重要的話只說一遍:本附錄為OMCL指南「計算機化系統驗證」的附錄,並非EU GMP附錄「計算機化系統驗證「的附錄!!!
PA/PH/OMCL(08) 88 R5 計算機化系統的驗證—附錄2 複雜計算機化系統的驗證
生效日期:2018-08-01
ANNEX 2 OF THE OMCL NETWORK GUIDELINE 「VALIDATION OF COMPUTERISED SYSTEMS」
「計算機化系統的驗證」附錄2
VALIDATION OF COMPLEX COMPUTERISED SYSTEMS
複雜計算機化系統的驗證
Note: Mandatory requirements in this guideline and its annexes are defined using the terms «shall» or «must». The use of «should» indicates a recommendation. For these parts of the text other appropriately justified approaches are acceptable. The term «can» indicates a possibility or an example with non-binding character.
註:本指南及其附錄中的強制要求採用術語「應」或「必須」進行定義。使用「應」表示是建議,其下所列要求可採用經過適當論證的其它方法來實施。術語「可」表示一種可能性,或非強制特性舉例。
1. INTRODUCTION 前言
This is the 2nd Annex of the core document 「Validation of Computerised Systems」, and it should be used in combination with the latter when planning, performing and documenting the validation steps of complex computerised systems Excel spreadsheet validation is described in the 1st Annex of the core document and not subjected here.
本文是「計算機化系統的驗證」核心文件的附錄2,在規劃、實施和記錄複雜計算機化系統的驗證步驟中應與該核心文件聯合使用。EXCEL表格的驗證在核心文件附錄1中進行了描述,不包括在此文中。
2. USER REQUIREMENTS SPECIFICATIONS (URS) 用戶需求手冊(URS)
The selection and purchase of new software and the associated computer and laboratory equipment should follow a conscious decision-making process based on the requirements for the intended use of the computerised system. A User Requirements Specification (URS) should describe the functional and technical requirements of the computerised system, as defined by the OMCL, in terms of both software and hardware. It should also cover the aspects of information security and data integrity.
新軟體及相關計算機和化驗室設備的選擇和採購應遵照基於計算機化系統既定用途需求的簡潔決策流程。應按OMCL定義,在用戶需求手冊(URS)中描述計算機化系統裡軟體和硬體的功能性和技術性需求。URS還應覆蓋安全信息和數據完整性方面要求。
Some of the items that can be included are:
可以包括的項目有:
a) Description of the software used (e.g. Excel, Access, Oracle), including version;
所用軟體的描述(例如,EXCEL、ACCESS、ORACLE),包括版本
b) Requirements on hardware components and operating system;
硬體部件和作業系統的要求
c) Description of functions;
功能描述
d) Description of the attributes of data;
數據屬性描述
e) Terminology (e.g. important especially for the consistent description of input masks /fields);
術語(例如,特別是對輸入掩碼/域比較重要的術語)
f) Database design, including masks and fields as well as a map of the data relationships;
資料庫設計,包括掩碼和域以及數據關係圖
g) Specifications of macros, formulas and control commands;
宏、公式和控制命令的標準
h) Specifications of the data inputs (e.g. format, decimal places, units);
數據錄入標準(例如,格式、小數位、單位)
i) Specification of the mandatory fields for data;
數據強制域標準
j) Specifications of the protection of masks, working sheets or the whole application;
掩碼保護、工作表保護和整個應用軟體保護標準
k) Planning of the data migration, if applicable;
數據遷移規劃(如適用)
l) Specifications for traceability of data entry and changes (audit trail) of interfaces to other system components, if applicable.
數據錄入和與其它系統組件接口修改的可追溯性(審計追蹤)標準
The URS shall be released by a responsible person. Changes to the requirements are possible but the changes should be traceable and the URS document should be version controlled or an equivalent system established in order to ensure traceability. New or changed requirements should be communicated to all persons involved.
URS應由負責人放行。可以對需求進行修改,但修改應可追溯,且URS文件應有版本控制,或有相當的既定系統以確保其可追溯性。應與涉及人員溝通新的或修改後的需求。
3. INSTALLATION QUALIFICATION (IQ) 安裝確認(IQ)
The correct installation of the system in the IT environment with defined hardware and operating software shall be documented and tested. Detailed installation procedures should be available and carried out by well-trained personnel only.
將系統正確地安裝在具有既定硬體和操作軟體的IT環境中的過程應有記錄並應進行測試。應有詳細的安裝程序,並僅由經過良好培訓的人員執行。
Checklists with predefined installation steps and acceptance criteria can ensure the correct installation of the system and the traceable qualification of the installation.
檢查清單和預定的安裝步驟及可接受標準可以確保系統的正確安裝,以及安裝確認的可追溯性。
In most cases, the computerised system is connected to a computer network with interfaces to other software (other applications) and hardware (computer equipment or laboratory equipment). It must be ensured that the system is correctly integrated and that all components are operative.
在大多數情形下,計算機化系統會接入計算機網絡,與其它軟體(或應用程式)和硬體(計算機設備和實驗室設備)有接口。必須確保系統正確結合,並且所有組件均可正常運行。
The IQ typically includes: IQ一般包括:
a) A check of the required system resources both of the server and client, when applicable (e.g. supported operating system, database engine, performance of the processor, free space on the hard disk, memory, access rights for installations);
檢查所需系統資源,包括伺服器和客戶(適用時)(例如,支持用作業系統、資料庫引擎、處理器性能、硬碟上可用空間、內存、安裝權限);
b) Documentation of the components of the system (as a minimum, a description of the components and version of the relevant components with date of implementation);
系統組件的文件記錄(最低要求,組件描述和相關組件的版本及其實施日期)
c) List of users or user groups with access to the application, including type of access;
用戶或用戶組清單,及其對應用軟體的權限,包括權限類型
d) Integration test and/or communication test for the interfaces to other systems/equipment.
與其它系統/設備接口的集成測試和/或聯通測試
e) Often the installation is supported by the supplier and the internal IT unit.
安裝通常是由供應商和內部IT部門來支持的
4. OPERATIONAL QUALIFICATION (OQ) 運行確認(OQ)
The proper functioning of the software shall be checked by testing the key functions, e.g. calibration and quantification (internal standards, external standards), peak identification, and calculation of system suitability parameters.
軟體的功能是否恰當應通過對關鍵功能進行測試來檢查,例如,校正和定量(內部標準、外部標準)、峰識別和系統適用性參數計算。
Ideally, a raw data set can be used for which the results are known. These raw data sets are often provided by the supplier of the software, are processed by the software and the results are then compared to the expected values.
理想情況是使用一套已知結果的原數據系列。這些原數據系列通常是由軟體供應商提供的,由軟體進行處理,然後將結果與預期值進行比較。
If no such data sets are available, example raw data sets can be acquired by running typical samples. The results of the processed raw data sets should be verified by recalculating the key parameters (e.g. calibration curves from peak areas of standards) using standard (e.g., spreadsheet) software.
如果沒有此類數據系列,可通過運行典型樣品來獲取原數據系列。原數據處理結果應通過使用標準(例如,表格)軟體計算關鍵參數進行核對(例如,用標準品的峰面積製作校正曲線)
Raw data from the testing of functions affecting the measurement result and its associated measurement uncertainty (input and output data, screenshots) shall be documented within the qualification report.
影響測量結果及其相關測量不確定度的函數測試所得原數據(輸入和輸出數據、截屏)應在確認報告裡進行記錄。
Operational qualification should be repeated in a risk-based approach after installation of new software modules, new software versions, new service packs, patch updates, or after major changes in the software structure of the computer (e.g. new anti-virus software). A similar approach should be taken for every change in hardware platform or system upgrades.
在新軟體模塊安裝後、新的服務包、補丁更新,或計算機軟體結構重大變更(例如,新的防病毒軟體)後,確認應採用基於風險的方法重複進行運行確認。硬體平臺或系統更新的每個變更應採取類似方法。
5. PERFORMANCE QUALIFICATION (PQ) 性能確認(PQ)
The aim of the performance qualification is to demonstrate that a computerised system is suitable for its intended purpose in the user’s own environment as defined in the URS. The user requirements shall be tested in the PQ phase to cover the overall business use of the system in the daily routine.
性能確認的目標是證明一個計算機化系統在用戶自己的環境下適合其在URS中定義的既定目標。應在PQ階段測試用戶需求以覆蓋日常工作中系統的全面業務使用。
The PQ typically includes: PQ一般包括:
a) Tests of functions (e.g. with a data set to ensure each feature of the application is tested);
功能測試(例如,有一個數據系列確保會測試應用程式的每個特徵)
b) Negative or limit test (e.g. input of values outside the specified range);
否定或限度測試(例如,錄入超出指定範圍的值)
c) Test of alarm displays, if applicable (e.g. display of an OOS result);
報警顯示測試,適用時(例如顯示OOS結果)
d) Unauthorised input of data and access to the application;
未經授權的數據輸入和進入應用軟體
e) Tests of aberrant data (e.g. input of data in the wrong data format);
非法數據測試(例如,以錯誤數據格式錄入數據)
f) Backup system and restore test;
備份 系統和恢復測試
g) Verification of data migration, if applicable;
數據遷移確認,適用時
h) Conformity with requirements of data protection, if applicable;
符合數據保護需求,適用時
i) Black box test as acceptance testing of the whole system.
可以對整個系統進行黑盒子測試
Each test scenario should be traceable to the URS being tested and should describe the expected results, the acceptance criteria and the observed results. Each deviation from the expected results and acceptance criteria must be discussed in the test report. A deviation can either lead to a change in the system and the test being run again or be accepted and documented with an update of the corresponding URS. Raw data from the testing (input and output data, screenshots) shall be documented within the qualification report.
每個測試場景應可追溯至正接受測試的URS,且應描述預期結果、可接受標準和所觀察到的結果。每個偏出預期結果和可接受標準的情形均必須在測試報告中進行討論。偏差可能會引發系統變更,和改變正進行或已接受的測試,並且並記錄對應URS的更新情況。測試中獲得的原數據(數據輸入和輸出,截屏)應記錄在確認報告中。
6. RELEASE FOR USE 放行供使用
A summary of all the test findings shall be presented in a validation report, including any deviation and the corrective actions taken. When all deviations are resolved or accepted, a formal release of the system is issued.
應在驗證報告中呈交一份對所有測試結果的摘要,包括所有偏差和所採取的糾正措施。如果所有偏差均已解決或接受,則籤發一份正式的系統放行報告。
7. ARCHIVING 歸檔
All documentation related to specification and qualification of complex computerised systems must be retained as long as the application is in use, plus a defined retention period covering all applicable archiving obligations. This obligation can be covered by a contract with the software provider.
所有與複雜計算機化系統規格和確認有關的文件記錄均必須保存至應用軟體使用周期,加上一定的保存時間覆蓋所有適用的歸檔義務。此義務可包括在與軟體提供商的合同內。
譯文僅供參考,中英文PDF版本點擊閱讀原文下載,英文原文參見官網https://www.edqm.eu/sites/default/files/guidelines-omcl-computerised-systems-annex2-march2018.pdf