受法规约束地GMP和GDP环境下大数据管理系统和完整性优良要求规范（中英文）

PIC/S 受法规约束的GMP/GDP环境下数据管理和完整性优良规范（中英文）

PIC/S GUIDANCE

PIC/S指南

 PIC/S：国际药品监查合作计划

GOOD PRACTICES FOR DATA MANAGEMENT AND INTEGRITY IN REGULATED

GMP/GDP ENVIRONMENTS

受法规约束的GMP/GDP环境下数据管理和完整性优良规范

PIC/S August 2016

2016年8月

Reproduction prohibited for commercial purposes.

Reproduction for internal use is authorised, provided that the source is acknowledged.

1 DOCUMENT HISTORY 文件历史

2 INTRODUCTION 引言

2.1 PIC/S Participating Authorities regularly undertake inspections of manufacturers and distributors of API and medicinal products in order to determine the level of compliance with GMP/GDP principles. These inspections are commonly performed on-site however may be performed through the remote or off-site evaluation of documentary evidence, in which case the limitations of remote review of data should be considered.

PIC/S参与药监机构定期对原料药和制剂生产商和销售商进行检查，以确定其GMP/GDP符合性水平。这些检查通常是在现场实施，但也可以通过远程或离厂文件证据评估进行，这时要考虑远程数据审核的局限性。

2.2 The effectiveness of these inspection processes is determined by the veracity of the evidence provided to the inspector and ultimately the integrity of the underlying data. It is critical to the inspection process that inspectors can determine and fully rely on the accuracy and completeness of evidence and records presented to them.

这些检查流程的有效性是由提供给检查员的证据的真实性所决定的，并最终决定于数据背后的完整性。检查员可以确定并完全依赖呈交给他们的证据和记录的完整性和准确性对于检查过程来说非常关键。

2.3 Good data management practices influence the integrity of all data generated and recorded by a manufacturer and these practices should ensure that data is accurate, complete and reliable. While the main focus of this document is in relation to data integrity expectations, the principles herein should also be considered in the wider context of good data management.

优良数据管理规范影响生产商所产生和记录的所有数据，这些做法应能保证数据是准确的、完整的和可靠的。尽管此文件主要关注的是数据完整性要求，在更广的优良数据管理环境下也应考虑此指南所述原则。

2.4 Data Integrity is defined as “the extent to which all data are complete, consistent and accurate, throughout the data lifecycle”[1]1 and is fundamental in a pharmaceutical quality system which ensures that medicines are of the required quality. Poor data integrity practices and vulnerabilities undermine the quality of records and evidence, and may ultimately undermine the quality of medicinal products.

数据完整性定义为“所有数据在整个生命周期均完整、一致和准确的程度”，它在药物质量体系中是基本的要求，它确保药品具备所需的质量。不良的数据完整性做法和弱点会削弱记录和证据的质量，并最终可能破坏药品质量。

2.5 Data integrity applies to all elements of the Quality Management System and the principles herein apply equally to data generated by electronic and paper-based systems.

数据完整性适用于质量管理体系的所有要素，此中原则等同适用于电子和纸质系统产生的数据。

2.6 The responsibility for good practices regarding data management and integrity lies with the manufacturer or distributor undergoing inspection. They have full responsibility and a duty to assess their data management systems for potential vulnerabilities and take steps to design and implement good data governance practices to ensure data integrity is maintained.

数据管理和完整性优良规范的职责由接受检查的生产商或销售商承担。他们负有全部职责和义务来评估其数据管理体系，发现潜在弱点，设计和实施优良数据管理规范来确保数据完整性得到维护。

3 PURPOSE 目的

3.1 This document was written with the aim of:

本文件编制的目的是：

3.1.1 Providing guidance for inspectorates in the interpretation of GMP/GDP requirements in relation to data integrity and the conduct of inspections.

为检查员提供与数据完整性相关的GMP/GDP要求诠释及实施检查相关指南。

3.1.2 Providing consolidated, illustrative guidance on risk-based control strategies which enable the existing requirements for data integrity and reliability as described in PIC/S Guides for GMP[2] and GDP[3] to be implemented in the context of modern industry practices and globalised supply chains.

对基于风险的控制策略提供详细解说的整合指南，促使GMP和GDP的PIC/S指南中所述的现有数据完整性要求和可靠性在现代化工业做法和全球化供应链的环境下得到实施。

3.1.3 Facilitating the effective implementation of data integrity elements into the routine planning and conduct of GMP/GDP inspections; to provide a tool to harmonise GMP/GDP inspections and to ensure the quality of inspections with regards to data integrity expectations.

促进数据完整性要素在日常规划和实施GMP/GDP检查中有效实施，提供一个工具让GMP/GDP检查保持一致，保证数据完整性要求方面的检查质量。

3.2 This guidance, together with inspectorate resources such as aide memoire (for future development) should enable the inspector to make an optimal use of the inspection time and an optimal evaluation of data integrity elements during an inspection.

本指南与检查团资源，例如备忘录（用于进一步展开）一起让检查员优化使用检查时间，在检查中更好地评估数据完整性要素。

3.3 Guidance herein should assist the inspectorate in planning a risk-based inspection relating to data integrity.

本指南应协助检查组织规划基于风险的数据完整性相关检查。

3.4 This guide is not intended to impose additional regulatory burden upon regulated entities, rather it is intended to provide guidance on the interpretation of existing PIC/S GMP/GDP requirements relating to current industry practice.

本指南无意对受法规规范的主体形成强制的法规责任，它意在为目前行业规范相关的已有PIC/S GMP/GDP要求提供诠释。

3.5 The principles of data integrity apply equally to both manual and computerized systems and should not place any restraint upon the development or adoption of new concepts or technologies. In accordance with ICH Q10 principles, this guide should facilitate the adoption of innovative technologies through continual improvement.

数据完整性原则等同适用于手动和计算机化系统，不应该对发展和采用新概念或技术形成限制。根据ICH Q10原则，本指南应有助于通过持续改进采纳创新技术。

3.6 This version of the guidance is intended to provide a basic overview of key principles regarding data management and integrity. The PIC/S Data Integrity Working Group will periodically update, amend and review this guidance in light of inspectorate feedback, experience in using the guide and any other developments.

本版本指南意在为数据管理和完整性核心原则提供基本概貌。PIC/S数据完整性工作组将定期进行更新，根据检查团的反馈、使用本指南的经验以及任何其它发展修订和审核本指南。

4 SCOPE 范围

4.1 The guidance has been written to apply to both on-site and remote (desktop) inspections of those sites performing manufacturing (GMP) and distribution (GDP) activities. The guide should be considered as a non-exhaustive list of areas to be considered during inspection.

本指南适用于现场和远程（桌面）检查那些实施生产（GMP）和销售（GDP）活动的场所。本指南应作为检查期间要考虑领域的未尽清单。

4.2 Whilst this document has been written with the above scope, many principles regarding good data management practices described herein have applications for other areas of the regulated pharmaceutical and healthcare industry.

尽管此文件写就时覆盖上述范围，但其中许多关于优良数据管理规范的原则亦可应用于受法规规范的药品和保健行业的其它领域。

4.3 This guide is not intended to provide specific guidance for “for-cause” inspections following detection of significant data integrity vulnerabilities where forensic expertise may be required.

本指南无意为重大数据完整性漏洞引起的“有因”检查提供特定指南。在有因检查中，可能需要具有调查技巧的专家。

5 DATA GOVERNANCE SYSTEM 数据管理体系

5.1 What is data governance? 什么是数据管理？

5.1.1 Data governance is the sum total of arrangements which provide assurance of data integrity. These arrangements ensure that data, irrespective of the process, format or technology in which it is generated, recorded, processed, retained, retrieved and used will ensure a complete, consistent and accurate record throughout the data lifecycle.

数据管理是为数据完整性提供保障的所有安排的总和。这些安排保证数据，不管其产生、记录、处理、保存、恢复和使用的过程、格式或技术如何，均能在数据的整个生命周期中保证完整、一致和准确的记录。

5.1.2 The data lifecycle refers to how data is generated, processed, reported, checked, used for decision-making, stored and finally discarded at the end of the retention period. Data relating to a product or process may cross various boundaries within the lifecycle. This may include data transfer between manual and IT systems, or between different organisational boundaries; both internal (e.g. between production, QC and QA) and external (e.g. between service providers or contract givers and acceptors).

数据生命周期指数据如何产生、处理、报告、检查、用于决策、存贮和在保存期结束后最终废弃。与一个药品或工艺相关的数据可能在其生命周期内会穿越不同边界。这可能包括手工和IT系统之间的数据转移，不同公司界限之间的数据转移，内部（例如生产、QC和QA之间）和外部（例如，服务提供商或合同发包方和接受方之间）的数据转移。

5.2 Data governance systems 数据管理系统

5.2.1 Data governance systems should be integral to the pharmaceutical quality system described in PIC/S GMP/GDP. It should address data ownership throughout the lifecycle, and consider the design, operation and monitoring of processes / systems in order to comply with the principles of data integrity, including control over intentional and unintentional changes to, and deletion of information.

数据管理系统应整合于PIC/S GMP/GDP所述的药物质量体系中。它应该说明数据在其生命周期中的所有者身份，考虑对过程/系统进行设计、运行和监测，以符合数据完整性原则，包括对有意和无意修改和删除信息的控制。

5.2.2 The data governance system should ensure controls over data lifecycle which are commensurate with the principles of quality risk management. These controls may be:

数据管理系统应保证在数据生命周期进行控制。控制应与质量风险管理原则相称。这些控制可以是：

  Organisational 从公司角度

  procedures, e.g. instructions for completion of records and retention of completed paper records;

  程序，例如，记录完整的指令和完整纸质记录的保存；

  training of staff and documented authorisation for data generation and approval;

  培训人员和记录数据产生权限并批准；

  data governance system design, considering how data is generated recorded, processed retained and used, and risks or vulnerabilities are controlled effectively;

  数据管理系统的设计应考虑数据是如何产生、记录、处理、存贮和使用的，应对风险和漏洞进行有效控制；

  routine data verification;

  日常数据核查；

  periodic surveillance, e.g. self-inspection processes seek to verifiy the effectiveness of the data governance policy.

  定期监管，例如自检过程中核查数据管理方针的有效性。

  Technical 技术角度

  computerised system control,

  计算机化系统控制

  Automation

  自动化

5.2.3 An effective data governance system will demonstrate Management’s understanding and commitment to effective data governance practices including the necessity for a combination of appropriate organisational culture and behaviours (section 6) and an understanding of data criticality, data risk and data lifecycle. There should also be evidence of communication of expectations to personnel at all levels within the organisation in a manner which ensures empowerment to report failures and opportunities for improvement. This reduces the incentive to falsify, alter or delete data.

一个有效的数据管理系统将证明管理者对有效数据管理规范的了解和承诺，包括适当的公司文化和行为（第6部分）和对数据关键程度、数据风险和数据生命周期的了解。还应有证据证明在公司内以一定方式将要求沟通传达至各层次人员，保证更大的权力来报告失败和改进机会。如此可以减少伪造、篡改和删除数据的诱因。

5.2.4 The organisation’s arrangements for data governance should be documented within their Quality Management System and regularly reviewed.

公司对数据管理的安排应记录在其质量管理体系内，并定期审核。

5.3 Risk management approach to data governance 数据管理的风险管理方法

5.3.1 Senior management is responsible for the implementation of systems and procedures to minimise the potential risk to data integrity, and for identifying the residual risk, using the principles of ICH Q9. Contract Givers should perform a similar review as part of their vendor assurance programme, (refer section 10)

高级管理层对实施系统和程序以降低数据完整性潜在风险，识别残留风险，使用ICH Q9原则承担责任。合同发包方应实施类似的审核，作为其供应商保证计划的一部分（参见第10部分）。

5.3.2 The effort and resource assigned to data governance should be commensurate with the risk to product quality, and should also be balanced with other quality resource demands. Manufacturers and analytical laboratories should design and operate a system which provides an acceptable state of control based on the data integrity risk, and which is fully documented with supporting rationale.

为数据管理所做的工作和所配置的资源应与产品质量风险相称，同时也要与其它质量资源需求相平衡。生产商和分析化验室应设计和运行一个体系，为数据完整性风险提供可接受的控制状态，并全面记录支持性原理。

5.3.3 Where long term measures are identified in order to achieve the desired state of control, interim measures should be implemented to mitigate risk, and should be monitored for effectiveness. Where interim measures or risk prioritisation are required, residual data integrity risk should be communicated to senior management, and kept under review. Reverting from automated / computerised to paper-based systems will not remove the need for data governance. Such retrograde approaches are likely to increase administrative burden and data risk, and prevent the continuous improvement initiatives referred to in paragraph 3.5.

如果认为需要采取长期措施，以达到想要的控制状态，则应实施临时措施来将缓解风险，并监测其有效性。如果需要采取临时措施或者是提高风险优先度，则应与高级管理层沟通所残留的数据完整性风险，保持审核。从自动化/计算机化转化为纸质系统不能解除对数据管理的需求。此种降解方式可能会增加行政负担和数据风险，阻止第3.5段中提提出的持续改进倡议。

5.3.4 Not all data or processing steps have the same importance to product quality and patient safety. Risk management should be utilised to determine the importance of each data/processing step. An effective risk management approach to data governance will consider:

不是所有数据和处理步骤都对药品质量和患者安全具有等同的重要性。应使用风险管理来确定每个数据/处理步骤的重要性。对数据管理的有效风险管理方法应考虑：

  Data criticality (impact to decision making and product quality) and

  数据关键程度（对制订决策和产品质量的影响）以及

  Data risk (opportunity for data alteration and deletion, and likelihood of detection / visibility of changes by the manufacturer’s routine review processes).

  数据篡改和删除的数据风险（机会），修改被生产商的日常审核流程所发现/可见的可能性）

From this information, risk proportionate control measures can be implemented.

从此信息中可知，可以实施与风险相当的控制措施。

5.4 Data criticality 数据关键程度

5.4.1 The decision that data influences may differ in importance, and the impact of the data to a decision may also vary. Points to consider regarding data criticality include:

受数据影响的决策可能会在重要程度上有所有不同，数据对决策的影响度可能也不同。关于数据关键程度要考虑的要素包括：

  ??Which decision does the data influence? 数据影响了什么决策？

For example: when making a batch release decision, data which determines compliance with critical quality attributes is of greater importance than warehouse cleaning records.

例如，当作出批放行决策时，确定符合关键质量属性的数据比仓库清洁记录要重要。

  ??What is the impact of the data to product quality or safety? 数据对药品质量或安全有什么影响？

For example: for an oral tablet, active substance assay data is of generally greater impact to product quality and safety than tablet friability data.

例如，对于口服特此证明，活性物质含量数据一般要比脆碎度数据对药品质量和安全影响更大。

5.5 Data risk 数据风险

5.5.1 Data risk assessment should consider the vulnerability of data to involuntary or deliberate alteration, falsification, deletion, loss or re-creation, and the likelihood of detection of such actions. Consideration should also be given to ensuring complete data recovery in the event of a disaster. Control measures which prevent unauthorised activity, and increase visibility / detectability can be used as risk mitigating actions.

数据完整性应考虑数据在有意和无意修改、伪造、删除、丢失或重新创建，以及被察觉可能性方面的弱点。还要考虑保证在灾难发生时恢复完整数据。防止未经授权的活动，增加可视性/检出能力的控制措施可以用作风险降低措施。

5.5.2 Examples of factors which can increase risk of data integrity failure include complex, inconsistent processes with open ended and subjective outcomes. Simple tasks which are consistent, well defined and objective lead to reduced risk.

可能会增加数据完整性失败的风险的因素例子包括复杂的不一致的工艺，有开放型结果和主观结果。定义明确、客观、一致的简单任务则会降低风险。

5.5.3 Risk assessments should focus on a business process (e.g. production, QC), evaluate data flows and the methods of generating data, and not just consider IT system functionality or complexity. Factors to consider include:

风险评估应关注一个业务流程（例如，生产、QC），评估数据流和数据产生方法，而不仅是评估IT系统功能和复杂性。要考虑的因素包括：

  Process complexity;

  工艺复杂性；

  Methods of generating, storing and retiring data and their ability to ensure data accuracy, legibility, indelibility;

  数据生成、存贮和退役的方法以及其保证数据准确性、清晰、不能消除的能力；

  Process consistency and degree of automation / human interaction;

  工艺一致性和自动/人工互动程度；

  Subjectivity of outcome / result (i.e. is the process open-ended or well defined?); and

  结果的主观性（即工艺是开放式的还是明确定义的；以及

  The outcome of a comparison between of electronic system data and manually recorded events could be indicative for malpractices (e.g. apparent discrepancies between analytical reports and raw-data acquisition times).

  电子系统数据和人工记录事件之间比较的结果可能对于不良规范来说具有指示性（例如，分析报告和原始数据获得时长之间有明显的差距）。

5.5.4 For computerised systems, manual interfaces with IT systems should be considered in the risk assessment process. Computerised system validation in isolation may not result in low data integrity risk, in particular when the user is able to influence the reporting of data from the validated system.

对于计算机化系统，在风险评估过程中应考虑人工与IT系统的界面。计算机化系统验证单独可能不会导致较低的数据完整性风险，尤其是当用户可以影响来自经过验证的系统中的数据报告时。

5.5.5 Critical thinking skills should be used by inspectors to determine whether control and review procedures effectively achieve their desired outcomes. An indicator of data governance maturity is an organisational understanding and acceptance of residual risk, which prioritises actions. An organisation which believes that there is ‘no risk’ of data integrity failure is unlikely to have made an adequate assessment of inherent risks in the data lifecycle. The approach to assessment of data lifecycle, criticality and risk should therefore be examined in detail. This may indicate potential failure modes which can be investigated during an inspection.

检查人员应使用批判性思维技巧来确定控制和审核程序是否能有效地得到其所要的结果。数据管理成熟度的一个指标就是公司对残留风险的了解和接受，它使得措施按优先顺序排列。一个相信数据“没有风险”的公司不可能对数据生命周期中内在的风险进行充分地评估。因此数据生命周期、关键程度和风险的评估方法应进行详细检查。这样可能会发现潜在的失效模式，在检查期间可以对此进行调查。

5.6 Data governance system review 数据管理系统审核

5.6.1 The effectiveness of data integrity control measures should be assessed periodically as part of self-inspection (internal audit) or other periodic review processes. This should ensure that controls over the data lifecycle are operating as intended.

数据完整性控制措施的有效性应作为自检（内审）或其它定期审核流程的一部分进行定期评估。这样才能保证对数据生命周期的控制按既定要求运作。

5.6.2 In addition to routine data verification checks, self-inspection activities should be extended to a wider review of control measures, including:

除了日常数据核查外，自检活动还应延伸到更宽的控制措施审核，包括：

  A check of continued personnel understanding of data integrity in the context of protecting of the patient, and ensuring the maintenance of a working environment which is focussed on quality and open reporting of issues, e.g. by review of continued training in data integrity principles and expectations.

  检查人员对保护患者环境下数据完整性意义的持续理解，确保维护工作环境是关注质量的，敞开接受问题报告，例如，通过审核员工在数据完整性原则和要求方面的持续培训。

  A review for consistency of reported data/outcomes against raw data entries.

  对所报告数据/结果对比原始数据输入进行一致性审核。

  In situations where routine computerised system data is reviewed by a validated ‘exception report’[4], a risk-based sample of computerized system logs / audit trails to ensure that information of relevance to GMP activity is reported as expected

  如果计算机化系统数据已通过经验证的“异常报告”方式进行日常审核，则对计算机化系统日志/审计追踪基于风险抽样，以确保GMP活动相关的信息按预定要求进行报告

5.6.3 An effective review process will demonstrate understanding regarding importance of interaction of company behaviours with organisational and technical controls. The outcome of data governance system review should be communicated to senior management, and be used in the assessment of residual data integrity risk.

有效的审核流程将证明对公司行为与公司和技术两方面的控制互动重要性的了解。数据管理系统审核的结果应与高级管理层进行沟通，可以用于残留数据完整性风险的评估。

6 ORGANISATIONAL INFLUENCES ON SUCCESSFUL DATA INTEGRITY MANAGEMENT

公司对成功的数据完整性管理的影响

6.1 General 通则

6.1.1 It may not be appropriate or possible to report an inspection citation relating to organisational behaviour. An understanding of how behaviour influences (i) the incentive to amend, delete or falsify data and (ii) the effectiveness of procedural controls designed to ensure data integrity, can provide the inspector with useful indicators of risk which can be investigated further.

检查报告中表扬公司行为可能不现实或者并不恰当。了解公司行为如何影响（1）什么诱使员工修订、删除或伪造数据（2）设计来确保数据完整性的程序控制的有效性，可以让检查人员获得可以进一步调查的有用风险指标。

6.1.2 Inspectors should be sensitive to the influence of culture on organizational behaviour, and apply the principles described in this section of the guidance in an appropriate way. An effective ‘quality culture’ and data governance may be different in its implementation from one location to another. Depending on culture, an organisation’s control measures may be:

检查人员应对于文化对公司行为的影响很敏感，并适当应用本指南本部分所述的原则。一个有效的“质量文化”和数据管理可能在其实施时会因公司有差异。根据文化的不同，一个公司的控制措施可能会是：

l   ‘open’ (where hierarchy can be challenged by subordinates, and full reporting of a systemic or individual failure is a business expectation)

l  “开放的”（这种情况下下级可以挑战等级，全面报告系统或个人失败是业务要求）

l   ‘closed’ (where reporting failure or challenging a hierarchy is culturally more difficult)

l  “封闭的”（这种情况下报告失败或挑战等级从文化角度来讲更困难）

6.1.3 Good data governance in ‘open’ cultures may be facilitated by employee empowerment to identify and report issues through the quality system. In ‘closed’ cultures, a greater emphasis on oversight and secondary review may be required to achieve an equivalent level of control due to the social barrier of communicating undesirable information. The availability of anonymous escalation to senior management may also be of greater importance in this situation.

在“开放的”文化中，优良数据管理可能会由于员工受到鼓励而有助于识别并报告整个质量体系中的问题。而在“封闭的”文化中，更强调监管，因为社交障碍而无法沟通非期望信息，则需要有第二层闪的审核来达到同等水平的控制。在这种情况下，匿名向高级管理层越级报告的方法也可能会更重要。

6.1.4 The extent of Management’s knowledge and understanding of data integrity can influence the organisation’s success of data integrity management. Management must know their legal and moral obligation (i.e., duty and power) to prevent data integrity lapses from occurring and to detect them, if they should occur.

管理层在数据完整性方面的知识和了解程度可能会影响公司成功地进行数据完整性管理。管理层必须知道其防止数据完整性失误发生，并在发生时发现这些失误的法定和道德义务（即责任和权力）。

6.1.5 Lapses in data integrity are not limited to fraud or falsification, they can be unintentional and still pose risk. Any potential for compromising the reliability of data is a risk that should be identified and understood in order for appropriate controls to be put in place, (refer sections 5.3 - 5.5). Direct controls usually take the form of written policies and procedures, but indirect influences on employee behaviour (such as incentives for productivity in excess of process capability) should be understood and addressed as well.

数据完整性失误不仅局限于欺诈或伪造，他们可能是无意的，但仍具有风险。任何让数据可靠性受到损害的可能均是风险，应该识别并了解，以进行适当控制（参见第5.3-5.5部分）。直接控制通常是书面方针和程序，但对员工行为的非直接影响（例如，超出产能的生产率诱因）也需要了解和说明。

6.1.6 Data integrity breaches can occur at any time, by any employee, so management needs to be vigilant in detecting issues and understand reasons behind lapses, when found, to enable investigation of the issue and implementation of corrective and preventative actions.

数据完整性被破坏可能会发生在任何时间，来自于任何员工，因此管理层需要保持警警惕，发现问题并在发现后了解问题后面的原因，以促进问题的调查和CAPA的实施。

6.1.7 There are consequences of data integrity lapses that affect the various stakeholders (patients, regulators, customers) including directly impacting patient safety and undermining confidence in the organisation and its products. Employee awareness and understanding of these consequences can be helpful in fostering an environment in which quality is a priority.

数据完整性发生问题会产生不良后果，影响大量的利益相关方（患者、法规管理方、客户），包括直接影响患者安全，动摇公司及其产品的可信度。员工明白和理解这些不良后果有助于培育质量优先的环境。

6.1.8 Management should establish controls to prevent, detect and correct data integrity breaches, as well as verify those controls are performing as intended to assure data integrity. To achieve success with data integrity, Management should address the following:

管理层应建立控制来防止、发现和纠正数据完整性偏离情况，以及核查那些意在保证数据完整性实施的控制。为了成功达到数据完整性要求，管理层应强调以下要求：

6.2 Code of ethics and policies 道德准则和方针 

6.2.1 A Code of Values & Ethics should reflect Management’s philosophy on quality, achieved through policies (ie. a Code of Conduct) that are aligned to the quality culture and develop an environment of trust, where all individuals are responsible and accountable for ensuring patient safety and product quality.

价值观和道德准则应反映管理层的质量理念，通过方针来达成（即行为准则）。方针应与质量文化一致，建立一种信任的环境，在其中所有员工均承担保证患者安全和药品质量的职责。

6.2.2 The company’s general ethics and integrity standards need to be established and known to each employee and these expectations should be communicated frequently and consistently.

公司应建立基本道德和完整性标准，让每位员工知晓，并且持续频繁地就这些要求进行沟通。

6.2.3 Management should make personnel aware of the importance of their role in ensuring data integrity and the implication of their activities to assuring product quality and protecting patient safety.

管理层应让员工明白其职责在保证数据完整性上的重要性，暗示其活动将确保药品质量和保护患者安全。

6.2.4 Code of Conduct policies should clearly define the expectation of ethical behaviour, such as honesty. This should be communicated to and be well understood by all personnel. The communication should not be limited only to knowing the requirements, but also why they were established and the consequences of failing to fulfill the requirements.

行为准则方针应清楚定义道德行为的要求，例如诚实。所有员工均应该沟通并理解。沟通不应仅仅局限于知道该要求，还要知道为什么要建立方针，如果不能满足要求后果会是什么。

6.2.5 Unwanted behaviours, such as deliberate data falsification, unauthorised changes, destruction of data, or other conduct that compromises data integrity should be addressed promptly. Disciplinary action may be taken, when warranted. Similarly, conforming behaviours should be recognised appropriately.

有害的行为，如蓄意篡改、未经授权更改、毁坏数据，或其它损害数据完整性的行为均应及时说明。必要时应采取处分措施。类似地，应恰当认可符合性行为。

6.2.6 There should be a confidential escalation program supported by company policy and procedures whereby it encourages personnel to bring instances of possible breaches to the Code of Conduct to the attention of management without consequence.

公司方针应支持机密升级计划和程序，它能鼓励员工将可能会打破行为准则的事件报告给管理层知道而不会受到处罚。

6.3 Quality culture 质量文化

6.3.1 Management should aim to create a work environment (ie. quality culture) that is transparent and open, one in which personnel are encouraged to freely communicate failures and mistakes, including potential data reliability issues, so that corrective and preventative actions can be taken. Organisational reporting structure should permit the information flow between personnel at all levels.

管理层应致力于创建一个透明公开的工作环境（即质量文化）。在这样的环境下，员工被鼓励自由沟通失败情况和所犯错误，包括潜在的数据可靠性问题，这样能够采取纠正和预防措施。公司报告结构应允许所有层级之间的信息流。

6.3.2 It is the collection of values, beliefs, thinking, and behaviours demonstrated consistently by management, team leaders, quality personnel and all personnel that contribute to creating a quality culture to assure data integrity.

它是价值观、信仰、思维和行为的集合，由管理层、团队领导、质量人员和所有涉及创造质量文化确保数据完整性的人员一致遵守。

6.3.3 Management can foster quality culture:

管理层可以培养以下质量文化：

l  Ensure awareness and understanding of expectations (eg. Code of Ethics and Code of Conduct);

l  确保员工明白和理解要求（例如，道德准则和行为准则）；

l  Lead by example, management should demonstrate the behaviours they expect to see ;

l  以身作则，管理层应自身实践他们所期望看到的行为；

l  Ensure accountability for actions and decisions;

l  保证行为和决策职责；

l  Stay continuously and actively involved;

l  保持持续主动参与；

l  Set realistic expectations, consider the limitations that place pressures on employees;

l  设定可行的要求，考虑员工所受到的局限性；

l  Allocate resources to meet expectations;

l  配置资源以达成目标；

l  Implement fair and just consequences and rewards; and

l  实施公平公正奖罚；并且

l  Be aware of regulatory trends to apply lessons learned to your organisation.

l  明白法规趋势，将现有案例和教训在公司内部应用。

6.4 Modernising the Pharmaceutical Quality Management System 药品质量管理体系现代化

6.4.1 The application of modern quality risk management principles and good data management practices to the current pharmaceutical quality management system serves to modernize the System to meet the challenges that come with the generation of complex data.

现代化质量风险管理原则和优良数据管理规范在当前药物质量管理体系中的应用是为了将系统现代化，以应对复杂数据产生所带来的挑战。

6.4.2 The company’s Quality Management System should be able to prevent, detect and correct weaknesses in the system or their processes that may lead to data integrity lapses. The company should know their data life cycle and integrate the appropriate controls and procedures such that the data generated will be valid, complete and reliable. Specifically, such control and procedural changes may be in the following areas:

公司的质量管理体系应能够防止、发现和纠正系统或流程中的弱点，这些弱点可能会导致数据完整性问题。公司应知晓其数据的生命周期，在其中包括适当的控制和程序，这样所产生的数据才能有效、完整和可靠。具体来说，这类控制和程序的变化可能会是在以下领域：

l  Risk assessment and management,

l  风险评估和管理；

l  Investigation programs,

l  调查计划；

l  Data review practices (section 9),

l  数据审核规范（第9部分）；

l  Computer software validation,

l  计算机软件验证；

l  Vendor/contractor management ,

l  供方/合同方管理；

l  Training program to include company’s data integrity policy and data integrity SOPs ,

l  培训计划包括公司的数据完整性方针和数据完整性SOP；

l  Self-inspection program to include data integrity, and

l  自检计划包括数据完整性；并且

l  Quality metrics and reporting to senior management.

l  质量量度并向高级管理层报告。

6.5 Regular management review of quality metrics 质量量度日常管理评审 

6.5.1 There should be regular management reviews of quality metrics, including those related to data integrity, such that significant issues are identified, escalated and addressed in a timely manner. Caution should be taken when key performance indicators are selected so as not to inadvertently result in a culture in which data integrity is lower in priority.

应该对质量量度进行定期管理评审，包括那些与数据完整性有关的内容，这样才能及明发现、升级和处理重大问题。在选择关键性能指标时要谨慎，不致疏忽地成就了将数据完整性优先程度降低的文化。

6.5.2 The head of the Quality unit should have direct access to the highest level of management in order to directly communicate risks so that senior management is aware and can allocate resources to address any issues.

质量部门领导应可以直接接触到最高层级的管理人员，以便直接沟通风险，这样高级管理层就能明白并可以配置资源来解决所有问题。

6.5.3 Management can have an independent expert periodically verify the effectiveness of their systems and controls.

管理层可以有一个独立的专家来定期核查其系统和控制有效性。

6.6 Resource allocation 资源配置

6.6.1 Management should allocate appropriate resources to support and sustain good data integrity management such that the workload and pressures on those responsible for data generation and record keeping do not increase the likelihood of errors or the opportunity to deliberately compromise data integrity.

管理层应配置适当的资源来支持和保持优良数据完整性管理，这样负责数据产生和记录保存的工作量和工作压力应不会增加错误和蓄意破坏数据完整性机会的可能性。

6.6.2 There should be sufficient number of personnel for quality and management oversight, IT support, conduct of investigations, and management of training program that are commensurate with the operations of the organisation. There should be provisions to purchase equipment, software and hardware that are appropriate for their needs, based on the criticality of the data in question.

应该有足够数量的人员负责质量和管理监督、IT支持、调查实施，以及培训计划管理，使其与公司的运营相称。应该有条款规定设备、软件和硬件的采购，它应该基于所讨论数据的关键程度，并使其与其需求相适当。

6.6.3 Personnel must be qualified and trained for their specific duties, with appropriate segregation of duties, including the importance of good documentation practices. There should be evidence of the effectiveness of training on critical procedures, such as electronic data review. The concept of data integrity applies to all functional departments that play a role in GMP, including areas such as IT and engineering.

人员必须具备资质，经过其特定任务方面的培训，有适当的职责分工，包括优良文件记录规范的重要性。应该有证据证明关键程度培训的有效性，如电子数据审核。数据完整性的概念适用于所有在GMP中起作用的职能部门，包括如IT和工程领域。

6.6.4 Data integrity should be familiar to all, but data integrity experts from various levels (SMEs, supervisors, team leaders) may be called upon to work together to conduct/support investigations, identify system gaps and drive implementation of improvements.

所有人均应熟悉数据完整性，但来自不同层面的数据完整性专家（SME、主管、团队领导）可能会被召唤到一起，协作实施/支持调查、识别系统差距并推进实施改进。

6.6.5 Introduction of new roles in an organisation relating to data integrity such as a data custodian or Chief Compliance Officer might be considered.

可能需要考虑在公司内引入与数据完整性相关的新职位，例如数据监管员或首席符合性管理员。

6.7 Dealing with data integrity issues found internally 处理内部发现的数据完整性问题

6.7.1 In the event that data integrity lapses are found, they should be handled as any deviation would be according to the Quality Management System. It is important to determine the extent of the problem as well as its root cause, then correcting the issue to its full extent and implement preventative measures. This may include the use of a third party for additional expertise or perspective, which may involve a gap assessment to identify weaknesses in the system.

如果发现数据完整性问题，首先应根据质量管理体系作为偏差处理。确定问题的深度和其根本原因很重要，然后全面纠正该问题，并实施预防措施。这可能包括使用第三方来获得额外的专业知识和观点，可能需要进行差距评估来识别出系统里的弱点。

6.7.2 When considering the impact on product, any conclusions drawn should be supported by sound scientific evidence.

在考虑对产品的影响时，所做出的任何结论均应是基于科学合理的证据。

6.7.3 Corrective actions may include product recall, client notification and reporting to regulatory authorities.

纠正措施可以包括召回产品、通知客户和向法规当局报告。

6.7.4 Further guidance may be found in section 12 of this guide.

更多指南可以在本指南第12部分找到。

7 GENERAL DATA INTEGRITY PRINCIPLES AND ENABLERS

基本数据完整性原则和应用工具

7.1 The Pharmaceutical Quality Management System (QMS) should be implemented throughout the different stages of the life cycle of the Active Pharmaceutical Ingredients and medicinal products and should encourage the use of science and risk-based approaches.

药物质量管理体系（QMS）应在原料药和制剂整个生命周期的不同阶段实施，应鼓励使用基于风险的科学方法。

7.2 To ensure that decision making is well informed and to verify that the information is reliable, the events or actions that informed those decisions should be well documented. As such, Good Documentation Practices (GDocPs) are key to ensuring data integrity, and a fundamental part of a well designed Pharmaceutical Quality Management System (discussed in section 6).

为保证决策有良好沟通，也为了核查信息是否可靠，告知这些决策的事件或行动应记录完好。因而，优良文件记录规范（GdocPs）对于保证数据完整性非常关键，并且成为设计良好的药物质量管理系统的一个基本部分（在第6部分讨论）。

7.3 The application of GdocPs may vary depending on the medium used to record the data (ie. Physical vs. electronic records), but the principles are applicable to both. This section will introduce those key principles and following sections (8 & 9) will explore these principles relative to documentation in both paper-based and electronic-based recordkeeping.

GdocPs的应用可能会根据用于记录数据的介质有所不同（即物理VS电子记录），但这些原则适用于两者。本部分会介绍关键原则，后面的部分（8和9）则会展开这些原则，分别针对纸质文件和电子记录保存。

7.4 Some key concepts of GdocPs are ummarized by the acronym ALCOA: Attributable, Legible, Contemporaneous, Original, Accurate. To this list can be added the following: Complete, Consisitent, Enduring and Available (ALCOA+[1]5). Together, these expectations ensure that events are properly documented and the data can be used to support informed decisions.

一些GdocPs的关键概念用术语ALCOA进行了总结：可追溯性、清晰、同步、原始、准确。此清单可以增加：完整、一致、持久和可获得（ALCOA+）。它们合在一起组成的要求确保事件被恰当记录，数据可以用来支持所做决策。

7.5 Basic DI principles applicable to both paper and electronic systems (ALCOA +):

适用于纸质和电子系统的基本DI原则（ALCOA+）

7.6 If these elements are appropriately applied to all applicable areas of GMP and GDP-related activities, along with other supporting elements of a Pharmaceutical Quality Management System, the reliability of the information used to make critical decisions regarding drug products should be adequately ensured.

如果这些要素恰当应用于所有GMP和GDP相关活动领域，与其它PQMS的支持要素一起，用于做出药品关键决策的信息的可靠信就能得到充分保证。

8 SPECIFIC DI CONSIDERATIONS FOR PAPER-BASED SYSTEMS

纸质系统特定DI考虑

8.1 Structure of quality management system (QMS) and control of blank forms/templates/records QMS结构和空白格式/模板/记录控制

8.1.1 The effective management of paper based documents is a key element of GMP/GDP. Accordingly the documentation system should be designed to meet GMP/GDP requirements and ensure that documents and records are effectively controlled to maintain their integrity.

纸质文件的有效管理是GMP/GDP的关键要素。因而，文件记录系统的设计应符合GMP/GDP要求，确保文件和记录有效受控，以保持其完整性。

8.1.2 Paper records must be controlled and must remain attributable, legible, indelible/durable, contemporaneous, original and accurate (ALCOA) throughout the data lifecycle.

纸质记录必须受控，必须在数据生命周期中保留其ALCOA属性。

8.1.3 Procedures outlining good documentation practices and arrangements for document control should be available within the QMS. These procedures should specify:

QMS内应该有文件控制程序列出优良文件记录规范和安排。这些程序应指定：

l  How master documents and procedures are created, reviewed and approved for use;

l  主记录和程序如何创建、审核和批准使用；

l  Generation, distribution and control of templates used to record data (master , logs, etc.);

l  用于记录数据的模板的生成、发放和控制（主文件、日志等）；

l  Retrieval and disaster recovery processes regarding records.

l  记录恢复和灾难恢复过程；

l  The process for generation of working copies of documents for routine use, with specific emphasis on ensuring copies of documents, e.g. SOPs and blank forms are issued and reconciled for use in a controlled and traceable manner.

l  生成日常使用的工作记录的流程，具体强调保证文件的副本，例如，SOP和空白表格应使用受控和可追溯方式发放和平衡数量；

l  Guidance for the completion of paper based documents, specifying how individual operators are identified, data entry formats and amendments to documents are recorded.

l  纸质文件填写指南，说明各操作人员如何识别记录，说明数据输入格式以及如何增补更正文件；

l  How completed documents are routinely reviewed for accuracy, authenticity and completeness;

l  填写完成的记录日常如何审核其准确性、可信性和完整性；

l  Processes for the filing, retrieval, retention, archival and disposal of records.

l  记录的填写、恢复、保存、归档和废弃流程；

l  How data integrity is maintained throughout the lifecycle of the data.

l  在整个数据的生命周期维护数据完整性。

8.2 Why is the control of records important? 记录控制为什么很重要？

l  Evidence of activities performed;

l  活动实施的证据；

l  Evidence of compliance with GMP requirements and company policies, procedures and work instructions;

l  符合GMP要求和公司方针、程序和工作指令的证据；

l  Effectiveness of Pharmaceutical QMS;

l  药物QMS有效性；

l  Traceability;

l  可追溯性；

l  Process authenticity and consistency ;

l  工艺真实性和一致性；

l  Evidence of the good quality attributes of the medicinal products manufactured; and

l  所生产的药品具有优良质量属性的证据；以及

l  In case of complaints, records could be used for investigational purposes.

l  如果有客户投诉，记录可以用于调查。

8.3 Generation, distribution and control of template records 模板记录的生成、发放和控制 

8.3.1 Why is managing and controlling master records necessary? 为什么要管理和控制母版记录？

Managing and controlling master records is necessary to ensure that the risk of someone inappropriately using and/or falsifying a record ‘by ordinary means’ (i.e. not requiring the use of specialist fraud skills) is reduced to an acceptable level.

管理和控制母版记录对于保证将人们“通过常规方法”（即不需要使用专家级造假技巧）不恰当使用和/或伪造记录的风险降至可接受水平是必须的。

The following expectations should be implemented using a quality risk management approach, considering the risk and criticality of data recorded (see section 5.4, 5.5).

以下要求应使用质量风险管理方式实施，同时考虑数据记录的风险和关键程度（参见第5.4，5.5部分）。

8.4 Expectations for the generation, distribution and control of records 记录生成、发放和控制要求

8.4.1 An index of all the template records should be maintained by QA organisation. This index should mention for each type of template record at least the following information: title, reference number including version number, location (e.g., documentation data base, effective date, next review date, etc.

QA部门应维护一份所有模板记录的清单。此索引清单应至少提到各类模板记录中的以下信息：标题、索引号包括版本号、位置（例如，文件记录数据库）、有效日期、下次审核日期等。

8.5 Use and control of records within production areas 生产区域记录使用和控制

8.5.1 Records should be appropriately controlled in the production areas by designated persons or processes. These controls should be carried out to minimize the risk of damage or loss of the records and ensure data integrity. Where necessary, measures must be taken to protect records from being soiled (e.g. getting wet or stained by materials, etc).

在生产区域的记录应由指定人员或流程进行恰当控制。应实施这些控制来减少记录受损或丢失的风险，保证数据完整性。必要时，必须采取措施保护记录不被污损（例如，弄湿或被物料弄脏等）。

8.6 Filling out records 记录填写 

8.6.1 The items listed in the table below should be controlled to assure that a record is properly filled out.

下表中列出的项目应进行控制，以保证记录填写符合要求。

8.7 Making corrections on records 记录更正

Corrections to the records must be made in such way that full traceability is maintained.

对记录进行更正必须保持全面可追溯性。

8.8 Verification of records (secondary checks) 记录核查（第二人检查）

8.9 Maintaining Records 记录维护

8.10 Direct print-outs from electronic systems 从电子系统直接打印出的打印件

8.10.1 Paper records generated by very simple electronic systems, e.g. balances, pH meters or simple processing equipment which do not store data provide limited opportunity to influence the presentation of data by (re-)processing, changing of electronic date/time stamps. In these circumstances, the original record should be signed and dated by the person generating the record and the original should be attached to batch processing records.

从不存贮数据的非常简单的电子系统，如天平、pH计或简单工艺设备中产生的纸质记录，其通过对数据进行再处理、改变电子日期/时间戳的方式影响数据呈现的机会受到限制，则可以由生成记录的人对原始记录签名日期，并将原始记录附入批处理记录。

8.11 True copies 真实备份

8.11.1 Copies of original paper records (e.g. analytical summary reports, validation reports etc.) are generally very useful for communication purposes, e.g. between companies operating at different locations. These records must be controlled during their life cycle to ensure that the data received from another site (sister company, contractor etc.) are maintained as “true copies” where appropriate, or used as a “summary report” where the requirements of a “true copy” are not met (e.g. summary of complex analytical data).

原始纸质记录（例如，分析汇总报告，验证报告等）的副本一般在交流时非常有用，例如，当公司在不同地方操作时。这些记录必须在其生命周期中受控，以确保从另一场所（兄弟公司，合同商等）收集来的数据在适当时作为“真实备份”得到维护，或者是在不符合“真实备份”要求（例如，复杂的分析数据的汇总）时用作“总结报告”。

8.11.2 It is conceivable for raw data generated by electronic means to be retained in an acceptable paper or pdf format, where it can be justified that a static record maintains the integrity of the original data. However, the data retention process must be shown to include verified copies of all raw data, metadata, relevant audit trail and result files, software / system configuration settings specific to each analytical run, and all data processing runs (including methods and audit trails) necessary for reconstruction of a given raw data set. It would also require a documented means to verify that the printed records were an accurate representation. This approach is likely to be onerous in its administration to enable a GMP compliant record.

可以想象，对于电子方式产生的原始数据会以可接受的纸质方式或PDF格式保存，这时可以论证静态的记录维持了原始数据的完整性。但是，数据保存流程必须包括对经过核对的所有原始数据、元数据、相关审核追踪和结果文件、每次分析运行时的软件/系统参数设置、以及所有过程运行数据（包括方法和审核追踪），这是重新构建指定的原始数据系列时所需要的内容。这也要求有书面方法来核查所打印的记录是一份准确的表达。这种方法可能会太麻烦，难以管理让其符合GMP记录要求。

8.11.3 Many electronic records are important to retain in their dynamic (electronic) format, to enable interaction with the data. Data must be retained in a dynamic form where this is critical to its integrity or later verification. This should be justified based on risk.

许多电子记录要保存在其动态（电子）格式，使得可以与数据互动。数据必须以对其完整性至为关键的形式保存，并要在保存后进行核查。应基于风险来论证此方式。

8.11.4 At the receiving site, these records (true copies) may either be managed in a paper or electronic format (e.g., PDF) and should be controlled according to an approved QA procedure.

在接收场所，这些记录（真实副本）可以以纸质方式或电子格式（例如PDF）保存，应根据批准的QA程序受控。

8.11.5 Care should be taken to ensure that documents are appropriately authenticated as “true copies” either through the use of handwritten or digital signatures.

应小心确保文件经过适当的“真实副本”认证，可以是通过手书或数字签名达到此目的。

8.11.6 A quality agreement should be in place to address the responsibilities for the generation and transfer of “true copies” and data integrity controls. The system for the issuance and control of “true copies” should be audited by the contract giver and receiver to ensure the process is robust and meets data integrity principles.

应有质量协议说明“真实备份”产生和转移的职责以及数据完整性控制。签发和控制“真实备份”的系统应由合同发包方和合同接受方进行审计，以确保流程稳健，符合数据完整性原则。

8.12 Limitations of remote review of summary reports 对汇总报告进行远程审核的局限性

8.12.1 The remote review of data within summary reports is a common necessity; however, the limitations of remote data review must be fully understood to enable adequate control of data integrity.

对汇总报告中的数据进行远程审核通常是必须的。但是，必须全面了解远程数据审核的局限性，以对数据完整性进行充分控制。

8.12.2 Summary reports of data are often supplied between physically remote manufacturing sites, Market Authorisation Holders and other interested parties. However, it must be acknowledged that summary reports are essentially limited in their nature, in that critical supporting data and metadata is often not included and therefore original data cannot be reviewed.

数据汇总报告通常会在物理距离上比较远的生产场所、上市许可持有人和其它利益相关方之间传递。但是，必须知道汇总报告从根本上来说受限于其特性，其中通常并不包括关键支持性数据和元数据，因此无法对原始数据进行审核。

8.12.3 It is therefore essential that summary reports are viewed as but one element of the process for the transfer of data and that interested parties and inspectorates do not place sole reliance on summary report data.

因此有必要仅是将审核汇总报告作为数据转移过程中的一个环节，利益相关方和检查组织并不仅仅依赖于汇总报告的数据。

8.12.4 Prior to acceptance of summary data, an evaluation of the supplier’s quality system and compliance with data integrity principles should be established through on-site inspection when considered important in the context of quality risk management.

在接受汇总数据之前，考虑到质量风险管理环境下其重要性，应通过现场检查对供应商的质量体系和数据完整性原则符合性进行评估。

The inspection should ensure the veracity of data generated by the company, and include a review of the mechanisms used to generate and distribute summary data and reports.

检查应确保公司所产生的数据的真实性，包括对用来产生和分发汇总数据和报告体制的审核。

8.13 Document retention (Identifying record retention requirements and archiving records) 文件记录保存（识别记录保存要求和归档记录）

8.13.1 The retention period of each type of records should (at a minimum) meet those periods specified by GMP/GDP requirements. Consideration should be given to other local or national legislation that may stipulate longer storage periods.

每类记录的保存时长应（至少）符合GMP/GDP要求中指定的时长。应考虑其它可能规定了更长保存期限的当地或国家法规。

8.13.2 The records can be retained internally or by using an outside storage service subject to quality agreements. A risk assessment should be available to demonstrate retention systems/facilities/services are suitable and that the residual risks are understood.

记录可以内部保存，也可以使用外部保存服务，但要签订质量协议。应进行风险评估证明保存系统/设施/服务是适当的，并了解残留风险。

8.14 Disposal of original records 原始记录的废弃

8.14.1 A documented process for the disposal of records should be in place to ensure that the correct original records are disposed of after the defined retention period. The system should ensure that current records are not destroyed by accident and that historical records do not inadvertently make their way back into the current record stream (eg. Historical records confused/mixed with existing records.)

记录废弃处理应有书面程序，以确保销毁的是超过既定保留时长的正确的原始记录。系统应保证现行记录不会被错误销毁，历史记录不会阴差阳错回到现行记录流（例如，历史记录与现有记录混淆/混合）。

8.14.2 A record/register should be available to demonstrate appropriate and timely destruction of retired records.

应该能提供记录/登记册证明对退役的记录进行了适当及时的销毁。

8.14.3 Measures should be in place to reduce the risk of deleting the wrong documents. The access rights allowing deletion of records should be limited to few persons.

应该的措施降低删除错误文件的风险。进入删除文件权限应限制授权给很少数人。

8.14.4 In case of printouts which are not permanent (e.g. thermo transfer paper) a verified (‘true’) copy may retained, and it is possible to discard the non- permanent original

如果打印件不是永久的（例如，热敏纸），则应保存经过验证（真实）的副本，可以废弃非永久性记录原件。

8.14.5 Paper records may be replaced by Scans provided that the principles of ‘true copy’ are addressed (see section 8.11.5)

如果“真实备份”的原则有进行说明，则可以采用扫描件替代纸质文件来保存（参见第8.11.5部分）。

[1] The use of scribes to record activity on behalf of another operator should be considered ‘exceptional’, and only take place where:

l   The act of recording places the product or activity at risk e.g. documenting line interventions by sterile operators.

l   To accommodate cultural or staff literacy / language limitations, for instance where an activity is performed by an operator, but witnessed and recorded by a Supervisor or Officer.

In both situations, the supervisory recording must be contemporaneous with the task being performed, and must identify both the person performing the observed task and the person completing the record. The person performing the observed task should countersign the record wherever possible, although it is accepted that this countersigning step will be retrospective. The process for supervisory (scribe) documentation completion should be described in an approved procedure, which should also specify the activities to which the process applies.

使用记录员来代替另一人记录所操作事件应作为“例外情况”，只有在以下情况可以使用：

记录活动会让产品或活动处于风险之中，例如，记录无菌操作人员对生产线的人工干预情况

适应文化或员工文化水平/语言限制，例如，一个操作工实施活动，主管或管理员在现场查看并记录。

在两种情形下，监管式记录都必须与所实施的任务同步，必须写明完成该任务和完成记录的人员姓名。实施所观察任务的人员应在可能时就对记录进行会签，这时的会签是回顾式的，是可以接受的。监管（记录）记录完成的过程应一个批准的程序中描述，还应该指定该程序适用的活动。

[2] Note that storage periods for some documents may be dictated by other local or national legislation.

注意有些文件记录的存贮期限可能是有当地或国家法律规定的。

9 SPECIFIC DATA INTEGRITY CONSIDERATIONS FOR COMPUTERISED SYSTEMS 计算机化系统具体数据完整性考虑

9.1 Structure of the QMS and control of computerised systems QMS结构和计算机化系统的控制

9.1.1 A large variety of computerised systems are used by companies to assist in a significant number of operational activities. These range from the simple standalone to large integrated and complex systems, many of which have an impact on the quality of products manufactured. It is the responsibility of each regulated entity to fully evaluate and control all computerised systems and manage them in accordance with GMP[1] and GDP[2] requirements.

公司使用大量不同的计算机化系统来辅助大量的操作活动。其范围从简单的单机到大型集成复杂系统，其中许多对所生产的药品质量产生影响。各受法规约束的主体有责任全面评估和控制所有计算机化系统，以及根据GMP和GDP要求对其进行管理。

9.1.2 Organisations should be fully aware of the nature and extent of computerized systems utilised, and assessments should be in place that describe each system, its intended use and function, and any data integrity risks or vulnerabilities that may be susceptible to manipulation. Particular emphasis should be placed on determining the criticality of computerised systems and any associated data, in respect of product quality.

公司应深刻了解其所采用的计算机化系统的属性和深度，应进行评估描述每个系统，其既定用途以及功能，和所有数据完整性风险，或易被篡改的脆弱点。尤其应强调要确定计算机化系统及所有相关数据 在药品质量方面的关键程度。

9.1.3 All computerised systems with potential for impact on product quality should be effectively managed under a mature quality management system which is designed to ensure that systems are protected from acts of accidental or deliberate manipulation, modification or any other activity that may impact on data integrity.

所有对药品质量有潜在影响的计算机化系统均应在成熟的质量管理体系里进行有效管理。质量管理体系设计应保系统受到保护，不会被事故或有意篡改、修订，或受到任何可能影响数据完整性的活动的侵害。

9.1.4 When determining data vulnerability and risk, it is important that the computerized system is considered in the context of its use within the business process. For example, data integrity of an analytical method with computerised interface is affected by sample preparation, entry of sample weights into the computerized system, use of the computerised system to generate data, and processing /recording of the final result using that data.

在确定数据弱点和风险时，很重要的一点是要在业务流程内其使用环境下考虑计算机化系统。例如，一个有计算机化界面的分析方法的数据完整性会受到样品制备、将样品重要输入计算机化系统、使用计算机化系统产生数据，以及使用这些数据处理/记录最终结果的影响。

9.1.5 The guidance herein is intended to provide specific considerations for data integrity in the context of computerised systems. Further guidance regarding good practices for computerised systems may be found in the PIC/S Good Practices for Computerised Systems in Regulated “GxP” Environments (PI 011).

指南此处旨在提供计算机化系统环境下数据完整性的具体考虑。关于优良计算机化系统的规范可以在PIC/S在受法规约束的GXP环境下计算机化系统优良规范（PI 011）中找到。

9.2 Qualification and validation of computerised systems 计算机化系统的确认和验证

9.2.1 The qualification and validation of computerised systems should be performed in accordance with the relevant GMP/GDP guidelines; the tables below provide clarification regarding specific expectations for ensuring good data governance practices for computerised systems.

计算机化系统的确认和验证应根据相关的GMP/GDP指南实施，下表提供了关于保证计算机化系统优良数据管理规范的具体要求。

9.3 System security for computerised systems 计算机化系统的系统安全

9.4 Audit trails for computerised systems 计算机化系统的审核追踪

9.5 Data capture/entry for computerised systems 计算机化系统的数据捕获/输入

9.6 Review of data within computerised systems 计算机化系统中数据的审核

9.7 Storage, archival and disposal of electronica data 电子数据的存贮、归档和销毁 

[1] PIC/S PE 009 Guide to Good Manufacting Practice for Medicinal Products, specifically Part I chapters 4, Part II chapters 5, & Annex 11

PIC/S PE 009 药品GMP指南，具体为第一部分第4章，第二部分第5章和附录11.

[2] PIC/S PE 011 GDP Guide to Good Distribution Practice for Medicinal Products, specifically section 3.5 XXX

PIC/S PE 011 药品优良运输GDP指南，具体参见第3.5部分。

10 DATA INTEGRITY CONSIDERATIONS FOR OUTSOURCED ACTIVITIES

外包活动中数据完整性考虑

10.1 General supply chain considerations 一般供应链考虑

10.1.1 Data integrity plays a key part in ensuring the security and integrity of supply chains. Data governance measures by a contract giver may be significantly weakened by unreliable or falsified data or materials provided by supply chain partners. This principle applies to all outsourced activities, including suppliers of raw materials or contract manufacture / analytical services.

数据完整性在保证供应链的安全和完整性中扮演着重要的角色。合同发包方的数据管理措施可能会被供应链伙伴所提供的不可靠或伪造数据或材料大大削弱。此原则适用于所有外包活动，包括原料供应商，合同生产商/分析服务提供商。

10.1.2 Initial and periodic re-qualification of supply chain partners and outsourced activities should include consideration of data integrity risks and appropriate control measures.

对供应链伙伴和外包活动的初始和定期再确认应包括对数据完整性风险和适当的控制措施的考虑。

10.1.3 It is important for an organisation to understand the data integrity limitations of information obtained from the supply chain (e.g. summary records and copies /printouts), and the challenges of remote supervision. These limitations are similar to those discused in section 8.11 of this guidance This will help to focus resources towards data integrity verification and supervision using a qualiity risk management approach.

很重要的一点是公司应了解从供应链所获得的数据（例如，摘要记录和副本/打印件）完整性局限性，以及远程监督的挑战。这些局限性与本指南第8.11中所讨论的内容相类似。这会有助于采用质量风险管理方法，集中资源用于数据完整性核查和监管。

10.2 Routine document verification 日常文件核查 

The supply chain relies upon the use of documentation and data passed from one organisation to another. It is often not practical for the contract giver to review all raw data relating to reported results. Emphasis should be placed upon robust supplier and contractor qualification, using the principles of quality risk management.

供应链依赖于从一个公司传送到另一个公司的文件记录和数据的使用。通常合同发包方去审核所有与报告结果相关的原始数据并不现实。应使用质量风险管理原则，重点关注供应商的稳健程度和合同方确认。

10.3 Strategies for assessing data integrity in the supply chain 供应链中数据完整性评估策略

10.3.1 Companies should conduct regular risk reviews of supply chains and outsourced activity that evaluate the extent of data integrity controls required. Information considered during risk reviews may include:

公司应对供应链和外包活动实施定期风险评审，评估所需数据完整性控制的程度。在风险评审中要考虑的信息可以包括：

l  The outcome of site audits, with focus on data governance measures

l  对审核的结果，关注数据管理措施

l  Review of data submitted in routine reports, for example:

l  审核日常报告中所提交的数据，例如：

10.3.2 Quality agreements should be in place in place between manufacturers and suppliers/contract manufacturing organisations (CMOs) with specific provisions for ensuring data integrity across the supply chain. This may be achieved by setting out expectations for data governance, and transparent error/deviation reporting by the contract acceptor to the contract giver. There should also be a requirement to notify the contract giver of any data integrity failures identified at the contract acceptor site.

生产商和供应商/合同生产组织（CMO）之间应签署质量协议，协议应有特定条款确保供应链中的数据完整性。这可以通过设定数据管理要求，要求合同接受方向合同发包方提交透明的错误/偏差报告来实现。还应该要求合同接受方通知合同发包方在其场所内识别出的所有数据完整性失败情况。

10.3.3 Audits of suppliers and manufacturers of APIs, critical intermediate suppliers and service providers conducted by the manufacturer (or by a third party on their behalf) should include a verification of data integrity measures at the contract organisation.

生产商（或委派第三方）对原料药供应商和生产商、关键中间体供应商和服务提供商实施的审计应包括对合同组织内数据完整性措施的核查。

10.3.4 Audits and routine surveillance should include adequate verification of the source electronic data and metadata by the Quality Unit of the contract giver using a quality risk management approach. This may be achieved by measures such as:

审计和日常监管应包括合同发包方质量部门采用质量风险管理方法对源电子数据和元数据的充分核查。可以通过如下一些方法达成目标：

10.3.5 Contract givers may work with the contract acceptor to ensure that all client confidential information is encoded to de-identify clients. This would facilitate review of source electronic data and metadata at the contract giver’s site, without breaking confidentiality obligations to other clients. By reviewing a larger data set, this enables a more robust assessment of the contract givers data governance measures. It also permits a search for indicators of data integrity failure, such as repeated data sets or data which does not demonstrate the expected variability.

合同发包商可能与合同接受方合作来确保对所有客户机密信息进行加密，使得无法识别用户身份。这样能方便对合同发包方场所的源电子数据和元数据进行初核，而不会破坏对其它客户的保密义务。通过对更大的数据系列进行审核，能对合同发包方的数据管理措施进行更为稳定的评估。它还能搜索数据完整性失败指征，如重复的数据系列或不符合预期变化的数据。

10.3.6 Care should be taken to ensure the authenticity and accuracy of supplied documentation, (refer section 8.11). The difference in data integrity and traceability risks between ‘true copy’ and ‘summary report’ data should be considered when making contractor and supply chain qualification decisions.

应注意确保所提供文件记录的真实性和准确性，（参见第8.11部分）。在做出合同方和供应链确认决策时，应考虑“真实备份”和“总结报告”数据之间的数据完整性和可追溯性风险差异。

11 REGULATORY ACTIONS IN RESPONSE TO DATA INTEGRITY FINDINGS 数据完整性缺陷所引发的官方行动

11.1 Deficiency references 缺陷依据

11.1.1 The integrity of data is fundamental to good manufacturing practice and the requirements for good data management are embedded in the current PIC/S Guides to GMP/GDP for Medicinal products. The following table provides a reference point highlighting some of these existing requirements.

数据完整性对GMP是基本要求，优良数据管理的要求是嵌入现行的PIC/S药品GMP/GDP指南。以下表格提供了参考点，特别是一些已有要求。

11.2 Classification of deficiencies 缺陷分类

Note: The following guidance is intended to aid consistency in reporting and classification of data integrity deficiencies, and is not intended to affect the inspecting authority’s ability to act according to national legal frameworks.

注：以下指南意在帮助数据完整性缺陷采用一致的方式进行报告和分级，无意影响检查当局根据国家法律框架采取行动的能力。

11.2.1 Deficiencies relating to data integrity failure may have varying impact to product quality. Prevalence of the failure may also vary between the action of a single employee to an endemic failure throughout the inspected organisation.

与数据完整性失败相关的缺陷可能会根据其对药品质量的影响不同而不同。失败的普遍程度可能也有很大差异，从单个员工的动作到在整个受检公司内的常见失败。

11.2.2 The draft PIC/S guidance[1] on classification of deficiencies states:

PIC/S缺陷分级指南草案声明：

“A critical deficiency is a practice or process that has produced, or leads to a significant risk of producing either a product which is harmful to the human or veterinary patient or a product which could result in a harmful residue in a food producing animal. A critical deficiency also occurs when it is observed that the manufacturer has engaged in fraud, misrepresentation or falsification of products or data”.

“关键缺陷是已产生，或将导致对药品对人兽患者产生伤害，或可能导致食用动物中有害残留的重大风险。当发现生产商进行欺骗、歪曲或假造药品或数据时，也构成关键缺陷。”

11.2.3 Notwithstanding the “critical” classification of deficiencies relating to fraud, misrepresentation or falsification, it is understood that data integrity deficiencies can also relate to:

尽管缺陷的“关键”分级与欺骗、歪曲或造假相关，但要了解数据完整性缺陷也可能是关于：

-    Data integrity failure resulting from bad practice,

-    由于不良做法导致的数据完整性失败；

-    Opportunity for failure (without evidence of actual failure) due to absence of the required data control measures.

-    由于缺乏所需的数据控制措施而导致的失败机会（没有实际失败证据）。

11.2.4 In these cases, it may be appropriate to assign classification of deficiencies by taking into account the following (indicative list only):

在这种情形下，考虑到以下原因，可能将缺陷进行如下归类（只是指示性清单）：

Impact to product with risk to patient health: Critical deficiency:

对产品的影响导致对患者健康有风险：关键缺陷

-    Product failing to meet specification at release or within shelf life.

-    产品不符合放行质量标准或货架期内质量标准。

-    Reporting of a ‘desired’ result rather than an actual out of specification result when reporting of QC tests, critical product or process parameters.

-    在报告QC检测、关键产品或工艺参数时，报告“所需”结果，而不是实际超标结果。

Impact to product with no risk to patient health: Major deficiency:

对产品的影响没有患者健康风险：主要缺陷

-    Data being miss-reported, e.g. original results ‘in specification’, but altered to give a more favourable trend.

-    数据漏报，例如原始结果“符合质量标准”，但进行修改给出更好的趋势。

-    Reporting of a ‘desired’ result rather than an actual out of specification result when reporting of data which does not relate to QC tests, critical product or process parameters.

-    在报告非QC检测、关键产品或工艺参数数据时，报告“所需”结果，而不是报告实际的OOS结果

-    Failures arising from poorly designed data capture systems (e.g. using scraps of paper to record info for later transcription).

-    设计不良的数据捕获系统产生的失败（例如，使用废弃的纸记录信息，事后再转抄）。

No impact to product; evidence of widespread failure: Major deficiency:

对产品没有影响；有发现广泛的失败证据：主要缺陷

-    Bad practices and poorly designed systems which may result in opportunities for data integrity issues or loss of traceability across a number of functional areas (QA, production, QC etc). Each in its own right has no direct impact to product quality.

-    可能会导致数据完整性问题或大量功能性领域（QA、生产、QC等）可追溯性缺失机会的不良做法和设计不良的系统。

No impact to product; limited evidence of failure: Other deficiency:

对产品没有影响；失败证据有限：其它缺陷

-    Bad practice or poorly designed system which result in opportunities for data integrity issues or loss of traceability in a discrete area.

-    不良做法或设计不良的系统，会导致数据完整性问题或零散领域内可追溯性缺失的机会。

-    Limited failure in an otherwise acceptable system.

-    其它可接受系统里有限的失败。

11.2.5 It is important to build an overall picture of the adequacy of the key elements (data governance process, design of systems to facilitate compliant data recording, use and verification of audit trails and IT user access etc.) to make a robust assessment as to whether there is a company-wide failure, or a deficiency of limited scope/ impact.

很重要的一点是要建立关键要素（数据管理流程、系统设计促进符合性数据记录、使用和核对审核追踪和IT用户权限等）充分性的整体画面，以做出稳健的评估，确定是否在公司范围内都存在失败，还是在有限的范围/影响的缺陷。

11.2.6 Individual circumstances (exacerbating / mitigating factors) may also affect final classification or regulatory action. Further guidance on the classification of deficiencies and intra-authority reporting of compliance issues will be available in the PIC/S guidance on the classification of deficiencies, once it has been published.

个别环境（加剧/缓解因素）可能也会影响分级和法规行动。关于缺陷分级和药监局内报告符合性问题的更多指南将能够在PIC/S缺陷分级指南（发布之后）中可以找到。

12 REMEDIATION OF DATA INTEGRITY FAILURES 数据完整性失败的弥补措施

12.1 Responding to Significant Data Integrity issues 对重大数据完整性问题的响应

12.1.1 Consideration should be primarily given to resolving the immediate issues identified and assessing the risks associated with the data integrity issues. The response by the company in question should outline the actions taken. Responses should include:

首先应考虑解决所识别的紧急问题，评估与数据完整性相关的风险。公司的回复应列出所采取的行动。回复应包括：

12.1.1.1 A comprehensive investigation into the extent of the inaccuracies in data records and reporting, to include:

对数据记录和报告不准确的深度的全面调查，其中包括：

-    A detailed investigation protocol and methodology; a summary of all laboratories, manufacturing operations, and systems to be covered by the assessment; and a justification for any part of the operation that the regulated user proposes to exclude;

-    详细的调查方案和方法学；所有化验室、生产操作和评估所包括的系统的总结；受法规约束的用户要排除的所有操作；

-    Interviews of current and former employees to identify the nature, scope, and root cause of data inaccuracies. These interviews may be conducted by a qualified third party;

-    与现有和离职员工面谈，识别出数据不准确的情况、范围和根本原因。这些面谈可能由有资质的第三方实施；

-    An assessment of the extent of data integrity deficiencies at the facility. Identify omissions, alterations, deletions, record destruction, noncontemporaneous record completion, and other deficiencies;

-    对设施内数据完整性程度的评估。识别忽略、篡改、删除、记录销毁、不同步记录完整性和其它缺陷；

-    determination of the scope and extent and timeframe for the incident, with justification for the time-boundaries applied;

-    确定违规事件的范围和程度及时间段，以及对时间段认定的论证；

-    data, products, processes and specific batches implicated in any investigations;

-    在所有调查中涉及的数据、产品、工艺和特定批次；

-    A description of all parts of the operations in which data integrity lapses occur, additional consideration should be given to global corrective actions for multinational companies or those that operate across multiple differing sites;

-    描述所有发生数据完整性问题的操作部分，跨国公司和在多个不同地域运营的公司还要考虑全球性纠正措施；

-    A comprehensive retrospective evaluation of the nature of the testing and manufacturing data integrity deficiencies, and the potential root cause(s). The services of a qualified third-party consultant with specific expertise in the areas where potential breaches were identified may be necessary;

-    对检验和生产数据完整性缺陷的情况进行全面回顾评估，并找出可能的根本原因；如果识别出潜在的问题，可能需要使用擅长此领域的有资质的第三方顾问提供服务；

-    A risk assessment of the potential effects of the observed failures on the quality of the drugs involved. The assessment should include analyses of the risks to patients caused by the release of drugs affected by a lapse of data integrity, risks posed by ongoing operations, and any impact on the veracity of data submitted to regulatory agencies, including data relatedto product registration dossiers;

-    对所发现的失败对所涉及的药品质量的潜在影响进行风险评估。评估应包括放行受数据完整性问题影响的药品所引起的对患者的风险的分析，持续运营所具有的风险，以及对于提交给法规机构的数据的真实性的影响，包括与药品注册文件相关的数据。

12.1.1.2 Corrective and preventative actions taken to address the data integrity vulnerabilities and timeframe for implementation, and including:

所采取的解决数据完整性弱点的CAPA和实施的时间表，还要包括：

-        Interim measures describing the actions to protect patients and to ensure the quality of the medicinal products, such as notifying customers, recalling product, conducting additional testing, adding lots to the stability program to assure stability, drug application actions, and enhanced complaint monitoring.

-        临时措施，说明保护患者的措施以及确保药品质量的措施，例如，通知客户、召回药品、实施附加测试、增加稳定性试验计划的批次以保证稳定性、药品申报措施和加强投诉监管。

-        Long-term measures describing any remediation efforts and enhancements to procedures, processes, methods, controls, systems, management oversight, and human resources (e.g., training, staffing improvements) designed to ensure the data integrity.

-        长期措施，说明为确保数据完整性，所设计的对程序、工艺、方法、控制、系统、管理、监管和人力资源（例如，培训、员工提升）采取的所有弥补努力和加强措施，

12.1.2 Whenever possible, inspectorates should meet with senior representatives from the implicated companies to convey the nature of the deficiencies identified and seek written confirmation that the company commits to full disclosure of issues and their prompt resolution. A management strategy should be submitted to the regulatory authority that includes the details of the global corrective action and preventive action plan. The strategy should include:

检查组应尽可能会见牵涉其中的公司的高级管理代表，传达所发现的缺陷的情况，寻求公司出具书面承诺，保证全面公开问题并及时解决问题。应向法规当局提交管理策略，在其中包括全球CAPA计划的详细内容。策略应包括：

-        A detailed corrective action plan that describes how the regulated user intends to ensure the reliability and completeness of all of the data generated, including analytical data, manufacturing records, and all data submitted to the Competent Authority.

-        详细的纠正计划，其中描述受法规约束的用户如何力保所有产生的数据的可靠性和完整性，包括分析数据、生产记录和所有提交给药监当局的数据。

-        A comprehensive description of the root causes of your data integrity lapses, including evidence that the scope and depth of the current action plan is commensurate with the findings of the investigation and risk assessment. This must indicate if individuals responsible for data integrity lapses remain able to influence GMP/GDP-related or drug application data.

-        你们数据完整性问题根本原因的全面描述，包括证明当前所采取的措施计划的范围和深度与调查结果和风险评估结果相称的证据。它必须显示出对数据完整性问题承担责任的人员是否还有能力对GMP/GDP相关数据或药品申报数据产生影响。

12.1.3 Inspectorates should implement policies for the management of significant data integrity issues identified at inspection in order to manage and contain risks associated with the data integrity breach.

检查组应针对检查期间发现的重大数据完整性问题实施管理方针，以管理和控制与数据完整性受破坏而带来的风险。

12.2 Indicators of improvement 改进指标

12.2.1 An on-site inspection is required to verify the effectiveness of actions taken to address data integrity issues. Some indicators of improvement are:

要进行现场检查以核查所采取的解决数据完整性问题的措施的有效性。一些改进指标如：

12.2.1.1 Evidence of a thorough and open evaluation of the identified issue and timely implementation of effective corrective and preventative actions;

对所识别的问题进行彻底开放的评估，及时实施有效的CAPA。

12.2.1.2 Evidence of open communication of issues with clients and other regulators. Transparent communication should be maintained throughout the investigation and remediation stages. Regulators should be aware that further data integrity failures may be reported as a result of the detailed investigation. Any additional reaction to these notifications should be proportionate to public health risks, to encourage continued reporting;

与客户和其它法规管理人员公开沟通问题的证据。在调查和缺陷弥补阶段应维持透明的沟通。法规管理人员应明白在详细调查中可能会报告更多数据完整性失败。对这些通知所采用的额外行动应与公众健康风险成比例，以鼓励持续报告行为。

12.2.1.3 Evidence of communication of data integrity expectations across the organisation, incorporating processes for open reporting of potential issues and opportunities for improvement without repercussions;

组织内数据完整性要求沟通的证据，包括公开报告潜在问题和改进机会而不产生不良后果的流程，

12.2.1.4 The regulated user should ensure that an appropriate evaluation of the vulnerability of any sophisticated electronic systems to data manipulation takes place to ensure that follow-up actions have fully resolved all the violations, third party expertise may be required;

受法规约束的用户应确保对所有复杂电子系统的可能发生数据篡改的弱点进行适当的评估，确保跟踪措施能全面解决所有违规情况，可以利用第三方专家。

12.2.1.5 Implementation of data integrity policies in line with the principles of this guide;

实施数据完整性方针，符合本指南中的原则。

12.2.1.6 Implementation of routine data verification practices.

实施日常数据核查规范。

13 DEFINITIONS 定义

13.1 Archive 归档

Long term, permanent retention of completed data and relevant metadata in its final form for the purposes of reconstruction of the process or activity.

完整数据和相关元数据以其最终可以重新构建过程和活动的形式被长期永久保存。

13.2 Audit Trail 审计追踪

GMP/GDP audit trails are metadata that are a record of GMP/GDP critical information (for example the change or deletion of GMP/GDP relevant data), which permit the reconstruction of GMP/GDP activities.

GMP/GDP审计追踪是GMP/GDP关键信息（例如，GMP/GDP相关数据的修改和删除）记录的元数据，它使得可以重新构建GMP/GDP活动。

13.3 Back-up 备份

A copy of current (editable) data, metadata and system configuration settings (e.g. variable settings which relate to an analytical run) maintained for the purpose of disaster recovery.

现行（可编辑）数据、元数据和系统参数设置（例如，与分析运行有关的可变设置）为保证灾难后恢复而保存的副本。

13.4 Data 数据

Facts, figures and statistics collected together for reference or analysis.

所收集用于参考或分析的事实、数值和统计结果。

13.5 Data Governanace 数据管理

The sum total of arrangements to ensure that data, irrespective of the format in which it is generated, is recorded, processed, retained and used to ensure a complete, consistent and accurate record throughout the data lifecycle.

保证数据（不管其格式如何、如何生成）的记录、处理、保存和使用过程的一系列安排的总和，用以确保整个数据生命周期中其完整性、一致性和准确性。

13.6 Data Integrity 数据完整性

The extent to which all data are complete, consistent and accurate throughout the data lifecycle.

所有数据在其生命周期内的完整、一致和准确程度。

13.7 Data Lifecycle 数据生命周期

All phases in the life of the data (including raw data) from initial generation and recording through processing (including transformation or migration), use, data retention, archive / retrieval and destruction.

数据（包括原始数据）生命中所有阶段，从最初产生和记录到处理（包括转化或迁移）、使用、数据保存、归档、恢复和销毁。

13.8 Exception report 异常报告

A validated search tool that identifies and documents predetermined ‘abnormal’ data or actions, which requires further attention or investigation by the data reviewer.

一个经过验证的搜索工具，它识别并记录预定为“异常”的数据或行为，需要数据审核员更多关注或进一步调查。

13.9 Flat file 平面文件

A ‘flat file’ is an individual record which may not carry any additional metadata with it, other than that which is included in the file itself.

“平面文件”指除了文件本身包括的内容外，不带有任何额外元数据的单个记录。

13.10 Meta-data 元数据

data that describe the attributes of other data, and provide context and meaning.

描述其它数据属性，提供环境和含义的数据。

14 REVISION HISTORY 修订历史 

[1] This draft guidance has not been published yet. 该指南草案尚未发布

本文来源：https://www.2haoxitong.net/k/doc/563fbcb4df80d4d8d15abe23482fb4daa48d1d74.html