审计追踪审核,是否都是必须?
Audit Trail Review for Devices with "StandardAudit Trail"
Functions
具有"标准审计追踪"功能的设备的审计追踪审核
Devices andequipment often have standard audit trail functions.There is a huge amount of data being recorded (on/off), and only a fraction ofthis data is critical and relevant for audit trail reviews. What is the best way to proceed witha review?
设备通常具有标准审计追踪功能。大量的数据(开/关)被记录,其中只有一小部分数据是关键,并需要审计追踪审核的。这种审核的最佳方法是什么?
SolutionApproach
解决方案
Especially withregard to the audit trail, the view has changed. Before the revision of the EUGMP Guideline Annex 11, the general view was that of the conservation ofevidence in order to have further data available in case of a deviation.Statements made by the US American FDA in its dockets also nourished this view:"Audit Trail... we may use it for anuseful purpose e.g prosecution". Consequently, the emphasis inthe software was not put on later evaluability, but on the recording. For thisreason, the audit trail data was simply stored sequentially in tables.
特别是在审计追踪方面,现在观点发生了变化。在修订欧盟GMP附录11之前,一般的看法是保存证据,以便在出现偏差时获得进一步的数据。美国FDA在其诉讼档案上的声明也滋养了这种观点:"审计追踪...我们可能会在需要是使用它,如诉讼"。因此,软件的重点不是后来的可评价性,而是记录。因此,审计追踪数据只是按顺序存储在表中。
So far thereare only a few systems that fully support the new requirements. Now, with theadditional demand also after the reason of the change, there are furtherdemands on the systems and also further sorting criteria. In addition, it hasbeen clarified that the audit trail can be limited using a risk-based approach.Here, the opportunity lies in the limitation to the essential data. What theseare is described both in Annex 11 §9 and in Chapter 4 of the EU GMP Guidelines.Further information can be found in the "Aide-Memoire" (Aide-mémoire 07121202) publishedin the German ZLG, where the following quotation can be found:
到目前为止,只有少数系统完全支持新的要求。现在,随着需求增加的原因,对系统有进一步的要求,也进一步整理了标准。此外,已经明确可以使用基于风险的方法进行审计追踪。在这里,机会在于对基本数据的限制。欧盟GMP附录11和附录9以及第4章都介绍了这些内容。更多信息见德国ZLG发布的"备忘录"(备忘录07121202),其中可找到以下引文:
S. 26 2.4.5 Audit Trails - "1 - Based on a risk assessment, considerationshould be given to integrating the recording of all GMP relevant changes anddeletions into the system (a system generated "audit trail"). 2 - IfGMP relevant data are changed or deleted, the reason should be documented. 3 -Audit Trails must be available, must be able to be converted into a generallyreadable form and must be checked regularly".
S. 26 2.4.5 审计追踪 - "1 - 根据风险评估,应考虑将所有 GMP 相关更改和删除的记录集成到系统中(系统生成的"审计追踪")。2 - 如果更改或删除 GMP 相关数据,应记录原因。3 - 审核追踪必须可用,必须能够转换为一般可读的表单,并且必须定期检查"。
It is thereforeadvisable to first derive the definition of the relevant data for the audittrail from the definition of the raw data, and then to determine for which dataa review must be performed and which criteria of the assessment must becreated. This is in line with the requirements of Chapter 4, where it is statedthat at least the data on which a quality decision is based must be named asraw data.
因此,建议首先从原始数据的定义中得出审计追踪相关数据的定义,然后确定必须对哪些数据执行审核以及必须创建哪些评估标准。这符合第 4 章的要求,其中指出,至少用于质量决策的数据必须作为原始数据。
As the data itselfis usually not changeable even in the case of control systems (PLC) and processcontrol systems, it can also be argued, if necessary, that no audit trail iscarried out, precisely because the data cannot be changed. However, thisargumentation must be supported by appropriate validation with evidence of theraw data protected by proprietary formats or strong access protection. Thismeans that there must be test scenarios that prove that these defined raw datacannot be changed accidentally or with simple effort.
对于控制系统(PLC)和过程控制系统,由于数据本身通常不可修改,也有声音表示:没有必要执行审计追踪,因为数据无法修改。但是,此论证必须得到适当的验证支持,并证明原始数据受专有格式或健壮的访问保护。这意味着必须有测试方案来证明这些定义的原始数据不会被意外或轻易更改。
For suchsystems that do not have an audit trail, the Aide-Mémoire mentioned abovepoints out that for legacy systems without an audit trail, in exceptional casesit can be regulated, e.g. by an SOP, to document the corresponding change in alogbook and have this verified by a second person. It should be noted here thatonly those systems are defined as old systems that were installed before Annex11 (1992) came into force (see Aide-Mémoire 07121202, page 28, running no.2.4.5.9). There you will also find the sentence: "First of all it must be clarified whether data can be changed at all (e.g.electronic recorders). If not, no audit trail is required."
对于没有审计追踪的系统,上述备忘录指出,对于没有审计追踪的旧系统,在特殊情况下,可以由SOP 监管,以在日志中记录相应的更改,并由第二人进行确认。这里应当指出,这些系统被定义为在附录11(1992年)生效之前安装的旧系统(见备忘录07121202,第28页,第2.4.5.9页)。在那里,还将找到以下句子:"首先,必须明确数据是否可以更改(例如电子记录)。如果不能,则不需要审计追踪。
For those systemswhere there is a simple audit trail, a reporting tool should be used to performthe query based on the definition of the raw data. As a minimum, the entriesthat belong to process values that are needed for a quality decision should bedisplayed. If the data, e.g. temperatures, are directly related to the batchrelease, it should be checked whether the associated audit trail must also beevaluated before the batch isreleased. In systems that also record the reason for the change, groups can besorted by reason and clusters can be recorded and valuated according to reason.The evaluation should always be prioritized according to the risk for theproduct and thus the patient. In the second instance, the accumulation ofreasons can also give cause to question technical defects.
对于存在简单审计追踪的系统,应使用报告工具根据原始数据的定义进行查询。至少,应能够显示与用于质量决策的工艺数值相关的项目。如果数据(例如温度)与批放行直接相关,应在批放行前检查相关的审计追踪。在修改原因也进行记录的系统中,可以按原因筛选,然后可以根据原因进行记录和评估。评估应始终根据产品的风险,从而根据患者的风险进行优先级评估。在第二种情况下,可以根据原因的积累改进技术缺陷。
It is notpossible to derive from the laws and guidelines themselves the requirement fora technical audit trail which gives reason for virtually all configurations andrecords them in the audit trail. The change control procedure exists for theseprocesses. Consequently, no reviews of this data are expected at this point.However, this view is not uncontroversial, since many companies and also someinspectors derive the requirement for monitoring the configuration (technicalaudit trail) from the Data Integrity Guidancerecently published. Here, each company must decide for itself what acceptancerisk is taken. It seems appropriate to take a risk-based approach here as well.Since a configuration always has an impact on the future and does not changeany data already recorded, this should serve as an approach to decide wheremonitoring of the software itself is or is not necessary. This is certainlydifferent for an HPLC than for a controller. However, if the configurationparameters (e.g. limit values and set points) are known and printed out, forexample, the data generated from them can also be evaluated in context. Not toforget that in general a rigid change control applies which, if necessary, alsoproves with a regression test that the new configuration meets therequirements. Another aspect is that the cycles of the review for the technicalpart are certainly different from cycles for the data review, where undercertain circumstances the audit trail should be considered for each batchrelease (e.g. MES), depending on the risk for the release and thus for thepatient. A final note on this point is that many systems do not currentlysupport the "technical audit trail", especially for individualcontrols. The good news is that changes are rather rare here and a well-running,validated process is changed more rarely. The control here is done by a rigidchange control and the periodic review which also records the incidents andlogbook entries.
法律和指南本身没有对技术方面的审计追踪(所有配置修改的原因并将其记录在审计追踪中)的要求。这些过程可以使用变更控制程序。因此,目前不要求对此数据进行任何审查。但是,这种观点并非没有争议,因为许多公司以及一些检查员从最近发布的《数据完整性指南》中得出了需要对配置进行监测(技术方面的审计追踪)的要求。这里,每个公司必须自行决定接受什么样的风险。这里也应该采取基于风险的方法。由于配置始终会对未来产生影响,并且不会对已记录的任何数据进行更改,因此,这应作为一种方法来确定是否需要监测软件本身。这对于HPLC而言,与控制器是不同的。但是,例如,如果已知并打印出配置参数(例如限值和设定点),则由它们生成的数据也可以在此环境中进行评估。不要忘记,通常会进行严格的变更控制,如果需要,还可以通过回归测试证明新的配置符合要求。另一方面是技术部分的审核周期与数据审核的周期肯定不同,在某些情况下,应根据对放行和患者的风险,考虑每次批放行进行数据审核(例如MES)。关于这一点的最后一点是,许多系统当前不支持“技术方面的审计追踪”,尤其是对于独立的控制器。好消息是,这里的修改很少,而运行良好且经过验证的工艺很少更改。这里的控制是通过严格的变更控制和定期检查事件和日志条目来完成的。
It should benoted that the guidelines always assume that values have changed, so theinitial entry only records who entered it, in the sense of a hand signal forpaper documents. This distinction is very well described in Vote V1100302.There it says in section B, second last paragraph: "Automatic logging ofthe user is suitable to replace a hand signal".
In order tomeet the requirement for audit trail review, further technical functions willbe necessary in the future, which, for example, allow configurable selectionmenus for determining the reason for the change and also offer standard reportsand at least descriptive statistics.
应当指出,指南始终假定数值已更改,因此初始条目仅记录输入该值的人,即纸质文档的手信号。这种区别在Vote V1100302中有很好描述。在B部分中,最后一段:"用户自动记录可以代替手动信号"。为了满足审计追踪审核的要求,今后还需要进一步的技术功能,例如,允许可配置的选择菜单来确定更改的原因,并提供标准报告和至少描述性统计数据。