Requirements of conduct for good laboratory practice - Part 6: The application of the principles of GLP to computerised systems
Some standard content:
ICS 03. 120. 20Www.bzxZ.net
National Standard of the People's Republic of China
GB/T22275.6—2008
Requirements of conduct for Good Laboratory Practice(GLP)-Part 6: The application of the principles of GLP to computerised systems systems2008-08-04 Release
General Administration of Quality Supervision, Inspection and Quarantine of the People's Republic of China Standardization Administration
Digital Anti-Counterfeiting
2009-04-01 Implementation
GB/T22275 "Implementation Requirements for Good Laboratory Practice" is divided into 7 parts: Part 1: Quality Assurance and Good Laboratory Practice; Part 2: Tasks and Responsibilities of Project Leaders in Good Laboratory Practice Research; Part 3, Compliance of Laboratory Suppliers with Good Laboratory Practice Principles; Part 4: Application of Good Laboratory Practice Principles in Field Research; Part 5: Application of Good Laboratory Practice Principles in Short-term Research; Part 6: Application of Good Laboratory Practice Principles in Computerized Systems; Part 7: Application of Good Laboratory Practice Principles in the Organization and Management of Multi-site Research. This part is Part 6 of GB/T22275. GB/T 22275.6--2008
This part is equivalent to the Organization for Economic Cooperation and Development (OECD) Good Laboratory Practice (CLP) Principles and Conformity Monitoring Series Document No. 10: "Application of GLP Principles to Computerized Systems" [OCDE/GD(95)115]. The following editorial changes have been made to this part: 1. The foreword and introduction of the original text have been deleted; Note 1 in the original definition has been deleted.
Appendix A of this part is an informative appendix.
This part was proposed and coordinated by the National Technical Committee on the Administration of Hazardous Chemicals (SAC/TC251). Drafting units of this part: Shandong Exit-Entry Inspection and Quarantine Bureau, National Technical Committee on the Administration of Hazardous Chemicals The main drafters of this part: Che Lidong, Huang Honghua, Wang Huiyong, Yu Wenlian, Sun Zhongsong. 1 Scope
Requirements for the implementation of good laboratory practice
Part 6: Application of good laboratory practice principles to computerized systems
GB/T 22275.6—2008
This part of GB/T 22275 specifies the application and management of computerized systems under the GLP principles, including the responsibilities of various departments, relevant training, requirements for equipment and instruments, maintenance and disaster recovery of computerized systems, data recording and processing, security of computerized systems, validation procedures of computerized systems, and documentation requirements for their development, validation, operation and maintenance. This part applies to the application of computerized systems under the GLP principles. 2 Normative references
The clauses in the following documents become the clauses of this part through the application of this part of GB/T 22275. For any dated referenced document, all subsequent amendments (excluding errata) or revisions are not applicable to this part. However, parties to agreements based on this part are encouraged to study whether the latest versions of these documents can be used. For undated references, the latest edition applies to this part.
GB/T 19001
Quality management system requirements
GB/T 22278 Principles of good laboratory practice
3 Terms and definitions
Terms and definitions in GB/T 22278 apply to this part. 4 Requirements
4.1 Scope
4.1.1 All computerized systems used to generate, measure and evaluate data submitted to regulatory agencies should be developed, validated, operated and maintained in a manner consistent with the principles of GLP. 4.1.2 In the plan, the execution and reporting of studies may use multiple computerized systems for multiple purposes. These purposes may include directly or indirectly acquiring data from automated instruments, operating and controlling automated equipment, and processing, reporting and storing data. For these different activities, the computerized system is also different, which can be a programmable analytical instrument or a multi-function personal computer connected to a laboratory information management system. In any scope involving computers, the principles of GLP should be applied.
4.2 Procedures
4.2.1 Computerized systems used in the execution of studies intended for submission to regulatory agencies should be appropriately designed, adequately capable, and suitable for their intended purpose. Appropriate operating procedures should be in place to control and maintain these systems, and they should be developed, validated, and operated in a manner that adheres to the principles of GLP.
4.2.2 It is important to demonstrate that a computerized system is suitable for its intended purpose. This is called computer validation. 4.2.3 Validation procedures will rigorously ensure that the computerized system meets its design requirements. Validation should be performed using a formal validation plan and prior to use.
5 Application of CLP Principles to Computerized Systems The following considerations will assist in the application of the GLP principles mentioned above to computerized systems. GB/T 22275.6—2008
5.1 Responsibilities
5.1.1 Management
5.1.1.1 Management of the testing facility assumes full responsibility for compliance with the principles of GLP. These responsibilities include the appointment and effective organization of sufficient personnel with appropriate qualifications and experience, and also include ensuring that instruments, equipment, and data processing procedures meet appropriate standards. 5.1.1.2 Management has the responsibility to ensure that computerized systems are suitable for their intended purposes and should establish computer-related policies and operating procedures to ensure that computerized systems are developed, validated, operated, and maintained in a manner that complies with GLP principles. Management should also ensure that these policies and operating procedures are understood and implemented, and that these requirements are effectively monitored. 5.1.1.3 Management should also designate personnel specifically responsible for the development, validation, operation, and maintenance of computerized systems. Such personnel should have the appropriate qualifications and experience and receive appropriate training to be able to perform their duties in accordance with GLP principles. 5.1.2 Project Leader
5.1.2.1 The project leader should be responsible for the overall implementation of the entire study in accordance with GLP principles. Because many studies can utilize computerized systems, the project leader should have a full understanding of any computerized systems involved in the research area for which he or she is responsible. 5.1.2.2 The project leader has the same responsibilities for electronic data records as for paper data records, so only validated systems should be used in studies that comply with GLP principles. 5.1.3 Personnel
All personnel who use computerized systems have the responsibility to operate these systems in accordance with GLP principles. Personnel responsible for the development, validation, operation and maintenance of computerized systems have the responsibility to promote and carry out these activities in accordance with GLP principles and recognized technical standards. 5.1.4 Quality Assurance
5.1.4.1 The responsibility for quality assurance of computerized systems should be clearly defined by management and described in written policies and procedures. The quality assurance plan should include procedures and practices to ensure that all stages of validation, operation and maintenance of computerized systems meet existing standards. It should also include procedures and practices for the introduction of purchased systems and the internal development process of computerized systems. 5.1.4.2 Quality assurance personnel should be responsible for monitoring the compliance of computerized systems with GLP and should receive necessary professional training. They should be familiar with these systems in order to make objective evaluations. In some cases, it may be necessary to designate professional reviewers. 5.1.4.3 Quality assurance personnel should have direct read-only access to data stored in computerized systems for review purposes. 5.2 Training
5.2.1 GLP principles require that the testing facility have appropriately qualified and experienced personnel, with a written training program that includes on-the-job training and, if appropriate, attendance at external training courses. All training records should be retained. 5.2.2 The above also applies to all personnel involved in computerized systems. 5.3 Equipment and Instruments
There should be sufficient equipment and instruments to properly conduct the study in accordance with GLP principles. There are a number of special considerations for computerized systems.
5.3.1 Equipment
5.3.1.1 Consideration should be given to the physical location of computer hardware, peripherals, communications equipment, and electronic storage media. Extremes of temperature and humidity, dust, electromagnetic interference, and proximity to high-voltage lines should be avoided unless the equipment is specifically designed for use in these environments. 5.3.1.2 Consideration should also be given to the power supply of computer equipment. Where appropriate, backup power or uninterruptible power supply should be provided for equipment whose sudden interruption could affect the test results. 5.3.1.3 Appropriate equipment should be available to ensure the safety of electronic data storage media. 5.3.2 Instruments
5.3.2.1 Hardware and Software
5.3.2.1.1 The definition of a computerized system is a set of hardware and software designed and combined to perform one or a set of specific functions.
5.3.2.1.2 Hardware is the physical component of a computerized system, which includes the computer unit itself and its peripherals. 5.3.2.1.3 Software is a program or a set of programs used to control the operation of a computerized system. 2
5.3.2.1.4 Therefore, all GLP principles applicable to instruments also apply to hardware and software. 5.3.2.2 Communication
GB/T22275.62008
5.3.2.2.1 Communication related to computerized systems can be roughly divided into two types: communication between computers and communication between computers and peripheral devices.
5.3.2.2.2 All communication links are potential factors for errors and may cause data loss or corruption. Appropriate safety and system integrity controls should be fully implemented throughout the development, verification, operation and maintenance of computerized systems. 5.4 Maintenance and Disaster Recovery
All computerized systems should be installed and maintained in a way to ensure their accurate and continuous operation. 5.4.1 Maintenance
There should be written procedures covering daily preventive maintenance and troubleshooting. These procedures should clearly state the tasks and responsibilities of the relevant personnel. When maintenance activities necessitate changes to hardware and/or software, the entire system may need to be requalified. During the routine operation of the system, records should be kept of any problems or conflicts detected and the corrective actions taken. 5.4.2 Disaster Recovery
5.4.2.1 The procedures should describe appropriately the approach to be taken in the event of a failure of part or all of the computerized system. This may include planned backups of hardware, transfer to paper systems, etc. All contingency plans should be fully documented and validated in writing and should be able to ensure continued data integrity and that the study will not be compromised in any way. Those conducting studies in accordance with GLP principles should be aware of these contingency plans.
5.4.2.2 The recovery procedures for computerized systems will depend on the criticality of the system, but the main point is that backups of all software should be maintained. If the recovery procedures require changes to the hardware or software, then the system may need to be requalified. 5.5 Data
5.5.1 GLP principles define raw data as all original laboratory records and documents, including data entered directly into a computer from an equipment interface, that are the original observations and activities in a study, and that are necessary to reconstruct and evaluate study reports. 5.5.2 Computerized systems operating in accordance with GLP principles may associate raw data in a variety of ways, such as electronic storage media, computer or equipment printouts, and microfilm copies. For each computerized system, raw data should be defined.
5.5,3 When a computerized system is used to electronically collect, process, report, or store raw data, the system should be designed to maintain a complete audit trail showing all changes to the data without obscuring the original data. It should be possible to link all data changes to the person who made the change by using (electronic) signatures with a time and date stamp. The reason for the data change should be given. 5.5.4 When electronic means are used to store raw data, it is necessary to consider the requirements for long-term storage of this type of data and the expected life of the computerized system. Changes in hardware and software should ensure the continued use and preservation of original data without risk of loss of integrity. 5.5.5 Supporting information necessary to verify the validity of original data or to permit reconstruction of a process or study, such as maintenance and calibration records, should be maintained in the archives.
5.5.6 The operating procedures for computerized systems should also describe alternative data collection procedures in the event of system failure. In this case any original data recorded manually and subsequently entered into the computer should be clearly marked and retained as the original record. Manual back-up procedures should minimize the risk of any data loss and ensure that these alternative records are retained. 5.5.7 When electronic original data are transferred from one system to another due to system obsolescence, this process should be fully documented and its integrity verified. When such transfer is not possible, the original data should first be transferred to another medium and verified as an exact copy before any original electronic data is destroyed. 5.6 Security
Written security procedures should protect hardware, software and data from damage or unauthorized modification or loss. Security as described in this standard includes protection against unauthorized use or modification of computerized systems and their data. Potential data corruption due to viruses or other spyware should also be protected. Security measures should also be taken to ensure data integrity in the event of a short-term or long-term system failure.
GB/T 22275.6—2008
5.6.1 Physical security
Physical security measures should be able to limit access to computers, communications equipment, peripherals and electronic storage media to authorized personnel only. For equipment that is not located in a specific computer location (such as personal computers or terminals), at least standard laboratory access controls should be used. However, when such equipment is remotely located (such as removable devices and modem connections), additional measures are required.
5.6.2 Logical security
For each computerized system or software, logical security measures should be in place to prevent unauthorized use of computers, software or data. It should be ensured that only approved versions and verified software are used. Logical security may include the use of passwords to confirm unique user identities. Any transfer of data or software from external sources should be controlled. These controls may be provided by the computer operating system, special security procedures, built-in functionality of the application, or all of the above. 5,6.3 Data Integrity
Since maintaining data integrity is a primary goal of GLP principles, all personnel associated with computerized systems should be aware of the need for the above security measures. Management should ensure that personnel understand the importance of data security, the procedures in place, and the system features that provide appropriate security measures and methods for handling security system breaches. These system features may include routine monitoring of system access, implementation of file verification, and reporting of exceptions and/or overall trends. 5.6.4 Backup
For computerized systems, it is standard practice to back up all software and data in order to recover the system after any crash that could compromise data integrity (e.g., hard drive failure). This means that the backed-up data has the potential to become the original data and should be treated as such.
5.7 Validation of Computerized Systems
Computerized systems should be suitable for their intended purpose. The following aspects should be addressed: 5.7.1 Acceptability
5.7.1.1 Computerized systems should be designed to meet GLP principles and pre-planned. There should be adequate documentation to demonstrate that the system was controlled and developed under recognized quality and technical standards (e.g. GB/T19001). More importantly, there should be evidence that the system has been rigorously tested by the testing agency for compliance with acceptance criteria before being put into routine use. Formal acceptance testing requires that all operating procedures, test data, test results, formal test summaries and formal acceptance records are performed under a pre-defined plan and that written evidence is retained.
5.7.1.2 For manufacturer-supplied systems, it is likely that a large amount of documentation generated during development will be retained by the manufacturer. In this case, there should be a formal evaluation and/or manufacturer audit at the testing agency. 5.7.2 Retrospective evaluation
5.7.2.1 Some systems are not expected or specified to comply with GLP principles. In such cases there should be a documented justification for the use of the system, which should include a retrospective assessment of suitability. 5.7.2.2 The retrospective assessment shall first collect all historical records involving the computerized system. These records shall then be reviewed and a written summary shall be prepared. The summary of the retrospective assessment shall detail what validation evidence exists and what future work is required to ensure the validation of the computerized system. 5.7.3 Change Control
5.7.3.1 Change control is the formal approval and documentation of any changes that occur during the use of a computerized system. A change control is required when a change may affect the validation status of a computerized system. - and the computerized system is put into operation, the change control procedure shall be effective.
5.7.3.2 This procedure shall describe the evaluation method used to determine the extent of retesting necessary to maintain the system's valid status. The change control procedure shall designate personnel responsible for determining the need for change control and approving its implementation. 4
GB/T 22275.6—2008
5.7.3.3 Regardless of the origin of the change (from the supplier or internally developed system), appropriate information needs to be provided as part of the change control procedure. The change control procedure should ensure the integrity of the data. 5.7. 4 Support mechanism
To ensure that the computerized system is always suitable for its intended purpose, the support mechanism should be in place to ensure that the system functions properly and is used correctly. This can include system management, training, maintenance, technical support, audits and/or performance evaluation. Performance evaluation is a periodic formal review of the system to ensure that it continues to meet certain performance standards, such as reliability, responsiveness and capability. 5.8 Documentation
The following list of items is a guide to the minimum documentation for the development, validation, operation and maintenance of computerized systems. 5.8.1 Provisions
There should be written management regulations for the collection, acquisition, requirements, design, verification, testing, installation, operation, maintenance, configuration, control, review, supervision and decommissioning of computerized systems. 5.8.2 Application Description
For each application software, there should be a document that fully describes: the name or identification code of the application software, and a detailed description of the purpose of the application; a)
The hardware (including model) on which the application software is executed! The operating system and other system software (such as tool software) used with it; c)
The language used by the application software and/or the database tools used; d)
The main functions performed by the application software;
|An overview of the data and/or database process design related to the application software; The file structure, error and report information and operation rules of the application software; g)
The version number of the application software; i) The configuration and communication connection between the application software module and other equipment and systems. 5.8.3 Source code
Some OECD countries require that the source code of application software should be available or accessible to the testing body. 5.8.4 Standard operating procedures
Most documents covering the use of computerized systems can exist in the form of standard operating procedures. These should include, but are not limited to, the following:
a) procedures for operating computerized systems (hardware and software), and the qualifications of personnel involved;
security procedures for detecting and preventing unauthorized access and program changes;
procedures and authorizations for program changes and records of changes;
procedures and authorizations for changes to equipment (hardware and software), including testing prior to use where appropriate;
e) periodic testing of the system as a whole or of individual components to ensure proper function, and records of these tests;
procedures for maintaining computerized systems and other associated equipment;
procedures for software development and acceptance testing, and records of all acceptance testing;
procedures for backing up all stored data and contingency plans in the event of a failure;
procedures for archiving and restoring all files, software and electronic data;
j) procedures for monitoring and auditing computerized systems. 5.9 Archives
5.9.1 GLP principles for data archiving should be consistently applied to all types of data. Therefore, electronic data should have the same access control, indexing and easy access as other data. 5.9.2 When electronic data from multiple studies are stored on the same storage medium, a detailed key reference should be required. 5
GB/T 22275.62008
5.9.3 Special environmental control equipment may be required to ensure the integrity of electronic data storage. If additional archiving institutions are required, then the management should designate dedicated archive management personnel and ensure that only authorized personnel can access the archives. It is also necessary to implement procedures to ensure that the integrity of long-term stored data is not compromised. When long-term access to data is required or when a computerized system needs to be decommissioned, procedures should be developed to ensure that the data continues to be readable. This may include: hard copy printouts or transfer of data to another system.
5.9.4 The destruction of electronic data should be authorized by the management and related documents. Other data used to support computerized systems, such as source code and development, validation, operation, maintenance and supervision records, should be retained for at least the same period as the research records associated with these systems. Appendix A
(Informative Appendix)
Term Explanation
GB/T22275.6—2008
A.1 Acceptance criteria: Written criteria that should be met to successfully complete a test phase or to meet delivery requirements.
A2 Acceptance testing: Formal testing of a computerized system under the expected operating environment to determine whether all acceptance criteria of the testing organization can be met or whether the system is acceptable for operational use. A.3 Back-up: Precautionary measures used to restore data or software, restart operating processes, or provide backup computers for use when the system crashes or encounters a disaster.
A.4 Change control: Evaluation and recording of system operations and changes during operation to determine whether a computerized system should be screened for validation procedures after any changes. A,5 Computerised system: A set of hardware and software designed and combined together to perform a specific function or group of functions.
A,6 Electronic signature: A form of registration of computer data encoded by electromagnetic pressure or any symbol or group of symbols, executed, modified or authorized by a person as equivalent to his or her handwritten signature. A.7 Hardware: The physical equipment of a computerized system, including the computer itself and its peripherals. 8 Peripheral cameras: Any instrument with a user interface, or auxiliary or removable equipment, such as printers, modems, terminals, etc. A.9 Recognized technical standards: standards issued by national or international standardization organizations (such as ISO, IEEE, ANSI, etc.).
A.10 Security: protection of computer hardware and software to prevent accidental or malicious access, use, modification, destruction or leakage. Security also includes personnel, data, communications, and devices that physically and logically protect computers. A.11 Software (application software): a program developed, modified or adapted to meet the needs of the test organization for process control, data collection, data manipulation, data reporting and (or) archiving. A, 12 Software (operating system): one or a group of programs, routines and programs used to control the operation of the computer. An operating system can provide, for example, resource allocation, time scheduling, input and output control, and data management. A13 Source code: a set of programs (programming languages) originally expressed in human-readable form, which should be converted into computer-readable form before being executed by the computer. A.14 Validation of a computerised system: The act of verifying that a computerised system is suitable for its intended purpose.
GB/T 22275.6-2008
People's Republic of China
National Standard
Requirements for the Implementation of Good Laboratory Practice
Part 6: Principles of Good Laboratory Practice
Application in Computerized Systems
GB/T 22275. 6—2008
Published and distributed by China Standards Publishing House
No. 16, Sanlihebei Street, Fuxingmenwai, Beijing
Postal Code: 100043
Website: www,spc.net.cn
Tel: 6832394668517548
Printed by Qinhuangdao Printing Factory of China Standards Publishing House Distributed by Xinhua Bookstores in various places
Printing Sheet 0.75 Words 15,000 words| |tt||Format 880×12301/16
November 2008 edition
First printing in November 2008
Book number: 155066: 1-34016
Price 14.00
If there is any printing error
Replaced by our publishing center
Copyright exclusive, infringement will be investigated
Report phone: (010) 68533533
Tip: This standard content only shows part of the intercepted content of the complete standard. If you need the complete standard, please go to the top to download the complete standard document for free.