QC-數(shù)據(jù)完整性風險分析_ISPE-meeting_final課件

1、實驗室數(shù)據(jù)完整性風險評估Regulation 法規(guī)要求作為風險管理系統(tǒng)的一部分，應根據(jù)合理的并有文件記錄的計算機系統(tǒng) 風險評估來決定驗證的范圍和數(shù)據(jù)完整性的控制手段。Regulation 法規(guī)要求MHRA Data Integrity Definitions and Expectations, Revision 1.1 March 2015The data governance system should be integral to the pharmaceutical quality system described in EU GMP chapter 1. The effort and

2、resource assigned to data governance should be commensurate with the risk to product quality, and should also be balanced with other quality assurance resource demands. As such, manufacturers and analytical laboratories are not expected to implement a forensic approach to data checking on a routine

3、basis, but instead design and operate a system which provides an acceptable state of control based on the data integrity risk, and which is fully documented with supporting rationale.數(shù)據(jù)管理體系應該與歐盟EU GMP第一章所述的質量體系相結合。投入到數(shù)據(jù)管理的精力和資源應 與其產品的風險等級相對應，同時還應該權衡其他質量保證工作的資源需求。因此, 生產者和分析 實驗室并不是要刻板地進行常規(guī)的數(shù)據(jù)核對，而是要設計出

4、并運行一套管理體系，來控制數(shù)據(jù)完整 性的風險，而且詳細記錄這個體系合理性的支持依據(jù)。Risk Management & Risk AssessmentPlanning & CriteriaID Hazardous Situations Impact/ likelihood/detectable Compare to CriteriaReduce OccurrenceBenefit vs. RiskDocument & ApproveUpdate as Needed風險管理與風險評估計劃并預設可接受標準進識別危害嚴重程度/可能性/可檢測性 與可接受的風險相比及時更新減少風險發(fā)生風險和收益的均衡記

5、錄并批準No software 無軟件Simple Software 簡單軟件Complex Software 復雜的軟件固件(FirmWare)單機版設備網(wǎng)絡版軟件pH 計紫外分光光度計液相色譜-質譜聯(lián)用LIMS天平紅外光譜儀HPLC系統(tǒng)（網(wǎng)絡版）實驗室調查系統(tǒng)SAP系統(tǒng)熔點儀TLC系統(tǒng)紅外光譜儀（網(wǎng)絡版）CAPA系統(tǒng)ERP系統(tǒng)沸點儀原子吸收光譜儀(卡爾費休)滴定儀HPLC系統(tǒng)（單機版）紫外分光光度計（網(wǎng)絡版）QC Data Sources 實驗室數(shù)據(jù)來源簡單復雜人工觀測后進行的紙質記錄，從簡單的設備直至復雜的高度配置的計算機系統(tǒng)產生的圖譜和數(shù)據(jù)；數(shù)據(jù)完整性的內在 風險也因此有所不同，這取決

6、于數(shù)據(jù)（或系統(tǒng)生成的或使用的數(shù)據(jù)）的可配置的程度及 由此而被造假的可能性程度Risk identification 風險識別Does the data has a quality impact in that it affects product quality, safety or compliance with authority GXP regulations?數(shù)據(jù)是否影響到產品質量和安全，或者與任何一個法規(guī)相關？Non-GxP or Low Risk Requirements are typically then marked NA and think it is low risk d

7、ata or data process.如果和任何一個GXP法規(guī)都無關，或者是低風險等級的法規(guī)要求，可以標注不適用，認為 該數(shù)據(jù)或者處理數(shù)據(jù)的過程為低風險;Risk identification 風險識別所有數(shù)據(jù)必須滿足ALCOA+要求AAttributable歸屬性（可追溯的）LLegible可辨性 （清晰可讀的）CContemporaneous (=same time)同時期（及時性）OOriginal原始性 （原始的）AAccurate準確性ALCOA+Enduring持久按數(shù)據(jù)類型保存期限，在數(shù)據(jù)整個生命周期保存 可檢索數(shù)據(jù)Complete完整包含所有數(shù)據(jù)Available可用數(shù)據(jù)便于

8、隨時訪問Consistent一致數(shù)據(jù)兼容，無變動和沖突Risk identification 風險識別a Failure Mode and Effects Analysis (FMEA) technique can be used to identify and record the GAP/Risk from: 通常用FMEA來識別并記錄差距/ 風險可采用其它輔助工具識別風險：頭腦風暴法 (Brainstorming)魚骨圖 (Fishbone diagram)流程圖（Process flow charts）核查表（Checklist）思考點：紙質、電子或混合系統(tǒng)靜態(tài)數(shù)據(jù)或動態(tài)數(shù)據(jù)人工與電子

9、原始數(shù)據(jù)Risk Analysis 風險分析風險識別后，對FMEA清單中的所有風險因素進行風險分析，并對每一項風險因素 的得分與預先在FMEA方法中設定的風險可接受限度相比較，思考 ALCOA+要求考慮數(shù)據(jù)完整性的關鍵組成部分：良好文檔規(guī)范數(shù)據(jù)審核檢查有效驗證電子系統(tǒng)賬戶管理和安全數(shù)據(jù)保存：存儲、備份和歸檔系統(tǒng)設計7. Risk Analysis 風險分析Risk Evaluation 風險評價CategoryDescriptionAttributable 可追溯Who performed an action and when. If a record is changed who did i

10、t and why. It should be clear whocreated a record and when. Likewise, it should be clear as to who amended a record, when, and why.何時由誰產生的數(shù)據(jù)，如果改變數(shù)據(jù)，誰更改的，為什么；能明確找到記錄的時間和由誰生成的。 同樣，能清晰的追溯誰更改了數(shù)據(jù)，什么時間更改的，為什么更改。Legible 清晰可讀Data must be recorded permanently in a lasting form and easily readable.數(shù)據(jù)應記錄永久記錄在一

11、個專用表格中并易于讀取。Contemporaneous 及時性The data must be record at the time the work is performed and data/time stamps should follow in order.操作后應及時記錄，數(shù)據(jù)應按時間順序記錄This means the evidence or test results are recorded as they are observed, therefore allowing reconstruction of the events around the data 這要求證據(jù)或者檢驗

12、結果就應該與事實一致，可以根據(jù) 數(shù)據(jù)重現(xiàn)當時的情況Original 原始的The recorded information must be the original data or a certified true copy. Data should not betranscribed from one source to another without justification and control certification processes in place.記錄的信息必須是原始數(shù)據(jù)或者一個正確的副本。除非有正當理由并有受控的過程證明，數(shù)據(jù)不可以從一個原始地方轉錄到另一個。Accu

13、rate 精確的No errors or editing performed without documented amendments.The information recorded is correct. 數(shù)據(jù)沒有錯誤，或者書面記錄更正的情況后才能修改Risk Evaluation 風險評價Impact 影響LevelCriticality 嚴重性10Failure affects safety and involves major non-complicance with government regulationsuch as performance, reliability嚴重影響

14、到產品的安全性和法規(guī)符合性；如功效，可靠性extremely serious impact on the analysis process or product quality attributes;嚴重影響分析過程和質量屬性；100% of product will be discarded based on wrong results;錯誤的結果將導致所有產品的報廢extremly serious impact on patient safety or on the toxicity assessment of the material .嚴重的影響病人的安全或物料的毒理評估98Very

15、high degree of patient dissatisfaction and will probably result in patient complaint.極高程度的引起病人的不滿及可能造成病人的投訴major impact on the analysis process or product quality attributes;主要影響分析過程和質量屬性；unnecessary reprocessing based on wrong results, portion of the product may have to be scrapped;錯誤的結果導致額外的再處理過程，

16、或部分產品報廢potential impact on patient safety or on the toxicity assessment of the material.潛在影響病人的安全或物料的毒理評估76Failure causes some dissatisfaction. Patient is made uncomfortable or is annoyed by the failure可能引起一些不滿，病人會感到不舒服或惱火low impact on the analysis process or product quality attributes;較低的影響分析過程和質量屬

17、性potential reprocessing based on wrong results, portion of the product may have to be scrapped;錯誤的結果會導致潛在的再處理過程，或可能導致部分產品報廢no impact on patient safety or on the toxicity assessement of the material.不影響病人的安全或物料的毒理評估543Failure causes only a slight patient annoyance.進會造成病患的細微的不滿。minor impact on the ana

18、lysis process or product quality attributes;輕微的影響分析過程或產品質量屬性effect of offset results is easily to overcome;結果的偏移是很容易克服的no impact on patient safety or on the toxicity assessement of the material.不影響病人的安全或物料的毒理評估21Minimal effect 最小限度的影響absolutely no impact on the analysis process, product quality attr

19、ibutes;絕對不影響分析過程或產品質量屬性absolutely no impact on patient safety or on the toxicity assessment of the material.絕對不影響病人的安全或物料的毒理評估Probability可能性LevelProbability 可能性10More than once per day 每天多余1次9One every 3-4 days 每3-4天1次8Once per week 每周1次7Once per month 每月1次6Once every 3 months 每3個月1次5Once every 6 mo

20、nths 每6個月1次4Once per year 每年1次3Once every 1-3 years 每1-3年1次2Once every 3-6 years 每3-6年1次1Once every 6-100 years 每6-100年一次Detectability可檢出性LevelDetectability 可檢出性100% likelihood that the potential failure will be detected or prevented before the product is released to the market, 0%發(fā)現(xiàn)缺陷的可能性，及失敗模式缺陷不能

21、被檢測或在上市前阻止9825% likelihood 25%發(fā)現(xiàn)缺陷的可能性7650% likelihood 50%發(fā)現(xiàn)缺陷的可能性5475% likelihood 75%發(fā)現(xiàn)缺陷的可能性3290% likelihood 90%發(fā)現(xiàn)缺陷的可能性1100% likelihood 100%發(fā)現(xiàn)缺陷的可能性Risk Priority Number(RPN) 風險系數(shù)RPN value風險系數(shù)Description描述Corrective actions改進措施0-70Tolerable可接受的No corrective action is required but may be still inst

22、alled, if defined and feasible.不要求有改進措施，但如果有可執(zhí)行的改進措施，那么就去執(zhí)行。71 299ALARP range 安全風險處在最 低合理可行狀態(tài)Corrective actions should be defined, if any are possible.If no corrective actions are possible in this range the remaining risk needs to be justified.如果可能，需要制定改進措施。在此階段內沒有制定改進措施的情況下，需要對殘存的風險進行合 理的評估300 1000

23、Intolerable不可接受Corrective actions have to be defined to bring the RPN down to at least the ALARP range.If no corrective actions are possible or the RPN remains in this region the product/method of this particular design should not be used.必須要制定改進措施來降低風險系數(shù)，最起碼要打到ALARP的要求。 如果不能制定改進措施或風險系數(shù)依舊存在，那么請停用與此相

24、關 的設計或流程。Data lifecycle 數(shù)據(jù)的生命周期Do we review source data是否審核源數(shù)據(jù)Do we review reprocessing events 是否 會注意重新處理的情況How do we manage failures 如何管理失誤Objective reporting客觀報告Transparency in failures失誤的透明化管理Tracking and trending failure追蹤并分析失誤的 趨勢How do we process our data如何處理數(shù)據(jù)的How do we identity data handing

25、failures 如何識別 數(shù)據(jù)處理失誤The Design of the analytical process and how data is collected 設計分析過程和數(shù)據(jù)采 集方案What is the process of data/metadata transfer 數(shù)據(jù)的傳送過程Data Collection數(shù)據(jù)采集Data Processing數(shù)據(jù)處理Data Reviewing 數(shù)據(jù)審核Data Reporting 完成報告Data Archive 數(shù)據(jù)保留Checklist example核查表舉例ReferenceCommentItem1.11.1 Laborato

26、ry Systems: Quality Control實驗室系統(tǒng)：質量控制1.1List existing laboratory equipment. Respond to each question for each unit. Units maybe bundled where appropriate.羅列所有實驗室的儀器。并為每個儀器回答每一個問題， 如適用，可以將多個儀器合并起來回答。1.1Is this unit linked to an electronic lab management system (Yes/No) Describe用YES或No來描述每個儀器是否與電子實驗室管

27、理系統(tǒng)相關聯(lián)？1.1Is the unit part 11 compliant?該儀器是否遵循Part 11？1.1How was this determined? Describe why this conclusion was made?怎樣判定的？ 是否描述了為什么做這樣的決定？1.1Are there audit trails for all? Yes/No, describe.是否有所有的歷史記錄？ 用Yes或者No來回答1.1If yes, are audit trails periodically reviewed? Describe what is done.如果Yes， 那么

28、歷史記錄是否進行了周期性復核？ 描述做了什么1.1Is raw data contained with the analytical record and subject to review as part of therelease process原始數(shù)據(jù)是否包含在分析記錄中， 是否是放行過程中復核的對象？1.1Does each of these have a related log book? Yes/No. Is the logbook audited or verifiedeither periodically or as a routine? If so, please descr

29、ibe what is done.用Yes或者No來說明是否這些都有相應的記錄日志？這些記錄日志是否被周期性 地或者規(guī)律性地審查或者確認？ 如果是，請描述做了什么？1.1Confirm all units have been qualified, operating under GMP.確認所有儀器都經過了確認，并且按照GMP要求來操作。Checklist example核查表舉例1.11.1 Laboratory Systems: Quality Control實驗室系統(tǒng)：質量控制1.11QA Unit: QA部門1.11Is QA involved in QC?QA 是否參與到QC中？1.

30、11What is the role of the QA unit?QA人員是什么樣的角色？1.11Is QA a defined and independent review and approval function?QA是否是擁有規(guī)定的和獨立的復核和批準功能？1.11Describe this process and the standards used for review/approval of documents and go-live process for equipment utilization.描述文件復核/批準的過程與標準，以及儀器設施啟用的流程1.11Is QA ma

31、de aware of changes to data, invalidated data, laboratory investigations? Bespecific with as to what is notified to QA and what they are obligated to take, if any. QA是否能夠察覺到數(shù)據(jù)改變，無效數(shù)據(jù)，實驗室調查? 如果有任何上述問題， 應具體到哪些通知到QA，他們中誰有職責去做的這些？Describe process and attach relevantprocedure documents1.111.11Describe in

32、stances where raw data is not maintained or reviewed舉例說明哪些原始數(shù)據(jù)沒有被維護或者復核Discuss1.11Describe conditions under which data can be altered, updated, changed, etc.描述在哪些情況下，數(shù)據(jù)能夠被篩選，被更新，被改變等Discuss and attach procedure1.11Indicate the number of stability chambers that exist. Confirm that each are qualified

33、andthat alarm conditions exist. Describe what happens in the case of excursions? How is the raw monitoring data collected? Is it available for audit?指明存在的穩(wěn)定性箱體的數(shù)量。 證實每一個都經過了確認和存在報警系統(tǒng)。 描述超限案例的處置。原始監(jiān)控數(shù)據(jù)如何被收集？ 是否有歷史記錄？DiscussChecklist example核查表舉例ReferenceCommentItem1.11.1 Laboratory Systems: Quality C

34、ontrol實驗室系統(tǒng)：質量控制1.12Document management文件管理1.12Availability of Procedures and General Controls:流程和基本控制的有效性：Please describe existing processesand attach relevant procedure1.12Are the relevant SOPs in place for data handling, management, record retention andgood documentation practices?關于數(shù)據(jù)處理，管理，記錄存檔和

35、良好的文檔規(guī)范的SOPs應準備就緒。1.12For raw data mgt: are printouts kept for all non computerized or hybrid systems (e.g.balances etc)? Are these automatically time- and date-stamped?對于原始數(shù)據(jù)的管理：是否所有非計算機化或單一系統(tǒng)的打印條都被保存（如天 平）？這些是否被自動的打印出時間和日期？1.12Are equipment and system inventories available and kept current?所有儀器和系統(tǒng)

36、的列表是可獲得的，并且被保存至今1.12Is validation documentation up to current standards and involve both periodic and eventbased evaluation?驗證文件是否滿足最新的標準的要求，并包含周期性評估或基于事件的評估？1.12Do formal operational processes exit for以下管理是否存在正式的操作流程：1.12Data management?數(shù)據(jù)管理1.12Incident management?事件管理1.12Change management?變更管理1.12

37、User account management?用戶賬號管理1.12Calibration management?校準管理Checklist example核查表舉例ReferenceCommentItem1.11.1 Laboratory Systems: Quality Control實驗室系統(tǒng)：質量控制1.13E-compliance 電子合規(guī)1.13Is ERES (Part11 Electronic records, Electronic Signatures and Audit trails), handledand appropriately managed at the loc

38、al, operational and equipment level?電子記錄和電子報告是否按照本地水平，操作水平和儀器水平來進行處理和適當 的管理？Describe procedures and attach.1.13Is the retirement of computerized systems/equipment defined?計算機化系統(tǒng)或儀器是否制定了退役流程？Describe and attach proceduredocument1.14User Accounts: 用戶賬戶：Describe and provide proceduredocuments1.14Are passwords controlled and access rights reviewed periodically? Describe process formaintenance of