男ji大巴进入女人的视频小说_美女被羞羞视频网站在线_午夜福利影院私人爽_美女啊啊啊网站免费在线看_草莓无限成人APP下载_国内精品丰满少妇AV_免费刺激一级黄片中国_日r夜高h操a淫v爽b亚洲_惠民福利69国产精品免费无码视频_四虎av无码专区亚洲av

11月16日，EMA發(fā)布了關(guān)于修訂GMP 附錄11– 《計(jì)算機(jī)化系統(tǒng)》的概念文件，文件指出將對(duì)當(dāng)前版本EU GMP 附錄11《計(jì)算機(jī)化系統(tǒng)》指南的33點(diǎn)修訂意見，如下：

• 更新文件以取代EMA GMP網(wǎng)站上的附錄11問答和數(shù)據(jù)完整性問答的相關(guān)部分。

• 關(guān)于數(shù)據(jù)完整性，新的附錄11將包括對(duì)“動(dòng)態(tài)數(shù)據(jù)”和“靜態(tài)數(shù)據(jù)”（備份、存檔和處置）的要求。

• 將考慮更新文件對(duì)“數(shù)字化轉(zhuǎn)型”和類似的新概念提出監(jiān)管期望。

• 關(guān)于“范圍”的調(diào)整，不僅應(yīng)包括計(jì)算機(jī)化系統(tǒng)“代替手動(dòng)操作”的情況，還應(yīng)涵蓋用以代替“另一個(gè)系統(tǒng)或手動(dòng)過程”的情況。

• 
  

• 服務(wù)清單應(yīng)包括“操作”計(jì)算機(jī)化系統(tǒng)，例如“云”服務(wù)。

• 對(duì)于由服務(wù)提供商驗(yàn)證和/或運(yùn)營的關(guān)鍵系統(tǒng)（例如“云”服務(wù)），要求應(yīng)不僅僅是“必須有正式協(xié)議”。受監(jiān)管的用戶應(yīng)可以訪問完整的文檔，以對(duì)系統(tǒng)進(jìn)行驗(yàn)證和安全運(yùn)行，并能夠在監(jiān)管檢查期間出示這些文檔，例如在服務(wù)提供商的幫助下。

• 
  

• 概念文件表示，“商用現(xiàn)貨產(chǎn)品”（COTS）一詞的定義并不充分，而且很容易理解得過于寬泛。關(guān)鍵的 COTS 產(chǎn)品，即使是“廣泛用戶”使用的產(chǎn)品，也應(yīng)由供應(yīng)商或受監(jiān)管用戶進(jìn)行確認(rèn)，并且應(yīng)提供相關(guān)文檔以供檢查。應(yīng)澄清該術(shù)語的使用以及對(duì)此類（例如“云”）系統(tǒng)的確認(rèn)、驗(yàn)證和安全操作的要求。

• 需要澄清“驗(yàn)證”（和“確認(rèn)”）一詞的含義。應(yīng)該強(qiáng)調(diào)的是，這兩項(xiàng)活動(dòng)都包括對(duì)用戶需求規(guī)范 （URS） 或類似內(nèi)容中所述的必需和指定功能的確認(rèn)。

• 文件表示，計(jì)算機(jī)化系統(tǒng)確認(rèn)和驗(yàn)證應(yīng)特別挑戰(zhàn)用于做出GMP決策的系統(tǒng)的關(guān)鍵部分，確保產(chǎn)品質(zhì)量和數(shù)據(jù)完整性的部分以及專門設(shè)計(jì)或定制的部分。

• 文件指出，關(guān)于“用戶需求應(yīng)在整個(gè)生命周期中可追溯”這句話的含義還不夠清楚。用戶需求規(guī)范或類似內(nèi)容，描述所有需要實(shí)施和必需的GMP關(guān)鍵自動(dòng)化功能，并且受監(jiān)管用戶所依賴，應(yīng)成為系統(tǒng)任何確認(rèn)或驗(yàn)證的基礎(chǔ)，無論是由受監(jiān)管用戶還是由供應(yīng)商執(zhí)行。用戶需求規(guī)范應(yīng)在整個(gè)系統(tǒng)生命周期中保持更新并與實(shí)施的系統(tǒng)保持一致，并且用戶需求、任何底層功能規(guī)范和測試用例之間應(yīng)有書面的可追溯性。

• 文件將包含對(duì)敏捷開發(fā)過程的指導(dǎo)和關(guān)鍵數(shù)據(jù)和關(guān)鍵系統(tǒng)的分類指南。

• 關(guān)于備份，文件指出，對(duì)易失性介質(zhì)的長期備份（或存檔）應(yīng)基于經(jīng)過驗(yàn)證的程序（例如，通過“加速測試”）。在這種情況下，測試不應(yīng)側(cè)重于備份是否仍可讀，而應(yīng)驗(yàn)證備份在給定時(shí)間段內(nèi)是否可讀。

• 文件中缺少對(duì)備份過程的重要要求，例如備份涵蓋的內(nèi)容（例如，僅數(shù)據(jù)還是數(shù)據(jù)和應(yīng)用程序），進(jìn)行哪些類型的備份（例如增量或完整），進(jìn)行備份的頻率（所有類型），備份保留多長時(shí)間，備份使用哪種介質(zhì)以及備份的保存位置（例如物理分離）。

• 文件指出，在用戶，數(shù)據(jù)或設(shè)置可以手動(dòng)更改的情況下，審計(jì)追蹤功能應(yīng)被視為強(qiáng)制性的，該功能可自動(dòng)記錄GMP關(guān)鍵系統(tǒng)上的所有手動(dòng)交互；不僅僅是“基于風(fēng)險(xiǎn)評(píng)估考慮”。在沒有審計(jì)追蹤功能的情況下控制流程或捕獲、保存或傳輸此類系統(tǒng)中的電子數(shù)據(jù)是不可接受的；此方面內(nèi)的任何寬限期早已過期。

• 審計(jì)追蹤審查的概念和目的描述不充分。這一過程應(yīng)側(cè)重于審查對(duì)系統(tǒng)進(jìn)行的人工更改的完整性，例如核實(shí)更改的原因以及更改是否在不尋常的日期、時(shí)間以及由不尋常的用戶進(jìn)行。

• 應(yīng)提供可接受的審計(jì)追蹤審查頻率指南。對(duì)于關(guān)鍵參數(shù)的審計(jì)追蹤，例如在BMS系統(tǒng)中設(shè)置報(bào)警以對(duì)無菌灌裝相關(guān)的壓差發(fā)出警報(bào)，審計(jì)追蹤審查應(yīng)成為批放行的一部分，遵循基于風(fēng)險(xiǎn)的方法。

• 文件指出，許多系統(tǒng)生成了大量的警報(bào)和事件數(shù)據(jù)，并且這些數(shù)據(jù)經(jīng)常與審計(jì)追蹤條目混淆。雖然警報(bào)和事件可能需要自己的日志、確認(rèn)和審查，但這不應(yīng)與手動(dòng)系統(tǒng)交互的審計(jì)追蹤審查相混淆。因此，至少應(yīng)該能夠?qū)@些進(jìn)行排序。

• 應(yīng)增加配置審查的概念。配置審查不應(yīng)增加系統(tǒng)上已知變更的數(shù)量（升級(jí)歷史記錄），而應(yīng)基于一段時(shí)間內(nèi)硬件和軟件基準(zhǔn)的比較。這應(yīng)包括對(duì)任何差異的說明以及對(duì)再確認(rèn)/驗(yàn)證需求的評(píng)估。

• 根據(jù)ISO 27001，關(guān)于IT安全的部分應(yīng)包括對(duì)系統(tǒng)和數(shù)據(jù)的機(jī)密性，完整性和可用性的關(guān)注。

• 應(yīng)該明確指出，關(guān)鍵系統(tǒng)上的身份驗(yàn)證應(yīng)高度確定地識(shí)別受監(jiān)管的用戶。 因此，僅通過“通行卡”進(jìn)行身份驗(yàn)證可能是不夠的，因?yàn)樗赡軙?huì)被丟失并隨后被任何人發(fā)現(xiàn)。

• 應(yīng)定期審查系統(tǒng)訪問和角色，以確保刪除被遺忘和不需要的訪問。

• 由于工業(yè)界已經(jīng)在實(shí)施這項(xiàng)技術(shù)，因此在關(guān)鍵的GMP應(yīng)用中使用人工智能（AI）和機(jī)器學(xué)習(xí)（ML）模型方面迫切需要監(jiān)管指導(dǎo)和期望。 主要關(guān)注點(diǎn)應(yīng)放在用于測試這些模型的數(shù)據(jù)的相關(guān)性、充分性和完整性以及此類測試的結(jié)果（指標(biāo)）上，而不是選擇、訓(xùn)練和優(yōu)化模型的過程。

• 指南將考慮關(guān)于計(jì)算機(jī)軟件保證（CSA）方面的內(nèi)容。

    翻譯如下：

Concept Paper on the revision of Annex 11 of the guidelines on Good Manufacturing Practice for medicinal products – Computerised Systems

關(guān)于修訂GMP 附錄11– 計(jì)算機(jī)化系統(tǒng)的概念文件

This concept paper addresses the need to update Annex 11, Computerised Systems, of the Good Manufacturing Practice (GMP) guide. Annex 11 is common to the member states of the European Union (EU)/European Economic Area (EEA) as well as to the participating authorities of the Pharmaceutical Inspection Co-operation Scheme (PIC/S). The current version was issued in 2011 and does not give sufficient guidance within a number of areas. Since then, there has been extensive progress in the use of new technologies.

本概念文件包括更新良好生產(chǎn)規(guī)范（GMP）指南附錄11（計(jì)算機(jī)化系統(tǒng)）的必要性。 附錄11是歐盟（EU）/歐洲經(jīng)濟(jì)區(qū)（EEA）成員國以及藥品檢查合作計(jì)劃（PIC/S）參與當(dāng)局的共同內(nèi)容。 當(dāng)前版本于2011年發(fā)布，在許多領(lǐng)域沒有提供足夠的指導(dǎo)。 自此之后，新技術(shù)的使用取得了廣泛的進(jìn)展。

Reasons for the revision of Annex 11 include, but are not limited to the following (in non-prioritised order and with references to existing sections in sharp brackets). More improvements may prove to be necessary as inputs will be received by the drafting group:

修訂附錄11的理由包括但不限于以下內(nèi)容（按非優(yōu)先順序排列，并在括號(hào)內(nèi)提及現(xiàn)行章節(jié)）。 隨著起草小組的介入，可能還需要作出更多的改進(jìn)：

1.[New] The document should be updated to replace relevant parts of the Q&A on Annex 11 and the Q&A on Data Integrity on the EMA GMP website.

[新增]該文件應(yīng)更新，以取代EMA GMP網(wǎng)站上的附錄11問答和數(shù)據(jù)完整性問答的相關(guān)部分。

2. [New] With regards to data integrity, Annex 11 will include requirements for ‘data in motion’ and ‘data at rest’ (backup, archive and disposal). Configuration hardening and integrated controls are expected to support and safeguard data integrity; technical solutions and automation are preferable instead of manual controls.

[新增]關(guān)于數(shù)據(jù)完整性，新的附錄11將包括對(duì)“動(dòng)態(tài)數(shù)據(jù)”和“靜態(tài)數(shù)據(jù)”（備份、存檔和處置）的要求。 配置強(qiáng)化和集成控制有望支持和保護(hù)數(shù)據(jù)完整性; 技術(shù)解決方案和自動(dòng)化比手動(dòng)控制更可取。

3.[New] An update of the document with regulatory expectations to ‘digital transformation’ and similar newer concepts will be considered.

[新]將考慮更新文件對(duì)“數(shù)字化轉(zhuǎn)型”和類似的新概念提出監(jiān)管期望。

4.[Principle] The scope should not only cover where a computerised system “replaces of a manual operation”, but rather, where it replaces ‘a(chǎn)nother system or a manual process’.

[原則]范圍不僅應(yīng)包括計(jì)算機(jī)化系統(tǒng)“代替手動(dòng)操作”的情況，還應(yīng)涵蓋用以代替“另一個(gè)系統(tǒng)或手動(dòng)過程”的情況。

5.[1] References should be made to ICH Q9.

[1] 應(yīng)參考ICH Q9。

6.[3.1] The list of services should include to ‘operate’ a computerised system, e.g. ‘cloud’ services.

[3.1] 服務(wù)清單應(yīng)包括“操作”計(jì)算機(jī)化系統(tǒng)，例如“云”服務(wù)。

7. [3.1] For critical systems validated and/or operated by service providers (e.g. ‘cloud’ services), expectations should go beyond that “formal agreements must exist”. Regulated users should have access to the complete documentation for validation and safe operation of a system and be able to present this during regulatory inspections, e.g. with the help of the service provider. See also Notice to sponsors and Q&A #9 on the EMA GCP website and Q&A on the EMA GVP website)

[3.1] 對(duì)于由服務(wù)提供商驗(yàn)證和/或運(yùn)營的關(guān)鍵系統(tǒng)（例如“云”服務(wù)），要求應(yīng)不僅僅是“必須有正式協(xié)議”。 受監(jiān)管的用戶應(yīng)可以訪問完整的文檔，以對(duì)系統(tǒng)進(jìn)行驗(yàn)證和安全運(yùn)行，并能夠在監(jiān)管檢查期間出示這些文檔，例如在服務(wù)提供商的幫助下。 另請參閱EMA GCP網(wǎng)站上的申辦方通知和問答#9以及EMA GVP網(wǎng)站上的問答）

8.[3.3] Despite being mentioned in the Glossary, the term “commercial off-the-shelf products” (COTS) is not adequately defined and may easily be understood too broadly. Critical COTS products, even those used by “a broad spectrum of users” should be qualified by the vendor or by the regulated user, and the documentation for this should be available for inspection. The use of the term and the expectation for qualification, validation and safe operation of such (e.g. ‘cloud’) systems should be clarified.

[3.3] 盡管在術(shù)語表中提到，但“商用現(xiàn)貨產(chǎn)品”（COTS）一詞的定義并不充分，而且很容易理解得過于寬泛。 關(guān)鍵的 COTS 產(chǎn)品，即使是“廣泛用戶”使用的產(chǎn)品，也應(yīng)由供應(yīng)商或受監(jiān)管用戶進(jìn)行確認(rèn)，并且應(yīng)提供相關(guān)文檔以供檢查。 應(yīng)澄清該術(shù)語的使用以及對(duì)此類（例如“云”）系統(tǒng)的確認(rèn)、驗(yàn)證和安全操作的要求。

9. [4.1] The meaning of the term ‘validation’ (and ‘qualification’), needs to be clarified. It should be emphasised that both activities consist of a verification of required and specified functionality as described in user requirements specifications (URS) or similar.

[4.1] 需要澄清“驗(yàn)證”（和“確認(rèn)”）一詞的含義。 應(yīng)該強(qiáng)調(diào)的是，這兩項(xiàng)活動(dòng)都包括對(duì)用戶需求規(guī)范 （URS） 或類似內(nèi)容中所述的必需和指定功能的確認(rèn)。

10. [4.1] Following a risk-based approach, system qualification and validation should especially challenge critical parts of systems which are used to make GMP decisions, parts which ensure product quality and data integrity and parts, which have been specifically designed or customised.

[4.1] 遵循基于風(fēng)險(xiǎn)的方法，系統(tǒng)確認(rèn)和驗(yàn)證應(yīng)特別挑戰(zhàn)用于做出GMP決策的系統(tǒng)的關(guān)鍵部分，確保產(chǎn)品質(zhì)量和數(shù)據(jù)完整性的部分以及專門設(shè)計(jì)或定制的部分。

11. [4.4] It is not sufficiently clear what is implied by the sentence saying “User requirements should be traceable throughout the life-cycle”. A user requirements specification, or similar, describing all the implemented and required GMP critical functionality which has been automated, and which the regulated user is relying on, should be the very basis for any qualification or validation of the system, whether performed by the regulated user or by the vendor. User requirements specifications should be kept updated and aligned with the implemented system throughout the system life-cycle and there should be a documented traceability between user requirements, any underlying functional specifications and test cases.

[4.4] “用戶需求應(yīng)在整個(gè)生命周期中可追溯”這句話的含義還不夠清楚。 用戶需求規(guī)范或類似內(nèi)容，描述所有需要實(shí)施和必需的GMP關(guān)鍵自動(dòng)化功能，并且受監(jiān)管用戶所依賴，應(yīng)成為系統(tǒng)任何確認(rèn)或驗(yàn)證的基礎(chǔ)，無論是由受監(jiān)管用戶還是由供應(yīng)商執(zhí)行。 用戶需求規(guī)范應(yīng)在整個(gè)系統(tǒng)生命周期中保持更新并與實(shí)施的系統(tǒng)保持一致，并且用戶需求、任何底層功能規(guī)范和測試用例之間應(yīng)有書面的可追溯性。

12. [4.5] It should be acknowledged and addressed that software development today very often follows agile development processes, and criteria for accepting such products and corresponding documentation, which may not consist of traditional documents, should be clarified.

[4.5] 應(yīng)該承認(rèn)并解決的是，今天的軟件開發(fā)通常遵循敏捷開發(fā)過程，應(yīng)澄清用以接受此類產(chǎn)品和相應(yīng)文檔的標(biāo)準(zhǔn)，這些文檔可能不包含傳統(tǒng)文檔。

13. [6] Guidelines should be included for classification of critical data and critical systems.

[6] 應(yīng)包括關(guān)鍵數(shù)據(jù)和關(guān)鍵系統(tǒng)的分類指南。

14. [7.1] Systems, networks and infrastructure should protect the integrity of GMP processes and data. Examples should be included of measures, both physical and electronic, required to protect data against both intentional and unintentional loss of data integrity.

[7.1] 系統(tǒng)、網(wǎng)絡(luò)和基礎(chǔ)設(shè)施應(yīng)保護(hù)GMP流程和數(shù)據(jù)的完整性。 應(yīng)舉例說明為保護(hù)數(shù)據(jù)免遭有意和無意喪失數(shù)據(jù)完整性而需要采取的物理和電子措施。

15.  [7.2] Testing of the ability to restore system data (and if not otherwise easily recreated, the system itself) from backup is critically important, but the required periodic check of this ability, even if no changes have been made to the backup or restore processes, is not regarded necessary. Long-term backup (or archival) to volatile media should be based on a validated procedure (e.g. through ‘a(chǎn)ccelerated testing’). In this case, testing should not focus on whether a backup is still readable, but rather, validating that it will be readable for a given period.

[7.2] 測試通過備份還原系統(tǒng)數(shù)據(jù)（如果沒有其他方式，則通過系統(tǒng)本身）的能力至關(guān)重要，但對(duì)此功能進(jìn)行定期檢查的要求，即使沒有對(duì)備份或還原過程進(jìn)行任何變更，也不是必須。 對(duì)易失性介質(zhì)的長期備份（或存檔）應(yīng)基于經(jīng)過驗(yàn)證的程序（例如，通過“加速測試”）。 在這種情況下，測試不應(yīng)側(cè)重于備份是否仍可讀，而應(yīng)驗(yàn)證備份在給定時(shí)間段內(nèi)是否可讀。

16. [7.2] Important expectations to backup processes are missing, e.g. to what is covered by a backup (e.g. data only or data and application), what types of backups are made (e.g. incremental or complete), how often backups are made (all types), how long backups are retained, which media is used for backups, and where backups are kept (e.g. physical separation).

[7.2] 文件中缺少對(duì)備份過程的重要要求，例如備份涵蓋的內(nèi)容（例如，僅數(shù)據(jù)還是數(shù)據(jù)和應(yīng)用程序），進(jìn)行哪些類型的備份（例如增量或完整），進(jìn)行備份的頻率（所有類型），備份保留多長時(shí)間，備份使用哪種介質(zhì)以及備份的保存位置（例如物理分離）。

17. [8] The section should include an expectation to be able to obtain data in electronic format including the complete audit trail. The requirement to be able to print data may be reconsidered.

[8] 該部分應(yīng)包括能夠以電子格式獲取數(shù)據(jù)的要求，包括完整的審計(jì)追蹤。 可以重新考慮能夠打印數(shù)據(jù)的要求。

18. [9] An audit trail functionality which automatically logs all manual interactions on GMP critical systems, where users, data or settings can be manually changed, should be regarded as mandatory; not just ‘considered based on a risk assessment’. Controlling processes or capturing, holding or transferring electronic data in such systems without audit trail functionality is not acceptable; any grace period within this area has long expired.

[9] 在用戶，數(shù)據(jù)或設(shè)置可以手動(dòng)更改的情況下，審計(jì)追蹤功能應(yīng)被視為強(qiáng)制性的，該功能可自動(dòng)記錄GMP關(guān)鍵系統(tǒng)上的所有手動(dòng)交互； 不僅僅是“基于風(fēng)險(xiǎn)評(píng)估考慮”。 在沒有審計(jì)追蹤功能的情況下控制流程或捕獲、保存或傳輸此類系統(tǒng)中的電子數(shù)據(jù)是不可接受的； 此方面內(nèi)的任何寬限期早已過期。

19. [9] The audit trail should positively identify the user whomade a change, it should give a full account of what was changed, i.e. both the new and all old values should be clearly visible, it should include the full time and date when the change was made, and for all other changes except where a value is entered in an empty field or where this is completely obvious, the user should be prompted for the reason or rationale for why the change was made.

[9] 審計(jì)追蹤應(yīng)明確識(shí)別進(jìn)行更改的用戶，應(yīng)充分說明所更改的內(nèi)容，即新的值和所有舊值都應(yīng)清晰可見，應(yīng)包括進(jìn)行更改的完整時(shí)間和日期，以及所有其他更改，除非在空白字段中輸入值或完全明顯，應(yīng)提示用戶進(jìn)行更改的原因或理由。

20. [9] It should not be possible to edit audit trail data or to deactivate the audit trail functionality for normal or privileged users working on the system. If these functionalities are available, they should only be accessible for system administrators who should not be involved in GMP production or in day-to-day work on the system (see ‘segregation of duties’).

[9] 對(duì)于在系統(tǒng)上工作的普通或特定權(quán)限用戶，應(yīng)該不能編輯審計(jì)追蹤數(shù)據(jù)或停用審計(jì)追蹤功能。 如果這些功能可用，則只有不應(yīng)參與GMP生產(chǎn)或系統(tǒng)日常工作的系統(tǒng)管理員才能訪問它們（參見“職責(zé)分離”）。

21. [9] The concept and purpose of audit trail review is inadequately described. The process should focus on a review of the integrity of manual changes made on a system, e.g. a verification of the reason for changes and whether changes have been made on unusual dates, hours and by unusual users.

[9] 審計(jì)追蹤審查的概念和目的描述不充分。 這一過程應(yīng)側(cè)重于審查對(duì)系統(tǒng)進(jìn)行的人工更改的完整性，例如核實(shí)更改的原因以及更改是否在不尋常的日期、時(shí)間以及由不尋常的用戶進(jìn)行。

22. [9] Guidelines for acceptable frequency of audit trail review should be provided. For audit trails on critical parameters, e.g. setting of alarms in a BMS systems giving alarms on differential pressure in connection with aseptic filling, audit trail reviews should be part of batch release, following a risk-based approach.

[9] 應(yīng)提供可接受的審計(jì)追蹤審查頻率指南。 對(duì)于關(guān)鍵參數(shù)的審計(jì)追蹤，例如在BMS系統(tǒng)中設(shè)置報(bào)警以對(duì)無菌灌裝相關(guān)的壓差發(fā)出警報(bào)，審計(jì)追蹤審查應(yīng)成為批放行的一部分，遵循基于風(fēng)險(xiǎn)的方法。

23. [9] Audit trail functionalities should capture data entries with sufficient detail and in true time, in order to give a full and accurate picture of events. If e.g. a system notifies a regulated user of inconsistencies in a data input, by writing an error message, and the user subsequently changes the input, which makes the notification disappear; the full set of events should be captured.

[9] 審計(jì)追蹤功能應(yīng)及時(shí)捕獲足夠詳細(xì)的數(shù)據(jù)條目，以便全面準(zhǔn)確地了解事件。 例如，是否系統(tǒng)通過錯(cuò)誤消息通知受監(jiān)管用戶數(shù)據(jù)輸入中的不一致，并且用戶隨后更改輸入，從而使通知消失; 應(yīng)捕獲完整的事件集。

24. [9] It should be addressed that many systems generate a vast amount of alarms and event data and that these are often mixed up with audit trail entries. While alarms and events may require their own logs, acknowledgements and reviews, this should not be confused with an audit trail review of manual system interactions. Hence, as a minimum, it should be possible to be able to sort these.

[9] 應(yīng)該解決的是，許多系統(tǒng)生成了大量的警報(bào)和事件數(shù)據(jù)，并且這些數(shù)據(jù)經(jīng)常與審計(jì)追蹤條目混淆。 雖然警報(bào)和事件可能需要自己的日志、確認(rèn)和審查，但這不應(yīng)與手動(dòng)系統(tǒng)交互的審計(jì)追蹤審查相混淆。 因此，至少應(yīng)該能夠?qū)@些進(jìn)行排序。

25. [11] The concept of configuration review should be added. Instead of taking onset in the number of known changes on a system (upgrade history), it should be based on a comparison of hardware and software baselines over time. This should include an account for any differences and an evaluation of the need for re-qualification/validation.

[11] 應(yīng)增加配置審查的概念。 配置審查不應(yīng)增加系統(tǒng)上已知變更的數(shù)量（升級(jí)歷史記錄），而應(yīng)基于一段時(shí)間內(nèi)硬件和軟件基準(zhǔn)的比較。 這應(yīng)包括對(duì)任何差異的說明以及對(duì)再確認(rèn)/驗(yàn)證需求的評(píng)估。

26. [12.1] The current section has only focus on restricting system access to authorised individuals; however, there are other important topics. In line with ISO 27001, a section on IT security should include a focus on system and data confidentiality, integrity and availability.

[12.1] 本節(jié)僅關(guān)注限制授權(quán)個(gè)人訪問系統(tǒng); 但是，還有其他重要主題。 根據(jù)ISO 27001，關(guān)于IT安全的部分應(yīng)包括對(duì)系統(tǒng)和數(shù)據(jù)的機(jī)密性，完整性和可用性的關(guān)注。

27. [12.1] The current version says that “Physical and/or logical controls should be in place to restrict access to computerised system to authorised persons”. However, it is necessary to be more specific and to name some of the expected controls, e.g. multi-factor authentication, firewalls, platform management, security patching, virus scanning and intrusion detection/prevention.

[12.1] 現(xiàn)行版本規(guī)定，“應(yīng)實(shí)施物理和/或邏輯控制，以限制授權(quán)人員使用計(jì)算機(jī)化系統(tǒng)”。 但是，有必要更具體地明確一些預(yù)期的控制措施，例如多因素身份驗(yàn)證、防火墻、平臺(tái)管理、安全補(bǔ)丁、病毒掃描和入侵檢測/預(yù)防。

28.  [12.1] It should be specified that authentication on critical systems should identify the regulated user with a high degree of certainty. Therefore, authentication only by means of a ‘pass card’ might not be sufficient, as it could have been dropped and later found by anyone.

[12.1] 應(yīng)該明確指出，關(guān)鍵系統(tǒng)上的身份驗(yàn)證應(yīng)高度確定地識(shí)別受監(jiān)管的用戶。 因此，僅通過“通行卡”進(jìn)行身份驗(yàn)證可能是不夠的，因?yàn)樗赡軙?huì)被丟失并隨后被任何人發(fā)現(xiàn)。

29. [12.1] Two important expectations for allocation of system accesses should be added either here or elsewhere; i.e. ‘segregation of duties’, that day-to-day users of a system do not have admin rights, and the ‘least privilege principle’, that users of a system do not have higher access rights than what is necessary for their job function.

[12.1] 應(yīng)在此處或其他地方添加對(duì)系統(tǒng)訪問分配的兩個(gè)重要要求; 即“職責(zé)分離”，即系統(tǒng)的日常用戶沒有管理員權(quán)限，以及“權(quán)限最小化原則”，即系統(tǒng)用戶沒有高于其工作職能所需的訪問權(quán)限。

30. [12.3] The current version says that “Creation, change, and cancellation of access authorisations should be recorded”. However, it is necessary to go further than just recording who has access to a system. Systems accesses and roles should be continually managed as people assume and leave positions. System accesses and roles should be subject to recurrent reviews in order to ensure that forgotten and undesired accesses are removed.

[12.3] 當(dāng)前版本規(guī)定“應(yīng)記錄訪問權(quán)限的創(chuàng)建、更改和取消”。 但是，有必要走得更遠(yuǎn)，而不僅僅是記錄誰可以訪問系統(tǒng)。 隨著人員的任職和離開職位，應(yīng)持續(xù)管理系統(tǒng)訪問和角色。 應(yīng)定期審查系統(tǒng)訪問和角色，以確保刪除被遺忘和不需要的訪問。

31. [17] As previously mentioned (see 7.2), it is not sufficient to re-actively check archived data for accessibility, readability and integrity (it would be too late to find out if these parameters were not maintained). Instead, archival should rely on a validated process. Depending on the storage media used, it might be necessary to validate that the media can be read after a certain period.

[17] 如前所述（見7.2），僅僅重新主動(dòng)檢查存檔數(shù)據(jù)的可訪問性、可讀性和完整性是不夠的（如果不維護(hù)這些參數(shù)，現(xiàn)在就太晚了）。 相反，存檔應(yīng)依賴于經(jīng)驗(yàn)證的過程。 根據(jù)所使用的存儲(chǔ)介質(zhì)，可能需要驗(yàn)證在特定時(shí)間段后是否可以讀取介質(zhì)。

32. [New] There is an urgent need for regulatory guidance and expectations to the use of artificial intelligence (AI) and machine learning (ML) models in critical GMP applications as industry is already implementing this technology. The primary focus should be on the relevance, adequacy and integrity of the data used to test these models with, and on the results (metrics) from such testing, rather that on the process of selecting, training and optimising the models.

[新]由于工業(yè)界已經(jīng)在實(shí)施這項(xiàng)技術(shù)，因此在關(guān)鍵的GMP應(yīng)用中使用人工智能（AI）和機(jī)器學(xué)習(xí)（ML）模型方面迫切需要監(jiān)管指導(dǎo)和期望。 主要關(guān)注點(diǎn)應(yīng)放在用于測試這些模型的數(shù)據(jù)的相關(guān)性、充分性和完整性以及此類測試的結(jié)果（指標(biāo)）上，而不是選擇、訓(xùn)練和優(yōu)化模型的過程。

33. [New] After this concept paper has been drafted and prepared for approval of the EMA GMP/GDP Inspectors Working Group and the PIC/S Sub-committee on GMDP Harmonisation, the FDA has released a draft guidance on Computer Software Assurance for Production and Quality System Software (CSA). This guidance and any implication will be considered with regards to aspects of potential regulatory relevance for GMP Annex 11.

[新]在起草并準(zhǔn)備本概念文件以供EMA GMP / GDP檢查員工作組和PIC/SGMDP協(xié)調(diào)小組委員會(huì)批準(zhǔn)后，F(xiàn)DA發(fā)布了關(guān)于生產(chǎn)和質(zhì)量體系軟件的計(jì)算機(jī)軟件保證（CSA）指南草案。 該指南和任何影響將考慮與GMP附錄11的潛在監(jiān)管相關(guān)的方面。

       關(guān)于修訂GMP 附錄11– 計(jì)算機(jī)化系統(tǒng)的概念文件下載鏈接