规翻译