審計(jì)追蹤審核,是否都是必須?
Audit Trail Review for Devices with "StandardAudit Trail"
Functions
具有"標(biāo)準(zhǔn)審計(jì)追蹤"功能的設(shè)備的審計(jì)追蹤審核
Devices andequipment often have standard audit trail functions.There is a huge amount of data being recorded (on/off), and only a fraction ofthis data is critical and relevant for audit trail reviews. What is the best way to proceed witha review?
設(shè)備通常具有標(biāo)準(zhǔn)審計(jì)追蹤功能。大量的數(shù)據(jù)(開/關(guān))被記錄,其中只有一小部分?jǐn)?shù)據(jù)是關(guān)鍵,并需要審計(jì)追蹤審核的。這種審核的最佳方法是什么?
SolutionApproach
解決方案
Especially withregard to the audit trail, the view has changed. Before the revision of the EUGMP Guideline Annex 11, the general view was that of the conservation ofevidence in order to have further data available in case of a deviation.Statements made by the US American FDA in its dockets also nourished this view:"Audit Trail... we may use it for anuseful purpose e.g prosecution". Consequently, the emphasis inthe software was not put on later evaluability, but on the recording. For thisreason, the audit trail data was simply stored sequentially in tables.
特別是在審計(jì)追蹤方面,現(xiàn)在觀點(diǎn)發(fā)生了變化。在修訂歐盟GMP附錄11之前,一般的看法是保存證據(jù),以便在出現(xiàn)偏差時(shí)獲得進(jìn)一步的數(shù)據(jù)。美國(guó)FDA在其訴訟檔案上的聲明也滋養(yǎng)了這種觀點(diǎn):"審計(jì)追蹤...我們可能會(huì)在需要是使用它,如訴訟"。因此,軟件的重點(diǎn)不是后來(lái)的可評(píng)價(jià)性,而是記錄。因此,審計(jì)追蹤數(shù)據(jù)只是按順序存儲(chǔ)在表中。
So far thereare only a few systems that fully support the new requirements. Now, with theadditional demand also after the reason of the change, there are furtherdemands on the systems and also further sorting criteria. In addition, it hasbeen clarified that the audit trail can be limited using a risk-based approach.Here, the opportunity lies in the limitation to the essential data. What theseare is described both in Annex 11 §9 and in Chapter 4 of the EU GMP Guidelines.Further information can be found in the "Aide-Memoire" (Aide-mémoire 07121202) publishedin the German ZLG, where the following quotation can be found:
到目前為止,只有少數(shù)系統(tǒng)完全支持新的要求?,F(xiàn)在,隨著需求增加的原因,對(duì)系統(tǒng)有進(jìn)一步的要求,也進(jìn)一步整理了標(biāo)準(zhǔn)。此外,已經(jīng)明確可以使用基于風(fēng)險(xiǎn)的方法進(jìn)行審計(jì)追蹤。在這里,機(jī)會(huì)在于對(duì)基本數(shù)據(jù)的限制。歐盟GMP附錄11和附錄9以及第4章都介紹了這些內(nèi)容。更多信息見德國(guó)ZLG發(fā)布的"備忘錄"(備忘錄07121202),其中可找到以下引文:
S. 26 2.4.5 Audit Trails - "1 - Based on a risk assessment, considerationshould be given to integrating the recording of all GMP relevant changes anddeletions into the system (a system generated "audit trail"). 2 - IfGMP relevant data are changed or deleted, the reason should be documented. 3 -Audit Trails must be available, must be able to be converted into a generallyreadable form and must be checked regularly".
S. 26 2.4.5 審計(jì)追蹤 - "1 - 根據(jù)風(fēng)險(xiǎn)評(píng)估,應(yīng)考慮將所有 GMP 相關(guān)更改和刪除的記錄集成到系統(tǒng)中(系統(tǒng)生成的"審計(jì)追蹤")。2 - 如果更改或刪除 GMP 相關(guān)數(shù)據(jù),應(yīng)記錄原因。3 - 審核追蹤必須可用,必須能夠轉(zhuǎn)換為一般可讀的表單,并且必須定期檢查"。
It is thereforeadvisable to first derive the definition of the relevant data for the audittrail from the definition of the raw data, and then to determine for which dataa review must be performed and which criteria of the assessment must becreated. This is in line with the requirements of Chapter 4, where it is statedthat at least the data on which a quality decision is based must be named asraw data.
因此,建議首先從原始數(shù)據(jù)的定義中得出審計(jì)追蹤相關(guān)數(shù)據(jù)的定義,然后確定必須對(duì)哪些數(shù)據(jù)執(zhí)行審核以及必須創(chuàng)建哪些評(píng)估標(biāo)準(zhǔn)。這符合第 4 章的要求,其中指出,至少用于質(zhì)量決策的數(shù)據(jù)必須作為原始數(shù)據(jù)。
As the data itselfis usually not changeable even in the case of control systems (PLC) and processcontrol systems, it can also be argued, if necessary, that no audit trail iscarried out, precisely because the data cannot be changed. However, thisargumentation must be supported by appropriate validation with evidence of theraw data protected by proprietary formats or strong access protection. Thismeans that there must be test scenarios that prove that these defined raw datacannot be changed accidentally or with simple effort.
對(duì)于控制系統(tǒng)(PLC)和過程控制系統(tǒng),由于數(shù)據(jù)本身通常不可修改,也有聲音表示:沒有必要執(zhí)行審計(jì)追蹤,因?yàn)閿?shù)據(jù)無(wú)法修改。但是,此論證必須得到適當(dāng)?shù)尿?yàn)證支持,并證明原始數(shù)據(jù)受專有格式或健壯的訪問保護(hù)。這意味著必須有測(cè)試方案來(lái)證明這些定義的原始數(shù)據(jù)不會(huì)被意外或輕易更改。
For suchsystems that do not have an audit trail, the Aide-Mémoire mentioned abovepoints out that for legacy systems without an audit trail, in exceptional casesit can be regulated, e.g. by an SOP, to document the corresponding change in alogbook and have this verified by a second person. It should be noted here thatonly those systems are defined as old systems that were installed before Annex11 (1992) came into force (see Aide-Mémoire 07121202, page 28, running no.2.4.5.9). There you will also find the sentence: "First of all it must be clarified whether data can be changed at all (e.g.electronic recorders). If not, no audit trail is required."
對(duì)于沒有審計(jì)追蹤的系統(tǒng),上述備忘錄指出,對(duì)于沒有審計(jì)追蹤的舊系統(tǒng),在特殊情況下,可以由SOP 監(jiān)管,以在日志中記錄相應(yīng)的更改,并由第二人進(jìn)行確認(rèn)。這里應(yīng)當(dāng)指出,這些系統(tǒng)被定義為在附錄11(1992年)生效之前安裝的舊系統(tǒng)(見備忘錄07121202,第28頁(yè),第2.4.5.9頁(yè))。在那里,還將找到以下句子:"首先,必須明確數(shù)據(jù)是否可以更改(例如電子記錄)。如果不能,則不需要審計(jì)追蹤。
For those systemswhere there is a simple audit trail, a reporting tool should be used to performthe query based on the definition of the raw data. As a minimum, the entriesthat belong to process values that are needed for a quality decision should bedisplayed. If the data, e.g. temperatures, are directly related to the batchrelease, it should be checked whether the associated audit trail must also beevaluated before the batch isreleased. In systems that also record the reason for the change, groups can besorted by reason and clusters can be recorded and valuated according to reason.The evaluation should always be prioritized according to the risk for theproduct and thus the patient. In the second instance, the accumulation ofreasons can also give cause to question technical defects.
對(duì)于存在簡(jiǎn)單審計(jì)追蹤的系統(tǒng),應(yīng)使用報(bào)告工具根據(jù)原始數(shù)據(jù)的定義進(jìn)行查詢。至少,應(yīng)能夠顯示與用于質(zhì)量決策的工藝數(shù)值相關(guān)的項(xiàng)目。如果數(shù)據(jù)(例如溫度)與批放行直接相關(guān),應(yīng)在批放行前檢查相關(guān)的審計(jì)追蹤。在修改原因也進(jìn)行記錄的系統(tǒng)中,可以按原因篩選,然后可以根據(jù)原因進(jìn)行記錄和評(píng)估。評(píng)估應(yīng)始終根據(jù)產(chǎn)品的風(fēng)險(xiǎn),從而根據(jù)患者的風(fēng)險(xiǎn)進(jìn)行優(yōu)先級(jí)評(píng)估。在第二種情況下,可以根據(jù)原因的積累改進(jìn)技術(shù)缺陷。
It is notpossible to derive from the laws and guidelines themselves the requirement fora technical audit trail which gives reason for virtually all configurations andrecords them in the audit trail. The change control procedure exists for theseprocesses. Consequently, no reviews of this data are expected at this point.However, this view is not uncontroversial, since many companies and also someinspectors derive the requirement for monitoring the configuration (technicalaudit trail) from the Data Integrity Guidancerecently published. Here, each company must decide for itself what acceptancerisk is taken. It seems appropriate to take a risk-based approach here as well.Since a configuration always has an impact on the future and does not changeany data already recorded, this should serve as an approach to decide wheremonitoring of the software itself is or is not necessary. This is certainlydifferent for an HPLC than for a controller. However, if the configurationparameters (e.g. limit values and set points) are known and printed out, forexample, the data generated from them can also be evaluated in context. Not toforget that in general a rigid change control applies which, if necessary, alsoproves with a regression test that the new configuration meets therequirements. Another aspect is that the cycles of the review for the technicalpart are certainly different from cycles for the data review, where undercertain circumstances the audit trail should be considered for each batchrelease (e.g. MES), depending on the risk for the release and thus for thepatient. A final note on this point is that many systems do not currentlysupport the "technical audit trail", especially for individualcontrols. The good news is that changes are rather rare here and a well-running,validated process is changed more rarely. The control here is done by a rigidchange control and the periodic review which also records the incidents andlogbook entries.
法律和指南本身沒有對(duì)技術(shù)方面的審計(jì)追蹤(所有配置修改的原因并將其記錄在審計(jì)追蹤中)的要求。這些過程可以使用變更控制程序。因此,目前不要求對(duì)此數(shù)據(jù)進(jìn)行任何審查。但是,這種觀點(diǎn)并非沒有爭(zhēng)議,因?yàn)樵S多公司以及一些檢查員從最近發(fā)布的《數(shù)據(jù)完整性指南》中得出了需要對(duì)配置進(jìn)行監(jiān)測(cè)(技術(shù)方面的審計(jì)追蹤)的要求。這里,每個(gè)公司必須自行決定接受什么樣的風(fēng)險(xiǎn)。這里也應(yīng)該采取基于風(fēng)險(xiǎn)的方法。由于配置始終會(huì)對(duì)未來(lái)產(chǎn)生影響,并且不會(huì)對(duì)已記錄的任何數(shù)據(jù)進(jìn)行更改,因此,這應(yīng)作為一種方法來(lái)確定是否需要監(jiān)測(cè)軟件本身。這對(duì)于HPLC而言,與控制器是不同的。但是,例如,如果已知并打印出配置參數(shù)(例如限值和設(shè)定點(diǎn)),則由它們生成的數(shù)據(jù)也可以在此環(huán)境中進(jìn)行評(píng)估。不要忘記,通常會(huì)進(jìn)行嚴(yán)格的變更控制,如果需要,還可以通過回歸測(cè)試證明新的配置符合要求。另一方面是技術(shù)部分的審核周期與數(shù)據(jù)審核的周期肯定不同,在某些情況下,應(yīng)根據(jù)對(duì)放行和患者的風(fēng)險(xiǎn),考慮每次批放行進(jìn)行數(shù)據(jù)審核(例如MES)。關(guān)于這一點(diǎn)的最后一點(diǎn)是,許多系統(tǒng)當(dāng)前不支持“技術(shù)方面的審計(jì)追蹤”,尤其是對(duì)于獨(dú)立的控制器。好消息是,這里的修改很少,而運(yùn)行良好且經(jīng)過驗(yàn)證的工藝很少更改。這里的控制是通過嚴(yán)格的變更控制和定期檢查事件和日志條目來(lái)完成的。
It should benoted that the guidelines always assume that values have changed, so theinitial entry only records who entered it, in the sense of a hand signal forpaper documents. This distinction is very well described in Vote V1100302.There it says in section B, second last paragraph: "Automatic logging ofthe user is suitable to replace a hand signal".
In order tomeet the requirement for audit trail review, further technical functions willbe necessary in the future, which, for example, allow configurable selectionmenus for determining the reason for the change and also offer standard reportsand at least descriptive statistics.
應(yīng)當(dāng)指出,指南始終假定數(shù)值已更改,因此初始條目?jī)H記錄輸入該值的人,即紙質(zhì)文檔的手信號(hào)。這種區(qū)別在Vote V1100302中有很好描述。在B部分中,最后一段:"用戶自動(dòng)記錄可以代替手動(dòng)信號(hào)"。為了滿足審計(jì)追蹤審核的要求,今后還需要進(jìn)一步的技術(shù)功能,例如,允許可配置的選擇菜單來(lái)確定更改的原因,并提供標(biāo)準(zhǔn)報(bào)告和至少描述性統(tǒng)計(jì)數(shù)據(jù)。