7月7日，欧盟委员会和PIC/S均发布了新的GMP修订：包括正文第4章《文件记录》、附录11《计算机化系统》和一个新的附录——附录22《人工智能》，如下：

 

翻译如下：

Annex 11: Computerised Systems

附录 11：计算机化系统
Reasons for changes: The GMP GDP Inspectors Working Group and the PIC/S Committee jointly recommended that the current version of Annex 11 on Computerised Systems be revised to reflect changes in regulatory and manufacturing environments. The revised guideline should clarify requirements and expectations from regulatory authorities, and remove ambiguity and inconsistencies.Reasons for changes: 

变更原因：药品GMP / GDP检查员工作组与 PIC/S 委员会（药品检查合作计划委员会 ）共同建议，对现行关于计算机化系统的附录 11 进行修订，以反映监管和生产环境的变化。经修订的指南应明确监管机构的要求和期望，消除模糊不清和不一致之处 。
Document map

文件目录
1. Scope

1. 范围

2. Principles2. 原则

3. Pharmaceutical Quality System3. 药品质量体系

4. Risk Management4. 风险管理

5. Personnel and Training5. 人员与培训

6. System Requirements6. 系统要求

7. Supplier and Service Management7. 供应商与服务管理

8. Alarms8. 报警

9. Qualification and Validation9. 确认与验证

10. Handling of Data10. 数据处理

11. Identity and Access Management11. 身份与访问管理

12. Audit Trails12. 审计追踪13. Electronic Signatures13. 电子签名

14. Periodic Review14. 定期审查

15. Security15. 安全性

16. Backup16. 备份

17. Archiving17. 归档Glossary术语

Introduction引言

With an ever-evolving IT landscape, increased use of cloud services, and introduction of new technologies in computerised systems used in GMP activities, there is a growing need for updated guidance on regulatory requirements, and for adopting a common approach between member states of the European Union (EU) and the Pharmaceutical Inspection Co-operation Scheme (PIC/S). The updated Annex 11 outlines the requirements for the use of computerised systems in GMP-regulated activities, thereby ensuring product quality, patient safety and data integrity.随着信息技术环境不断演变、云服务使用日益增加，以及药品GMP活动所用计算机化系统中新技术的引入，对于监管要求方面更新的指导，以及欧盟（EU）成员国与药品检查合作计划（PIC/S）成员国之间采用统一方法的需求日益增长。新版附录 11 阐明了在受 GMP 监管的活动中使用计算机化系统的要求，从而确保产品质量、患者安全和数据完整性 。
 

1. Scope1. 范围
This annex applies to all types of computerised systems used in the manufacturing of medicinal products and active substances.本附录适用于药品和活性物质生产中使用的所有类型的计算机化系统。
 

2. Principles2. 原则
2.1.Lifecycle management. Computerised systems should be validated before use and maintained in a validated state throughout their lifecycle.2.1. 生命周期管理：计算机化系统应在使用前进行验证，并在其整个生命周期内保持验证状态。
2.2.Quality Risk Management. Quality Risk Management (QRM) should be applied throughout all lifecycle phases of a computerised system used in GMP activities. The approach should consider the complexity of processes, the level of automation, and the impact on product quality, patient safety and data integrity.2.2. 质量风险管理：质量风险管理（QRM）应应用于 GMP 活动中所用计算机化系统的所有生命周期阶段。考虑流程的复杂性、自动化程度和新颖性，以及对产品质量、患者安全和数据完整性的影响。
2.3.Alternative practices. Practices which constitute alternatives to the activities required in this document may be used, if they have been proven and documented to provide the same or higher level of control.2.3. 替代方法：若某些方法可作为本文件要求活动的替代方式，且已被证明并记录可提供相同或更高级别的控制，则可采用这些方法 。
2.4.Data integrity. It is critically important that data captured, analysed and reported by systems used in GMP activities are trustworthy. As defined by the ALCOA+ principles, data integrity covers many topics including but not limited to requirements defined in the sections Handling of Data, Identity and Access Management, Audit Trails, Electronic Signatures, and Security.2.4. 数据完整性：GMP 活动所用系统捕获、分析和报告的数据应可靠，这至关重要。如 ALCOA + 原则所定义，数据完整性涵盖众多主题，包括但不限于 “数据处理”“身份与访问管理”“审计追踪”“电子签名” 和 “安全性” 章节中规定的要求 。
2.5. System requirements. System requirements which describe the functionality the regulated user has automated and is relying on when performing GMP activities, should be documented and kept updated to fully reflect the implemented system and its intended use. The requirements should serve as the very basis for system qualification and validation.2.5. 系统要求：描述受监管用户在开展 GMP 活动时已自动化且依赖的功能的系统要求，应形成文件并持续更新，以充分反映已实施的系统及其预期用途。这些要求应作为系统确认和验证的根本依据 。
2.6.Outsourced activities. When using outsourced activities, the regulated user remains fully responsible for adherence to the requirements included in this document, for maintaining the evidence for it, and for providing it for regulatory review.2.6. 外包活动：当使用外包活动时，受监管用户仍需对遵守本文件包含的要求、留存相关证据以及为监管审查提供证据负全部责任。
2.7.Security. Regulated users should keep updated about new security threats to GMP systems, and measures to protect these should be implemented and improved in a timely manner, where needed.2.7. 安全性：受监管用户应及时了解针对 GMP 系统的新安全威胁，并且在有需要时，应及时实施和改进保护这些系统的措施 。
2.8.No risk increase. Where a computerised system replaces another system or a manual operation, there should be no resultant decrease in product quality, patient safety or data integrity. There should be no increase in the overall risk of the process.2.8. 风险不增加：当计算机化系统取代另一系统或人工操作时，产品质量、患者安全或数据完整性不应因此降低。流程的总体风险不应增加。
 

3. Pharmaceutical Quality System3. 药品质量体系
3.1. Pharmaceutical quality system. A regulated user should implement a pharmaceutical quality system (PQS), which covers all computerised systems used in GMP activities and personnel involved with these. It should include all activities required in this document and in addition, it should be ensured that:3.1. 药品质量体系：受监管用户应实施药品质量体系（PQS），该体系涵盖药品GMP活动中使用的所有计算机化系统以及参与这些系统相关工作的人员。它应包含本文件要求的所有活动，此外，还应确保：
i.All deviations occurring during validation or operation of computerised systems are recorded and any significant deviations investigated with the objective of determining the root cause and any impact on product quality, patient safety or data integrity. Suitable corrective and preventive actions (CAPA) should be identified and implemented, and the effectiveness of these should be verified.i. 计算机化系统在验证或运行期间出现的所有偏差均应记录，任何重大偏差均应开展调查，目的是确定根本原因以及对产品质量、患者安全或数据完整性的任何影响。应识别并实施适当的纠正和预防措施（CAPA），且应验证这些措施的有效性。
ii.Any change to a computerised system including but not limited to its configuration, its hardware and software components, and its platform and operating system, are made in a controlled manner and in accordance with defined procedures. Any significant change which may impact product quality, patient safety or data integrity, should be subject to re-qualification and validation.ii. 对计算机化系统的任何变更，包括但不限于其配置、硬件和软件组件、平台及操作系统的变更，均应通过受控方式并依照既定程序进行。任何可能影响产品质量、患者安全或数据完整性的重大变更，均应重新进行确认和验证。
iii.Internal audits are planned, conducted, reported and followed up on to detect procedural deviations and ensure product quality, patient safety and data integrity.iii. 应规划、实施、报告内部审计并开展后续跟进工作，以发现程序偏差，确保产品质量、患者安全和数据完整性。
iv.Regular management reviews cover relevant performance indicators for the computerised system and the process it is used in (quality metrics) and ensure that adequate action is taken.iv. 定期管理评审应涵盖计算机化系统及其所应用流程的相关绩效指标（质量指标 ），并确保采取适当的行动。
v.Senior management effectively oversee the state of control throughout the system lifecycle, allocate appropriate resources, and implement a culture that promotes data integrity, security and a timely and effective handling of deviations.v. 高级管理层应有效监督系统整个生命周期内的控制状态，分配适当资源，并营造一种促进数据完整性、安全性以及及时有效处理偏差的文化。
 

4. Risk Management4. 风险管理
4.1.Lifecycle. Quality Risk Management (QRM) should be applied throughout the lifecycle of a computerised system considering any possible impact on product quality, patient safety or data integrity.4.1. 生命周期：考虑到对产品质量、患者安全或数据完整性的任何可能影响，质量风险管理（QRM）应贯穿计算机化系统的整个生命周期。
4.2.Identification and analysis. Risks associated with the use of computerised systems in GMP activities should be identified and analysed according to an established procedure. Examples of risk management methods and tools can be found in ICH Q9 (R1).4.2. 识别与分析：与药品GMP活动中使用计算机化系统相关的风险，应按照既定程序进行识别和分析。风险管理方法和工具的示例可参见 ICH Q9（R1）。
4.3.Appropriate validation. The validation strategy and effort should be determined based on the intended use of the system and potential risks to product quality, patient safety and data integrity.4.3. 适当的验证。验证策略和投入应根据系统的预期用途以及对产品质量、患者安全和数据完整性的潜在风险来确定。
4.4.Mitigation. Where applicable, risks associated with the use of computerised systems in GMP activities should be mitigated and brought down to an acceptable level, if possible, by modifying processes or system design. The outcome of the risk management process should result in the choice of an appropriate computerised system architecture and functionality.4.4. 缓解措施：在适用情况下，与 GMP 活动中使用计算机化系统相关的风险应尽可能通过修改流程或系统设计来缓解，并降低到可接受的水平。风险管理过程的结果应是选择合适的计算机化系统架构和功能。
4.5.Data integrity. Quality risk management principles should be used to assess the criticality of data to product quality, patient safety and data integrity, the vulnerability of data to deliberate or indeliberate alteration, deletion or loss, and the likelihood of detection of such actions.4.5.数据完整性：应运用质量风险管理原则，评估数据对产品质量、患者安全和数据完整性的关键程度、数据遭受蓄意或非蓄意更改、删除或丢失的脆弱性，以及检测到此类行为的可能性。
 

5. Personnel and Training5. 人员与培训
5.1.Cooperation. When conducting the activities required in this document, there should be, where applicable, close cooperation between all relevant parties. This includes process owner, system owner, users, subject matter experts (SME), QA, QP, the internal IT department, vendors, and service providers.5.1. 协作：在开展本文件要求的活动时，在适用情况下，所有相关方之间应密切协作。这包括流程负责人、系统负责人、用户、主题专家（SME）、QA、QP、内部IT部门、供应商和服务提供商。
5.2.Training. All parties involved with computerised systems used in GMP activities should have adequate system specific training, and appropriate qualifications and experience, corresponding to their assigned responsibilities, duties and access privileges.5.2. 培训：参与药品GMP活动所用计算机化系统的所有相关方，应接受充分的针对该系统的培训，且应具备与其被分配的职责、任务和访问权限相匹配的适当资质和经验。
 

6. System Requirements6. 系统要求
6.1.GMP functionality. A regulated user should establish and approve a set of system requirements (e.g. a User Requirements Specification, URS), which accurately describe GMP functionality the regulated user has automated and is relying on when performing GMP activities. This principle should be applied regardless of whether a system is developed in - house, is a commercial off - the - shelf product, or is provided as - a - service, and independently on whether it is developed following a linear or iterative software development process.6.1. GMP 功能：受监管用户应建立并批准一套系统要求（如用户需求规范，URS），其应准确描述受监管用户在开展药品GMP活动时已自动化且所依赖的功能。无论系统是内部开发、商用现成产品，还是以服务形式提供，也无论其是遵循线性还是迭代软件开发流程进行开发，都应遵循这一原则。
6.2.Extent and detail. The extent and detail of defined requirements should be commensurate with the risk, complexity and novelty of a system, and the description should be sufficient to support subsequent risk analysis, specification, design, purchase, configuration, qualification and validation. It should include, but may not be limited to, operational, functional, data integrity, technical, interface, performance, availability, security, and regulatory requirements. Where relevant, requirements should include process maps and data flow diagrams, and use cases may be applied.6.2. 范围与详细程度：已界定要求的范围和详细程度应与系统的风险、复杂性和新颖性相匹配，且描述应足以支持后续的风险分析、规范制定、设计、采购、配置、确认和验证。应包括但不限于操作、功能、数据完整性、技术、接口、性能、可用性、安全性和监管要求。在相关情况下，要求应包含流程图和数据流程图，也可应用用例。
6.3.Ownership. If a system is purchased or consists of software - as - a - service, a requirements specification may be provided by the vendor. However, the regulated user should carefully review and approve the document and consider whether the system fulfils GMP requirements and company processes as is, or whether it should be configured or customised. The regulated user should take ownership of the document covering the implemented version of the system and formally approve and control it after making any necessary changes.6.3. 所有权：若系统是采购的或由软件即服务（SaaS）构成，供应商可能会提供需求规范。然而，受监管用户应仔细审核并批准该文件，并考虑系统是否按现状满足 GMP 要求和公司流程，或者是否应进行配置或定制。受监管用户应取得涵盖系统已实施版本的文件的所有权，并在进行任何必要变更后，正式批准并管控该文件。
6.4.Update. Requirements should be updated and maintained throughout the lifecycle of a system to ensure that they continue to give a complete and accurate description of system functionality as the system undergoes subsequent changes and customisations. Updated requirements should form the very basis for qualification and validation of a system.6.4. 更新：在系统的整个生命周期内，要求应进行更新和维护，以确保在系统经历后续变更和定制时，它们能持续完整且准确地描述系统功能。更新后的要求应构成系统确认和验证的根本依据。
6.5.Traceability. Documented traceability between individual requirements, underlaying design specifications and corresponding qualification and validation test cases should be  established and maintained. The use of effective tools to capture and hold requirements and Page 5 of 19 facilitate the traceability is encouraged.6.5. 可追溯性：应建立并维护单个需求、底层设计规范以及相应的确认和验证测试用例之间的文件化可追溯性。鼓励使用有效的工具来捕获和留存需求，以促进可追溯性。
6.6.Configuration. It should be clear what functionality, if any, is modified or added by configuration of a system. Options allowing configuration of system functionality should be described in the requirements specification and the chosen configuration should be documented in a controlled configuration specification.6.6. 配置：应明确通过系统配置修改或增加了哪些功能（如有）。允许配置系统功能的选项应在需求规范中描述，且所选配置应记录在受控的配置规范中。
 

7. Supplier and Service Management7. 供应商与服务管理
7.1.Responsibility. When a regulated user is relying on a vendor’s qualification of a system used in GMP activities, a service provider, or an internal IT department’s qualification and/or operation of such system, this does not change the requirements put forth in this document. The regulated user remains fully responsible for these activities based on the risk they constitute on product quality, patient safety and data integrity.7.1. 责任：当受监管用户依赖供应商对药品GMP活动所用系统的确认、服务提供商或内部信息技术（IT）部门对该系统的确认和 / 或操作时，这并不会改变本文件规定的要求。基于这些活动对产品质量、患者安全和数据完整性构成的风险，受监管用户仍对这些活动负全部责任。
7.2.Audit. When a regulated user is relying on a vendor’s or a service provider’s qualification and/or operation of a system used in GMP activities, the regulated user should, according to risk and system criticality, conduct an audit or a thorough assessment to determine the adequacy of the vendor or service provider’s implemented procedures, the documentation associated with the deliverables, and the potential to leverage these rather than repeating the activities.7.2. 审计：当受监管用户依赖供应商、服务提供商对 GMP 活动所用系统的确认和 / 或操作时，受监管用户应根据风险和系统关键性，开展审计或全面评估，以确定供应商或服务提供商已实施程序的充分性、与交付成果相关文件的充分性，以及利用这些程序而非重复开展活动的可能性。
7.3.Oversight. When a regulated user is relying on a service provider’s or an internal IT department’s operation of a system used in GMP activities, the regulated user should exercise effective oversight of this according to defined service level agreements (SLA) and key performance indicators (KPI) agreed with the service provider or the internal IT department.7.3. 监督：当受监管用户依赖服务提供商或内部 IT 部门对 GMP 活动所用系统的操作时，受监管用户应根据与服务提供商或内部 IT 部门商定的既定服务水平协议（SLA）和关键绩效指标（KPI），对此进行有效监督。
7.4.Documentation availability. When a regulated user relies on a vendor’s, a service provider’s or an internal IT department’s qualification and/or operation of a system used in GMPactivities, the regulated user should ensure that documentation for activities required in this document is accessible and can be explained from their facility. In this, the regulated user may be supported by the vendor, the service provider or the internal IT department.7.4. 文件可用性：当受监管用户依赖供应商、服务提供商或内部 IT 部门对 GMP 活动所用系统的确认和 / 或操作时，受监管用户应确保本文件要求的活动相关文件可获取，且可从其设施处进行解释说明。在此过程中，受监管用户可获得供应商、服务提供商或内部 IT 部门的支持。
7.5.Contracts. When a regulated user is relying on a service provider’s or an internal IT department’s qualification and/or operation of a system used in GMP activities, the regulated user should have a contract with a service provider or have approved procedures with an internal IT department which:7.5. 合同：当受监管用户依赖服务提供商或内部 IT 部门对 GMP 活动所用系统的确认和 / 或操作时，受监管用户应与服务提供商签订合同，或与内部 IT 部门制定经批准的程序，其中应规定：
i.Describes the activities and documentation to be providedi. 描述需提供的活动及文件
ii.Establishes the company procedures and regulatory requirements to be metii. 规定需满足的公司程序及监管要求
iii.Agrees on regular, ad hoc and incident reporting and oversight (incl. SLAs and KPIs), answer times, resolution times, etc.iii. 就常规、临时及事件报告与监督（包括服务水平协议（SLAs）和关键绩效指标（KPIs） ）、响应时间、解决时间等达成一致
iv.Agrees on conditions for supplier auditsiv. 就供应商审核条件达成一致
v.Agrees on support during regulatory inspections, if so requestedv. 如有要求，就监管检查期间的支持事宜达成一致
vi.Agrees on resolution of issues brought up during normal operation, audits and regulatory inspections etc.vi. 就正常运行、审核及监管检查等过程中发现问题的解决方式达成一致
vii.Defines requirements and processes for communication of quality and security related issuesvii. 界定与质量和安全相关问题的沟通要求及流程
viii.Defines an exit strategy by which the regulated user may retain control of system dataviii. 规定退出策略，使受监管用户能够保留对系统数据的控制权
ix.Agrees on the process for release of new system versions and on the regulated user’s possibility to test these prior to release.ix. 就新系统版本的发布流程，以及受监管用户在发布前对其进行测试的可能性达成一致
 

8. Alarms8. 报警
8.1.Reliance on system. Alarms should be implemented in computerised systems where a regulated user is relying on the system to notify about an event. This is required when the user must take a specific action, without which product quality, patient safety or data integrity might otherwise be compromised.8.1. 依赖系统：在受监管用户依赖系统就某一事件进行通知的计算机化系统中，应设置报警功能。当用户必须采取特定行动（若不采取该行动，产品质量、患者安全或数据完整性可能会受到损害 ）时，需设置此类报警。
8.2.Settings. Alarm limits, delays, and any early warnings or alerts, should be appropriately justified, and set within approved and validated process and product specifications. Setting, changing or deactivation should only be available to users with appropriate access privileges and should be managed by an approved procedure.8.2. 设置：报警限值、延迟时间以及任何预警或警报，都应经过合理论证，并在已批准且经验证的工艺和产品质量标准范围内进行设置。报警的设置、更改或停用操作，仅应向具备相应访问权限的用户开放，且应通过已批准的程序进行管理。
8.3.Signalling. Alarms should set off visible and/or audible signals when set alarm limits are exceeded and after any defined delay. The signalling should accommodate a timely reaction and should be appropriate to the work environment.8.3. 信号发出：当超出设定的报警限值且经过任何规定的延迟时间后，报警应触发可见和 / 或可听信号。信号的发出应便于及时做出反应，且应与工作环境相适配。
8.4. Acknowledgement. Critical alarms potentially impacting product quality, patient safety or data integrity should only be acknowledged by users with appropriate access privileges. As part of the acknowledgement, i.e. a confirmation that the alarm has been seen and appropriate action will be taken, a comment should be added about why the alarm was acknowledged (see 12 Audit Trails).8.4. 确认：可能影响产品质量、患者安全或数据完整性的关键报警，仅应由具备相应访问权限的用户进行确认。作为确认的一部分（即确认已看到报警并将采取适当行动 ），应添加一条关于为何确认该报警的注释（见 12 审计追踪 ）。
8.5.Log. All alarms and acknowledgements should be automatically added to an alarm log. This should contain the name of the alarm, date and time of the alarm, date and time of the acknowledgement, username and role of the user acknowledging the alarm and any comment about why the alarm was acknowledged. It should not be possible for users working according to GMP to deactivate or edit alarm logs.8.5. 记录：所有报警及确认信息都应自动添加到报警日志中。日志应包含报警名称、报警发生的日期和时间、确认的日期和时间、确认报警的用户的用户名和角色，以及关于为何确认该报警的任何注释。遵循药品GMP开展工作的用户不应能够停用或编辑报警日志。
8.6.Searchability and sortability. Alarm logs should be searchable and sortable in the 

originating system, or it should be possible to export logs to a tool which provides this functionality. Other methods of reviewing alarms may also be used, if they provide the same effectiveness.

8.6. 可搜索性和可排序性：报警日志应能在生成系统中进行搜索和排序，或者应能够将日志导出到具备该功能的工具中。若其他查看报警的方法能达到相同效果，也可使用。
8.7.Review. Alarm logs should be subject to appropriate periodic reviews based on approved procedures, in which it should be evaluated whether they have been timely acknowledged by authorised users and whether appropriate action has been taken. Reviews should be documented, and results should be evaluated to identify any trends that could indicate negative performance of a system or process, or impact on the product. The frequency and Page 7 of 19detail of reviews should be based on the risk to product quality, patient safety and data integrity.8.7. 审核：应依据已批准的程序，对报警日志进行适当的定期审核。审核中应评估报警是否已被授权用户及时确认，以及是否已采取适当行动。审核应形成文件记录，且应对结果进行评估，以识别任何可能表明系统或流程存在不良表现或对产品产生影响的趋势。审核的频率和详细程度应基于对产品质量、患者安全和数据完整性的风险。
 

9. Qualification and Validation9. 确认与验证
9.1.Principles. Qualification and validation activities for computerised systems should follow the general principles outlined in GMP Annex 15. The activities should address both standard and configured system functionality, as well as any functionality realised through customisation.9.1. 原则：计算机化系统的确认与验证活动应遵循GMP 附录 15 中概述的一般原则。这些活动应涵盖标准和已配置的系统功能，以及通过定制实现的任何功能。
9.2.Quality risk management. Computerised systems should be qualified and validated in accordance with the principles of quality risk management. Decisions on the scope and extent of qualification and validation of specific functionality and entire systems should be based on a justified and documented risk assessment of individual requirements and, where relevant, functional specifications, considering the risk for product quality, patient safety and data integrity.9.2. 质量风险管理：计算机化系统应依照质量风险管理原则进行确认和验证。关于特定功能和整个系统的确认与验证范围及程度的决策，应基于对单个需求以及相关功能规范（如适用 ）的合理且有文件记录的风险评估，同时考虑对产品质量、患者安全和数据完整性的风险。
9.3 Installation and configuration. Prior to commencing any test activity, it should be verified that a computerised system and its components have been correctly installed and configured according to specifications, and where applicable, that relevant components have been properly calibrated. Operating systems and platforms should be updated to supported versions and relevant security patches should be deployed (see 15.10 Updated platforms and 15.13 Timely patching).9.3. 安装与配置：在开展任何测试活动之前，应验证计算机化系统及其组件已根据规范正确安装和配置，且在适用情况下，相关组件已正确校准。操作系统和平台应更新至受支持的版本，并应部署相关安全补丁（见 15.10 已更新的平台和 15.13 及时打补丁 ）。
9.4.Evidence. System qualification and validation should provide evidence in the form of executed test scripts, and where relevant, screen dumps, that requirements, and where applicable, derived functional specifications, are met by the system.9.4. 证据：系统确认和验证应通过已执行的测试脚本（以及相关的屏幕截图，如适用 ）的形式提供证据，证明系统满足需求以及（如适用 ）衍生的功能规范。
9.5.Traceability. Test cases should be traceable to individual requirements or specifications, e.g. by means of a requirements traceability matrix. Test cases not referring (traceable) to requirements or applicable specifications do not meet the requirements to qualification and validation.9.5. 可追溯性：测试用例应可追溯到单个需求或规范，例如通过需求追溯矩阵。未提及（可追溯到 ）需求或适用规范的测试用例，不满足确认和验证的要求。
9.6. Focus. Increased focus should be on testing a system’s handling of key functional 

requirements, on functionality intended to ensure that activities are conducted according to GMP, and on functionality designed to ensure data integrity. This includes but is not limited to access privileges, release of products and results, calculations, audit trails, error handling, handling of alarms and warnings, boundary and negative testing, reports and interfaces, and restore from backup.

9.6. 重点：应更加注重测试系统对关键功能需求的处理、旨在确保活动依照 GMP 开展的功能，以及为确保数据完整性而设计的功能。这包括但不限于访问权限、产品和结果的放行、计算、审计追踪、错误处理、报警和警告的处理、边界和负面测试、报告和接口，以及从备份恢复。
9.7.Plan and approval. Qualification and validation activities should be conducted according to approved plans, protocols and test scripts. Test scripts should be described in sufficient detail to ensure a correct and repeatable conduct of test steps and prerequisites.9.7. 计划与批准：确认和验证活动应依照已批准的计划、方案和测试脚本开展。测试脚本的描述应足够详细，以确保测试步骤和前提条件能正确且可重复地执行。
9.8.Completion prior to use. Qualification and validation activities should be successfully completed and reported prior to approval and taking a system into use. Conditional approval to proceed to taking a system into use may be granted where certain acceptance criteria have not been met, or deviations have not been fully addressed. A condition for this is, that there is a documented assessment, that any deficiencies in the affected system functionality or Page 8 of 19 GMP processes, will not impact product quality, patient safety or data integrity. Where a conditional approval is issued, it should be explicitly stated in the validation report and there should be close follow-up on approval of outstanding actions according to plan.9.8. 使用前完成：确认和验证活动应在批准并启用系统之前成功完成并报告。在某些接受标准未满足或偏差未完全解决的情况下，可有条件批准启用系统。条件是要有文件记录的评估，证明受影响的系统功能或药品GMP流程中的任何缺陷不会影响产品质量、患者安全或数据完整性。若颁发有条件批准，应在验证报告中明确说明，且应根据计划密切跟进未完成行动的批准情况 。
9.9.Authorisation. Qualification and validation documentation may be provided by a service provider, a vendor or an internal IT department in parts or in whole. However, the regulated user is fully accountable and should carefully review and authorise the use of the documentation. They should carefully consider whether it covers the implemented version and supports GMP, and company processes as is, or whether it should be repeated in parts or completely by the regulated user.9.9. 批准：确认和验证文件可由服务提供商、供应商或内部信息技术（IT）部门部分或全部提供。然而，受监管用户负有全部责任，应仔细审核并批准文件的使用。他们应仔细考虑文件是否涵盖已实施的版本、是否支持 GMP 及公司现有流程，或者是否应由受监管用户部分或全部重新开展相关活动 。
 

10. Handling of Data10. 数据处理
10.1.Input verification. Where critical data is entered manually, systems should, were applicable, have functionality to verify the plausibility of the inputs (e.g. within expected ranges), and alert the user when the input is not plausible.10.1. 输入验证：在手动输入关键数据的情况下，系统应在适用时具备验证输入合理性（如在预期范围内 ）的功能，并在输入不合理时向用户发出警报。
10.2.Data transfer. Where a routine work process requires that critical data be transferred from one system to another (e.g. from a laboratory instrument to a LIMS system), this should, where possible, be based on validated interfaces rather than on manual transcriptions. If critical data is transcribed manually, effective measures should be in place to ensure that this does not introduce any risk to data integrity.10.2. 数据传输：当常规工作流程要求将关键数据从一个系统传输到另一个系统（如从实验室仪器传输到实验室信息管理系统（LIMS） ）时，应在可能的情况下基于经验证的接口进行传输，而非手动转录。若关键数据手动传输，应采取有效措施确保不会给数据完整性带来任何风险。
10.3.Data migration. Where an ad hoc process requires that critical data or a whole database be migrated from one system to another (e.g. when moving data from a retired to a new  system), this should be based on a validated process. Among other things, it should consider the constraints on the sending and receiving side.10.3. 数据迁移：当临时流程要求将关键数据或整个数据库从一个系统迁移到另一个系统（如将数据从旧系统迁移到新系统 ）时，应基于经验证的流程进行。除其他事项外，还应考虑发送方和接收方的约束条件。
10.4.Encryption. Where applicable, critical data should be encrypted on a system.10.4. 加密：在适用情况下，关键数据应在系统上进行加密。
 

11. Identity and Access Management11. 身份与访问管理
11.1.Unique accounts. All users should have unique and personal accounts. The use of shared accounts except for those limited to read-only access (no data or settings can be changed), constitute a violation of data integrity.11.1. 唯一账户：所有用户都应拥有唯一的个人账户。使用共享账户（仅限只读访问（无法更改数据或设置 ）的账户除外 ）构成对数据完整性的违规。
11.2. Continuous management. User accesses and roles should be granted, modified and revoked  as relevant and in a timely manner as users join, change, and end their involvement in GMP  activities.11.2. 持续管理：随着用户加入、变动以及结束参与药品GMP活动，应适时且相关地授予、修改和撤销用户访问权限及角色。
11.3.Certain identification. The method of authentication should identify users with a high degree of certainty and provide an effective protection against unauthorised access. Typically, it may involve a unique username and a password, although other methods providing at least the same level of security may be employed (e.g. biometrics). Authentication only by means of a token or a smart card is not sufficient, if this could be used by another user.11.3. 可靠识别：身份验证方法应能高度可靠地识别用户，并有效防止未经授权的访问。通常，这可能涉及唯一用户名和密码，不过也可采用其他至少具备同等安全级别的方法（如生物识别 ）。若令牌或智能卡可能被其他用户使用，则仅通过令牌或智能卡进行身份验证是不够的。
11.4.Confidential passwords. Passwords and other means of authentication should be kept confidential and protected from all other users, both at system and at a personal level. Passwords received from e.g. a manager, or a system administrator should be changed at the first login, preferably required by the system.11.4. 保密密码：密码及其他身份验证方式应在系统和个人层面上对所有其他用户保密并加以保护。从如经理或系统管理员处获取的密码，应在首次登录时更改，最好由系统强制要求更改。
11.5. Secure passwords. Passwords should be secure and enforced by systems. Password rules should be commensurate with risks and consequences of unauthorised changes in systems and data. For critical systems, passwords should be of sufficient length to effectively prevent unauthorised access and contain a combination of uppercase, lowercase, numbers and symbols. A password should not contain e.g. words that can be found in a dictionary, the name of a person, a user id, product or organisation, and should be significantly different from a previous password.11.5. 安全密码：密码应安全且由系统强制实施。密码规则应与系统和数据中未经授权更改的风险及后果相匹配。对于关键系统，密码长度应足以有效防止未经授权的访问，且应包含大写字母、小写字母、数字和符号的组合。密码不应包含如字典中能查到的单词、人名、用户 ID、产品或组织名称，且应与之前的密码有显著差异 。
11.6.Strong authentication. Remote authentication on critical systems from outside controlled perimeters, should include multifactor authentication (MFA).11.6. 强身份验证：从受控区域外对关键系统进行远程身份验证时，应包含多因素身份验证（MFA） 。
11.7.Auto locking. Accounts should be automatically locked after a pre-defined number of successive failed authentication attempts. Accounts should only be unlocked by the system administrator after it has been confirmed that this was not part of an unauthorised login attempt or after the risk for such attempt has been removed.11.7. 自动锁定：在连续多次身份验证失败（次数预先定义）后，账户应自动锁定。仅在确认该情况并非未经授权的登录尝试的一部分，或此类尝试的风险已消除后，系统管理员才可解锁账户。
11.8. Inactivity logout. Systems should include an automatic inactivity logout, which logs out a user after a defined period of inactivity. The user should not be able to change the inactivity logout time (outside defined and acceptable limits) or deactivate the functionality. Upon inactivity logout, a re-authentication should be required (e.g. password entry).11.8. 无活动注销：系统应包含自动无活动注销功能，在用户无活动状态持续预定义时长后，将用户注销。用户不应能够更改无活动注销时间（超出定义的可接受范围）或停用该功能。无活动注销后，应要求重新进行身份验证（如输入密码）.
11.9.Access log. Systems should include an access log (separate, or as part of the audit trail) which, for each login, automatically logs the username, user role (if possible, to choose between several roles), the date and time for login, the date and time for logout (incl. inactivity logout). The log should be sortable and searchable, or alternatively, it should be possible to export the log to a tool which provides this functionality.11.9. 访问日志：系统应包含访问日志（单独的，或作为审计追踪的一部分），对于每次登录，自动记录用户名、用户角色（若可能，在多个角色中选择）、登录日期和时间、注销日期和时间（包括无活动注销）。日志应可排序和搜索，或者应能够将日志导出到具备该功能的工具中。
11.10.Guiding principles. Access privileges for users of computerised systems used in GMP activities should be managed according to the following two guiding principles:11.10. 指导原则：药品GMP活动所用计算机化系统的用户访问权限，应根据以下两项指导原则进行管理：
·Segregation of duties, i.e. that users who are involved in GMP activities do not have administrative privileges.职责分离，即参与 GMP 活动的用户不应拥有管理权限。
·Least privilege principle, i.e. that users do not have higher access privileges than what is necessary for their job function.最小权限原则，即用户拥有的访问权限不应高于其工作职能所需的权限。
11.11.Recurrent reviews. User accounts should be subject to recurrent reviews where managers confirm the continued access of their employees in order to detect accesses which should have been changed or revoked during daily operation, but were accidentally forgotten. If user accounts are managed by means of roles, these should be subject to the same kind of reviews, where the accesses of roles are confirmed. The reviews should be documented, and appropriate action taken. The frequency of these reviews should be commensurate with the risks and consequences of changes in systems and data made by unauthorised individuals.11.11. 定期审核：用户账户应接受定期审核，由管理人员确认其员工的持续访问权限，以便发现那些在日常操作中本应更改或撤销但意外被遗忘的访问权限。若用户账户通过角色进行管理，这些角色也应接受同类审核，确认角色的访问权限。审核应形成文件记录，并采取适当行动。这些审核的频率应与未经授权人员对系统和数据进行更改的风险及后果相匹配。
 

12. Audit Trails12. 审计追踪
12.1. Manual user interactions. Systems which are used to control processes, capture, hold or report data, and where users can create, modify or delete data, settings or access privileges, Page 10 of 19 acknowledge alarms or execute electronic signatures etc., should have an audit trail functionality which automatically logs all manual user interactions.12.1. 手动用户交互：用于控制流程、捕获、保存或报告数据，且用户可创建、修改或删除数据、设置或访问权限、确认报警或执行电子签名等的系统，应具备审计追踪功能，自动记录所有手动用户交互。
12.2. Who, what, when, why. The audit trail should unambiguously capture the user who made a  change (including the user’s role, if users may have more than one role), what was changed  (including the data that was changed and the old and the new value), and the date and time  when the change was made (including the time zone if applicable). Audit trail data should  be recorded at the time of events, not at the end of a process. Where data is changed from  an old value to a new value, systems should automatically prompt the user for, and register  the reason, why the change was made.12.2. 何人、何事、何时、何故.审计追踪应清晰捕获做出更改的用户（若用户可能有多个角色，包括用户的角色）、更改的内容（包括被更改的数据以及旧值和新值），以及更改发生的日期和时间（如适用，包括时区）。审计追踪数据应在事件发生时记录，而非在流程结束时。当数据从旧值更改为新值时，系统应自动提示用户并记录更改原因。
12.3.No edit or deactivation. Audit trail functionality should be enabled and locked at all times, and it should not be possible for any user to edit audit trail data. If audit trail settings or system time can be changed, or if the functionality can be deactivated, this should by itself create an entry in the audit trail, and it should only be possible for a system administrator not involved in any GMP activities (see 11.10 Guiding principles).12.3. 不可编辑或停用：审计追踪功能应始终启用并锁定，任何用户都不应能够编辑审计追踪数据。若审计追踪设置或系统时间可更改，或该功能可停用，此操作本身应在审计追踪中创建一条记录，且仅应由未参与任何药品GMP活动的系统管理员执行（见 11.10 指导原则 ）。
12.4.Accommodate review. Systems should accommodate effective and efficient reviews of audit trail data. It should be possible for all users to sort and search audit trail data (who, what, when and why) in the system, or alternatively, to allow export of the data to a tool where this is possible.12.4. 便于审核：系统应便于对审计追踪数据进行有效且高效的审核。所有用户应能够在系统中对审计追踪数据（何人、何事、何时、何故）进行排序和搜索，或者可将数据导出到具备该功能的工具中。
12.5. Reviews. Audit trail reviews should be conducted according to a documented procedure for the specific system, or type of systems. The procedure should outline who should make the review, what should be reviewed, and when should the review be made. The use of tools to help conduct audit trail reviews is encouraged and appropriate action should be taken and documented following the reviews. Any significant variation from the expected outcome found during the audit trail review should be fully investigated and recorded.12.5. 审核：应依据针对特定系统或系统类型的文件化程序开展审计追踪审核。程序应规定由谁进行审核、审核内容以及审核时间。鼓励使用工具辅助开展审计追踪审核，审核后应采取适当行动并形成文件记录。审计追踪审核中发现的与预期结果的任何重大偏差，都应进行全面调查并记录。
12.6.Independent review. Audit trail reviews should be conducted by personnel not directly involved in the activities covered by the review (a peer review).12.6. 独立审核：审计追踪审核应由未直接参与审核所涉活动的人员进行（同行评审）。
12.7. Scope of review. Reviewing all entries in an audit trail record may not be effective. Reviews should be targeted, based on risk and adapted to local manufacturing processes. Procedures for audit trail reviews should focus on detecting any deliberate or indeliberate changes to critical processes or data that indicate a violation of GMP principles, including, but not limited to, repetition of activities, errors, omissions, unauthorised process deviations and loss of data integrity. A key element should be to verify the reason why a change is made.12.7. 审核范围：审核审计追踪记录中的所有条目可能并非有效方式。审核应基于风险有针对性地开展，并适应本地生产流程。审计追踪审核程序应聚焦于检测对关键流程或数据的任何故意或无意更改，这些更改可能表明违反了药品GMP原则，包括但不限于活动重复、错误、遗漏、未经授权的流程偏差以及数据完整性受损。其中一个关键要素是验证更改的原因 。
12.8. Timeliness of review. Audit trail reviews should be conducted in a timely manner according to the risk of the process reviewed. The audit trail review should be conducted prior to batch release, unless the risk of a later detection of any unwarranted changes can be justified.12.8. 审核的及时性：应根据所审核流程的风险，及时开展审计追踪审核。审计追踪审核应在批次放行前进行，除非后续发现任何不当更改的风险可被证明是合理的。
12.9.Electronic copy. It should be possible to obtain a complete electronic copy of system data including audit trail data. Flat and locked files are not acceptable, it should be possible to search and sort data.12.9. 电子副本：应能够获取包含审计追踪数据在内的系统数据的完整电子副本。静态且锁定的文件不可接受，应能够对数据进行搜索和排序。
12.10. Availability to QP. Audit trail reviews with direct impact on the release of a product should be available to the QP at the time of batch release.12.10. 对质量受权人的可用性：对产品放行有直接影响的审计追踪审核结果，应在批次放行时可供质量受权人（QP）查阅 。
 

13. Electronic Signatures13. 电子签名
13.1.Scope. Requirements for electronic signatures in this document apply to systems and tools used in processes where GMP require a signature.13.1. 范围：本文件中电子签名的要求适用于药品GMP要求签名的流程中使用的系统和工具。
13.2.Open systems. Where the system owner does not have full control of system accesses (open systems), or where required by other legislation, electronic signatures should, in addition, meet applicable national and international requirements, such as trusted services.13.2. 开放系统：当系统所有者无法完全控制系统访问（开放系统），或其他法规有要求时，电子签名还应满足适用的国家和国际要求，如可信服务。
13.3. Re-authentication. When executing an electronic signature, a system should enforce users  to perform a full re-authentication providing at least the same level of security as during system login (see 11.3 Certain identification). When executing subsequent electronic signatures in immediate sequence, authentication may be by means of a password or biometrics only. Authentication only by means of a smart card, a pin code, or relying on the previous system authentication is not acceptable.13.3. 重新认证：执行电子签名时，系统应强制用户进行完整的重新认证，其安全级别至少应与系统登录时相同（见 11.3 可靠识别 ）。连续执行后续电子签名时，可仅通过密码或生物识别进行认证。仅通过智能卡、个人识别码（PIN）或依赖之前的系统认证进行认证是不可接受的。
13.4.Date and time. Systems should automatically log the date and time and, where applicable, the time zone when an electronic signature was applied.13.4. 日期和时间：系统应自动记录应用电子签名的日期和时间，以及适用时的时区。
13.5.Meaning. It should be clear when a user is executing an electronic signature and where applicable, systems should prompt the user for the meaning of the signature (e.g. reviewer or approver).13.5. 含义：应明确用户何时执行电子签名，且在适用时，系统应提示用户说明签名的含义（如审核人或批准人）。
13.6. Manifestation. When an electronic signature is displayed (on screen or print), the manifestation should include the full name of the user, the username, where applicable the role of the signer and the meaning of the signature, the date and time, and where needed the time zone, when the signature was applied.13.6. 显示形式：当电子签名显示（在屏幕上或打印件上）时，显示内容应包括用户的全名、用户名（如适用）、签名人的角色、签名的含义、签名应用的日期和时间，以及需要时的时区。
13.7.Indisputability. Electronic signatures should be indisputable and equivalent to hand-written signatures.13.7. 不可争辩性：电子签名应具有不可争辩性，且与手写签名等效。
13.8.Unbreakable link. Electronic signatures should be permanently linked to their respective records. Controls should be in place to ensure that a signed record cannot be modified or alternatively, that if a later change is made to a signed record, it will clearly appear as unsigned.13.8. 不可破解的关联：电子签名应与其各自的记录永久关联。应采取控制措施确保已签名记录无法被修改，或者若后续对已签名记录进行更改，能明显显示为未签名状态。
13.9. Hybrid solution. If a wet-ink signature (on paper) is used to sign electronic records held in a computerised system (a hybrid solution), measures should be implemented to provide a high degree of certainty that any change to the electronic record will invalidate the signature. This may be implemented by calculating a hash code (check sum) of the electronic record and printing that on the signature page.13.9. 混合解决方案：若使用手写墨水签名（在纸上）对计算机化系统中保存的电子记录进行签名（混合解决方案），应采取措施确保电子记录的任何更改都会使签名失效，且具有高度确定性。可通过计算电子记录的哈希码（校验和）并将其打印在签名页上来实现。
 

14. Periodic Reviews14. 定期审核
14.1 Periodic reviews. After a system has been initially validated and is put into operation,  periodic reviews should be conducted. This review should verify whether the system remains 'fit for intended use' and in 'a validated state', or whether changes should be made and re-validation (complete or in parts) is required. The reviews should be documented and findings analysed to identify any consequences on product quality, patient safety and data integrity, and to prevent recurrence.14.1. 定期审核：系统初步验证并投入运行后，应开展定期审核。审核应确认系统是否仍“适合预期用途” 且处于 “验证状态”，或是否应进行变更及是否需要重新验证（全部或部分 ）。审核应形成文件记录，对发现的问题进行分析，以识别对产品质量、患者安全和数据完整性的任何影响，并防止问题再次发生。
14.2.Scope of review. Where applicable, periodic reviews should include, but may not be limited to:14.2. 审核范围：在适用情况下，定期审核应包括但不限于：
Changes made since the previous review:自上次审核以来发生的变更
i.To the system’s hardware and software components, configuration, platform, infrastructure and interfaces.i. 系统硬件和软件组件、配置、平台、基础架构及接口的变更。
ii.To the system documentation, e.g. requirements specifications, user guides and SOPs. This includes a verification that system changes are fully reflected in the system documentationii. 系统文件的变更，如需求规范、用户指南和标准操作程序（SOPs）。这包括验证系统变更已完整反映在系统文件中
iii.The combined effect of multiple changes in this, and in other systems, should be assessed. Undocumented (unapproved) changes should be effectively identified, e.g.by means of configuration auditing.iii. 应评估本系统及其他系统中多项变更的综合影响。应有效识别未记录（未批准 ）的变更，如通过配置审核的方式。
Follow-up on supporting processes:对支持流程的跟进
iv.Actions from previous periodic reviews, audits and inspections, and corrective and preventive actions.iv. 以往定期审核、审计和检查所要求的行动，以及纠正和预防措施。
v.Conduct of, and actions from, audit trail reviews, access reviews, and risks assessments.v. 审计追踪审核、访问审核和风险评估的开展情况及所要求的行动。
vi.Actions from incidents, problems and deviations, security incidents and new security threats.vi. 事件、问题和偏差、安全事件及新安全威胁所要求的行动。
vii.Maintenance, calibration, support contracts and service level agreements (SLA).vii. 维护、校准、支持合同及服务水平协议（SLA）。
viii.Contracts and key performance indicators (KPI) with vendors and service providers.viii. 与供应商和服务提供商签订的合同及关键绩效指标（KPI）。
ix.Adequacy of backup procedures, restore tests and disaster recovery plans.ix. 备份程序、恢复测试及灾难恢复计划的充分性。
x.Adequacy and timeliness of archival.x. 归档的充分性和及时性。
xi.Conduct and actions from data integrity assessments.xi. 数据完整性评估的开展情况及所要求的行动。
xii.Changes to regulatory requirements.xii. 监管要求的变更。
14.3.Frequency. Periodic reviews should be conducted, approved and closed according to plan. The frequency of reviews should be established and justified based on the risk the system poses to product quality, patient safety and data integrity. A final review should be conducted when the system is taken out of use.14.3. 频率：定期审核应依据计划开展、批准并收尾。审核频率应根据系统对产品质量、患者安全和数据完整性构成的风险来确定并说明合理性。系统停用前应开展最终审核。
 

15. Security15. 安全
15.1.Security system. Regulated users should ensure an effective information security management system is implemented and maintained, which safeguards authorised access to, and detects and prevents unauthorised access to GMP, systems and data.15.1. 安全系统：受监管用户应确保实施并维护有效的信息安全管理系统，保障对药品GMP、系统和数据的授权访问，检测并阻止未经授权的访问。
15.2.Continuous improvement. Regulated users should keep updated about new security threats,and measures to protect GMP systems and data should be continuously improved as applicable to counter this development.15.2. 持续改进：受监管用户应及时了解新的安全威胁，且保护药品GMP系统和数据的措施应持续改进，以应对安全威胁的发展情况 。
15.3.Training and tests. Regulated users should undergo recurrent security awareness training, as relevant, to raise and maintain their understanding of cyber threats and safe behaviour. The effectiveness of the training should be evaluated, e.g. by means of simulated tests.15.3. 培训与测试：受监管用户应按需求接受定期的安全意识培训，以提升并保持其对网络威胁和安全行为的认知。培训的有效性应进行评估，如通过模拟测试的方式。
15.4.  Physical access. Servers, computers, devices, infrastructure and storage media used in GMP activities should be physically protected against unauthorised access, damage and loss. Physical access to server rooms and data centres should be limited to the necessary minimum and these should be securely locked, e.g. by means of multi-factor authentication. If unauthorised access is possible (e.g. `co-location´), access to individual servers should be protected.15.4. 物理访问：用于 GMP 活动的服务器、计算机、设备、基础设施和存储介质应进行物理防护，防止未经授权的访问、损坏和丢失。进入服务器机房和数据中心的物理访问应限制在必要的最小范围内，且这些区域应安全锁闭，如通过多因素认证的方式。若存在未经授权访问的可能（如 “共址” ），应对单个服务器的访问进行防护 。
15.5.Disasters and disturbances. Data centres should be constructed to minimise the risk and impact of natural and manmade disasters and disturbances. This includes, but may not be limited to, storms, flooding, water leaks, earthquakes, fires, power outages, and network failures etc.15.5. 灾难与干扰：数据中心的建设应将自然和人为灾难及干扰的风险与影响降至最低。这包括但不限于风暴、洪水、漏水、地震、火灾、停电和网络故障等情况。
15.6.Replication. Where relevant, critical data should be replicated from a primary to a secondary data centre. The replication should take place automatically with a delay which is short enough to minimise the risk of loss of data. The secondary (failover) data centre should be located at a safe distance from the primary site to minimise the risk that the same incident destroys both data centres.15.6. 复制：在相关情况下，关键数据应从主数据中心复制到辅助数据中心。复制应自动进行，且延迟时间应足够短，以将数据丢失的风险降至最低。辅助（故障转移）数据中心应与主站点保持安全距离，以降低同一事件摧毁两个数据中心的风险。
15.7.Disaster recovery. A disaster recovery plan should be in place, tested and available during and after a disaster has affected a data centre, server, computer, infrastructure, or data. Where applicable, the plan should ensure the continuity of operation within a defined Recovery Time Objective (RTO).15.7. 灾难恢复：应制定灾难恢复计划，该计划应在数据中心、服务器、计算机、基础设施或数据受到灾难影响期间及之后可用且经过测试。在适用情况下，计划应确保在规定的恢复时间目标（RTO）内恢复运营连续性 。
15.8.Segmentation and firewalls. Networks should be segmented, and effective firewalls implemented to provide barriers between networks, and control incoming and outgoing network traffic. Firewall rules (e.g. based on IP addresses, destinations, protocols, applications, or ports) should be defined as strict as practically feasible, only allowing necessary and permissible traffic.15.8. 分段与防火墙：网络应进行分段，并实施有效的防火墙，以在网络之间设置屏障并控制进出的网络流量。防火墙规则（如基于 IP 地址、目标地址、协议、应用程序或端口 ）应在实际可行的情况下尽可能严格定义，仅允许必要且合规的流量 。
15.9.Review of firewalls. Firewall rules should be periodically reviewed as the rules tend to be changed or become insufficient over time (e.g. as ports are opened but never closed, or as new cyber threats evolve). This review should ensure that firewalls continue to be set as tight as possible.15.9. 防火墙审核：由于防火墙规则会随时间发生变化或变得不足（如端口被打开但从未关闭，或新的网络威胁出现），应定期审核防火墙规则。此类审核应确保防火墙继续设置为尽可能严格的状态。
15.10.Updated platforms. Operating systems and platforms for applications should be updated in a timely manner according to vendor recommendations, to prevent their use in an unsupported state.15.10. 平台更新：应用程序的操作系统和平台应根据供应商建议及时更新，以避免在无支持的状态下使用。
15.11.Validation and migration. Validation of applications on updated operating systems and platforms and migration of data should be planned and completed in due time prior to the expiry of the vendor’s support.15.11. 验证与迁移：在供应商支持到期前，应规划并及时完成在更新后的操作系统和平台上对应用程序的验证及数据迁移。
15.12. Unsupported platforms. Applications on operating systems and platforms, which are no longer supported by vendors, and for which threats are no longer monitored and applicable security patches released, are highly vulnerable and should be isolated from computer networks and the internet.15.12. 无支持的平台：运行在供应商不再支持的操作系统和平台上的应用程序，由于不再对其威胁进行监控且不再发布适用的安全补丁，极易受到攻击，应与计算机网络和互联网隔离。
15.13. Timely patching. While operating systems and platforms are under support, vendors typically release security patches to counter identified vulnerabilities, some of which (critical vulnerabilities) could otherwise be exploited to give unauthorised individuals privileged access to systems and allow code execution (e.g. ransomware attacks). Hence, relevant security patches released by vendors of operating systems and platforms should be deployed in a timely manner according to vendor recommendations. For critical vulnerabilities, this might be immediately.15.13. 及时打补丁：在操作系统和平台受支持期间，供应商通常会发布安全补丁以应对已识别的漏洞，其中一些（关键漏洞）若不处理可能会被利用，使未经授权的人员获得系统的特权访问并执行代码（如勒索软件攻击）。因此，操作系统和平台供应商发布的相关安全补丁应根据供应商建议及时部署。对于关键漏洞，可能需要立即部署。
15.14. Unpatched platforms. Applications on operating systems and platforms, which are not security patched in a timely manner (critical patches) according to vendor recommendations are highly vulnerable and constitute a major risk for loss of data integrity. Where relevant, such systems should be isolated from computer networks and the internet.15.14. 未打补丁的平台：未根据供应商建议及时进行安全补丁（关键补丁）更新的操作系统和平台上的应用程序极易受到攻击，且会对数据完整性构成重大丢失风险。在相关情况下，此类系统应与计算机网络和互联网隔离。
15.15.Strict control. The use of bidirectional devices (e.g. USB) in servers and computers used in GMP activities should be strictly controlled within the organisation.15.15. 严格控制：在药品GMP活动所用的服务器和计算机中，双向设备（如 USB）的使用应在组织内部严格管控。
15.16. Effective scan. If bidirectional devices (e.g. USB) may have been used outside the organisation (e.g. privately), they may intentionally or unintentionally introduce malware and cause code execution. Hence, they should not be used unless they have been effectively scanned and found to be harmless, and not compromise system and data integrity.15.16. 有效扫描：若双向设备（如 USB）可能在组织外部使用过（如个人使用 ），它们可能有意或无意地引入恶意软件并导致代码执行。因此，除非已对其进行有效扫描并确认无害，且不会损害系统和数据完整性，否则不应使用这些设备。
15.17. Deactivated ports. Ports for bidirectional devices (e.g. USB) in critical servers and computers should be deactivated by default, blocked or even removed, unless they are used  for devices necessary to operate the system (e.g. keyboard or mouse).15.17. 停用端口：关键服务器和计算机中双向设备（如 USB）的端口默认应停用、屏蔽甚至移除，除非这些端口用于操作系统必需的设备（如键盘或鼠标 ）。
15.18.Anti-virus software. Anti-virus software should be installed and activated on systems used in GMP activities, especially those interfacing the internet. The anti-virus software should be continuously updated with the most recent virus definitions to identify, quarantine, and remove known computer viruses. The effectiveness of the process should be monitored.15.18. 防病毒软件：应在 GMP 活动所用的系统上安装并激活防病毒软件，尤其是那些与互联网连接的系统。防病毒软件应使用最新的病毒定义持续更新，以识别、隔离和清除已知计算机病毒。应监控该流程的有效性。
15.19.Penetration testing. For critical systems facing the internet, penetration testing (ethical hacking) should be performed at regular intervals to evaluate the adequacy of security measures taken, and to identify vulnerabilities in system security. This should include the potential for unauthorised parties to gain access to and control the system and its data. The effectiveness of the process should be verified and monitored. Vulnerabilities identified, especially those related to a potential loss of data integrity, should be addressed and mitigated in a timely manner.15.19. 渗透测试：对于面向互联网的关键系统，应定期进行渗透测试（道德黑客测试），以评估所采取安全措施的充分性，并识别系统安全中的漏洞。这应包括未经授权方获得系统及其数据的访问和控制权限的可能性。应验证并监控该流程的有效性。识别出的漏洞，尤其是与数据完整性潜在丢失相关的漏洞，应及时处理和缓解。
15.20.Encryption. When remotely connecting to systems over the internet, a secure and encrypted protocol should be used.15.20. 加密：通过互联网远程连接到系统时，应使用安全且加密的协议。
 

16. Backup16. 备份
16.1. Regular backup. Data and metadata should be regularly backed up following established Page 15 of 19 procedures to prevent the loss of data in case of accidental or deliberate change or deletion, loss as the result of a malfunction or corruption, e.g. as the result of a cyber-attack.16.1. 定期备份：应按照既定程序定期备份数据和元数据，以防止在意外或故意更改、删除，或因故障、损坏（如网络攻击导致的情况）而丢失数据时出现数据丢失。
16.2. Frequency and retention. The frequency, retention period and storage of backups is critically important to the effectiveness of the process to mitigate the loss of data. Backups should be made at suitable intervals (e.g. hourly, daily, weekly and monthly) and their retention determined through a risk-based approach (e.g. correspondingly a week, a month, a quarter, and years).16.2. 频率与保留期限：备份的频率、保留期限和存储方式对于减轻数据丢失影响的流程有效性至关重要。应按合适的间隔（如每小时、每天、每周、每月）进行备份，并通过基于风险的方法确定其保留期限（如相应地为一周、一个月、一个季度、数年）。
16.3.Physical separation. Backups should be physically separated from the server or computer holding the original data and stored at a safe distance from this, to prevent that both would be impacted by the same incident.16.3. 物理隔离：备份应与存储原始数据的服务器或计算机进行物理隔离，并存储在与其有安全距离的位置，以防止两者因同一事件受到影响。
16.4.Logical separation. Backups should not be stored at the same logical network as the original data to avoid simultaneous destruction or alteration.16.4. 逻辑隔离：备份不应与原始数据存储在同一逻辑网络中，以避免同时遭到破坏或篡改。
16.5. Scope. Depending on the criticality and urgency for recovery after an incident, applications and system configurations may also need to be backed up.16.5. 范围：根据事件发生后恢复的关键性和紧迫性，应用程序和系统配置可能也需要进行备份。
16.6. Restore test. Restore of data from backup should be tested and documented based on risk  during system validation and after changes are made to the backup or restore processes and tools. Restore tests should be documented and include a verification that data is accessible on the system.16.6. 恢复测试：从备份中恢复数据的操作应基于风险进行测试并形成文件记录，测试应在系统验证期间以及备份或恢复流程、工具发生变更后开展。恢复测试应形成文件记录，且应包含对系统上数据可访问性的验证。
 

17. Archiving17. 归档
17.1. Read only. After completion of a process, e.g. release of a product, GMP data and metadata  (incl. audit trails) should be protected from deletion and changes throughout the retention period. This may be by changing its status to read-only in the system where the data was generated or captured, or by moving it to a dedicated archival system via a validated interface.17.1. 只读：在流程完成后（如产品放行），药品GMP数据和元数据（包括审计追踪 ）在整个保留期内应受到保护，防止被删除和更改。可通过在生成或捕获数据的系统中将其状态改为只读，或通过经验证的接口将其移至专用归档系统来实现。
17.2. Verification. When moving GMP data and metadata from one location to another in a system, or to a dedicated archival system, the integrity of the data should be verified by a high degree of certainty before any data is deleted, e.g. by means of a checksum. Where this is not possible, the completeness and integrity of the data should be verified manually. However, this verification does not alter the need for a validation of the archival and retrieval process, and of the systems and interfaces involved.17.2. 验证：当在系统内将 GMP 数据和元数据从一个位置移至另一个位置，或移至专用归档系统时，应在删除任何系统之前，通过高度可靠的方式（如借助校验和 ）验证数据的完整性。若无法采用这种方式，应手动验证数据的完整性和完备性。不过，这种验证并不免除对归档和检索流程以及所涉及系统和接口进行验证的需求。
17.3. Backup. If data is archived on a server (disk), it should be regularly backed up following the  same procedures as for live data (see 16 Backup). As for other backups, these should be physically and logically separated from the archived data.17.3. 备份：若数据归档在服务器（磁盘）上，应按照与实时数据相同的程序定期进行备份（见 16 备份 ）。与其他备份一样，这些备份应在物理和逻辑上与归档数据隔离。
17.4.Durability. If data is archived long-term on volatile storage media with limited durability (e.g. CD), this should follow a validated process. It should ensure that data is stored only for a verified duration according to vendor recommendations, and if necessary, transferred to new media in secure manner (see 16 Backup).17.4. 耐久性：若数据长期归档在耐久性有限的易失性存储介质（如 CD ）上，应遵循经验证的流程。应确保根据供应商建议仅在经过验证的期限内存储数据，且如有必要，以安全的方式转移到新介质上（见 16 备份 ）。
17.5. Retrieval. It should be possible to retrieve archived data and metadata in a format which allows searching and sorting of the data, or alternatively, to allow export of the data to a Page 16 of 19 tool where this is possible.17.5. 检索：应能够以允许对数据进行搜索和排序的格式检索归档数据和元数据，或者可将数据导出到具备该功能的工具中。
Glossary术语
ALCOA+An acronym for “attributable, legible, contemporaneous, original and accurate”, which puts additional emphasis on the attributes of being complete, consistent, enduring and available – implicit basic ALCOA principles.ALCOA+是“可归属、清晰、及时、原始、准确（attributable, legible, contemporaneous, original and accurate）” 的首字母缩写，额外强调了完整、一致、持久、可用这些属性 —— 是基本 ALCOA 原则的延伸内涵 。
Application应用程序
Software installed on a defined platform/hardware providing specific functionality.用程序安装在特定平台 / 硬件上、具备特定功能的软件 。
Audit trail审计追踪

In computerised systems, an audit trail is a secure, computer generated, time-stamped electronic record that allows reconstruction of the events relating to the creation, modification, or deletion of an electronic record.

在计算机化系统中，审计追踪是安全的、由计算机生成并带有时间戳的电子记录，可用于还原与电子记录的创建、修改或删除相关的事件过程。
Backup备份
Provisions made for the recovery of data files or software, for the restart of processing, or for the use of alternative computer equipment after a system failure or disaster.为在系统故障或灾难发生后恢复数据文件、软件、重启处理流程或使用备用计算机设备而做的准备工作。
Change control变更控制
Ongoing evaluation and documentation of system operations and changes to determine whether the actual changes might affect a validated status of the computerised system. The intent is to determine the need for action that would ensure that the system is maintained in a validated state.对系统操作和变更进行持续评估并记录，以确定实际变更是否可能影响计算机化系统的验证状态。目的是确定是否需要采取行动，确保系统维持在验证状态。
Commercial off-the-shelf现成商用（产品）
Software or hardware is a commercial off-the-shelf (COTS) product if provided by a vendor to the general public, if available in multiple and identical copies, and if implemented by the test facility management without or with some customization.若软件或硬件由供应商提供给普通大众、有多个相同副本可用，且由测试机构管理方在无需定制或进行一定定制的情况下实施，则属于现成商用（COTS）产品 。
Computerised System计算机化系统
A computerised system is a function (process or operation) integrated with a computer system and performed by trained personnel. The function is controlled by the computer system. The controlling computer system is comprised of hardware and software. The controlled function is comprised of equipment to be controlled and operating procedures performed by personnel.计算机化系统是与计算机系统集成、由经过培训的人员执行的功能（流程或操作）。该功能由计算机系统控制。控制用计算机系统由硬件和软件组成。被控制功能由待控制的设备和人员执行的操作程序组成。
Configuration配置
A configuration is an arrangement of functional units and pertains to the choice of hardware, software and documentation. It affects function and performance of the system.配置是功能单元的一种安排，涉及硬件、软件和文件的选择。它会影响系统的功能和性能。
Customisation定制
A computerised system individually designed to suit a specific business process.为适应特定业务流程而单独设计的计算机化系统。
Electronic record电子记录
Any combination of text, graphics, data, audio, pictorial, or other information representation in digital form that is created, modified, maintained, archived, retrieved, or distributed by a computer system.由计算机系统创建、修改、维护、归档、检索或分发的，以数字形式呈现的文本、图形、数据、音频、图片或其他信息表示的任意组合。
Infrastructure基础设施
The hardware and software such as networking software and operation systems, which makes it possible for the application to function.使应用程序能够运行的硬件和软件，如网络软件和操作系统。
Migration迁移
Data migration is the activity of e.g. transporting electronic data from one computer system to another, transferring data between storage media or simply the transition of data from one state to another [e.g. conversion of data to a different format]. The term “data” refers to “raw data” as well as “metadata”.数据迁移是指诸如将电子数据从一个计算机系统传输到另一个系统、在存储介质之间传输数据，或简单地将数据从一种状态转换为另一种状态（如将数据转换为不同格式）的活动。“数据” 一词既指 “原始数据”，也指 “元数据”。
Multifactor authentication (MFA)多因素认证（MFA）
A combination of two of the three factors: something you know (e.g. a password), something you have (e.g. a phone or smartcard) or something you are (biometrics).以下三种因素中两种的组合：你知道的东西（如密码）、你拥有的东西（如手机或智能卡）或你的生物特征（生物识别）。
Operating system操作系统
A program or collection of programs, routines and sub-routines that controls the operation of a computer. An operating system may provide services such as resource allocation, scheduling, input/output control, and data management.控制计算机操作的一个程序或一组程序、例程和子例程。操作系统可提供资源分配、调度、输入 / 输出控制和数据管理等服务。
Qualification确认
Action of verifying that the system (including hardware and software) is effectively designed, installed, commissioned, and operates correctly. Refer to Computer system Validation验证系统（包括硬件和软件）经过有效设计、安装、调试且能正确运行的活动。参考计算机系统验证。
Regulated user受监管用户
A company regulated under GMP.受GMP监管的公司。
Specification规范
A document that specifies, in a complete, precise, verifiable manner, the requirements, design, behaviour, or other characteristics of a system or component, and often, the procedures for determining whether these provisions have been satisfied.以完整、精确、可验证的方式规定系统或组件的要求、设计、行为或其他特征的文件，通常还规定确定这些规定是否得到满足的程序。
Test case测试用例
A set of test inputs, execution conditions, and expected results developed for a particular objective, such as to exercise a particular program path or to verify compliance with a specific requirement.为特定目标（如执行特定程序路径或验证是否符合特定要求）而编制的一组测试输入、执行条件和预期结果。
User用户
An individual user at a company regulated under GMP.受GMP监管的公司中的具体用户。
User requirement specifications (URS)用户需求规范（URS）
User requirement specifications define in writing what the user expects the computerised system to be able to do.用户需求规范以书面形式规定用户期望计算机化系统具备的功能。
Validation验证
Action of proving that a process leads to the expected results. Validation of a computerised system requires ensuring and demonstrating the fitness for its purpose.证明一个流程能产生预期结果的活动。计算机化系统的验证需要确保并证明其适合预定用途。
Verification确认
Confirmation, through the provision of objective evidence that specified requirements have been fulfilled.通过提供客观证据，证实规定要求已得到满足的活动。

 

来源：Internet

关键词： 计算机化系统