药品记录与数据管理要求(试行)
Requirementsfor Drug Records and Data Management (Trial)
第一章 总 则
Chapter I General Rules
第一条Article 1
为规范药品研制、生产、经营、使用活动的记录与数据管理,根据《中华人民共和国药品管理法》《中华人民共和国疫苗管理法》《中华人民共和国药品管理法实施条例》等法律、行政法规,制定本要求。
In order to regulate the record and data management of drug research and development, production, marketing and use activities, this requirement is formulated in accordance with the Drug Administration Law of the People's Republic of China, Vaccine Administration Law of the People's Republic of China, Implementation Regulations of Drug Administration Law of the People's Republic of China and other laws and administrative regulations.
第二条Article 2
在中华人民共和国境内从事药品研制、生产、经营、使用活动中产生的,应当向药品监督管理部门提供的记录与数据,适用本要求。
These requirements shall apply to the records and data generated in the research and development, production, marketing and use of drugs within the territory of the People's Republic of China, which shall be provided to the drug supervision and administration office.
第三条Article 3
数据是指在药品研制、生产、经营、使用活动中产生的反映活动执行情况的信息,包括:文字、数值、符号、影像、音频、图片、图谱、条码等;记录是指在上述活动中通过一个或多个数据记载形成的,反映相关活动执行过程与结果的凭证。
Data refers to the information generated in drug research and development, production, management and use activities to reflect the implementation ofactivities, including: characters, values, symbols, images, audio, pictures, spectra, bar codes, etc.; Records refer to the vouchers formed by one or more data records in the above activities, which reflect the execution process and results of related activities.
第二章 基本要求
Chapter II Basic Requirements
第四条 Article 4
记录可以根据用途,分为台账、日志、标识、流程、报告等不同类型。从事药品研制、生产、经营、使用活动,应当根据活动的需求,采用一种或多种记录类型,保证全过程信息真实、准确、完整和可追溯。
Records can be divided into following category, log, identification, process, report and other different types according to their purposes. Engaged in drug research and development, production, management and use activities, should be based on the needs of activities, using one or more types of records, to ensure that the whole process of information is true, accurate, complete and traceable.
记录载体可采用纸质、电子或混合等一种或多种形式。
The record carrier can take one or more forms such as paper, electronic or hybrid.
第五条Article 5
采用计算机(化)系统生成记录或数据的,应当采取相应的管理措施与技术手段,确保生成的信息真实、准确、完整和可追溯。
Where a computer (computerized) system is used to generate records or data, corresponding management measures and technical means shall be taken to ensurethat the generated information is true, accurate, complete and traceable.
第六条Article 6
电子记录至少应当实现原有纸质记录的同等功能,满足活动管理要求。
Electronic records shall at least achieve the same functions as the original paper records and meet the requirements of activity management.
对于电子记录和纸质记录并存的情况,应当在相应的操作规程和管理制度中明确规定作为基准的形式。
For the coexistence of electronic records and paper records, the primary record type should be clearly defined in the corresponding operating procedures and management systems.
第七条Article 7
应当根据记录的用途、类型与形式,制定记录管理规程,明确记录管理责任,规范记录的控制方法。
Records management regulations shall be formulated according to the purposes, types and forms of records, the responsibilities of records management shall beclarified, and the control methods of records shall be standardized.
第八条Article 8
数据的采集、处理、存储、生成、检索、报告等活动,应当满足相应数据类型的记录填写或数据录入的要求,保证数据真实、准确、完整和可追溯。
Data collection, processing, storage, generation, retrieval, reporting and otheractivities, should meet the requirements of the corresponding data types ofrecord filling or data entry, to ensure that the data is true, accurate, complete and traceable.
第九条Article 9
根据数据的来源与用途,可将数据分为基础信息数据、行为活动数据、计量器具数据、电子数据及其它类型数据,不同类型的数据应当采用适当的管理措施与技术手段。
According to the sources and intended use of data, data can be divided intomaster data, activity data, measuring instrument data, electronic data andother types of data. Appropriate management measures and technical means should be adopted for different types of data.
第十条Article 10
从事记录与数据管理的人员应当接受必要的培训,掌握相应的管理要求与操作技能,遵守职业道德守则。
Personnel involved in record and data management should receive necessary training, master the corresponding management requirements and operational skills, andabide by the professional ethics code.
第十一条Article 11
通过合同约定由第三方产生的记录与数据,应当符合本要求规定,并明确合同各方的管理责任。
The records and data produced by a third party as agreed in the contract shallcomply with the requirements and specify the management responsibilities of allparties to the contract.
第三章 纸质记录管理要求
Chapter III Management Requirements for Paper Records
第十二条Article 12
记录文件的设计与创建应当满足实际用途,样式应当便于识别、记载、收集、保存、追溯与使用,内容应当全面、完整、准确反映所对应的活动。
The design and creation of record documents shall meet the practical purpose, the style shall be easy to identify, record, collect, preserve, trace and use, and the contents shall reflect the corresponding activities comprehensively, completely and accurately.
第十三条Article 13
应当规定记录文件的审核与批准职责,明确记录文件版本生效的管理要求,防止无效版本的使用。
The responsibilities of review and approval of record documents shall bestipulated, and the management requirements for the effective version of recorddocuments shall be made clear to prevent the use of invalid versions.
第十四条Article 14
记录文件的印制与发放应当根据记录的不同用途与类型,采用与记录重要性相当的受控方法,防止对记录进行替换或篡改。
The printing and distribution of record documents shall be based on differentuses and types of records, and controlled methods should be aligned with theimportance of records shall be adopted to prevent records from being replacedor tampered with.
第十五条Article 15
应当明确记录的记载职责,不得由他人随意代替,并采用可长期保存、不易去除的工具或方法。
The recording duties of records shall be clearly defined, and shall not bereplaced by others at will, and tools or methods that can be preserved for along time and are not easy to remove shall be adopted.
原始数据应当直接记载于规定的记录上,不得通过非受控的载体进行暂写或转录。
The originaldata shall be directly recorded on the specified records, and should not betemporarily written or transcribed through uncontrolled carriers.
第十六条Article 16
记录的任何更改都应当签注修改人姓名和修改日期,并保持原有信息清晰可辨。必要时应当说明更改的理由。
Any change in records shall be endorsed with the name of the person who make the modification and the date of modification, and the original informationshall be kept clear and legible. If necessary, the reasons for the change shall be explained.
第十七条Article 17
记录的收集时间、归档方式、存放地点、保存期限与管理人员应当有明确规定,并采取适当的保存或备份措施。记录的保存期限应当符合相关规定要求。
Records collection time, filing method, storage location, preservation period and management personnel should be clearly defined, and appropriate preservation or backup measures should be taken. The retention period of records shall meet therequirements of relevant regulations.
第十八条Article 18
记录的使用与复制应当采取适当措施防止记录的丢失、损坏或篡改。复制记录时,应当规定记录复制的批准、分发、控制方法,明确区分记录原件与复印件。
Appropriate measures shall be taken to prevent records from being lost, damaged or tampered with when using or copying records. When copying records, the methods of approval, distribution and control of record copying shall bestipulated, and the original and copy of records shall be clearly distinguished.
第十九条Article 19
应当确定适当的记录销毁方式,并建立相应的销毁记录。
Appropriate record destruction methods shall be determined and correspondingdestruction records shall be established.
第四章 电子记录管理要求
The fourth chapter electronic records management requirements
第二十条Article 20
采用电子记录的计算机(化)系统应当满足以下设施与配置:
Computer (Computerized) systems with electronic records shall meet the following facilities and configurations:
一)安装在适当的位置,以防止外来因素干扰;
1) Installed in an appropriate position to prevent interference from external factors;
二)支持系统正常运行的服务器或主机;
2) The server or host that supports the normal operation of the system;
三)稳定、安全的网络环境和可靠的信息安全平台;
3) A stable and secure network environment and a reliable information security platform;
四)实现相关部门之间、岗位之间信息传输和数据共享的局域网络环境;
4) The local area network (LAN) environment for realizing information transmission and data sharing between relevant departments and posts;
五)符合相关法律要求与管理需求的应用软件与相关数据库;
5) Application software and related databases that meet relevant legal requirements and management requirements;
六)能够实现记录操作的终端设备及附属装置;
6) Terminal equipment and ancillary devices capable of recording operations;
七)配套系统的操作手册、图纸等技术资料。
7) Supporting system operation manuals, drawings and other technical data.
第二十一条Article 21
采用电子记录的计算机(化)系统至少应当满足以下功能要求:
Computer (computerized) systems using electronic records shall at least meet the following functional requirements:
一)保证记录时间与系统时间的真实性、准确性和一致性;
1) To ensurethe authenticity, accuracy and consistency of the recording time and the systemtime;
二)能够显示电子记录的所有数据,生成的数据可以阅读并能够打印;
2) Candisplay all the data of electronic records, and the generated data can be readand printed;
三)系统生成的数据应当定期备份,备份与恢复流程必须经过验证,数据的备份与删除应有相应记录;
3) The data generated by the system should be backed up regularly, the backup and recovery process must be verified, and the backup and deletion of data should be recorded accordingly;
四)系统变更、升级或退役,应当采取措施保证原系统数据在规定的保存期限内能够进行查阅与追溯。
4) When thesystem is changed, upgraded or retired, measures shall be taken to ensure thatthe original system data can be consulted and traced within the prescribed preservation period.
第二十二条Article 22
电子记录应当实现操作权限与用户登录管理,至少包括:
Electronic records should realize the operation authority and user login management,including at least:
一)建立操作与系统管理的不同权限,业务流程负责人的用户权限应当与承担的职责相匹配,不得赋予其系统(包括操作系统、应用程序、数据库等)管理员的权限;
1) Establish different authority and access control for operation and system management. The user authority of the person in charge of business process should match withthe responsibilities undertaken, and the authority of the administrator of itssystem (including operating system, application program, database, etc.) should not be given;
二)具备用户权限设置与分配功能,能够对权限修改进行跟踪与查询;
2) Have the function of setting and distributing user rights, and can track and inquire about the modification of rights;
三)确保登录用户的唯一性与可追溯性,当采用电子签名时,应当符合《中华人民共和国电子签名法》的相关规定;
3) To ensurethe uniqueness and traceability of the logged-in user, when adopting electronic signature, it shall comply with the relevant provisions of the Electronic Signature Law of the People's Republic of China;
四)应当记录对系统操作的相关信息,至少包括操作者、操作时间、操作过程、操作原因;数据的产生、修改、删除、再处理、重新命名、转移;对计算机(化)系统的设置、配置、参数及时间戳的变更或修改。
4) Relevant information on system operation shall be recorded, including at least the operator, operation time, operation process and operation reason; Generation, modification, deletion, reprocessing, renaming and transfer of data; Change or modification of settings, configurations, parameters and timestamps of computer (computerized) systems.
第二十三条Article 23
采用电子记录的计算机(化)系统验证项目应当根据系统的基础架构、系统功能与业务功能,综合系统成熟程度与复杂程度等多重因素,确定验证的范围与程度,确保系统功能符合预定用途。
A computer (computerized) system with the electronic records function shall be validated. The scope and degree of validation should be considering the system's infrastructure design, system functions and business functions, comprehensive system maturity and complexity and other multiple factors to ensure that the system functions can meet the intended use.
第五章 数据管理要求
Chapter V Data Management Requirements
第二十四条Article 24
对于活动的基础信息数据和通过操作、检查、核对、人工计算等行为产生的行为活动数据,应当在相关操作规程和管理制度中规定记载人员、记载时间、记载内容,以及确认与复核方法的要求。
For the basic information data of activities and the behavioral activity datagenerated by operations, inspections, verifications, manual calculations, etc.,the requirements of recording personnel, recording time, recording contents,and confirmation and review methods shall be stipulated in the relevantoperation procedures and management systems.
第二十五条Article 25
从计量器具读取数据的,应当依法对计量器具进行检定或校准。
When reading data from measuring instruments, the measuring instruments shallbe verified or calibrated according to law.
第二十六条Article 26
经计算机(化)系统采集、处理、报告所获得的电子数据,应当采取必要的管理措施与技术手段:
Electronic data collected, processed and reported by computer (computerized) system shalltake necessary management measures and technical means:
一)经人工输入由应用软件进行处理获得的电子数据,应当防止软件功能与设置被随意更改,并对输入的数据和系统产生的数据进行审核,原始数据应当按照相关规定保存;
1) The electronic data obtained by manual input and processing by application softwareshall be prevented from being arbitrarily changed, and the input data and thedata generated by the system shall be examined, and the original data shall bekept in accordance with relevant regulations;
二)经计算机(化)系统采集与处理后生成的电子数据,其系统应当符合相应的规范要求,并对元数据进行保存与备份,备份及恢复流程必须经过验证。
2) The electronic data generated by the computer (computerized) system after collection and processing, the system should meet the corresponding specification requirements, and the metadata should be saved and backed up, and the backup and recovery process must be verified.
第二十七条Article 27
其它类型数据是指以文档、影像、音频、图片、图谱等形式所载的数据。符合下列条件的其它类型数据,视为满足本要求规定:
Other types of data refers to the data in the form of documents, images, audio,pictures, maps and so on. Other types of data that meet the followingconditions are deemed to meet the requirements:
一)能够有效地表现所载内容并可供随时调取查用;
1) Can effectively show the content and can be retrieved at any time;
二)数据形式发生转换的,应当确保转换后的数据与原始数据一致。
2) If the data form is converted, it shall be ensured that the converted data isconsistent with the original data.
第六章 附 则
Chapter VI Supplementary Provisions
第二十八条Article 28
本要求下列术语的含义是:
The meaning of the following terms in this requirement is:
一)原始数据 Original data
指初次或源头采集的、未经处理的数据。
Refers to theraw data collected for the first time or at the source.
二)电子记录 Electronicrecords
指一种数字格式的记录,由文本、图表、数据、声音、图示或其它数字信息构成。其创建、修改、维护、归档、读取、发放和使用均由计算机(化)系统实现。
Refers to arecord in digital format, which consists of text, charts, data, sounds, diagrams or other digital information. Its creation, modification, maintenance, filing, reading, distribution and use are all realized by computer (chemical)system.
三)电子签名 Electronic signature
指电子记录中以电子形式所含、所附用于识别签名人身份并表明签名人认可其中内容的数据。
Refers to thedata contained in electronic records in electronic form, which is attached to identifythe signer's identity and indicate that the signer approves the contents.
四)元数据 Metadata
元数据是用来定义和描述数据的数据,通过定义和描述数据,可以支持对其所描述的数据对象的定位、查询、交换、追踪、访问控制、评价和保存等诸多管理工作。
Metadata is the data used to define and describe data. By defining and describing data, itcan support many management tasks such as positioning, querying, exchanging,tracking, access control, evaluation and preservation of the data objects itdescribes.
第二十九条Article 29
从事药品研制、生产、经营、使用活动,应当遵守法律、法规、规章、标准和规范,制定操作规程和管理制度,明确记录与数据的管理要求。
In drug research, production, management and use activities, we should abide bylaws, regulations, rules, standards and norms, formulate operating proceduresand management systems, and clarify the management requirements of records anddata.
第三十条Article 29
本要求自2020年12月1日起施行。
This requirement shall come into force as of December 1, 2020.
