QC-数据完整性风险分析-ISPE-meeting-final课件.pptx

1、实验室数据完整性风险评估实验室数据完整性风险评估Regulation 法规要求作为风险管理系统的一部分，应根据合理的并有文件记录的计算机系统 风险评估来决定验证的范围和数据完整性的控制手段。Regulation 法规要求MHRA Data Integrity Definitions and Expectations,Revision 1.1 March 2015The data governance system should be integral to the pharmaceutical quality system described in EU GMP chapter 1.The e

2、ffort and resource assigned to data governance should be commensurate with the risk to product quality,and should also be balanced with other quality assurance resource demands.As such,manufacturers and analytical laboratories are not expected to implement a forensic approach to data checking on a r

3、outine basis,but instead design and operate a system which provides an acceptable state of control based on the data integrity risk,and which is fully documented with supporting rationale.数据管理体系应该与欧盟EU GMP第一章所述的质量体系相结合。投入到数据管理的精力和资源应 与其产品的风险等级相对应，同时还应该权衡其他质量保证工作的资源需求。因此,生产者和分析 实验室并不是要刻板地进行常规的数据核对，而是

4、要设计出并运行一套管理体系，来控制数据完整 性的风险，而且详细记录这个体系合理性的支持依据。Risk Management&Risk AssessmentPlanning&CriteriaID Hazardous Situations Impact/likelihood/detectable Compare to CriteriaReduce OccurrenceBenefit vs.RiskDocument&ApproveUpdate as Needed风险管理与风险评估计划并预设可接受标准进识别危害严重程度/可能性/可检测性 与可接受的风险相比及时更新减少风险发生风险和收益的均衡记录并批准

5、NoNo software software 无软件无软件SimpleSimple Software Software 简单简单软件软件ComplexComplex Software Software 复杂复杂的软件的软件固件固件(FirmWare)(FirmWare)单机单机版设备版设备网络网络版软件版软件pH 计紫外分光光度计液相色谱-质谱联用LIMS天平红外光谱仪HPLC系统（网络版）实验室调查系统SAP系统熔点仪TLC系统红外光谱仪（网络版）CAPA系统ERP系统沸点仪原子吸收光谱仪(卡尔费休)滴定仪HPLC系统（单机版）紫外分光光度计（网络版）QC Data Sources 实验室数

6、据来源简单简单复杂复杂 人工观测后进行的纸质记录，从简单的设备直至复杂的高度配置的计算机系统产生的图谱和数据；数据完整性的内在 风险也因此有所不同，这取决于数据（或系统生成的或使用的数据）的可配置的程度及 由此而被造假的可能性程度Risk identification 风险识别Does the data has a quality impact in that it affects product quality,safety or compliance with authority GXP regulations?数据是否影响到产品质量和安全，或者与任何一个法规相关？Non-GxP or L

7、ow Risk Requirements are typically then marked NA and think it is low risk data or data process.如果和任何一个GXP法规都无关，或者是低风险等级的法规要求，可以标注不适用，认为 该数据或者处理数据的过程为低风险;Risk identification 风险识别所有数据必须满所有数据必须满足足ALCOA+要求要求AAttributable归属性（可追溯的）归属性（可追溯的）LLegible可辨可辨性性 （清晰可读的）（清晰可读的）CContemporaneous(=same time)同时期（及时性）

8、同时期（及时性）OOriginal原始原始性性 （原始的）（原始的）AAccurate准确性准确性ALCOA+Enduring持久持久按数按数据类据类型型保存保存期期限，限，在在数据数据整整个生个生命命周期周期保保存存 可可检检索数据索数据Complete完整完整包含所有数据Available可用可用数据便于随时访问Consistent一致一致数据兼容，无变动和冲突Risk identification 风险识别a Failure Mode and Effects Analysis(FMEA)technique can be used to identify and record the GA

9、P/Risk from:通常用FMEA来识别并记录差距/风险可采用其它辅助工具识别风险：头脑风暴法(Brainstorming)鱼骨图(Fishbone diagram)流程图（Process flow charts）核查表（Checklist）思考点：纸质、电子或混合系统 静态数据或动态数据人工与电子原始数据Risk Analysis 风险分析风险识别后，对FMEAFMEA清单中的所有风险因素进行风险分析，并对每一项风险因素 的得分与预先在FMEAFMEA方法中设定的风险可接受限度相比较，思思考考 ALCOA+要求要求 考虑数据完整性的关键组成部分：考虑数据完整性的关键组成部分：1.良好文档

10、规范2.数据审核检查3.有效验证4.电子系统账户管理和安全5.数据保存：存储、备份和归档6.系统设计7.Risk Analysis 风险分析Risk Evaluation 风险评价CategoryDescriptionAttributable 可追溯Who performed an action and when.If a record is changed who did it and why.It should be clear whocreated a record and when.Likewise,it should be clear as to who amended a reco

11、rd,when,and why.何时由谁产生的数据，如果改变数据，谁更改的，为什么；能明确找到记录的时间和由谁生成的。同样，能清晰的追溯谁更改了数据，什么时间更改的，为什么更改。Legible 清晰可读Data must be recorded permanently in a lasting form and easily readable.数据应记录永久记录在一个专用表格中并易于读取。Contemporaneous 及时性The data must be record at the time the work is performed and data/time stamps should

12、 follow in order.操作后应及时记录，数据应按时间顺序记录This means the evidence or test results are recorded as they are observed,therefore allowing reconstruction of the events around the data 这要求证据或者检验结果就应该与事实一致，可以根据 数据重现当时的情况Original 原始的The recorded information must be the original data or a certified true copy.Data

13、 should not betranscribed from one source to another without justification and control certification processes in place.记录的信息必须是原始数据或者一个正确的副本。除非有正当理由并有受控的过程证明，数据不可以从一个原始地方转录到另一个。Accurate 精确的No errors or editing performed without documented amendments.The information recorded is correct.数据没有错误，或者书面记录

14、更正的情况后才能修改Risk Evaluation 风险评价Impact 影响L e v e lC r i t i c a l i t y 严重性严重性1 0F a i l u r e a f f e c t s s a f e t y a n d i n v o l v e s m a j o r n o n-c o m p l i c a n c e w i t h g o v e r n m e n t r e g u l a t i o ns u c h a s p e r f o r m a n c e,r e l i a b i l i t y严重影响到产品的安全性和法规符合性；如

15、功效，可靠性*e x t r e m e l y s e r i o u s i m p a c t o n t h e a n a l y s i s p r o c e s s o r p r o d u c t q u a l i t y a t t r i b u t e s;严重影响分析过程和质量属性；*1 0 0%o f p r o d u c t w i l l b e d i s c a r d e d b a s e d o n w r o n g r e s u l t s;错误的结果将导致所有产品的报废*e x t r e m l y s e r i o u s i m

16、p a c t o n p a t i e n t s a f e t y o r o n t h e t o x i c i t y a s s e s s m e n t o f t h e m a t e r i a l .严重的影响病人的安全或物料的毒理评估98V e r y h i g h d e g r e e o f p a t i e n t d i s s a t i s f a c t i o n a n d w i l l p r o b a b l y r e s u l t i n p a t i e n t c o m p l a i n t.极高程度的引起病人的不

17、满及可能造成病人的投诉*m a j o r i m p a c t o n t h e a n a l y s i s p r o c e s s o r p r o d u c t q u a l i t y a t t r i b u t e s;主要影响分析过程和质量属性；*u n n e c e s s a r y r e p r o c e s s i n g b a s e d o n w r o n g r e s u l t s,p o r t i o n o f t h e p r o d u c t m a y h a v e t o b e s c r a p p e d

18、;错误的结果导致额外的再处理过程，或部分产品报废*p o t e n t i a l i m p a c t o n p a t i e n t s a f e t y o r o n t h e t o x i c i t y a s s e s s m e n t o f t h e m a t e r i a l.潜在影响病人的安全或物料的毒理评估76F a i l u r e c a u s e s s o m e d i s s a t i s f a c t i o n.P a t i e n t i s m a d e u n c o m f o r t a b l e o r

19、i s a n n o y e d b y t h e f a i l u r e可能引起一些不满，病人会感到不舒服或恼火*l o w i m p a c t o n t h e a n a l y s i s p r o c e s s o r p r o d u c t q u a l i t y a t t r i b u t e s;较低的影响分析过程和质量属性*p o t e n t i a l r e p r o c e s s i n g b a s e d o n w r o n g r e s u l t s,p o r t i o n o f t h e p r o d u

20、 c t m a y h a v e t o b e s c r a p p e d;错误的结果会导致潜在的再处理过程，或可能导致部分产品报废*n o i m p a c t o n p a t i e n t s a f e t y o r o n t h e t o x i c i t y a s s e s s e m e n t o f t h e m a t e r i a l.不影响病人的安全或物料的毒理评估543F a i l u r e c a u s e s o n l y a s l i g h t p a t i e n t a n n o y a n c e.进会造成病

21、患的细微的不满。*m i n o r i m p a c t o n t h e a n a l y s i s p r o c e s s o r p r o d u c t q u a l i t y a t t r i b u t e s;轻微的影响分析过程或产品质量属性*e f f e c t o f o f f s e t r e s u l t s i s e a s i l y t o o v e r c o m e;结果的偏移是很容易克服的*n o i m p a c t o n p a t i e n t s a f e t y o r o n t h e t o x i c

22、 i t y a s s e s s e m e n t o f t h e m a t e r i a l.不影响病人的安全或物料的毒理评估21M i n i m a l e f f e c t 最小限度的影响*a b s o l u t e l y n o i m p a c t o n t h e a n a l y s i s p r o c e s s,p r o d u c t q u a l i t y a t t r i b u t e s;绝对不影响分析过程或产品质量属性*a b s o l u t e l y n o i m p a c t o n p a t i e n

23、t s a f e t y o r o n t h e t o x i c i t y a s s e s s m e n t o f t h e m a t e r i a l.绝对不影响病人的安全或物料的毒理评估Probability可能性LevelProbability 可能性10More than once per day 每天多余1次9One every 3-4 days 每3-4天1次8Once per week 每周1次7Once per month 每月1次6Once every 3 months 每3个月1次5Once every 6 months 每6个月1次4Once p

24、er year 每年1次3Once every 1-3 years 每1-3年1次2Once every 3-6 years 每3-6年1次1Once every 6-100 years 每6-100年一次Detectability可检出性LevelDetectability 可检出性100%likelihood that the potential failure will be detected or prevented before the product is released to the market,0%发现缺陷的可能性，及失败模式缺陷不能被检测或在上市前阻止9825%likel

25、ihood 25%发现缺陷的可能性7650%likelihood 50%发现缺陷的可能性5475%likelihood 75%发现缺陷的可能性3290%likelihood 90%发现缺陷的可能性1100%likelihood 100%发现缺陷的可能性Risk Priority Number(RPN)风险系数RPN value风风险险系数系数Description描述描述Corrective actions改改进进措施措施0-70Tolerable可接受的No corrective action is required but may be still installed,if defined

26、 and feasible.不要求有改进措施，但如果有可执行的改进措施，那么就去执行。71 299ALARP range 安全风险处在最 低合理可行状态Corrective actions should be defined,if any are possible.If no corrective actions are possible in this range the remaining risk needs to be justified.如果可能，需要制定改进措施。在此阶段内没有制定改进措施的情况下，需要对残存的风险进行合 理的评估300 1000Intolerable不可接受Cor

27、rective actions have to be defined to bring the RPN down to at least the ALARP range.If no corrective actions are possible or the RPN remains in this region the product/method of this particular design should not be used.必须要制定改进措施来降低风险系数，最起码要打到ALARP的要求。如果不能制定改进措施或风险系数依旧存在，那么请停用与此相关 的设计或流程。Data lifec

28、ycle 数据的生命周期Do we review source data是否审核源数据Do we review reprocessing events 是否 会注意重新处理的情况How do we manage failures 如何管理失误Objective reporting客观报告Transparency in failures失误的透明化管理Tracking and trending failure追踪并分析失误的 趋势How do we process our data如何处理数据的How do we identity data handing failures 如何识别 数据处理失

29、误The Design of the analytical process and how data is collected 设计分析过程和数据采 集方案What is the process of data/metadata transfer 数据的传送过程Data Collection数据采集Data Processing数据处理Data Reviewing 数据审核Data Reporting 完成报告Data Archive 数据保留Checklist example核查表举例ReferenceCommentItem1.11.1 Laboratory Systems:Quality

30、Control实验室系统：质量控制1.1List existing laboratory equipment.Respond to each question for each unit.Units maybe bundled where appropriate.罗列所有实验室的仪器。并为每个仪器回答每一个问题，如适用，可以将多个仪器合并起来回答。1.1Is this unit linked to an electronic lab management system(Yes/No)Describe用YES或No来描述每个仪器是否与电子实验室管理系统相关联？1.1Is the unit par

31、t 11 compliant?该仪器是否遵循Part 11？1.1How was this determined?Describe why this conclusion was made?怎样判定的？是否描述了为什么做这样的决定？1.1Are there audit trails for all?Yes/No,describe.是否有所有的历史记录？用Yes或者No来回答1.1If yes,are audit trails periodically reviewed?Describe what is done.如果Yes，那么历史记录是否进行了周期性复核？描述做了什么1.1Is raw da

32、ta contained with the analytical record and subject to review as part of therelease process原始数据是否包含在分析记录中，是否是放行过程中复核的对象？1.1Does each of these have a related log book?Yes/No.Is the logbook audited or verifiedeither periodically or as a routine?If so,please describe what is done.用Yes或者No来说明是否这些都有相应的记录

33、日志？这些记录日志是否被周期性 地或者规律性地审查或者确认？如果是，请描述做了什么？1.1Confirm all units have been qualified,operating under GMP.确认所有仪器都经过了确认，并且按照GMP要求来操作。Checklist example核查表举例1.11.1 Laboratory Systems:Quality Control实验室系统：质量控制1.11QA Unit:QA部门部门1.11Is QA involved in QC?QA 是否参与到QC中？1.11What is the role of the QA unit?QA人员是什么

34、样的角色？1.11Is QA a defined and independent review and approval function?QA是否是拥有规定的和独立的复核和批准功能？1.11Describe this process and the standards used for review/approval of documents and go-live process for equipment utilization.描述文件复核/批准的过程与标准，以及仪器设施启用的流程1.11Is QA made aware of changes to data,invalidated d

35、ata,laboratory investigations?Bespecific with as to what is notified to QA and what they are obligated to take,if any.QA是否能够察觉到数据改变，无效数据，实验室调查?如果有任何上述问题，应具体到哪些通知到QA，他们中谁有职责去做的这些？Describe process and attach relevantprocedure documents1.111.11Describe instances where raw data is not maintained or revi

36、ewed举例说明哪些原始数据没有被维护或者复核Discuss1.11Describe conditions under which data can be altered,updated,changed,etc.描述在哪些情况下，数据能够被筛选，被更新，被改变等Discuss and attach procedure1.11Indicate the number of stability chambers that exist.Confirm that each are qualified andthat alarm conditions exist.Describe what happens

37、 in the case of excursions?How is the raw monitoring data collected?Is it available for audit?指明存在的稳定性箱体的数量。证实每一个都经过了确认和存在报警系统。描述超限案例的处置。原始监控数据如何被收集？是否有历史记录？DiscussChecklist example核查表举例ReferenceCommentItem1.11.1 Laboratory Systems:Quality Control实验室系统：质量控制1.12 Document management文件管理文件管理1.12Availab

38、ility of Procedures and General Controls:流程和基本控制的有效性：Please describe existing processesand attach relevant procedure1.12Are the relevant SOPs in place for data handling,management,record retention andgood documentation practices?关于数据处理，管理，记录存档和良好的文档规范的SOPs应准备就绪。1.12For raw data mgt:are printouts kep

39、t for all non computerized or hybrid systems(e.g.balances etc)?Are these automatically time-and date-stamped?对于原始数据的管理：是否所有非计算机化或单一系统的打印条都被保存（如天 平）？这些是否被自动的打印出时间和日期？1.12Are equipment and system inventories available and kept current?所有仪器和系统的列表是可获得的，并且被保存至今1.12Is validation documentation up to curren

40、t standards and involve both periodic and eventbased evaluation?验证文件是否满足最新的标准的要求，并包含周期性评估或基于事件的评估？1.12Do formal operational processes exit for以下管理是否存在正式的操作流程：1.12Data management?数据管理1.12Incident management?事件管理1.12Change management?变更管理1.12User account management?用户账号管理1.12Calibration management?校准管

41、理Checklist example核查表举例ReferenceCommentItem1.11.1 Laboratory Systems:Quality Control实验室系统：质量控制1.13E-compliance 电子合规电子合规1.13Is ERES(Part11 Electronic records,Electronic Signatures and Audit trails),handledand appropriately managed at the local,operational and equipment level?电子记录和电子报告是否按照本地水平，操作水平和仪器

42、水平来进行处理和适当 的管理？Describe procedures and attach.1.13Is the retirement of computerized systems/equipment defined?计算机化系统或仪器是否制定了退役流程？Describe and attach proceduredocument1.14User Accounts:用户账户：用户账户：Describe and provide proceduredocuments1.14Are passwords controlled and access rights reviewed periodicall

43、y?Describe process formaintenance of controls.For example:密码是否是受控的，权限是否周期性复核？描述控制的维护流程。例如：1.14Are the activation of user accounts and changes are approved by line manager anddocumented accordingly?用户账户的激活与变更是否由直线经理批准并做相应记录。1.14Are user accounts personalized in the respective applications accordingly

44、?在每个独立的应用中，用户账户被相应地单独设立的1.14Is Administrator access restricted according to its business function?根据商业功能，是否管理员权限被严格限制？1.14Are Administrator accounts limited to operational tasks only by exception?管理员账户是否例外地被限制去执行日常任务？1.14Are system administrators(able to generate,change or even delete data)in the la

45、b whohave additional operational functions in data review?If yes,is the review process as well as data handling adequately defined in procedures?系统管理员是否有能力产生、变更、或甚至删除数据，是否在数据复核中有额外 的操作功能，是否是受实验室管理？如果是，数据的复核和处理流程应恰当地定 义在程序中。1.14Are periodic reviews conducted to ensure appropriate user access?是否执行周期性复

46、核来确认用户访问权限的适用性？1.14Is sufficient training conducted for employees before activation?Describe proceduresused受雇者在授权前是否接受了充分的培训？描述使用的流程。Next steprisk controlReduce OccurrenceBenefit vs.RiskDocument&ApproveUpdate as NeededPlanning&CriteriaID Hazardous Situations Impact/likelihood/detectable Compare to CriteriaNext steprisk control 下一步风险控制进行计划并预设可接受标准识别危害严重程度/可能性/可检测性 与可接受的风险相比减少风险发生风险和收益的均衡及时更新记录并批准