![图片[1]-ECA关于审计追踪审查的问答(中英文)-持续更新中(2025.07.16-2025.10.23)-药研库](https://img.suyu.uk/i/2025/10/23/niy2q2.png)
ECA官网从2025.07.16开始陆续更新关于审计追踪审查的问答,目前已经更新到Question 16,本文持续收集更新相关问答,下载地址见下方链接。
链接:https://pan.quark.cn/s/f706b57d3d6b
内容预览:
| 主题Topic | 问题Question | 答复(ECA comments)(from 2025.07.16-2025.10.22) |
| Content of an Audit Trail / Must an Audit Trail be printable?审计追踪的内容 / 审计追踪必须可打印吗? | Question 1: From the regulators' or inspectors' point of view, is there a minimum requirement for what must be included in an audit trail?问题 1:从监管机构或检查员的观点来看,审计追踪中必须包含的内容是否有最低要求? | Information regarding the expectations of the inspectors can be found in the Aide Memoire 'Supervision of Computerised Systems' of the EFG 11 (only as a German version available), which is a catalogue of guidelines, questions and recommendations. The document is part of the QA system of the inspectorates in Germany. It serves to harmonise the preparation, implementation and follow-up of an inspection.有关检查员期望的信息可以在 EFG 11 的《计算机化系统监督备忘录》(仅提供德文版本)中找到,该备忘录是一份包含指南、问题和建议的目录。该文件是德国检查机构质量保证系统的一部分,用于协调检查的准备、实施和后续工作。The minimum requirements regarding the content of an audit trail are set out in EU GMP Annex 11 and EU GMP Chapter 4:关于审计追踪内容的最低要求在欧盟 GMP 附件 11 和欧盟 GMP 第 4 章中规定。The following information should be included in an audit trail:以下信息应包含在审计追踪中:'Who changed what, when and how?''谁在何时以何种方式更改了什么?'Original and the changed value原始值和更改后的值Reason for the change / deletion更改/删除的原因 |
| Question 2: Does the audit trail have to be printable?问题 2:审计追踪必须可打印吗? | Everything must always be printable. This results from EU GMP Guide Annex 11: 8 - Printouts所有内容都必须始终可打印。这源于欧盟 GMP 指南附件 11:8 - 打印输出8.1 - It should be possible to obtain clear printed copies of electronically stored data.8.1 - 应当能够获得电子存储数据的清晰打印副本。8.2 - For records supporting batch release it should be possible to generate printouts indicating if any of the data has been changed since the original entry.8.2 - 对于支持批量放行的记录,应当能够生成打印输出,表明自原始录入以来任何数据是否已被更改。 | |
| How to Deal with Audit Trails in Preconfigured Equipment?如何处理预配置设备中的审计追踪? | Question 3: Most of the equipment in QC is ‘off the shelf’ and preconfigured. The audit trail cannot be adjusted or is preconfigured. How should this be handled?问题 3:QC 中的大多数设备都是“即装即用”且预配置的。审计追踪无法调整或已预配置。应如何处理? | If the audit trail cannot be configured, a risk assessment must first be carried out to check whether it covers all the essential requirements for this device. If this is not the case, another supplier should be chosen whose audit trail meets the requirements. If this is not possible, the only solution is to manually log the uncovered actions in a logbook and a corresponding SOP.如果审计追踪无法配置,必须首先进行风险评估,检查其是否涵盖该设备的所有基本要求。如果情况并非如此,应选择另一家供应商,其审计追踪符合要求。如果无法实现这一点,唯一解决方案是在日志簿中手动记录未覆盖的操作,并制定相应的标准操作程序。 |
| Events in an Audit Trail and Determination of GMP-Relevant Data in the Audit Trail审计追踪中的事件及审计追踪中 GMP 相关数据的确定 | Question 4: Which events must be recorded in the audit trail? Only GMP-relevant operator entries or also technical malfunctions of important components?问题 4:哪些事件必须记录在审计追踪中?仅 GMP 相关操作员输入,还是也包括重要组件的技术故障? | The audit trail should log all quality-critical data changes and operator interventions. Critical alarms and warnings that are acknowledged by the user and, if necessary, resolved with a parameter change in the system must therefore also be logged. Pure notifications that are resolved by the system or device itself without user intervention belong in the alarm or deviation list and, if necessary, in the batch or examination report.审计追踪应记录所有质量关键数据的变更和操作员干预。因此,用户确认的临界警报和警告,以及在必要时通过系统参数变更解决的警报和警告,也必须记录。纯通知,即由系统或设备本身无需用户干预即可解决的警报和偏差,应归入警报或偏差列表,并在必要时归入批次或检验报告。 |
| Question 5: Who determines the results relevant to the audit trail? The customer, the supplier, or both?问题 5:谁确定与审计追踪相关的结果?是客户、供应商还是双方? | Both. Based on their knowledge of the system, the supplier can only specify the critical points known to them (in analytics, this is usually sufficient). For process-relevant points (e.g. in a process control system), the customer must check whether all relevant points of their manufacturing process have been sufficiently taken into account by the supplier and, if necessary, have the parameterisation changed.双方。基于他们对系统的了解,供应商只能指定他们所知道的要点(在分析中,这通常就足够了)。对于与工艺相关的要点(例如在工艺控制系统中的要点),客户必须检查供应商是否已经充分考虑了其制造过程中的所有相关要点,并在必要时更改参数化设置。 | |
| Audit Trail Review by the QP / Dealing with a Lack of JustificationQP 进行的审计追踪审查 / 处理缺乏合理依据的情况 | Question 6: Confirmation of the audit trail review takes place on screen. How does the QP check this during batch release, and is it required for release?问题 6:审计追踪审查的确认在屏幕上进行。QP 在放行批次时如何检查这一点,并且放行是否需要这样做? | Firstly, the audit trail review must be regulated in an SOP. The person conducting the review should be independent of the business process in some way. The review is documented. The review can be part of the batch record review.首先,审计追踪审查必须在 SOP 中规定。进行审查的人员应在某种程度上独立于业务流程。审查应进行记录。审查可以是批次记录审查的一部分。Discrepancies in audit trails must be investigated and resolved, including escalation processes for notification, who needs to be informed and when? The QP's assessment of the deviations is decisive for the release of a medicinal product. The product can then be released.审计追踪中的差异必须进行调查和解决,包括通知的升级流程,谁需要被告知以及何时被告知?质量保证人员对偏差的评估对药品的放行具有决定性作用。然后可以放行该药品。 |
| Question 7: Is the absence of a comment (reason for a change) in the audit trail sufficient grounds for a complaint during an inspection?问题 7:审计追踪中缺少评论(变更原因)是否足以在检查期间提出投诉? | According to EU GMP Annex 11, the change or deletion must be justified. If the system is capable of doing this and no reason has been entered, this constitutes a deficiency. If the system is not capable of documenting the reason, a corresponding workaround is required. For systems without this functionality, an SOP can be used to regulate how changes or deletions are documented in a logbook.根据欧盟 GMP 附件 11,变更或删除必须得到说明。如果系统具备这一功能且未输入原因,则构成缺陷。如果系统无法记录原因,则需要相应的变通方法。对于不具备此功能的系统,可以使用标准操作规程来规范如何在日志簿中记录变更或删除。 | |
| Dealing with Systems without Audit Trail Functionality处理没有审计追踪功能的系统 | Question 8: What are the expectations if an existing system does not have an audit trail or if it does not meet the requirements? Does this system need to be replaced? And what if there is no replacement system that meets these requirements?问题 8:如果一个现有系统没有审计追踪功能,或者它不符合要求,那么期望是什么?这个系统需要被替换吗?如果没有任何替换系统符合这些要求会怎样? | If an existing system has been developed and configured for a very specific application, a risk analysis should be carried out to determine which specific problems (could) exist with regard to data integrity. Based on this analysis, batch-specific checks must be defined to be carried out instead of the ATR.如果一个现有系统是为非常特定的应用开发和配置的,应该进行风险分析以确定与数据完整性相关的具体问题(可能)存在。根据这项分析,必须定义特定的批次检查来代替 ATR。 |
| Question 9: Does an audit trail functionality have to be retrofitted to critical production equipment if, for example, they are already over 20 years old and currently have no audit trail function?问题 9:如果例如,关键生产设备已经超过 20 年,目前没有审计追踪功能,那么是否必须为这些设备进行事后加装审计追踪功能? | There is no general answer to this question: If process control is carried out using paper-based documentation with subsequent batch protocol review, the authorities will not demand a costly replacement of the machine during an inspection. This also depends on the general compliance of the company and the overall impression made during the inspection.对于这个问题没有普遍的答案:如果过程控制使用纸质文档并随后进行批量协议审查,当局在检查时不会要求昂贵地更换机器。这也取决于公司的整体合规性以及检查时的整体印象。This statement certainly does not apply to quality control, as data falsification could be relatively easy in this area. QC systems should be upgraded/replaced with current applications in the short to medium term.这一说法当然不适用于质量控制,因为在此领域数据伪造相对容易。QC 系统应在短期到中期内升级/更换为当前应用。 | |
| Responsibilities for the Audit Trail (Review)审计追踪(审查)的责任 | Question 10: Who is the process owner for the audit trail review? QA or the system owner?问题 10:审计追踪审查的过程负责人是谁?是质量保证部门还是系统所有者? | The audit trail is normally reviewed by the department that generated the data (e.g. in QC or production), but not by the same person who generated the data, i.e. by a colleague (peer review). The FDA's first Data Integrity Guidance still mentioned the Quality Unit (quality assurance) for this purpose; however, this was later changed to stipulate that a review must be carried out by a function with specialist knowledge. This view is also shared by all other guidelines.审计追踪通常由生成数据的车间(例如 QC 或生产)部门进行审查,但不是由生成数据的人(即同事)进行,即同行审查。FDA 的第一份数据完整性指南仍然提到了质量部门(质量保证)的此目的;然而,后来改为规定必须由具备专业知识的部门进行审查。所有其他指南也持有相同的观点。 |
| Question 11: Who is responsible for creating the specific audit trail review SOP? The process owner (e.g. the plant) or QA, and who must create an SOP for the general framework conditions of the audit trail review?问题 11:谁负责创建具体的审计追踪复核标准操作程序?是流程所有者(例如工厂)还是质量保证部门,以及谁必须为审计追踪复核的一般框架条件创建标准操作程序? | To perform the audit trail review, an SOP is first required in which the risk assessment, the responsibilities for implementation and its frequency for the company are defined. This general SOP is usually created by the quality assurance department.为了执行审计追踪复核,首先需要一份标准操作程序,其中定义了公司的风险评估、实施责任及其频率。这份通用的标准操作程序通常由质量保证部门创建。To perform the audit trail review in a specific computer system (e.g. chromatography data system CDS), the data fields to be checked must be defined in a checklist. This checklist is developed by the specialist department that operates the system.为了在一个特定的计算机系统(例如色谱数据系统 CDS)中执行审计追踪复核,必须在一个检查表中定义要检查的数据字段。这份检查表由操作该系统的专业部门开发。 | |
| Risk-based Determination of the Scope and Frequency of Audit Trail Reviews基于风险的审计追踪审查范围和频率的确定 | Question 12: Is there a regulatory basis for the risk-based definition of audit trail review intervals and scope?问题 12:是否有监管依据支持基于风险的审计追踪审查间隔和范围的定义? | Pharmaceutical regulations do not prescribe a specific procedure for determining risk. However, it is recommended to apply the ICH Q9 guideline, a new version of which has been available since 2023. It presents a whole range of methods that can be used as desired; The most common method in the pharmaceutical industry is the FMEA method, which provides a numerical value for the estimated risk. Value ranges of 0-10 and 0-5 are most commonly used, with preference given to value ranges of 0-4 or 0-6, where the median is not used exactly for medium risk.药品法规并未规定确定风险的具体程序。然而,建议应用 ICH Q9 指南,该指南自 2023 年起已发布新版本。它提供了一系列可按需使用的方法;药品行业中最常用的方法是 FMEA 方法,该方法为估计风险提供数值。最常用的数值范围是 0-10 和 0-5,更倾向于使用 0-4 或 0-6 的数值范围,其中中等风险的中间值并不完全使用。When defining the intervals, it should be taken into account that all batches are initially checked and, if necessary, the observation period can be reduced to a lower frequency after a long period of time (e.g. one year). However, it is possible that such a practice could lead to objections during an inspection by the authorities.在定义间隔时,应考虑到所有批次最初都会进行检查,并且在必要时,经过较长时间(例如一年)后,观察期可以降低到较低频率。然而,这种做法可能会导致在监管机构检查时引起异议。 |
| Executing the Audit Trail Review执行审计追踪审查 | Question 13: How is the audit trail review generally carried out: ‘manually’ by an employee or electronically supported?问题 13:审计追踪审查通常是如何进行的:由员工“手动”进行还是得到电子支持? | The practice of audit trail review varies greatly: in laboratories, a specific checklist is usually used, which is then commented on and signed by the reviewer. It is important that this checklist identifies all data fields to be reviewed in order to ensure a complete review. It is advisable to carry out the review on screen to avoid time-consuming printing and subsequent storage/archiving of the documentation. The implementation of the audit trail review (responsibility, frequency, documentation) must be specified in an SOP.审计追踪审查的实践差异很大:在实验室中,通常会使用特定的清单,然后由审查者进行评论并签字。重要的是该清单要识别所有需要审查的数据字段,以确保审查的完整性。建议在屏幕上进行审查,以避免耗时打印以及后续的文档存储/归档。审计追踪审查的实施(责任、频率、文档)必须在标准操作程序(SOP)中明确规定。 |
| Question 14: Is the four-eyes principle always necessary for the audit trail review? Production and QA review or QA review and releasing person?问题 14:审计追踪审查是否总是需要“四人互检”原则?是生产与质量审查,还是质量审查与发布人员? | The audit trail review is normally carried out by one person; a second employee to check the reviewer does not need to be involved in the review. For example, a production employee reviews the audit trail of the production data, and the same procedure is followed in quality control. The involvement of quality assurance (QA) is not necessary. The documentation of the audit trail review (completed and evaluated checklist) is sent to the qualified person (QP), who reviews the result with regard to batch release.审计追踪审查通常由一人进行;第二位员工检查审查者无需参与审查。例如,生产员工审查生产数据的审计追踪,质量控制也遵循相同程序。质量保证(QA)的参与不是必需的。审计追踪审查的文档(完成的和评估的检查表)发送给合格人员(QP),后者根据批量放行情况审查结果。 | |
| Content Review of the Audit Trail Review审计追踪审查的内容审查 | Question 15: Which person with which role usually performs the double-checking, i.e. the content review of the audit trail review that has been carried out?问题 15:通常由哪个人以哪个角色进行双重检查,即对已完成的审计追踪审查内容进行审查? | The audit trail review is a review of the changes/additions/deletions made after the initial entry of the data. It is not necessary for another person to check the review that has already been carried out. The content of the audit trail must be checked in every case, i.e. the reviewer must have in-depth knowledge of the respective process. A purely formal Audit Trail Review is not permitted. To clarify: only one person with expertise is required to carry out the ATR.审计追踪审查是对数据初始录入后所进行的更改/添加/删除的审查。没有必要让另一个人检查已经完成的审查。在任何情况下都必须检查审计追踪的内容,即审查者必须对该流程有深入的了解。不允许进行纯粹形式化的审计追踪审查。要说明的是:只需要一个具有专业知识的人来执行 ATR。 |
| Question 16: Does QA not also come into play during the review? As a check that the review has been carried out?问题 16:在审查过程中,QA 部门不会也参与进来吗?作为审查是否已完成的检查? | As part of its regular self-inspections, the quality assurance department should check that the audit trails of all manufactured batches have been examined for deviations/changes in a review.作为其常规自查的一部分,质量保证部门应检查所有已生产批次的生产记录是否已审查过偏差/变更。 |
© 版权声明
文章版权归作者所有,未经允许请勿转载。
THE END
喜欢就支持以下吧
北岛11月前0
相当于货架期多久?Mark3年前2
Thanks for your blog, nice to read. Do not stop.一位WordPress评论者4年前0
嗨,这是一条评论。 要开始审核、编辑及删除评论,请访问仪表盘的“评论”页面。 评论者头像来自Gravatar。