欧盟gmp11-计算机系统

欧盟委员会

HEALTH AND CONSUMERS DIRECTORATE-GENERAL 卫生与消费者协会

Public Health and Risk Assessment 公共卫生与风险评估 Pharmaceuticals

药品

Brussels,

SANCO/C8/AM/sl/ares(2010)1064599 EudraLex

The Rules Governing Medicinal Products in the European Union 欧盟药品生

产规范

Volume 4 卷4

Good Manufacturing Practice

Medicinal Products for Human and Veterinary Use 人用与兽用药品良好生产管理规范 Annex 11: Computerised Systems 附件11：计算机系统

Legal basis for publishing the detailed guidelines: Article 47 of Directive 2001/83/EC on the Community code relating to medicinal products for humanu se and Article 51 of Directive 2001/82/EC on the Community code relating to veterinary medicinal products. This document provides guidance for the interpretation of the principles and

guidelines of good manufacturing practice (GMP) for medicinal products as laid down in Directive 2003/94/EC for medicinal products for human use and Directive 91/412/EEC for veterinary use.

依法发布的具体指导方针： 2001/83/EC 第47条人用药品规范和 2001/82/EC第 51 条兽用药品规范。此文件为2003/94/EC人用药品和 91/412/EEC兽用药品GMP法规、 指导方针的解释提供了指导。 Status of the document: revision 1 文件版本：修订本 1

Reasons for changes: the Annex has been revised in response to the increased use of computerised systems and the increased complexity of these systems. Consequential amendments are also proposed for Chapter 4 of the GMP Guide.

修订原因： 为增强计算机系统的功能和复杂性而修订此附件。 相应修正案也已被 提议作为 GMP指南的第 4章。

Deadline for coming into operation: 30 June 2011 生效时间： 2011年6月 30日

Principle 总则

This annex applies to all forms of computerised systems used as part of a GMP regulated activities. A computerised system is a set of software and hardware components which together fulfill certain functionalities. 此附件适用于符合 GMP生产要求的所有形式的计算机系统。计算机系统是实

现某 项特定功能的软件和硬件的组合。

The application should be validated; IT infrastructure should be

qualified.

应用程序应验证， IT 基础设施应有权限设置。

Where a computerised system replaces a manual operation, there should be no resultant decrease in product quality, process control or quality assurance. There should be no increase in the overall risk of the

process. 用计算机系统代替手动操作应不对产品质量、 过程控制和质量保证

以及过程的整 体风险产生影响。

General 常规

1. Risk Management 风险管理

Risk management should be applied throughout the lifecycle of the

computerised system taking into account patient safety, data integrity and product quality. As part of a risk management system, decisions on the extent of validation and data integrity controls should be based on a justified and documented risk assessment of the computerised system.

风险管理应贯穿整个计算机系统生命周期， 以保证病人安全、 数据完整性和产品 质量。作为风险管理系统的一部分， 由计算机系统风险评估决定验证范围和数据 完整性控制。

2. Personnel 人员

There should be close cooperation between all relevant personnel such as Process Owner, System Owner, Qualified Persons and IT. All personnel should have appropriate qualifications, level of access and defined responsibilities to carry out their assigned duties. 所有有关人员（如工艺管理员、系统管理员、质检员和 IT 人员）应紧密合作。这 些人员应具

有相应的资格证书、使用权限和定义好的相关工作职责。

3. Suppliers and Service Providers 供应商和服务供应商

When third parties . suppliers, service providers） are used . to

provide, install, configure, integrate, validate, maintain . via remote access）, modify or retain a computerised system or related service or for data processing, formal agreements must exist between the

manufacturer and any third parties, and these agreements should include clear statements of the responsibilities of the third party. IT-departments should be considered analogous.

当第三方 （如供应商、服务供应商 ）为计算机系统、 相关服务或数据处理提供如供 货、安装、配置、整合、验证、维护 （ 如通过远程访问 ） 、修

改或保持时，厂商和 任何第三方之间必须有正式协议， 且在协议中应当明确第三方责任。 IT 部门类似。 The competence and reliability of a

supplier are key factors when selecting a product or service provider. The need for an audit should be based on a risk assessment.

供应商的实力和可靠性是选择供应商产品或服务的关键因素， 所以需要一个以风 险评估为基础的审计。

Documentation supplied with commercial off-the-shelf products should be reviewed by regulated users to check that user requirements are

fulfilled. 商业性标准文件应通过用户审核并符合用户需求。 Quality system and audit information relating to suppliers or

developers of software and implemented systems should be madea vailable to inspectors on request. 软件和应用系统开发商或供应商的质量体系和审

计信息应便于核查人员查询。

Project Phase 项目阶段

4. Validation 验证

The validation documentation and reports should cover the relevant

steps of the life cycle. Manufacturers should be able to justify their standards, protocols, acceptance criteria, procedures and records based on their risk assessment.

验证文件和报告应包含系统生命周期的相关阶段。厂商应能够证明其标准、协 议、验收标准、规程和记录都是基于其内部风险评估的。

Validation documentation should include change control records （if applicable） and reports on any deviations observed during the validation process.

验证文件应包含验证过程中的变更控制记录（如适用）和偏差报告。

An up to date listing of all relevant systems and their GMPfu nctionality （inventory） should be available.

相关系统和其 GMP功 能（详细目录）的最新清单应有效。

For critical systems an up to date system description detailing the

physical and logical arrangements, data flows and interfaces with other systems or processes, any hardware and software pre-requisites, and security measures should be available. 为对一个最新的关键系统进行详细

的系统描述 （如物理、 逻辑流程、数据流和与 其他系统或进程的接口），任何硬件和软件都是必须的，并应有安全措施。

User Requirements Specifications should describe the required functions of the computerised system and be based on documented risk assessment and GMP impact. User requirements should be traceable throughout the life-cycle.

应基于风险评估和 GMP影 响性文件描述计算机系统的功能需求。用户需求

应贯 穿整个系统生命周期。

The regulated user should take all reasonable steps, to ensure that the system has been developed in accordance with an appropriate quality management system. The supplier should be assessed appropriately.

管理者应采取合理措施保证系统更新与最新的质量管理系统一致，并对供应商 作出适当的评估。

For the validation of bespoke or customised computerised systems there should be a process in place that ensures the formal assessment and reporting of quality and performance measures for all the life-cycle stages of the system.

为验证固化或自定义计算机系统，应对系统生命周期的每个阶段都进行验证， 以确认正式评估、质量报告和业绩评估报告。