计算机化系统验证 Computerized System Validation. 陈国笋 Brant Chen 上海朗脉 Macroprocess

Transcription

1 计算机化系统验证 Computerized System Validation 陈国笋 Brant Chen 上海朗脉 Macroprocess

2 1 计算机化系统的分类 Category of Computerized system 2

3 制药企业的计算机化系统 Computerized System in Pharmaceutical Company 生产 Process/Manufacturing 设备自控系统 Automatic equipment (PLC) 工艺自动化系统 Process automation system 空调控制系统 HVAC control system 环境监测系统 Environment monitoring system 水系统自控系统 Control system of water system 生产数据采集系统 Supervisory control and data acquisition (SCADA) 生产执行系统 Manufacturing execution system (MES) 电子批生产记录 Electronic batch production record 3

4 制药企业的计算机化系统 Computerized System in Pharmaceutical Company 质量保证 / 质量控制 QA/QC 精密仪器工作站 Analytical instrument workstation 实验室信息管理系统 Laboratory information management system (LIMS) Excel 表格软件 Excel Spreadsheet software 文档管理系统 Document management system 质量管理软件 Quality management system 产品放行系统 Batch release system 4

5 制药企业的计算机化系统 Computerized System in Pharmaceutical Company 仓库 Warehouse 仓储管理系统 Warehousing and distribution system 温湿度监测系统 Temp./Humidity monitoring system 血库管理系统 Blood management system 5

6 计算机系统的分类 Category of Computerized system (GAMP5) Software category Hardware category 1- Infrastructure software 1- Standard hardware components 2- (no longer used in GAMP5) 2- Custom built hardware components 3- Non-configured products 4- Configured products 5- Custom applications (refer to GAMP5) 6

7 2 法规焦点 Regulation Focus 7

8 法规焦点 Regulation focus 安全性 Security 追溯性 Traceabil ity 完整性 Integrity 8

9 中国 GMP 附录计算机化系统 New China GMP annex- Computerized system (2015) 贯穿生命周期 Throughout Lifecycle 授权管理 Access management 基于风险评估 Risk based 供应商的参与 Supplier involvement 计算机化系统 Computerized system 审计跟踪 Audit trial 电子数据 Electronic record 9

10 中国 GMP 附录计算机化系统 New China GMP annex- Computerized system (2015) 贯穿生命周期 Throughout Lifecycle 第三条风险管理应当贯穿计算机化系统的生命周期全过程, 应当考虑患者安全 数据完整性和产品质量 Article 3 Risk management should be applied throughout the lifecycle of the computerized system taking into account patient safety, data integrity and product quality. 10

11 中国 GMP 附录计算机化系统 New China GMP annex- Computerized system (2015) 基于风险评估 Risk based 第六条计算机化系统验证包括应用程序的验证和基础架构的确认, 其范围与程度应当基于科学的风险评估 风险评估应当充分考虑计算机化系统的使用范围和用途 Article 6 Computerized system validation should include the application validation and infrastructure qualification. The scope and extent of validation should be based on a justified risk assessment. Risk assessment should consider the application scope and purpose of the computerized system. 第七条企业应当建立包含所有计算机化系统的清单, 标明与药品生产质量管理相关的功能 Article 7 An up to date listing of all relevant systems and their GMP functionality (inventory) should be available. 11

12 中国 GMP 附录计算机化系统 New China GMP annex- Computerized system (2015) 基于风险评估 Risk based 第十二条软件是计算机化系统的重要组成部分 企业应当根据风险评估的结果, 对所采用软件进行分级管理 ( 如针对软件供应商的审计 ), 评估供应商质量保证系统, 保证软件符合企业需求 Article 12 Software is important part of the computerized system. According to the risk assessment result, grading management may be used on the software (such as the audit for the software supplier). Review the supplier s quality assurance system to check that user requirements are fulfilled. 12

13 中国 GMP 附录计算机化系统 New China GMP annex- Computerized system (2015) 供应商的参与 Suppliers involvement 第四条企业应当针对计算机化系统供应商的管理制订操作规程 供应商提供产品或服务时 ( 如安装 配置 集成 验证 维护 数据处理等 ), 企业应当与供应商签订正式协议, 明确双方责任 企业应当基于风险评估的结果提供与供应商质量体系和审计信息相关的文件 Article a standard operation procedure should be written for the management of the suppliers of the computerized system. When third parties (e.g. suppliers, service providers) are used e.g. to provide, install, configure, integrate, validate, maintain or for data processing, formal agreements must exist between the manufacturer and any third parties, and these agreements should include clear statements of the responsibilities of the third party. Quality system and audit information relating to suppliers or developers of software and implemented systems should be made available based the result of the risk assessment. 13

14 中国 GMP 附录计算机化系统 New China GMP annex- Computerized system (2015) 授权管理 Access management 第十四条只有经许可的人员才能进入和使用系统 企业应当采取适当的方式杜绝未经许可的人员进入和使用系统 应当就进入和使用系统制订授权 取消以及授权变更的操作规程 必要时, 应当考虑系统能记录未经许可的人员试图访问系统的行为 Article 14 Only authorized persons can access to use the computerized system. Suitable methods of preventing unauthorized entry to the System should be taken. Standard operation procedure should be written for creation, cancellation and change of access authorization. If necessary, any action that unauthorized person try to entry the system should be record. 14

15 中国 GMP 附录计算机化系统 New China GMP annex- Computerized system (2015) 审计跟踪 Audit trails 第十六条计算机化系统应当记录输入或确认关键数据人员的身份 只有经授权人员, 方可修改已输入的数据 每次修改一个已输入的关键数据均应当经过批准, 并应当记录更改数据的理由 应当根据风险评估的结果, 考虑在计算机化系统中建立一个数据审计跟踪系统, 用于记录数据的输入和修改以及系统的使用和变更 Article 16 Computerized System should record the identity of persons entering or confirming critical data. Only authorized person can modify the data have been entered. Modification of any critical data have been entered should be approved and recorded the reason to change. Based on the result of risk assessment, consideration should be given to build a data audit trail system to document the creation or modification of the record data and the use and change of the computerized system. 15

16 中国 GMP 附录计算机化系统 New China GMP annex- Computerized system (2015) 电子数据 Electronic record 第十八条对于电子数据和纸质打印文稿同时存在的情况, 应当有文件明确规定以电子数据为主数据还是以纸质打印文稿为主数据 Article 18 When electronic data and print paper both exist, written documentation to define which is the main data for electronic data or print paper. 16

17 中国 GMP 附录计算机化系统 New China GMP annex- Computerized system (2015) 电子数据 Electronic record 第十九条以电子数据为主数据时,( 二 ) 必须采用物理或者电子方法保证数据的安全, 以防止故意或意外的损害 应当检查所存储数据的可访问性及数据完整性 When electronic data is considered as main data, (2) Data should be secured by both physical and electronic means against damage. Stored data should be checked for accessibility, readability and accuracy. ( 三 ) 应当建立数据备份与恢复的操作规程, 定期对数据备份, 以保护存储的数据供将来调用 备份数据应当储存在另一个单独的 安全的地点, 保存时间应当至少满足本规范中关于文件 记录保存时限的要求 (3) Written procedure of backup and restore of data should be available. Regular backup of all relevant data should be taken to ensure to access the data in the future. Backup data should be stored in a separate and safe place. The retention time should meet the regulatory requirement for documentation and record. 17

18 3 风险评估 Risk Assessment 18

19 风险评估前的思考 Consideration to risk assessment 很多指南可参考, 如 GAMP5, ICH Q9 Many guidelines can be referred, such as GAMP5, ICH Q9 重要的是, 搞清楚你的起点是什么 The most important thing is that you must clearly know what is your original purpose. 19

20 风险评估的目的 Risk assessment purpose 风险管理应当贯穿计算机化系统的生命周期全过程, 应当考虑患者安全 数据完整性和产品质量 (2010 GMP) Risk management should be applied throughout the lifecycle of the computerized system taking into account patient safety, data integrity and product quality. Safety 在有限的资源下, 保证患者安全 数据完整性和产品质量 With limited resources, to ensure patient safety, data integrity and product quality. Quality Integrity 20

21 风险评估的时间节点 When to do risk assessment 计算机化系统生命周期 Life cycle 概念提出 项目建设 日常使用 退役 Concept Project Operation Retire 初始风险评估 Initial Risk Assessment 功能风险评估 Function Risk Assessment 变更风险评估 Change Risk assessment 退役风险评估 Retire risk assessment 21

22 初始风险评估 Initial risk assessment GxP 电子记录 ER 产品放行 release 验证范围和程度 Scope and extent of validation 22

23 根据系统的复杂程度决定验证活动 Validation activity based on the complexity of system URS 供应商评估 风险评估 设计文件 测试 确认 日常使用 定期维护 Supplier review Risk assessment design test qualification operation maintena nce 复杂 详细 detail 现场审计 Site audit 详细 detail FS HDS SDS MSDS 调试 FAT SAT DQ IQOQ PQ 严格受控 restri ct 定期备份 Regular backup Complexity 简单 简单 simple 问卷调查 Questio -nnaire 汇总评估 report 简单 simple 无 FS DS 手册 manual 调试 SAT 调试 DQ IQOQ IQOQ 授权 autho rity 登记 register 回顾 review 校准 calibration 23 生命周期 life cycle

24 功能风险评估 Functional risk assessment 风险管理流程 Risk management process: 识别风险 Risk identification 风险回顾 Risk review 风险分析和评估 Risk analysis and evaluation 风险控制 Risk control

25 功能风险评估 Functional risk assessment 系统功能举例 Functions of system: 工艺操作自动控制 Process operation automation 报警联锁 Alarms and interlocks 流程可视化 Process visualization 数据管理 Data management 历史趋势 Historic trend 审计跟踪 Audit trail 用户管理 User management (authorization etc.)

26 FMEA method 了解系统或设备, 以及工艺流程 Identification of System/Equipment, Process 识别可能出现风险 产生的原因 带来的影响 Identification of the risk event, cause and effects 评估该风险带来的影响的严重程度 Evaluation of the SEVERITY of the Risk 评估风险出现的可能性 Evaluation of the PROBABILITY that the event occurs 评估该风险被发现的可能性 Evaluation of the DETECTABILITY of the event 建议采取的措施 Suggested actions

27 4 如何开展计算机化系统验证 How to conduct computerized system validation 27

28 借鉴 GAMP5 的方法 28

29

30 如何开展计算机化系统验证 Computerized system validation steps 第 1 步 - 罗列清单 step 1- list all of systems 第 2 步 - 初始风险评估 (GxP, ERES) step 2- initial risk assessment (GxP, ERES) 第 3 步 - 确定需求 (URS, VP) step 3- define requirements (URS, VP) 第 4 步 - 供应商评估 step 4- supplier review 30

31 如何开展计算机化系统验证 Computerized system validation steps 第 5 步 - 设计审核 (FS, HDS/SDS,DQ,RA) step 5- design review (FS, HDS/SDS, DQ, RA) 第 6 步 - 系统测试 (FAT, SAT, IQ/OQ/PQ) step 6- system test (FAT, SAT, IQ/OQ/PQ) 第 7 步 - 定期维护 ( 备份, 变更控制, 风险管理 ) step 7- regular maintenance (backup, change control, risk management) 第 8 步 - 退役管理 ( 数据迁移和追溯可查 ) step 8- retire management (data migration and traceability) 31

32 朗脉介绍 MACROPROCESS INTRODUCTION 成立于 2002 年 Founded in 2002 总部 : 上海 Headquarter: Shanghai 生产基地 : 常州 Production base: Changzhou 员工 : >700 人 Employee: >700 32

33 朗脉业务 BUSINESS GMP 咨询 GMP consulting 设计 Design 验证服务 Validation service 洁净室组件 Clean room components 制药行业 洁净室 Clean room 洁净管道系统 Sanitary pipe system 制水设备 Water production machine 33 自控系统 Automation system

34 验证服务 VALIDATION SERVICE 厂房和设施 Facilities 工艺设备 Process equipment 1 计算机化系统 Computerized system 清洁验证 Cleaning validation 验证 Validation 工艺验证 Process validation 6 分析仪器和分析方法 Analytical instrument and methods 验证整体解决方案 34 one total solution service

35 服务范围 验证管理和验证体系搭建 验证整体解决方案 验证风险评估和验证主计划 (VMP) 的起草 URS 的审核 / 起草 设计 GMP 审核 HVAC/ 纯化水 / 注射用水 / 工艺气体等系统 : DQ/IQ/OQ/PQ* 工艺设备 : DQ/IQ/OQ/PQ* 计算机化系统 : DQ/IQ/OQ/PQ 清洁验证和工艺验证的指导 分析仪器和分析方法验证的指导 *: 1. IQOQ 可由供应商提供, 朗脉提供审核 2. PQ 方案由朗脉起草, 具体实施由客户执行 3. 特殊的 PQ 测试可由朗脉执行, 如灭菌柜温度分布测试 35

36 ONE TOTAL SOLUTION : VALIDATION SERVICE SCOPE Validation management and Risk Analysis VMP draft URS review/draft Design GMP review HVAC/Water system/clean utilities: DQ/IQ/OQ/PQ* Process equipment: DQ/IQ/OQ/PQ* Computerized system: DQ/IQ/OQ/PQ Guiding of Cleaning validation, process validation, analytical method validation Validation Training *: 1. sometimes IQOQ is done by supplier, so we can do REVIEW. 2. PQ protocol can be drafted by us and executed by client 3. some special PQ test can be done by us, e.g. Autoclave temperature distribution test. 36

37 GMP 咨询服务 GMP Consulting Service GMP 审计和差距分析 GMP audit and gap analysis 质量管理体系建设咨询 Quality system consulting 文件系统建设咨询 Documentation system consulting GMP 模拟检查 GMP Mock inspection GMP 检查陪同 GMP inspection support 专题培训 Special training 37

38 38 陈国笋 BRANT CHEN 上海朗脉洁净技术股份有限公司 MACROPROCESS