实验室审计追踪具体包含哪些项目.docx

1、实验室审计追踪具体包含哪些项目实验室审计追踪具体包含哪些项目Audit Trails审计追踪An audit trail is a chronology of the “who, what, when, and why” of a record. It ensures a secure, computer-generated, time-stamped electronic record is available that allows for reconstruction of the course of events relating to the creation, modificati

2、on, or deletion of an electronic record. For example, the audit trail for an HPLC run could include the user name, date and time of the run, integration parameters used, and details of reprocessing, if any, including the change justification. In addition, as part of reconciliation, the injection log

3、 can be included, but this injection log does not include audit trail injection information (blank/system suitability/Lot#) (2).审计追踪是记录“谁、做什么、何时、为什么”的记录，能确保安全受控计算机所生成的，带时间戳的电子记录可以重建与电子记录的创建、修改或删除有关的事件过程。例如，HPLC运行的审计追踪可以包括，用户名，运行日期以及时间，所使用的完整参数记录，再处理过程细节，或，修改理由。此外，进针日志也可囊括在内，但是此进针日志不包括审计追踪进样信息（空白/系统适

4、用性/批号）（2）。The audit trail feature (or function) should be enabled at all times, with strict access controls in place; equipment with data processing capability but lacking audit trail capability should be upgraded to CGMP standards. In those instances where the equipment lacks such capability, appro

5、priate controls (e.g., paper-based) should be implemented to ensure all data and information generated, along with the history of all activities performed, is available for review.审计追踪功能应始终启用，并应有严格的访问控制，具有数据处理能力但缺乏审计追踪功能的设备应升级为cGMP标准。在设备缺乏该功能的情况下，应实施适当的控制（例如，通过纸质记录）应该被实施以确保所有数据和信息的产生，以及所有活动的历史可以回顾。T

6、he audit trail should include all possible data changes; then, the reviewer can decide whether any data change represents a compromised or regulated event.审计追踪应包括所有可能的数据更改；据此追踪记录，审阅者可以判别是否数据更改是否是一个异常事件。Different types of audit trails supply data on different functions; each should be assessed indivi

7、dually and, then, all audit trails should be assessed collectively to determine the integrity of the data. Instrument-specific software provides several fields for configuring audit trails, and templates from which to choose for presentation. Figure 6.3.9-1 illustrates one approach to audit trail cl

8、assification.不同类型的审计追踪提供不同功能的数据，每个都应该单独评估。然后，所有的审计追踪应进行汇总评估，以确定数据的完整性。仪器软件提供了用于配置审计追踪的字段以及选择用于表示的模板。图6.3.9.1 阐述了审计追踪的一个分类方法Figure 6.3.9-1 Example of an Audit Trail Summary图6.3.9-1 审计追踪示例The Quality Unit is responsible for enabling fully functional audit trails, assessing the different kinds of metad

9、ata captured, and choosing which fields are required to verify and ensure data reliability and compliance. This approach should be carefully selected with a view to design the most appropriate procedures for batch release as well as a sound periodic review. The following list reflects one recommende

10、d approach to the various classifications of audits, each of which are discussed in the sections below:质量部门负责启用全面功能的审计追踪，评估所捕获的不同类型的元数据，并选择哪些字段需要确认以确保数据的可靠性和完整性。应仔细选择此方法,以设计最适合批放行和定期审核的程序。对不同等级的审计追踪的推荐方法如下所列：System-level audit trail 系统层面审计追踪Application-level audit trail 应用层面审计追踪Method audit trail 方法

11、审计追踪Results audit trail (or injection audit trail) 结果审计追踪（或进针追踪）Sequence audit trail 序列审计追踪Transaction log/system error log 色谱事件日志/系统错误日志System-Level Audit Trail系统层面追踪If a system-level audit capability exists, the audit trail should capture, at a minimum: any attempt to log in, successful or unsucce

12、ssful; ID, date, and time of each login attempt; date and time of each logoff; device used; and function(s) performed while logged in, i.e., applications that the user attempted, successfully or unsuccessfully, to perform, as shown in Figure 6.3.9.1-1 (2).如果存在系统层面的审计能力，审计追踪最少应捕捉：任何登录尝试、成功或不成功；尝试登录的I

13、D、日期和时间；每次注销的日期和时间；使用的设备；以及登录时执行的功能，例如用户尝试的应用程序；成功或失败。System audit trails cover the activities related to system policy changes, user activities (login, logoff, unauthorized logins and user privileges changes), changes to projects (creating, deleting, modifying and restoring), verification of projec

14、t integrity and changes to systems. The Quality Unit should review system audit trails on a periodic basis established by the firm for any type of deletions.系统审计追踪覆盖了系统策略更改、用户活动相关的活动（登录、注销、XX的登录和用户权限更改，对项目的更改（创建、删除、修改和恢复），证明项目的完整性和对系统的变更。质量系统应定期审核系统审计追踪以确定任何类型的删除。Figure 6.3.9.1-2 displays a typical

15、system audit trail for project deletion. System audit trails are reviewed in investigations to check the login and logoff times as well as any system-based information that is not captured on application-level audit trails (2).图6.3.9.1-2展示了一个典型的系统层面项目删除的审计追踪。系统审核追踪可以在调查过程查看以检查登录和注销时间, 以及在应用级别审计追踪 (2

16、) 中未能捕获的任何基于系统的信息。Figure 6.3.9.1-1 System Audit Trail (Default) 图6.2.9.1-1系统审计追踪Figure 6.3.9.1-2 System Audit Trail for Project Deletion图6.3.9.1-2项目删除的系统审计追踪Application-Level Audit Trail应用层面审计追踪Application-level audit trails monitor and log user activities, including which data files were opened and

17、 closed, and what specific actions have been taken, such as reading, editing, processing, and deleting records or fields, and publishing reports. This could also be called a project-level audit trail. Some applications may be sensitive enough to create an audit trail that captures “before” and “afte

18、r” information for each modified record or the data changed within a record (54).应用层面审计追踪监视和记录用户活动，包括打开关闭哪些数据文件，以及采取了什么具体行动，例如查看、编辑、处理和删除记录或文件，和发布报告。这也可以称为项目级别审计追踪。某些应用程序可能足够敏感, 可以创建一个审核追踪, 用于捕获每个修改记录的 之前 和 之后 信息, 或记录中更改的数据 (54)。Method Audit Trail方法审计追踪Method audit trails track the changes made to t

19、he method and typically contain the following information:方法审计追踪追踪方法所做的更改，通常包含以下信息：Method modification history 方法修改历史Method used for all injections所有进样的方法Method modified between the sequences 不同序列之间的方法修改Results Audit Trail 结果审计追踪Chromatograms or reports can serve as a results audit trail. Figure 6.3

20、.9.4-1 is a model results audit trail report that presents integration type, date acquired, date processed and by whom, and if the chromatogram was altered after generating data. Typically, chromatograms should contain:色谱图或报告提供结果审计追踪。图6.3.9.4.1是一个结果审计追踪报告模板，它显示了积分类型、获取的日期、处理的日期以及由谁处理的日期，以及在生成数据之后色谱图

21、是否被改变。色谱图通常应包含：Sample description 样品描述Date and time of sample acquisition 样品采集的日期和时间Date and time of results processed, if possible 处理结果的日期和时间（如有）Minimum method parameters, i.e., wave length, injection volume, and method name/ID方法参数，比如波长、进样量、方法名称/IDIntegration type 积分类型Retention time (any other syst

22、em suit parameters) 保留时间Time printed, published, or saved 打印、发布或保存时间Integration events 积分事件Sample name change after execution 执行后样品名称变更Filters can also be used to search the requirement from huge amounts of data. Figure 6.3.9.4-2 represents a filter to search whether the sample has been injected in

23、multiple projects. For older systems with limited functionality, the reviewer should sign and stamp results printed on paper and review the electronic data according to the Quality Unit policy. If the results are published electronically, the reviewer should e-sign the results after reviewing and lo

24、ck the signed file. If it will be used for any investigational purpose, the Quality Unit must review the electronic data per the firms policy, as electronic data is deemed to be final. Once the printed data is audited, original electronic data should be available for reference and should not be alte

25、red. Any modification to the approved data needs to be justified.筛选器还可以用于从大量数据中搜索所需信息。图6.3.9.4-2代表筛选器搜索在多个项目中的样品进样。对于旧系统在功能有限的情况下，复核人应在打印结果上签名并按照质量部门SOP复核电子数据。如果结果是以电子形式发布的，复核人在审核后对结果进行电子签名并锁定名文件。如果它将被用于任何调查目的，当电子数据被认为是最终的数据，质量部门必须按照公司的政策审查电子数据。一旦打印的数据被审核过，原始电子数据应该仅用于参考，不可更改。对批准的数据的任何修改都应进行论证。Figure

26、 6.3.9.4-1 Results Audit Trail Report图6.3.9.4-1结果审计追踪报告Figure 6.3.9.4-2 Filter to Search Sample in Multiple Projects图6.3.9.4-2使用筛选器在多个项目中寻找样品Sequence Audit Trail序列审计追踪Sequence audit trails, or sample set audit trails, track the changes made to the sample sequence or batch. Figure 6.3.9.5-1 represent

27、s a typical sequence audit trail report, which generally contains the following information:序列审计追踪或样品集审计追踪，追踪对样品序列或批所做的更改。图6.3.9.5-1表示典型的序列审计追踪报告，一般包含以下信息：Name correction for sample set or injections after injection acquisition 样品采集或进样名称改变Sample set alteration 样品集改变Sample name alteration during sequ

28、ence execution 在序列执行过程中更改样品名称Method used for all injections 用于所有进样的方法Aborted sequences 取消序列Project-Level Audit Trail项目审计追踪By enabling the audit trails option while creating it, a project will capture all the activities performed with respect to sample set, injections, channels, results, calibration

29、curves, and peaks. Figure 6.3.9.6-1 represents a project audit trail record for deleted injection as a poor example to show fraudulent data.通过启用审计追踪选项时可以激活，项目将捕获关于样本集、进样、通道、结果、校准曲线和峰执行的所有活动。图6.3.9.6-1显示了项目审计追踪记录一个删除的事件，来展现欺诈性数据的示例。Figure 6.3.9.5-1 Sample Set Audit Trail Report图6.3.9.5-1 样品设置审计追踪报告Fi

30、gure 6.3.9.6-1 Project Audit Trail Deleted Injection图6.3.9.6-1 项目审计追踪-删除进样Injection Log进样日志Chromatographic data acquisition software typically has the ability to maintain a log of injections. In addition to the date and time, the software may include additional information associated with the inject

31、ion such as lot number, blank or system suitability, reference, or sample. An audit trail ensures the integrity of the data and, if the audit trail is enabled, review of the injection log is not necessary. Injection log reports are typically built in by the software developer, though with limited ab

32、ility to customize without expert programming capability. The type, ease of log retrieval, and ease of printing/ publishing are also built-in functionalities of the software; however, their inclusion will vary among software suppliers. An injection log is separate and distinct from an audit trail; while it is a good tool to have, it is not essential to ensuring data integrity (2).色谱数据采集软件通常具有保存进样日志的功能。除日期和时间外, 软件还可能包括与进样相关的附加信息, 如批号、空白或系统适用性、对照或样品。审计追踪可确保数据的完整性, 如果启用了审计追踪, 则不需要检查进样日志。进样日志报告通常由软件开发人