《PIC／S 受法規(guī)約束的GMP和GDP環(huán)境下數(shù)據(jù)管理和完整性優(yōu)良規(guī)范（中英文）》由會員分享，可在線閱讀，更多相關《PIC／S 受法規(guī)約束的GMP和GDP環(huán)境下數(shù)據(jù)管理和完整性優(yōu)良規(guī)范（中英文）（96頁珍藏版）》請在裝配圖網(wǎng)上搜索。

PIC/S 受法規(guī)約束的GMP/GDP環(huán)境下數(shù)據(jù)管理和完整性優(yōu)良規(guī)范（中英文） PIC/S GUIDANCE PIC/S指南 PIC/S：國際藥品監(jiān)查合作計劃 GOOD PRACTICES FOR DATA MANAGEMENT AND INTEGRITY IN REGULATED GMP/GDP ENVIRONMENTS 受法規(guī)約束的GMP/GDP環(huán)境下數(shù)據(jù)管理和完整性優(yōu)良規(guī)范 PIC/S August 2016 2016年8月 Reproduction prohibited for commercial purposes. Reproduction for internal use is authorised, provided that the source is acknowledged.  TABLE OF CONTENTS目錄 1. Document history 文件歷史 2. Introduction 引言 3. Purpose 目的 4. Scope 范圍 5. Data governance system 數(shù)據(jù)管理系統(tǒng) 5.1 What is data governance 什么是數(shù)據(jù)管理 5.2 Data governance systems 數(shù)據(jù)管理系統(tǒng) 5.3 Risk management approach to data governance 數(shù)據(jù)管理的風險管理方法 5.4 Data criticality 數(shù)據(jù)關鍵度 5.5 Data risk 數(shù)據(jù)風險 5.6 Data governance system review 數(shù)據(jù)管理體系審核 6. Organisational influences on successful data integrity management 公司對數(shù)據(jù)完整性管理成功與否的影響 6.1 General 概述 6.2 Code of ethics and policies 道德和方針準則 6.3 Quality culture 質(zhì)量文化 6.4 Modernising the Pharmaceutical Quality Management System 藥物質(zhì)量管理體系現(xiàn)代化 6.5 Regular management review of quality metrics 質(zhì)量尺度的定期管理評審 6.6 Resource allocation 資源配置 6.7 Dealing with data integrity issues found internally 內(nèi)部發(fā)現(xiàn)的數(shù)據(jù)完整性問題處理 7. General data integrity principles and enablers 一般數(shù)據(jù)完整性原則和推進者 8. Specific data integrity considerations for paper-based systems 紙質(zhì)系統(tǒng)特定數(shù)據(jù)完整性考慮 8.1 Structure of QMS and control of blank forms/templates/records QMS結構和空白表格/模板/記錄的控制 8.2 Why is the control of records important? 為什么記錄的控制如此重要？ 8.3 Generation, distribution and control of template records 模板式記錄的產(chǎn)生、分發(fā)和控制 8.4 Expectations for the generation, distribution and control of records 產(chǎn)生、分發(fā)和控制記錄的要求 8.5 Use and control of records within production areas 生產(chǎn)區(qū)域內(nèi)記錄的使用和控制 8.6 Filling out records 記錄填寫 8.7 Making corrections on records 記錄更正 8.8 Verification of records 記錄核查 8.9 Maintaining records 記錄維護 8.10 Direct print-outs from electronic systems 從電子系統(tǒng)中直接打印出的記錄 8.11 True copies 真實備份 8.12 Limitations of remote review of summary reports 遠程審核報告摘要的局限性 8.13 Document retention 文件保存 8.14 Disposal of original records 原始記錄的廢棄 9. Specific data integrity considerations for computerised systems 計算機化系統(tǒng)特定數(shù)據(jù)完整性考慮 9.1 Structure of QMS and control of computerised systems QMS結果和計算機化系統(tǒng)的控制 9.2 Qualification and validation of computerised systems 計算機化系統(tǒng)的確認和驗證 9.3 System security for computerised systems 計算機化系統(tǒng)的系統(tǒng)安全 9.4 Audit trails for computerised systems 計算機化系統(tǒng)的審計追蹤 9.5 Data capture/entry for computerised systems 計算機化系統(tǒng)的數(shù)據(jù)捕獲/輸入 9.6 Review of data within computerised systems 計算機化系統(tǒng)內(nèi)的數(shù)據(jù)審核 9.7 Storage, archival and disposal of electronic data 電子數(shù)據(jù)的存貯、歸檔和廢棄 10. Data integrity considerations for outsourced activities 外包活動的數(shù)據(jù)完整性考慮 10.1 General supply chain considerations 一般供應鏈考慮 10.2 Routine document verification 日常文件核查 10.3 Strategies for assessing data integrity in the supply chain 供應鏈中數(shù)據(jù)完整性評估策略 11. Regulatory actions in response to data integrity findings 數(shù)據(jù)完整性缺陷引發(fā)的法規(guī)行動 11.1 Deficiency references 缺陷參考 11.2 Classification of deficiencies 缺陷分類 12. Remediation of data integrity failures 數(shù)據(jù)完整性失敗時的彌補方法 12.1 Responding to significant data integrity issues 對重大數(shù)據(jù)完整性問題響應 12.2 Indicators of improvement 改善指標 13. Definitions 定義 14. Revision history 版本歷史  1 DOCUMENT HISTORY文件歷史 Draft 1 of PI 041-1 presented to the PIC/S Committee at its meeting in Manchester 4-5 July 2016 曼徹斯特會議期間PI 041-1草案提交給PIC/S委員會 2016年7月4-5日 Consultation of PIC/S Participating Authorities on publication of the Good Practices as a draft and implementation on a trial basis 18 July – 31 July 2016 公布PIC/S草案征求參與藥監(jiān)機構意見及試行 2016年7月18日—31日 Minor edits to Draft 1 1 – 9 August 2016 第1版本草案輕微修訂 2016年8月1-9日 Publication of Draft 2 on the PIC/S website 10 August 2016 第2版本草案在PIC/S網(wǎng)站上公布 2016年8月10日 Implementation of the draft on a trial basis and comment period for PIC/S Participating Authorities 10 August 2016 – 28 February 2017 試驗實施和征求PIC/S參與藥監(jiān)機構意見階段 2016年8月10日- 2017年2月28日 Review of comments by PIC/S Participating Authorities … PIC/S參與藥監(jiān)機構審核所收到的意見 Finalisation of draft … 草稿定稿 Adoption by Committee ofPI 041-1 [Date] PI 041-1被委員會采納 Entry into force ofPI 041-1 [Date] PI 041-1生效 2 INTRODUCTION引言 2.1 PIC/S Participating Authorities regularly undertake inspections of manufacturers and distributors of API and medicinal products in order to determine the level of compliance with GMP/GDP principles. These inspections are commonly performed on-site however may be performed through the remote or off-site evaluation of documentary evidence, in which case the limitations of remote review of data should be considered. PIC/S參與藥監(jiān)機構定期對原料藥和制劑生產(chǎn)商和銷售商進行檢查，以確定其GMP/GDP符合性水平。這些檢查通常是在現(xiàn)場實施，但也可以通過遠程或離廠文件證據(jù)評估進行，這時要考慮遠程數(shù)據(jù)審核的局限性。 2.2 The effectiveness of these inspection processes is determined by the veracity of the evidence provided to the inspector and ultimately the integrity of the underlying data. It is critical to the inspection process that inspectors can determine and fully rely on the accuracy and completeness of evidence and records presented to them. 這些檢查流程的有效性是由提供給檢查員的證據(jù)的真實性所決定的，并最終決定于數(shù)據(jù)背后的完整性。檢查員可以確定并完全依賴呈交給他們的證據(jù)和記錄的完整性和準確性對于檢查過程來說非常關鍵。 2.3 Good data management practices influence the integrity of all data generated and recorded by a manufacturer and these practices should ensure that data is accurate, complete and reliable. While the main focus of this document is in relation to data integrity expectations, the principles herein should also be considered in the wider context of good data management. 優(yōu)良數(shù)據(jù)管理規(guī)范影響生產(chǎn)商所產(chǎn)生和記錄的所有數(shù)據(jù)，這些做法應能保證數(shù)據(jù)是準確的、完整的和可靠的。盡管此文件主要關注的是數(shù)據(jù)完整性要求，在更廣的優(yōu)良數(shù)據(jù)管理環(huán)境下也應考慮此指南所述原則。 2.4 Data Integrity is defined as “the extent to which all data are complete, consistent and accurate, throughout the data lifecycle”[1]1 and is fundamental in a pharmaceutical quality system which ensures that medicines are of the required quality. Poor data integrity practices and vulnerabilities undermine the quality of records and evidence, and may ultimately undermine the quality of medicinal products. 數(shù)據(jù)完整性定義為“所有數(shù)據(jù)在整個生命周期均完整、一致和準確的程度”，它在藥物質(zhì)量體系中是基本的要求，它確保藥品具備所需的質(zhì)量。不良的數(shù)據(jù)完整性做法和弱點會削弱記錄和證據(jù)的質(zhì)量，并最終可能破壞藥品質(zhì)量。 2.5 Data integrity applies to all elements of the Quality Management System and the principles herein apply equally to data generated by electronic and paper-based systems. 數(shù)據(jù)完整性適用于質(zhì)量管理體系的所有要素，此中原則等同適用于電子和紙質(zhì)系統(tǒng)產(chǎn)生的數(shù)據(jù)。 2.6 The responsibility for good practices regarding data management and integrity lies with the manufacturer or distributor undergoing inspection. They have full responsibility and a duty to assess their data management systems for potential vulnerabilities and take steps to design and implement good data governance practices to ensure data integrity is maintained. 數(shù)據(jù)管理和完整性優(yōu)良規(guī)范的職責由接受檢查的生產(chǎn)商或銷售商承擔。他們負有全部職責和義務來評估其數(shù)據(jù)管理體系，發(fā)現(xiàn)潛在弱點，設計和實施優(yōu)良數(shù)據(jù)管理規(guī)范來確保數(shù)據(jù)完整性得到維護。 3 PURPOSE目的 3.1 This document was written with the aim of: 本文件編制的目的是： 3.1.1 Providing guidance for inspectorates in the interpretation of GMP/GDP requirements in relation to data integrity and the conduct of inspections. 為檢查員提供與數(shù)據(jù)完整性相關的GMP/GDP要求詮釋及實施檢查相關指南。 3.1.2 Providing consolidated, illustrative guidance on risk-based control strategies which enable the existing requirements for data integrity and reliability as described in PIC/S Guides for GMP[2]and GDP[3]to be implemented in the context of modern industry practices and globalised supply chains. 對基于風險的控制策略提供詳細解說的整合指南，促使GMP和GDP的PIC/S指南中所述的現(xiàn)有數(shù)據(jù)完整性要求和可靠性在現(xiàn)代化工業(yè)做法和全球化供應鏈的環(huán)境下得到實施。 3.1.3 Facilitating the effective implementation of data integrity elements into the routine planning and conduct of GMP/GDP inspections; to provide a tool to harmonise GMP/GDP inspections and to ensure the quality of inspections with regards to data integrity expectations. 促進數(shù)據(jù)完整性要素在日常規(guī)劃和實施GMP/GDP檢查中有效實施，提供一個工具讓GMP/GDP檢查保持一致，保證數(shù)據(jù)完整性要求方面的檢查質(zhì)量。 3.2 This guidance, together with inspectorate resources such as aide memoire (for future development) should enable the inspector to make an optimal use of the inspection time and an optimal evaluation of data integrity elements during an inspection. 本指南與檢查團資源，例如備忘錄（用于進一步展開）一起讓檢查員優(yōu)化使用檢查時間，在檢查中更好地評估數(shù)據(jù)完整性要素。 3.3 Guidance herein should assist the inspectorate in planning a risk-based inspection relating to data integrity. 本指南應協(xié)助檢查組織規(guī)劃基于風險的數(shù)據(jù)完整性相關檢查。 3.4 This guide is not intended to impose additional regulatory burden upon regulated entities, rather it is intended to provide guidance on the interpretation of existing PIC/S GMP/GDP requirements relating to current industry practice. 本指南無意對受法規(guī)規(guī)范的主體形成強制的法規(guī)責任，它意在為目前行業(yè)規(guī)范相關的已有PIC/S GMP/GDP要求提供詮釋。 3.5 The principles of data integrity apply equally to both manual and computerized systems and should not place any restraint upon the development or adoption of new concepts or technologies. In accordance with ICH Q10 principles, this guide should facilitate the adoption of innovative technologies through continual improvement. 數(shù)據(jù)完整性原則等同適用于手動和計算機化系統(tǒng)，不應該對發(fā)展和采用新概念或技術形成限制。根據(jù)ICH Q10原則，本指南應有助于通過持續(xù)改進采納創(chuàng)新技術。 3.6 This version of the guidance is intended to provide a basic overview of key principles regarding data management and integrity. The PIC/S Data Integrity Working Group will periodically update, amend and review this guidance in light of inspectorate feedback, experience in using the guide and any other developments. 本版本指南意在為數(shù)據(jù)管理和完整性核心原則提供基本概貌。PIC/S數(shù)據(jù)完整性工作組將定期進行更新，根據(jù)檢查團的反饋、使用本指南的經(jīng)驗以及任何其它發(fā)展修訂和審核本指南。 4 SCOPE范圍 4.1 The guidance has been written to apply to both on-site and remote (desktop) inspections of those sites performing manufacturing (GMP) and distribution (GDP) activities. The guide should be considered as a non-exhaustive list of areas to be considered during inspection. 本指南適用于現(xiàn)場和遠程（桌面）檢查那些實施生產(chǎn)（GMP）和銷售（GDP）活動的場所。本指南應作為檢查期間要考慮領域的未盡清單。 4.2 Whilst this document has been written with the above scope, many principles regarding good data management practices described herein have applications for other areas of the regulated pharmaceutical and healthcare industry. 盡管此文件寫就時覆蓋上述范圍，但其中許多關于優(yōu)良數(shù)據(jù)管理規(guī)范的原則亦可應用于受法規(guī)規(guī)范的藥品和保健行業(yè)的其它領域。 4.3 This guide is not intended to provide specific guidance for “for-cause” inspections following detection of significant data integrity vulnerabilities where forensic expertise may be required. 本指南無意為重大數(shù)據(jù)完整性漏洞引起的“有因”檢查提供特定指南。在有因檢查中，可能需要具有調(diào)查技巧的專家。 5 DATA GOVERNANCE SYSTEM數(shù)據(jù)管理體系 5.1 What is data governance?什么是數(shù)據(jù)管理？ 5.1.1 Data governance is the sum total of arrangements which provide assurance of data integrity. These arrangements ensure that data, irrespective of the process, format or technology in which it is generated, recorded, processed, retained, retrieved and used will ensure a complete, consistent and accurate record throughout the data lifecycle. 數(shù)據(jù)管理是為數(shù)據(jù)完整性提供保障的所有安排的總和。這些安排保證數(shù)據(jù)，不管其產(chǎn)生、記錄、處理、保存、恢復和使用的過程、格式或技術如何，均能在數(shù)據(jù)的整個生命周期中保證完整、一致和準確的記錄。 5.1.2 The data lifecycle refers to how data is generated, processed, reported, checked, used for decision-making, stored and finally discarded at the end of the retention period. Data relating to a product or process may cross various boundaries within the lifecycle. This may include data transfer between manual and IT systems, or between different organisational boundaries; both internal (e.g. between production, QC and QA) and external (e.g. between service providers or contract givers and acceptors). 數(shù)據(jù)生命周期指數(shù)據(jù)如何產(chǎn)生、處理、報告、檢查、用于決策、存貯和在保存期結束后最終廢棄。與一個藥品或工藝相關的數(shù)據(jù)可能在其生命周期內(nèi)會穿越不同邊界。這可能包括手工和IT系統(tǒng)之間的數(shù)據(jù)轉(zhuǎn)移，不同公司界限之間的數(shù)據(jù)轉(zhuǎn)移，內(nèi)部（例如生產(chǎn)、QC和QA之間）和外部（例如，服務提供商或合同發(fā)包方和接受方之間）的數(shù)據(jù)轉(zhuǎn)移。 5.2 Data governance systems數(shù)據(jù)管理系統(tǒng) 5.2.1 Data governance systems should be integral to the pharmaceutical quality system described in PIC/S GMP/GDP. It should address data ownership throughout the lifecycle, and consider the design, operation and monitoring of processes / systems in order to comply with the principles of data integrity, including control over intentional and unintentional changes to, and deletion of information. 數(shù)據(jù)管理系統(tǒng)應整合于PIC/S GMP/GDP所述的藥物質(zhì)量體系中。它應該說明數(shù)據(jù)在其生命周期中的所有者身份，考慮對過程/系統(tǒng)進行設計、運行和監(jiān)測，以符合數(shù)據(jù)完整性原則，包括對有意和無意修改和刪除信息的控制。 5.2.2 The data governance system should ensure controls over data lifecycle which are commensurate with the principles of quality risk management. These controls may be: 數(shù)據(jù)管理系統(tǒng)應保證在數(shù)據(jù)生命周期進行控制?？刂茟c質(zhì)量風險管理原則相稱。這些控制可以是： lOrganisational從公司角度 nprocedures, e.g. instructions for completion of records and retention of completed paper records; n程序，例如，記錄完整的指令和完整紙質(zhì)記錄的保存； ntraining of staff and documented authorisation for data generation and approval; n培訓人員和記錄數(shù)據(jù)產(chǎn)生權限并批準； ndata governance system design, considering how data is generated recorded, processed retained and used, and risks or vulnerabilities are controlled effectively; n數(shù)據(jù)管理系統(tǒng)的設計應考慮數(shù)據(jù)是如何產(chǎn)生、記錄、處理、存貯和使用的，應對風險和漏洞進行有效控制； nroutine data verification; n日常數(shù)據(jù)核查； nperiodic surveillance, e.g. self-inspection processes seek to verifiy the effectiveness of the data governance policy. n定期監(jiān)管，例如自檢過程中核查數(shù)據(jù)管理方針的有效性。 lTechnical技術角度 ncomputerised system control, n計算機化系統(tǒng)控制 nAutomation n自動化 5.2.3 An effective data governance system will demonstrate Management’s understanding and commitment to effective data governance practices including the necessity for a combination of appropriate organisational culture and behaviours (section 6) and an understanding of data criticality, data risk and data lifecycle. There should also be evidence of communication of expectations to personnel at all levels within the organisation in a manner which ensures empowerment to report failures and opportunities for improvement. This reduces the incentive to falsify, alter or delete data. 一個有效的數(shù)據(jù)管理系統(tǒng)將證明管理者對有效數(shù)據(jù)管理規(guī)范的了解和承諾，包括適當?shù)墓疚幕托袨椋ǖ?部分）和對數(shù)據(jù)關鍵程度、數(shù)據(jù)風險和數(shù)據(jù)生命周期的了解。還應有證據(jù)證明在公司內(nèi)以一定方式將要求溝通傳達至各層次人員，保證更大的權力來報告失敗和改進機會。如此可以減少偽造、篡改和刪除數(shù)據(jù)的誘因。 5.2.4 The organisation’s arrangements for data governance should be documented within their Quality Management System and regularly reviewed. 公司對數(shù)據(jù)管理的安排應記錄在其質(zhì)量管理體系內(nèi)，并定期審核。 5.3 Risk management approach to data governance數(shù)據(jù)管理的風險管理方法 5.3.1 Senior management is responsible for the implementation of systems and procedures to minimise the potential risk to data integrity, and for identifying the residual risk, using the principles of ICH Q9. Contract Givers should perform a similar review as part of their vendor assurance programme, (refer section 10) 高級管理層對實施系統(tǒng)和程序以降低數(shù)據(jù)完整性潛在風險，識別殘留風險，使用ICH Q9原則承擔責任。合同發(fā)包方應實施類似的審核，作為其供應商保證計劃的一部分（參見第10部分）。 5.3.2 The effort and resource assigned to data governance should be commensurate with the risk to product quality, and should also be balanced with other quality resource demands. Manufacturers and analytical laboratories should design and operate a system which provides an acceptable state of control based on the data integrity risk, and which is fully documented with supporting rationale. 為數(shù)據(jù)管理所做的工作和所配置的資源應與產(chǎn)品質(zhì)量風險相稱，同時也要與其它質(zhì)量資源需求相平衡。生產(chǎn)商和分析化驗室應設計和運行一個體系，為數(shù)據(jù)完整性風險提供可接受的控制狀態(tài)，并全面記錄支持性原理。 5.3.3 Where long term measures are identified in order to achieve the desired state of control, interim measures should be implemented to mitigate risk, and should be monitored for effectiveness. Where interim measures or risk prioritisation are required, residual data integrity risk should be communicated to senior management, and kept under review. Reverting from automated / computerised to paper-based systems will not remove the need for data governance. Such retrograde approaches are likely to increase administrative burden and data risk, and prevent the continuous improvement initiatives referred to in paragraph 3.5. 如果認為需要采取長期措施，以達到想要的控制狀態(tài)，則應實施臨時措施來將緩解風險，并監(jiān)測其有效性。如果需要采取臨時措施或者是提高風險優(yōu)先度，則應與高級管理層溝通所殘留的數(shù)據(jù)完整性風險，保持審核。從自動化/計算機化轉(zhuǎn)化為紙質(zhì)系統(tǒng)不能解除對數(shù)據(jù)管理的需求。此種降解方式可能會增加行政負擔和數(shù)據(jù)風險，阻止第3.5段中提提出的持續(xù)改進倡議。 5.3.4 Not all data or processing steps have the same importance to product quality and patient safety. Risk management should be utilised to determine the importance of each data/processing step. An effective risk management approach to data governance will consider: 不是所有數(shù)據(jù)和處理步驟都對藥品質(zhì)量和患者安全具有等同的重要性。應使用風險管理來確定每個數(shù)據(jù)/處理步驟的重要性。對數(shù)據(jù)管理的有效風險管理方法應考慮： lData criticality (impact to decision making and product quality) and l數(shù)據(jù)關鍵程度（對制訂決策和產(chǎn)品質(zhì)量的影響）以及 lData risk (opportunity for data alteration and deletion, and likelihood of detection / visibility of changes by the manufacturer’s routine review processes). l數(shù)據(jù)篡改和刪除的數(shù)據(jù)風險（機會），修改被生產(chǎn)商的日常審核流程所發(fā)現(xiàn)/可見的可能性） From this information, risk proportionate control measures can be implemented. 從此信息中可知，可以實施與風險相當?shù)目刂拼胧? 5.4 Data criticality數(shù)據(jù)關鍵程度 5.4.1 The decision that data influences may differ in importance, and the impact of the data to a decision may also vary. Points to consider regarding data criticality include: 受數(shù)據(jù)影響的決策可能會在重要程度上有所有不同，數(shù)據(jù)對決策的影響度可能也不同。關于數(shù)據(jù)關鍵程度要考慮的要素包括： l??Which decision does the data influence?數(shù)據(jù)影響了什么決策？ For example: when making a batch release decision, data which determines compliance with critical quality attributes is of greater importance than warehouse cleaning records. 例如，當作出批放行決策時，確定符合關鍵質(zhì)量屬性的數(shù)據(jù)比倉庫清潔記錄要重要。 l??What is the impact of the data to product quality or safety?數(shù)據(jù)對藥品質(zhì)量或安全有什么影響？ For example: for an oral tablet, active substance assay data is of generally greater impact to product quality and safety than tablet friability data. 例如，對于口服特此證明，活性物質(zhì)含量數(shù)據(jù)一般要比脆碎度數(shù)據(jù)對藥品質(zhì)量和安全影響更大。 5.5 Data risk數(shù)據(jù)風險 5.5.1 Data risk assessment should consider the vulnerability of data to involuntary or deliberate alteration, falsification, deletion, loss or re-creation, and the likelihood of detection of such actions. Consideration should also be given to ensuring complete data recovery in the event of a disaster. Control measures which prevent unauthorised activity, and increase visibility / detectability can be used as risk mitigating actions. 數(shù)據(jù)完整性應考慮數(shù)據(jù)在有意和無意修改、偽造、刪除、丟失或重新創(chuàng)建，以及被察覺可能性方面的弱點。還要考慮保證在災難發(fā)生時恢復完整數(shù)據(jù)。防止未經(jīng)授權的活動，增加可視性/檢出能力的控制措施可以用作風險降低措施。 5.5.2 Examples of factors which can increase risk of data integrity failure include complex, inconsistent processes with open ended and subjective outcomes. Simple tasks which are consistent, well defined and objective lead to reduced risk. 可能會增加數(shù)據(jù)完整性失敗的風險的因素例子包括復雜的不一致的工藝，有開放型結果和主觀結果。定義明確、客觀、一致的簡單任務則會降低風險。 5.5.3 Risk assessments should focus on a business process (e.g. production, QC), evaluate data flows and the methods of generating data, and not just consider IT system functionality or complexity. Factors to consider include: 風險評估應關注一個業(yè)務流程（例如，生產(chǎn)、QC），評估數(shù)據(jù)流和數(shù)據(jù)產(chǎn)生方法，而不僅是評估IT系統(tǒng)功能和復雜性。要考慮的因素包括： lProcess complexity; l工藝復雜性； lMethods of generating, storing and retiring data and their ability to ensure data accuracy, legibility, indelibility; l數(shù)據(jù)生成、存貯和退役的方法以及其保證數(shù)據(jù)準確性、清晰、不能消除的能力； lProcess consistency and degree of automation / human interaction; l工藝一致性和自動/人工互動程度； lSubjectivity of outcome / result (i.e. is the process open-ended or well defined?); and l結果的主觀性（即工藝是開放式的還是明確定義的；以及 lThe outcome of a comparison between of electronic system data and manually recorded events could be indicative for malpractices (e.g. apparent discrepancies between analytical reports and raw-data acquisition times). l電子系統(tǒng)數(shù)據(jù)和人工記錄事件之間比較的結果可能對于不良規(guī)范來說具有指示性（例如，分析報告和原始數(shù)據(jù)獲得時長之間有明顯的差距）。 5.5.4 For computerised systems, manual interfaces with IT systems should be considered in the risk assessment process. Computerised system validation in isolation may not result in low data integrity risk, in particular when the user is able to influence the reporting of data from the validated system. 對于計算機化系統(tǒng)，在風險評估過程中應考慮人工與IT系統(tǒng)的界面。計算機化系統(tǒng)驗證單獨可能不會導致較低的數(shù)據(jù)完整性風險，尤其是當用戶可以影響來自經(jīng)過驗證的系統(tǒng)中的數(shù)據(jù)報告時。 5.5.5 Critical thinking skills should be used by inspectors to determine whether control and review procedures effectively achieve their desired outcomes. An indicator of data governance maturity is an organisational understanding and acceptance of residual risk, which prioritises actions. An organisation which believes that there is ‘no risk’ of data integrity failure is unlikely to have made an adequate assessment of inherent risks in the data lifecycle. The approach to assessment of data lifecycle, criticality and risk should therefor