哥哥在传送门 欧盟关于修订GMP附录11—的吹风文档-上(
欧盟关于修订GMP附录11—的吹风文档-上)
欧盟关于修订GMP附录11—的吹风文档-上)22.
[9] Guidelines for acceptable frequency of audit trail review should be provided. For audit trails on critical parameters, e.g. setting of alarms in a BMS systems giving alarms on differential pressure in connection with aseptic filling, audit trail reviews should be part of batch release, following a risk-based approach.
应提供可接受的审计跟踪审核频率的指导方针。对于关键参数的审计跟踪,例如BMS系统中设置的警报,与无菌灌装相关的压差报警,审计跟踪审核应作为批放行的一部分,遵循基于风险的方法。
23.
[9] Audit trail functionalities should capture data entries with sufficient detail and in true time, in order to give a full and accurate picture of events. If e.g. a system notifies a regulated user of inconsistencies in a data input, by writing an error message, and the user subsequently changes the input, which makes the notification disappear; the full set of events should be captured.
审计跟踪功能应该实时捕获足够详细的数据条目,以便提供事件的完整和准确的画面。例如,如果系统通过编写错误消息通知受管制的用户数据输入不一致,用户随后更改输入,这使得通知消失;应该捕获所有事件。【这一条够狠,没事,得到2026年呢,哈哈,醒醒】
24.
[9] It should be addressed that many systems generate a vast amount of alarms and event data and that these are often mixed up with audit trail entries. While alarms and events may require their own logs, acknowledgements and reviews, this should not be confused with an audit trail review of manual system interactions. Hence, as a minimum, it should be possible to be able to sort these. 许多系统会产生大量的警报和事件数据,而且这些数据经常与审计跟踪条目混在一起,这应该引起注意。虽然警报和事件可能需要它们自己的日志、认可和审查,这不应该与人工系统交互的审计跟踪审查相混淆。因此,至少应该能够对这些数据进行排序。
【哎,Empower是个好系统;但lims咋整?】
25.
[11] The concept of configuration review should be added. Instead of taking onset in the number of known changes on a system (upgrade history), it should be based on a comparison of hardware and software baselines over time. This should include an account for any differences and an evaluation of the need for re-qualification/validation.
应该添加配置审核的概念。它应该基于一段时间内硬件和软件基线的比较,而不是在系统上已知的更改数量(升级历史)中开始。这应该包括对任何差异的解释和对重新确认/验证需求的评估。
【这你也能想到,让我怎么活?累屁了……】
26.
[12.1] The current section has only focus on restricting system access to authorised individuals; however, there are other important topics. In line with ISO 27001, a section on IT security should include a focus on system and data confidentiality, integrity and availability. 本节只关注限制系统接触获授权人士;然而,还有其他重要的话题。根据ISO 27001,关于IT安全的部分应包括系统和数据机密性、完整性和可用性。
27.
[12.1] The current version says that “Physical and/or logical controls should be in place to restrict access to computerised system to authorised persons”. However, it is necessary to be more specific and to name some of the expected controls, e.g. multi-factor authentication, firewalls, platform management, security patching, virus scanning and intrusion detection/prevention. 当前版本称,“应该实施物理和/或逻辑控制,以限制授权人员访问电脑化系统”。然而,有必要更具体地列出一些预期的控制措施,例如多因素身份验证、防火墙、平台管理、安全补丁、病毒扫描和入侵检测/防御。
【是时候想想那一期的删库跑路的那小子、不专业的HP数据库维护师,以及变异的各种病毒和钓鱼】
28.
[12.1] It should be specified that authentication on critical systems should identify the regulated user with a high degree of certainty. Therefore, authentication only by means of a ‘pass card’ might not be sufficient, as it could have been dropped and later found by anyone.
在关键系统上的认证应该以高度确定的方式识别受管制的用户。因此,仅通过“通行证”进行身份验证可能是不够的,因为它可能被丢弃,然后被任何人找到。
【看来作者没少看 十一罗汉、神奇魔盗团啊,捂脸】
29.
[12.1] Two important expectations for allocation of system accesses should be added either here or elsewhere; i.e. ‘segregation of duties’, that day-to-day users of a system do not have admin rights, and the ‘least privilege principle’, that users of a system do not have higher access rights than what is necessary for their job function.
应该在这里或其他地方添加两个重要的系统访问分配期望;例如“职责分离”,即系统的日常用户不具有管理权限,以及“最小特权原则”,即系统的用户不具有高于其工作功能所需的访问权限。
【只能说你这么玩,限制了我这种转进了IT的无底洞的可怜的QC的努力,我只能VM了】
30.
[12.3] The current version says that “Creation, change, and cancellation of access authorisations should be recorded”. However, it is necessary to go further than just recording who has access to a system. Systems accesses and roles should be continually managed as people assume and leave positions. System accesses and roles should be subject to recurrent reviews in order to ensure that forgotten and undesired accesses are removed. 当前版本说“创建、更改和取消访问授权应该被记录”。然而,除了记录谁有权访问系统之外,还有必要做更多的工作。系统访问和角色应该在人们担任和离开职位时进行持续的管理。系统访问和角色应该定期检查,以确保被遗忘和不希望的访问被删除。
【这个简单,我来支一招,用户账号购买制,嗯嗯,很多软件就这样恶心,原来还可以这么用】
31.
[17] As previously mentioned (see 7.2), it is not sufficient to re-actively check archived data for accessibility, readability and integrity (it would be too late to find out if these parameters were not maintained). Instead, archival should rely on a validated process. Depending on the storage media used, it might be necessary to validate that the media can be read after a certain period. 如前所述(见7.2),反向检查归档数据的可访问性、可读性和完整性是不够的(如果不维护这些参数,那么要发现这些参数就太晚了)。相反,归档应该依赖于经过验证的过程。根据所使用的存储媒体,可能需要在一段时间后验证媒体是否可以读取。
32.
[New] There is an urgent need for regulatory guidance and expectations to the use of artificial intelligence (AI) and machine learning (ML) models in critical GMP applications as industry is already implementing this technology. The primary focus should be on the relevance, adequacy and integrity of the data used to test these models with, and on the results (metrics) from such testing, rather that on the process of selecting, training and optimising the models. 如前所述(见7.2),仅仅机械的地检查归档数据的可访问性、可读性和完整性是不够的(如果这些特性不被维护,当发现时就太迟了【你就说黄瓜菜都凉了,不就得了】)。相反,归档应该依赖于经过验证的过程。根据所使用的存储媒体,可能需要在一段时间后验证媒体是否可以读取。
33.
[New] After this concept paper has been drafted and prepared for approval of the EMA GMP/GDP Inspectors Working Group and the PIC/S Sub-committee on GMDP Harmonisation, the FDA has released a draft guidance on Computer Software Assurance for Production and Quality System Software (CSA). This guidance and any implication will be considered with regards to aspects of potential regulatory relevance for GMP Annex 11. 在起草并准备了这一概念文件以获得EMA GMP/GDP检查员工作组和PIC/S GMDP协调小组委员会的批准后,FDA发布了一份关于生产和质量系统软件的计算机软件保证(CSA)的指导草案。关于CSA和GMP附录11的潜在监管方面的类似相关内容,本指南将会尽可能兼顾。
【嗯,天下文件一大抄,看你会抄不会抄,语文老师告诉我的;喔,做鞋的副主席】
2.
Discussion
The current Annex 11 does not give sufficient guidance within a number of areas already covered, and other areas, which are becoming increasingly important to GMP, are not covered at all. The revised text will expand the guidance given in the document and embrace the application of new technologies which have gained momentum since the release of the existing version.
目前的附录11在一些已经涉及的领域中没有给出足够的指导,而其他对GMP越来越重要的领域则完全没有涉及。修订后的文本将扩大文件中给出的指导,并包括自现有版本发布以来的来势汹汹的新技术的应用。
If possible, the revised document will include guidelines for acceptance of AI/ML algorithms used in critical GMP applications. This is an area where regulatory guidance is highly needed as this is not covered by any existing regulatory guidance in the pharmaceutical industry and as pharma companies are already implementing such algorithms.
如果可能,修订后的文件将包括用于关键GMP应用的AI/ML算法的接受指南。这是一个非常需要监管指导的领域,因为制药行业的任何现有监管指导都没有涵盖这一领域,而且制药公司已经在实施这样的算法。
【对,啥也别放过】
3.
Recommendation推荐
The EMA GMP/GDP Inspectors Working Group and the PIC/S Sub-committee on GMDP Harmonisation jointly recommends that the current version of Annex 11, Computerised Systems, be revised according to this concept paper.
EMA GMP/GDP检查员工作组和PIC/S GMDP协调小组委员会联合建议,当前版本的附件11—计算机化系统,应根据本概念文件进行修订。
【难道是扯虎皮拉大旗??】
4.
Proposed timetable研究时间线
Preparation of draft concept paper – from October 2021
准备概念文件草稿
Approval of draft concept paper by EMA GMP/GDP IWG – October 2022
概念文件草案被自己个儿的头头(EMA GMP/GDP IWG)批准
Release for consultation of draft concept paper (2 months consultation) – October 2022
发布概念文件初稿供内部讨论【俩月没了】
Deadline for comments on concept paper – December 2022
概念论文提交意见的截止日期
Discussion in EMA GMP/GDP IWG and PIC/S Committee drafting group – from March 2023
EMA GMP/GDP IWG和PIC/S委员会起草小组讨论
Proposed release for consultation of draft guideline (3 months consultation) – December 2024
印发建议的征求意见稿【又仨月】
Deadline for comments on guideline – March 2025
征求意见的死亡线日期【捂脸】
Adoption by EMA GMP/GDP IWG – March 2026
老大最终通过
Publication by European Community – June 2026
欧共体出版期限 【666啊】
Adoption by PIC/S Sub-committee on GMDP Harmonisation – September 2026
PIC/S GMDP协调小组委员会通过【看谁能磨】
5.
Resource requirements for preparation准备工作所需资源
A drafting group has been established by EMA GMP/GDP Inspectors Working Group and the PIC/S Sub- committee on GMDP Harmonisation with a rapporteur and supporting experts from other EU member regulatory authorities and from non-EU PIC/S participating authorities.
EMA GMP/GDP检查员工作组和PIC/S GMDP协调小组委员会成立了一个起草小组,由一名报告员和来自其他欧盟成员国监管机构和非欧盟PIC/S参与机构的支持专家组成。
It is expected that most of the work will be completed by email and by teleconference.
预计大部分工作将通过电子邮件和电话会议完成。【难道是因为效率而不是疫情?】
The guideline will be discussed at GMP/GDP IWG and the PIC/S Committee as necessary and at other involved working parties and groups. Further discussions are expected with interested parties.
该指南将在GMP/GDP IWG和PIC/S委员会以及其他相关工作组和小组进行必要的讨论。预计将与有关各方进行进一步讨论。【坚持就是胜利】
6.
Impact assessment (anticipated) 影响评估(预期)
The updated Annex 11 is intended to benefit both industry and regulators by clarifying expectations to areas already covered, by broadening these to areas not yet covered, and by pushing the adoption of a common approach between EU and non-EU regulatory authorities. Revision of Annex 11 will facilitate a better understanding of expectations to the use of computerised systems within manufacturing of medicinal products, and thereby, enhance the quality and safety of products and the integrity of data.
更新后的附件11旨在通过明确已覆盖领域的预期,通过扩大尚未覆盖领域的预期,以及通过推动欧盟和非欧盟监管机构之间采用共同的方法,使行业和监管机构都受益。附件11的修订将有助于更好地理解在药品生产中使用计算机化系统的期望,从而提高产品的质量和安全性以及数据的完整性。
No unnecessary adverse impact on industry with respect to either resources or costs is foreseen, although there is always a cost associated with being in compliance (or quality). The revision may require some systems and processes to be modified over a period of time.
在资源或成本方面,没有对工业造成不必要的不利影响,尽管总是有与合规(或质量)相关的成本。修订可能需要在一段时间内修改一些系统和流程。【承认就好,给我个缓冲期】
7.
Interested parties 利益相关团体 —— 一起玩的
•
EMA GMP/GDP Inspectors Working Group EMA GMP/GDP督察工作小组
•
PIC/S Committee, Sub-committee on GMDP Harmonisation IC/S委员会,GMDP协调小组委员会
•
National competent authorities of EU/EEA member states 欧盟/欧洲经济区成员国的国家主管当局
•
PIC/S participating authorities PIC/S参与当局
•
Pharmaceutical industry 制药工业届
•
International societies and interest groups within pharmaceutical industry, e.g. ISPE GAMP
制药行业内的国际协会和利益集团,例如ISPE GAMP
8.
References to literature, guidelines, etc. 参考文献、指南等。
•
EMA GMP Q&A on Annex 11 and Q&A on Data Integrity, https://www.ema.europa.eu/en/human- regulatory/research-development/compliance/good-manufacturing-practice/guidance-good- manufacturing-practice-good-distribution-practice-questions-answers
•
EMA GCP Guideline on computerised systems and electronic data in clinical trials (draft), EMA/226170/2021, https://www.ema.europa.eu/en/documents/regulatory-procedural- guideline/draft-guideline-computerised-systems-electronic-data-clinical-trials_en.pdf
•
EMA GCP Q&A no. 8, 9, and Notice to sponsors on validation and qualification of computerised systems used in clinical trials on https://www.ema.europa.eu/en/human-regulatory/research- development/compliance/good-clinical-practice/qa-good-clinical-practice-gcp
•
EMA GVP Q&A on Level of validation/qualification needed to be performed by a MAH when using an electronic system previously qualified by a provider https://www.ema.europa.eu/en/human- regulatory/marketing-authorisation/compliance/coordination-pharmacovigilance-inspections
