1. INTRODUCTION
介紹
This is the 2nd Annex of the core document 「Validation of Computerised Systems」, and it should be used in combination with the latter when planning, performing and documenting the validation steps of complex computerised systems Excel spreadsheet validation is described in the 1st Annex of the core document and not subjected here.
此為核心文件《計算機化系統驗證》的第二個附錄,當計劃、執行和記錄複雜計算機化系統驗證時,應與其一起使用。EXCEL電子表格的驗證見附錄一,本文不適用。
2. USER REQUIREMENTS SPECIFICATIONS (URS)
用戶需求規範(URS)
The selection and purchase of new software and the associated computer and laboratory equipment should follow a conscious decision-making process based on the requirements for the intended use of the computerised system. A User Requirements Specification (URS) should describe the functional and technical requirements of the computerised system, as defined by the OMCL, in terms of both software and hardware. It should also cover the aspects of information security and
data integrity.
新軟體和相關計算機和實驗室設備的選擇和購買應遵循基於計算機化系統的既定使用需求的決策程序。用戶需求規範(URS)應描述計算機化系統軟體和硬體的功能和技術要求。同時,應包括信息安全和數據可靠性方面的要求。
Some of the items that can be included are:
包括:
a) Description of the software used (e.g. Excel, Access, Oracle), including version;
軟體的描述(如EXCEL、Access、Oracle),包括版本
b) Requirements on hardware components and operating system;
硬體配件和作業系統的要求
c) Description of functions;
功能的描述
d) Description of the attributes of data;
數據屬性的描述
e) Terminology (e.g. important especially for the consistent description of input masks /fields);
專業術語
f) Database design, including masks and fields as well as a map of the data relationships;
資料庫設計,包括mask和field以及數據關係圖
g) Specifications of macros, formulas and control commands;
宏指令、公式和控制命令的規範
h) Specifications of the data inputs (e.g. format, decimal places, units);
數據輸入的規範(如格式、小數位數、單位)
i) Specification of the mandatory fields for data;
數據必填項目的規範
j) Specifications of the protection of masks, working sheets or the whole application;
Mask、工作表或整個應用的保護
k) Planning of the data migration, if applicable;
數據遷移的計劃,如適用
l) Specifications for traceability of data entry and changes (audit trail) of interfaces to other system components, if applicable.
數據輸入、修改(審計追蹤)
The URS shall be released by a responsible person. Changes to the requirements are possible but the changes should be traceable and the URS document should be version controlled or an equivalent system established in order to ensure traceability. New or changed requirements should be communicated to all persons involved.
URS應由具備相應責任的人發行。用戶需求可以修改但應可追溯,用戶需求文件應進行版本控制或使用具備同等效力的系統以確保可追溯性。新增或修改用戶需求應向所有相關人員溝通。
3. INSTALLATION QUALIFICATION (IQ)
安裝確認(IQ)
The correct installation of the system in the IT environment with defined hardware and operating software shall be documented and tested. Detailed installation procedures should be available and carried out by well-trained personnel only.
系統硬體和操作軟體在IT環境的正確安裝應被記錄並測試。應有詳細的安裝規程並只能由受良好培訓的人員實施。
Checklists with predefined installation steps and acceptance criteria can ensure the correct installation of the system and the traceable qualification of the installation.
檢查表,包含既定安裝步驟和接受標準可以保證系統的正確安裝和安裝確認的可追溯性。
In most cases, the computerised system is connected to a computer network with interfaces to other software (other applications) and hardware (computer equipment or laboratory equipment). It must be ensured that the system is correctly integrated and that all components are operative.
大多數情況下,計算機化系統通過界面與計算機網絡連接到其他軟體(其他應用)和硬體(計算機設備或實驗室設備)。應確保系統正確完整,所有部件可用。
The IQ typically includes:
IQ通常包括:
a) A check of the required system resources both of the server and client, when applicable (e.g. supported operating system, database engine, performance of the processor, free space on the hard disk, memory, access rights for installations);
檢查系統資源,包括伺服器和客戶端,如適用。(如支持的作業系統、資料庫引擎、處理器性能、硬碟可用空間、內存、訪問權限)
b) Documentation of the components of the system (as a minimum, a description of the components and version of the relevant components with date of implementation);
系統部件的文件記錄(至少描述部件和版本)
c) List of users or user groups with access to the application, including type of access;
可用訪問應用的用戶或用戶組清單,包括訪問類型。
d) Integration test and/or communication test for the interfaces to other systems/equipment.
與其他系統/設備的接口的連接測試和/或通訊測試
Often the installation is supported by the supplier and the internal IT unit.
通常,安裝由供應商和內部IT部門支持。
4. OPERATIONAL QUALIFICATION (OQ)
運行確認(OQ)
The proper functioning of the software shall be checked by testing the key functions, e.g. calibration and quantification (internal standards, external standards), peak identification, and calculation of system suitability parameters.
軟體的正常運行應通過測試關鍵功能來檢查,如校準和定量(內部標準品,外部標準品)、峰鑑定和系統適應性參數的計算。
Ideally, a raw data set can be used for which the results are known. These raw data sets are often provided by the supplier of the software, are processed by the software and the results are then compared to the expected values.
理論上,可以用一組已知結果的原始數據序列進行測試。這些原始數據序列通常由軟體供應商提供,通過軟體處理,結果與預期數值對比。
If no such data sets are available, example raw data sets can be acquired by running typical samples. The results of the processed raw data sets should be verified by recalculating the key parameters (e.g. calibration curves from peak areas of standards) using standard (e.g., spreadsheet) software.
如果沒有這樣的數據序列,可以通過運行典型的樣品來獲取原始數據序列。這些原始數據序列的結果應使用標準軟體(如電子表格)驗算關鍵參數(如標準品的峰面積校正曲線)。
Raw data from the testing of functions affecting the measurement result and its associated measurement uncertainty (input and output data, screenshots) shall be documented within the qualification report.
功能測試的原始數據影響測試結構,其相關測量不確定度(輸入、輸出數據,截屏)應被記錄於確認報告中。
Operational qualification should be repeated in a risk-based approach after installation of new software modules, new software versions, new service packs, patch updates, or after major changes in the software structure of the computer (e.g. new anti-virus software). A similar approach should be taken for every change in hardware platform or system upgrades.
在安裝新的軟體模塊、新的軟體版本、新的服務程序包、補丁更新後,或在計算機的軟體結構發生重大變更後應基於風險進行運行再確認。對於每次硬體平臺的變更或系統升級,也應採取類似的方法。
5. PERFORMANCE QUALIFICATION (PQ)
性能確認
The aim of the performance qualification is to demonstrate that a computerised system is suitable for its intended purpose in the user’s own environment as defined in the URS. The user requirements shall be tested in the PQ phase to cover the overall business use of the system in the daily routine.
性能確認的目的是證實計算機化系統在用戶自身環境下符合其URS中定義的用途。應在PQ階段測試用戶需求,覆蓋系統日常事務中的總體業務應用。
The PQ typically includes:
PQ通常包括:
a) Tests of functions (e.g. with a data set to ensure each feature of the application is tested);
功能測試(如使用數據序列確認應用軟體的每一個特性)
b) Negative or limit test (e.g. input of values outside the specified range);
負面或邊界測試(如輸入超出規定範圍的數值)
c) Test of alarm displays, if applicable (e.g. display of an OOS result);
報警顯示測試,如適用(如OOS結果展示)
d) Unauthorised input of data and access to the application;
數據非授權輸入和應用軟體非授權訪問
e) Tests of aberrant data (e.g. input of data in the wrong data format);
異常數據測試(如輸入錯誤格式數據)
f) Backup system and restore test;
備份系統和恢復測試
g) Verification of data migration, if applicable;
數據遷移確認,如適用
h) Conformity with requirements of data protection, if applicable;
數據保護是否符合要求,如適用
i) Black box test as acceptance testing of the whole system.
黑盒測試作為整個系統的可接受性測試
Each test scenario should be traceable to the URS being tested and should describe the expected results, the acceptance criteria and the observed results. Each deviation from the expected results and acceptance criteria must be discussed in the test report. A deviation can either lead to a change in the system and the test being run again or be accepted and documented with an update of the corresponding URS. Raw data from the testing (input and output data, screenshots) shall be documented within the qualification report.
每一個測試均應可以追溯至URS並應描述預期結果、接受標準和測試結果。所有不符合預期結果和接受標準的偏差均應在測試報告中論述。偏差可能引起系統變更並重新測試,也可能判定可接受並記錄,更新相應的URS。應在確認報告中記錄測試的原始數據(輸入、輸出數據,截屏)。
6. RELEASE FOR USE
放行使用
A summary of all the test findings shall be presented in a validation report, including any deviation and the corrective actions taken. When all deviations are resolved or accepted, a formal release of the system is issued.
驗證報告應總結所有測試的結果,包括所有偏差和採取的糾正措施。當所有偏差均得到解決或接受後,系統才可以正式放行。