审计跟踪应包括所有可能的数据更改;据此跟踪记录,审阅者可以判别是否数据更改是否是一个异常事件。
Different types of audit trails supply data on different functions; each should be assessed individually and, then, all audit trails should be assessed collectively to determine the integrity of the data. Instrument-specific software provides several fields for configuring audit trails, and templates from which to choose for presentation. Figure 6.3.9-1 illustrates one approach to audit trail classification.
不同类型的审计跟踪提供不同功能的数据,每个都应该单独评估。然后,所有的审计跟踪应进行汇总评估,以确定数据的完整性。特定仪器的软件提供了用于配置审计跟踪和模板的若干字段。选择哪一个进行显示。图6.3.9.1 阐述了审计跟踪的一个分类方法
Figure 6.3.9-1 Example of an Audit Trail Summary
图6.3.9-1 审计追踪示例
The Quality Unit is responsible for enabling fully functional audit trails, assessing the different kinds of metadata captured, and choosing which fields are required to verify and ensure data reliability and compliance. This approach should be carefully selected with a view to design the most appropriate procedures for batch release as well as a sound periodic review. The following list reflects one recommended approach to the various classifications of audits, each of which are discussed in the sections below:
质量部门负责启用全面功能的审计跟踪,评估所捕获的不同类型的元数据,并选择哪些字段需要确认以确保数据的可靠性和完整性。应仔细选择此方法, 以设计最适合批放行和定期审核的程序。对不同等级的审计追踪的推荐方法如下所列,后续章节将详细阐述每个方法:
System-level audit trail 系统层面审计追踪
Application-level audit trail 应用层面审计追踪
Method audit trail方法审计追踪
Results audit trail (or injection audit trail)结果审计追踪(或进针追踪)
Sequence audit trail序列审计追踪
Transaction log/system error log 色谱事件日志/系统错误日志
System-Level Audit Trail
系统层面追踪
If a system-level audit capability exists, the audit trail should capture, at a minimum: any attempt to log in, successful or unsuccessful; ID, date, and time of each login attempt; date and time of each logoff; device used; and function(s) performed while logged in, i.e., applications that the user attempted, successfully or unsuccessfully, to perform, as shown in Figure 6.3.9.1-1 (2).
如果存在系统层面的审计能力,审计追踪最少应捕捉:任何登录尝试、成功或不成功;每次登录尝试的ID、日期和时间;每次注销的日期和时间;使用的设备;以及登录时执行的功能,例如用户尝试的应用程序;成功或失败。
System audit trails cover the activities related to system policy changes, user activities (login, logoff, unauthorized logins and user privileges changes), changes to projects (creating, deleting, modifying and restoring), verification of project integrity and changes to systems. The Quality Unit should review system audit trails on a periodic basis established by the firm for any type of deletions.
系统审核跟踪覆盖了系统策略更改、用户活动相关的活动(登录、注销、未经授权的登录和用户权限更改,对项目的更改(创建、删除、修改和恢复),证明项目的完整性和对系统的变更。质量系统应定期审核系统审计追踪以确定任何类型的删除。
Figure 6.3.9.1-2 displays a typical system audit trail for project deletion. System audit trails are reviewed in investigations to check the login and logoff times as well as any system-based information that is not captured on application-level audit trails (2).
图6.3.9.1-2展示了一个典型的系统层面项目删除的审计跟踪。系统审核追踪可以在调查过程查看以检查登录和注销时间, 以及在应用级别审核跟踪 (2) 中未能捕获的任何基于系统的信息。
Figure 6.3.9.1-1 System Audit Trail (Default)
图6.2.9.1-1系统审计追踪
Figure 6.3.9.1-2 System Audit Trail for Project Deletion
图6.3.9.1-2项目删除的系统审计追踪
Application-Level Audit Trail
应用层面审计追踪
Application-level audit trails monitor and log user activities, including which data files were opened and closed, and what specific actions have been taken, such as reading, editing, processing, and deleting records or fields, and publishing reports. This could also be called a project-level audit trail. Some applications may be sensitive enough to create an audit trail that captures “before” and “after” information for each modified record or the data changed within a record (54).
应用层面审计跟踪监视和记录用户活动,包括打开关闭哪些数据文件,以及采取了什么具体行动,例如查看、编辑、处理和删除记录或文件,和发布报告。这也可以称为项目级别审计跟踪。某些应用程序可能足够敏感, 可以创建一个审核跟踪, 用于捕获每个修改记录的 "之前" 和 "之后" 信息, 或记录中更改的数据 (54)。
Method Audit Trail
方法审计追踪
Method audit trails track the changes made to the method and typically contain the following information:
方法审计追踪追踪方法所做的更改,通常包含以下信息:
Method modification history 方法修改历史
Method used for all injections所有进样的方法
Method modified between the sequences 不同序列之间的方法修改
Results Audit Trail
结果审计追踪
Chromatograms or reports can serve as a results audit trail. Figure 6.3.9.4-1 is a model results audit trail report that presents integration type, date acquired, date processed and by whom, and if the chromatogram was altered after generating data. Typically, chromatograms should contain:
色谱图或报告提供结果审计追踪。图6.3.9.4.1是一个结果审计跟踪报告模板,它显示了积分类型、获取的日期、处理的日期以及由谁处理的日期,以及在生成数据之后色谱图是否被改变。色谱图通常应包含:
Sample deion 样品描述
Date and time of sample acquisition样品采集的日期和时间
Date and time of results processed, if possible 处理结果的日期和时间(如有)
Minimum method parameters, i.e., wave length, injection volume, and method name/ID方法参数,比如波长、进样量、方法名称/ID
Integration type积分类型
Retention time (any other system suit parameters) 保留时间
Time printed, published, or saved 打印、发布或保存时间
Integration events 积分事件
Sample name change after execution 执行后样品名称变更
Filters can also be used to search the requirement from huge amounts of data. Figure 6.3.9.4-2 represents a filter to search whether the sample has been injected in multiple projects. For older systems with limited functionality, the reviewer should sign and stamp results printed on paper and review the electronic data according to the Quality Unit policy. If the results are published electronically, the reviewer should e-sign the results after reviewing and lock the signed file. If it will be used for any investigational purpose, the Quality Unit must review the electronic data per the firm’s policy, as electronic data is deemed to be final. Once the printed data is audited, original electronic data should be available for reference and should not be altered. Any modification to the approved data needs to be justified.
筛选器还可以用于从大量数据中搜索所需信息。图6.3.9.4-2代表筛选器搜索在多个项目中的样品进样。对于旧系统在功能有限的情况下,复核人应在打印结果上签名并按照质量部门SOP复核电子数据。如果结果是以电子形式发布的,复核人在审核后对结果进行电子签名并锁定名文件。如果它将被用于任何调查目的,当电子数据被认为是最终的数据,质量部门必须按照公司的政策审查电子数据。一旦打印的数据被审核过,原始电子数据应该仅用于参考,不可更改。对批准的数据的任何修改都应进行论证。
Figure 6.3.9.4-1 Results Audit Trail Report
图6.3.9.4-1结果审计追踪报告
Figure 6.3.9.4-2 Filter to Search Sample in Multiple Projects
图6.3.9.4-2使用筛选器在多个项目中寻找样品
Sequence Audit Trail
序列审计追踪
Sequence audit trails, or sample set audit trails, track the changes made to the sample sequence or batch. Figure 6.3.9.5-1 represents a typical sequence audit trail report, which generally contains the following information:
序列审计跟踪或样品集审计跟踪,跟踪对样品序列或批所做的更改。图6.3.9.5-1表示典型的序列审计跟踪报告,一般包含以下信息:
Name correction for sample set or injections after injection acquisition 样品采集或进样名称改变
Sample set alteration 样品集改变
Sample name alteration during sequence execution 在序列执行过程中更改样品名称
Method used for all injections 用于所有进样的方法
Aborted sequences取消序列
Project-Level Audit Trail
项目审计追踪
By enabling the audit trails option while creating it, a project will capture all the activities performed with respect to sample set, injections, channels, results, calibration curves, and peaks. Figure 6.3.9.6-1 represents a project audit trail record for deleted injection as a poor example to show fraudulent data.
通过启用审计跟踪选项时可以激活,项目将捕获关于样本集、进样、通道、结果、校准曲线和峰执行的所有活动。图6.3.9.6-1显示了项目审计跟踪记录一个删除的事件,来展现欺诈性数据的示例。
Figure 6.3.9.5-1 Sample Set Audit Trail Report
图6.3.9.5-1 样品设置审计追踪报告
Figure 6.3.9.6-1 Project Audit Trail – Deleted Injection
图6.3.9.6-1 项目审计追踪-删除进样
Injection Log
进样日志
Chromatographic data acquisition software typically has the ability to maintain a log of injections. In addition to the date and time, the software may include additional information associated with the injection such as lot number, blank or system suitability, reference, or sample. An audit trail ensures the integrity of the data and, if the audit trail is enabled, review of the injection log is not necessary. Injection log reports are typically built in by the software developer, though with limited ability to customize without expert programming capability. The type, ease of log retrieval, and ease of printing/ publishing are also built-in functionalities of the software; however, their inclusion will vary among software suppliers. An injection log is separate and distinct from an audit trail; while it is a good tool to have, it is not essential to ensuring data integrity (2).
色谱数据采集软件通常具有保存进样日志的功能。除日期和时间外, 软件还可能包括与进样相关的附加信息, 如批号、空白或系统适用性、对照或样品。审计跟踪可确保数据的完整性, 如果启用了审核最终, 则不需要检查进样日志。进样日志报告通常由软件开发人员构建, 因此没有专家编程能力,自定义能力有限。软件还内置功能, 便于日志检索, 易于打印/发布;但是,不同软件供应商的内容会有所不同。进样日志是独立的, 有别于审计跟踪;尽管这是一个很好的工具, 但对确保数据完整性 (2)来说并不重要。
Transactional Log/System Errors
事件日志/系统错误
Chromatography
色谱仪
The transactional log (which may be referred to by other terms depending on the equipment vendor) and system error logs are online, instantaneous features that display pop-up messages about system functionality, user activity, and hardware-related issues or errors. Figure 6.3.10.1-1 shows the types of errors generated by the software or transactional log and a typical representation of a software transactional log. Figure 6.3.10.1-2 represents a typical transactional error log.
事件日志和系统错误日志(根据设备供应商的不同,此术语可以用其他术语来指代)是实时的、即时的特性,它们显示关于系统功能、用户活动和硬件相关问题或错误的弹出消息。图6.3.10.1-1、6.3.10.1-2 展示常见错误。
The transactional log is neither an audit trail nor is it intended to be a replacement for or component of other audit trails. A transactional log generally provides some additional information related to software (e.g., missing vial, lost prime) or hardware malfunctions (e.g., HSS fault, lost connection) and can help in interpreting the audit trail.
事件日志既不是审计跟踪,也不作为其他审计追踪的替代或组成。事务日志提供与软件有关的额外信息(如,missing vial, lost prime)或硬件功能异常(如HSS错误,断开连接)以及可以帮助解释审计追踪。
No one should have access or authority to manually change this log; however, the system can be configured to automatically purge the messages on a periodic basis to ensure efficient operation of the system processing memory. If the audit trail is never turned off, any deletion, modification, or copying of messages performed by the administrator will be recorded in validated audit trails (e.g., system audit trail). The Quality Unit should verify when a system or run has been interrupted due to a disconnection or power loss.
不应有人有权限修改此日志。然而,可以将系统配置为定期自动清除信息,来保证系统充足的操作记忆内存。如果审计追踪功能从未关闭,那么管理员说执行的任何有关信息删除、修改、和拷贝都会被记录在经验证的审计追踪中(例系统审计追踪)。质量部门应确认系统或一次运行何时于断开连接或断电造成的中断。
Figure 6.3.10.1-1 Example of a Transactional Log
图6.3.10.1-1 事件日志示例
Figure 6.3.10.1-2 Example of a System Error Log
图6.3.10.1-2 系统错误日志示例
The messages appearing in the log may come from the application software, third-party software, (e.g., Oracle database supporting system for chromatographic software) or other connected instruments (e.g., balance connected to HPLC) or equipment. Some chromatographic software packages offer this functionality. The transactional logs are system-level messages, temporarily stored and often automatically purged by the system at time-based defined intervals; their utility is therefore time-sensitive. These transactional logs may prove beneficial for trending (e.g., trending of most frequent instrument or processing errors that require attention helps in troubleshooting) or investigational purposes (e.g., describing the cause of the failure) and companies may utilize this information accordingly. During software validation, messages will present as information, warning, or error according to listed categories (e.g., general, security). Critical messages and actions regarding data manipulation or data deletion that may appear in the transactional log must be captured in validated audit trails (e.g., system, result, sequence or sample, or method audit trails).
日志中出现的消息可能来自应用软件、第三方软件,例如支持色谱软件系统的Oracle数据库或其他连接仪器(例如连接到HPLC的天平)或设备。一些色谱软件包提供了这种功能。事件日志是系统层面的信息,临时存储并以指定时间间隔自动清除;因此它们的实用性是有时间限制的。这些日志对于分析趋势(例如,分析需要关注帮助排除故障的最频繁使用的仪器或处理错误)或调查原因(描述失败原因)可能有好处,公司可以相应的利用这些信息。在软件验证期间, 信息将根据列出的类别 (例如, 常规、安全性) 显示为信息、警告或错误。在事件日志中可能出现的关于数据操作或数据删除的关键消息和操作必须在经过验证的审计追踪(例如,系统、结果、序列或示例,或方法审计跟踪)中捕获。
Categorization of error messages having an impact on the software and product ideally would be incorporated during software development and validation by the vendor. Some errors with titles that sound critical (e.g., cable disconnected, connection lost, communication failure) may not be captured in a validated audit trail but recorded in a transactional log. It may be difficult to confirm that these types of messages are all caused by intentional interruptions or have any impact on product quality data. It is therefore important to have appropriate controls and procedures in place to ensure that true power outages be recorded, especially if a chromatographic run is affected.
理想情况下,对软件和产品有影响的错误消息的分类将在软件开发和供应商验证期间涵盖。 一些标题听起来很关键的错误(例如,电缆断开、连接丢失、通信失败)可能不会在经过验证的审计追踪中捕获,而是记录在事件日志中。可能很难确认这些类型的消息都是由故意中断引起的,或对产品质量数据有任何影响。因此有必要建立适当的控制和程序,以确保真正的停电记录,特别是如果色谱运行受到影响。
The Quality Unit for the lab must establish and validate error messages during equipment installation and qualification. Some error messages are specific to the operating system of the software and are not directly related to data or equipment operation. It is important to work with the software supplier to understand the deion of messages that are recorded in the transactional log as they may be subject to evaluation during inspection. Further, it is important to identify those messages that are critical, i.e., related to data and instrument operations. For existing or previously installed equipment (e.g., legacy systems), during installation and qualification, the Quality Unit should assure that all transactional log messages are reviewed and understood, and that critical messages are identified and included in validated audit trails. Transactional log messages that have no impact on analyses or quality attributes of a product and messages that are also recorded in validated audit trails need not be retained.
实验室的质量部门必须在设备安装和验证期间建立和验证错误信息。一些错误消息是特定于 软件的操作系统的,与数据或设备操作没有直接关系。与软件供应商一起工作以理解记录在 事件日志中的消息的描述是很重要的,因为它们可能在检查期间受到评估。此外,重要的是 识别那些关键的消息,即与数据和仪器操作有关的消息。对于现有或先前安装的设备(例如,遗留系统),在安装和验证期间,质量部门应确保审查和理解所有事件性日志消息,并 确保在已验证的审计跟踪中识别关键消息。不需要保留不影响产品分析或质量属性的事件日 志消息以及也记录在已验证的审计跟踪中的消息。
For example, if a cable is disconnected from an HPLC to a LAC/E box, then the data will not be captured, and the transactional log will show a message as system interruption due to cable disconnection. Further dialogue between industry, health authorities, and vendors is needed to resolve how to address this evolving topic.
例如,如果从HPLC到LAC/E BOX的连接断开,那么数据将不被捕获,并且事件日志将显示消息为由于连接断开导致的系统中断。需要在行业、卫生部门和供应商之间进一步对话, 以解决如何处理这个不断变化的话题。
Other Types of Equipment
其他类型的设备
Transactional logs are also available from other types of automated analytical equipment such as X-ray diffraction(XRD) or Karl Fisher(KF). Examples are shown in Figure 6.3.10.2-1 and Figure 6.3.10.2-2 below. Figure 6.3.10.2-2 also provides an example of how the log entries can be misleading if an auditor is not fully trained on the system. For example, although one entry reads “Deleted the journal entry” in the XRD log, the actual reason for displaying the message is a job interruption. The Quality Unit should recognize critical messages recorded in transactional logs and ensure they are recorded in validated audit trails.
其他类型的自动化分析设备也有事件日志,如X射线衍射(XRD)或水分仪(KF)。如图6.3.10.2-1 和6.3.10.2-2所示.图6.3.10.2-2还说明如果审核人员没有对系统进行全面培训,则日志条目可能产生误导。例子在以下图6.3.10.2.1-6.3.10.2.2展示。例如,虽然一个条目在 XRD 日志中读取 "删除日志条目", 但显示消息的实际原因是作业中断。质量部门应该识别记录在事件日志中的关键消息,并确保它们记录在已验证的审计跟踪中。
Figure 6.3.10.2-1 Example of a Transactional Log for XRD
图6.3.10.2-1 XRD事件日志示例
Figure 6.3.10.2-2 Example of a Transactional Log for KF
图6.3.10.2-2 KF事件日志示例
Common Deficiencies
常见缺陷
The following problems, listed with the respective ALCS components, are often encountered and commonly found in audits or cited in FDA Warning Letters: (55)
FDA警告信中关于复杂计算机化系统的数据完整性的常见典型缺陷如下:
Computers 计算机
– Shared passwords 共享密码
– No control over data generated 未控制所生成的数据
– Data acquisition date-and-time-stamp changes to alter actual date and time of results 修改数据采集日期和时间戳以改变实际的结果日期和时间
– No control of automatic software updates软件自动更新没有控制
– Computer systems/software validation errors 计算机系统/软件验证错误
– Time synchronization across all equipment and computers in the laboratory 实验室内所有设备和计算机的时间同步
– Inappropriate database protection in computerized systems计算机系统中数据库的保护不恰当
– Unauthorized changes made by analysts 分析员未经授权的更改
– Altering or setting back the computer’s clock or date and time of the chromatographic injection 修改或设置计算机的时钟或色谱进样的日期和时间
Server服务器
– Lack of oversight by Quality Unit 缺乏质量部门监督
– Validation errors 验证错误
– Improper network mapping that leads to data transmission losses 不当网络映射导致数据传输损失
– Cloud systems not verified for data transmission and data losses 云系统未验证数据传输和数据丢失
Equipment 设备
– Single injections or sample trial injections of test samples made directly on instrument 直接在仪器上进行的测试样品的单次进样或样品试验进样
– Stand-alone equipment connected to computer without server lacks controls, routine audit trail reviews, and full data retention capabilities that prevent analysts or other personnel from deleting data
连接到计算机但没有服务器的单机版设备缺乏控制、常规审计跟踪检查以及防止分析员或其他人员删除数据的完整数据保留能力
– Features not appropriately selected or engaged, e.g., provision for trial injections without being captured in audit trails (implies lack of understanding or verification by lab personnel)
没有适当选择或启用功能,例如,没有在审计追踪中捕获试验进样(意味着实验室人员缺乏理解或确认)
– Improper configuration of computers or storage devices that can lead to duplication or falsification of data (implies lack of training for IT personnel)
计算机或存储设备的配置不当,可能导致数据的重复或伪造(意味着缺乏对IT人员的培训)
– Data losses due to power outage without investigation
未调查停电造成的数据损失
– Altering system suitability to make it appear as if the sample failure was caused by an equipment malfunction
改变系统的适应性,使其看起来像是由设备故障引起的样品失败
Off-the-Shelf Software 非专门设计软件
– Data processing scenarios not validated 数据处理方式未经过验证
– Data calculations not validated数据计算未验证
– Part 11 compliance assumed or not verified不符合Part11或未验证
– Software version changes incompatible with older files 软件版本变更导致旧的文件不兼容
Data Handling 数据处理
– Trial injections of test samples 试验性进样
– Data integration problems and compromises 数据完整性问题以及违规
– Not reviewing/publishing/enabling audit trails 未审核/发布/启用审计跟踪
– Not reporting incidents 未报告事件
– Retesting samples, deleting OOS results, and reporting passing results during stability or to release batches 重新测试样品,删除OOS结果,只报告合格的结果用于稳定性或批放行
– Data deletions 数据删除
– Data manipulations, such as changing integration, date and time, or method parameters 数据操纵,例如改变积分、日期和时间或方法参数
– Data not archived 数据未存档
– Data archived on unreadable discs 数据存档在不可读取的磁盘
– Reviewers unable to detect the problems due to lack of understanding fields
由于对相关数据完整性领域缺乏理解,审核人无法发现问题。
– Aborted sequences 终止序列
– Inhibition of peaks/disregarding peaks without proper scientific justification 没有适当的科学论证,抑制峰/忽略峰
公众号查看