LIMS 专注您的专注

Smart Dedicated Efficient

化验室的数据完整性-实验室数据管理软件Laboratory Data Management Software

2020-11-03 10:53


Some analytical laboratories managelaboratory data using commercial software like LIMS or scientific datamanagement systems. Whether the software is validated at the site, either bythe vendor or by the user, the user is responsible for assuring its compliancewith 21 CFR Part 11. The Quality Unit should understand completely thefunctionality, features, and capability of the software. All automaticequipment used in pharmaceutical manufacturing environment, including computersused to test drug products, must also comply with 21 CFR Part 211.68.Regulatory expectations for computerized systems used in the manufacture of APIare found in the ICH Q7 Guidance for Industry (6,8,43).

有一些化验室利用商业软件例如LIMS或科学数据管理系统来管理数据。无论软件是否在企业内由供应商或者企业进行过验证,用户必须对是否符合法规 21CFR 第11部分负责。质量部门应当认识到软件的全部、功能、特点以及用途。所有用于药企生产区域的自动化设备,包括用于监测药品的电脑,都应遵从法规 21CFR 第211.68部分。监管机构对用于生产API计算机系统的期望都在ICH Q7 行业指南中。

Browser-enabled user logins from multiplecomputers pose a potential risk. Login functionality is recommend­ed to beproperly challenged, mitigated, and verified. An additional layer of securityshould be embedded in the software that allows only user logins that have beenverified by specific, permitted IP addresses as filter logins.

允许用户从多台电脑浏览器登录存在着潜在风险。建议登录功能应进行相应的测试、限制、复核。软件内应嵌入额外的安全设置,只允许被授权的用户以及IP地址登录。

Laboratory data management softwaretypically is validated using the following steps (not necessarily in thisorder):

实验室数据管理软件通常经以下步骤进行验证(并不是硬性要求):

l Document the software name and version number 记录软件名声以及版本号

l Define the period for software updates 定义软件更新的周期

l Check and validate e-signatures 检查和验证电子签名

l Validate the software for its intended use 验证软件预期使用目的

l Determine capability of meeting 21 CFR Part 11 requirements interms of audit trail and controls 在审计跟踪和控制方面确定满足21 CFR第11部分要求的能力

l Test the software on the network for data transmission 在网络上测试软件进行数据传输

l Set up controls and traceability of printouts and define numberof printouts allowed 建立打印输出的控制和可追溯性,并定义允许打印输出的数量

l Check data and security of offshore and Cloud data 检查离线和云数据的数据和安全性

l Validate Cloud-based data management system for security andpossibility of compromise 验证基于云的数据管理系统安全性与可能性的协议

l Establish quality service agreement and contingency plan forCloud-based systems and deter­mine exact physical location of servers 建议服务器安全协议以及基于云的数据管理应急计划,定义服务器确切物理位置

l Verify record and logic behind the algorithms used incalculations 验证计算中使用的算法背后的记录和逻辑

l Calculate manually the common statistical computations used bysoftware (such as mean, stan­dard deviation, percentage of relative standarddeviation to complex math like potency content, similarity factor (F2) valuesfor dissolution analysis, and coefficient of variation for uniformity ofdosage) and compare with software values

     人工计算来与计算机软件计算所得结果相比较(例如平均值,标准差、相对标准偏差的百分比复杂数学计算,如效力含量,相似系数(F2)值溶解分析,和剂量均匀性变异系数)

l Check data transmission and losses from instruments to attachedcomputer 检查数据传输和从仪器到相连计算机的丢失

l Check data transmission to computer, server, and interfaces inbetween, and validate for intended functionality of analysis, data acquisition,processing, reporting, tracking, and security 检查传输至电脑、服务器、以及相连界面、并验证分析的预期功能、数据获取、处理、上报、追溯和安全。

l Ensure PDFs of any converted data files are not editable andbear a date-and-time stamp 确保任何转换后的数据文件的pdf文件不可编辑,并带有日期和时间戳

l Confirm that intended software is compatible with COTS softwarefor any laboratory instrument (e.g., HPLC, GC, and PSD). 确认预期的软件与用于任何实验室仪器的COTS软件兼容(如HPLC、GC和PSD)

6.5.1Controls 控制措施

Thefollowing are the minimum controls needed to validate laboratory datamanagement software:

以下是验证实验室数据管理软件的最低控制:

l Identify the person responsible for updates and maximum possiblesoftware updates to be per­formed by the software vendor and in-house IT personnel

      确认软件更新负责人以及供应商及企业内IT人员最高更新权限

l Address any changes to software through change history

     通过更改历史记录来记录对软件的任何更改

l Establish secure unique user login identifications and periodicchange of passwords

     建立安全独特的用户登录标识和定期更换密码

l Restrict permission to delete data to administrator or ITpersonnel

     对可删除数据的人员或IT人员进行严格限制

l Maintain copies of older versions of software whenever versionis updated (recommended) and ensure that backed-up data from previous versionscan still be accessed

     每当版本更新(建议更新的版本)时,维护旧版本软件的副本,并确保仍然可以访问以前版本备份的数据

l Check software integrity on a periodic basis

      定期全面检查软件

l Maintain detailed list of roles, responsibilities, andprivileges for all staff who use the laboratory data management software 维护使用实验室数据管理软件的所有员工的角色、职责和特权的详细列表

6.5.2Common Deficiencies that May Lead to Data Compromise 可能导致数据泄漏的常见缺陷

l Browser-based interface enabling simultaneous logins with thesame IDs without sufficient con­trols to prevent redundant data activity

     没有充足的对支持使用相同的id同时登录的基于浏览器的接口的冗余数据活动的控制

l Not investigating qualification errors or shortfalls accordingto nonconformance procedure

     没有依据不一致项目程序进行资质错误调查

l Not enabling, reviewing, or publishing audit trails 不启用、检查或使用审计跟踪

l Installing features without complete understanding, leading todata compromise

     在没有完全理解的情况下安装特性,导致数据泄漏

l Lapses in training, e.g., lack of training or inadequatetraining for tasks being performed

     培训上的失误,例如缺乏培训或培训不足

6.5.3Spreadsheet Validation 电子表格验证

Manylaboratories use customized spreadsheets for calculations. To avoid possibledata breaches, the Quality Unit should validate the customized spreadsheettemplate for its intended use and protect it by restricting permissions toalter the template or delete data.

许多实验室使用定制的电子表格进行计算。为了避免可能出现的数据漏洞,质量部门应当验证定制的电子表格预期使用目的,以及通过限制修改或删除数据的权限来保护它。

Typically,customized spreadsheets are validated by customizing them to the intended usewith a stan­dardized formula in the USP or another valid source, comparing themanual calculations against the spreadsheet calculations, and testingboundaries and functions.

通常来说,应依据USP标准或其他法规依据,将手工计算与电子表格计算进行比较,以及测试界限以及功能,来定制预期使用的表格。

6.5.3.1 Spreadsheet Controls 电子表格控制

Thefollowing are the minimum controls to be put in place for customizedspreadsheets, which are recommended to be captured in the SOPs:

以下所列为建议列入SOP的最低控制措施:

l Encrypt with password protection

     加密密码保护

l Restrict editing (set to “Read only”) so previous data is notretained in the template

     限制编辑(设置为“只读”),因此之前的数据不会保留在模板中

l Save spreadsheets to a designated location on the server andcapture the file location on each spreadsheet

     将电子表格保存到服务器上指定的位置,并在每个电子表格上捕获文件位置

l Change passwords and revalidate customized spreadsheetsperiodically per established SOPs 依据建立起的SOP定期更改密码以及重新验证定制的电子表格

6.5.3.2 CommonDeficiencies in Spreadsheets 电子表格常见缺陷

The following are commonly seendeficiencies in spreadsheets that may lead to data compromise and risk of dataintegrity problems:

以下是常见的可能导致数据泄露和数据完整性缺陷的电子表格缺陷:

l Spreadsheets not validated 未验证电子表格

l Accidental or deliberate formula changes made in unprotectedspreadsheets (e.g., in Figure 6.5.3.2-1, data was manipulated; the failing value of 96.30 was replacedwith a passing value of 98.23, which was entered manually on the unprotectedsheet)

      在不受保护的电子表格中发生的意外或故意的公式更改(例如,在图6.5.3.2-1中,数据被操纵;将失败值96.30替换为允许值98.23,该值是手工输入到不受保护的表上的)

l Entering passing results in unprotected spreadsheets (Figure 6.5.3.2-2)

     在不受保护的电子表格中输入可通过结果(图6.5.3.2-2)

l Lack of controls on spreadsheet access and lack of training ofstaff to respect password control

     缺乏对电子表格访问的控制,缺乏对员工遵守密码控制的培训

Figure 6.5.3.2-1 ValidatedSpreadsheet: API Assay Failure (Failure Result is 96.30)

在线咨询

Seek Advice

电话咨询

Call Us

Hotline:

010-82665162

申请试用

On Trial