Transcription of 別紙(10) PIC/S GMP ガイドライン アネックス11 …
1 1/3 COMPUTERISED SYSTEMS PRINCIPLE The introduction of computerised systems into systems ofmanufacturing, including storage, distribution and qualitycontrol does not alter the need to observe the relevantprinciples given elsewhere in the Guide. Where acomputerised system replaces a manual operation, thereshould be no resultant decrease in product quality orquality assurance. Consideration should be given to therisk of losing aspects of the previous system by reducingthe involvement of operators. PIC/S GMP PERSONNEL 1. It is essential that there is the closest co-operationbetween key personnel and those involved with computersystems. Persons in responsible positions should have theappropriate training for the management and use ofsystems within their field of responsibility which should include ensuring that appropriateexpertise is available and used to provide advice onaspects of design, validation, installation and operation ofcomputerised VALIDATION 2.
2 The extent of validation necessary will depend on anumber of factors including the use to which the system isto be put, whether it is prospective or retrospective andwhether or not novel elements are incorporated. Validationshould be onsidered as part of the complete life cycle of acomputer cycle includes the stages ofplanning, specification, programming, testing,commissioning, documentation, operation, monitoring SYSTEM 3. Attention should be paid to the siting of equipment insuitable conditions where extraneous factors cannotinterfere with the 4. A written detailed description of the system should beproduced (including diagrams as appropriate) and kept upto should describe the principles, objectives, securitymeasures and scope of the system and the main featuresof the way in which the computer is used and how itinteracts with other systems and procedures4.
3 ( ) PIC/S GMP 2/35. The software is a critical component of a computerisedsystem. The user of such software should take allreasonable steps to ensure that it has been produced inaccordance with a system of Quality 6. The system should include, where appropriate, built-inchecks of the correct entry and processing of 7. Before a system using a computer is brought into use, itshould be thoroughly tested and confirmed as beingcapable of achieving the desired a manual systemis being replaced, the two should be run in parallel for atime, as part of this testing and 8.
4 Data should only be entered or amended by personsauthorised to do so. Suitable methods of deterringunauthorised entry of data include the use of keys, passcards, personal codes and restricted access to computerterminals. Consideration should be given to systemsallowing for recording of attempts to access byunauthorised 9. When critical data are being entered manually (forexample the weight and batch number of an ingredientduring dispensing), there should be an additional check onthe accuracy of the record which is made. This check maybe done by a second operator or by validated ( ) 10. The system should record the identity of operatorsentering or confirming critical to amend entered data should be restricted tonominated alteration to an entry of critical data should beauthorised and recorded with the reason for should be given to the systemcreating a complete record of all entries and amendments(an "audit trail")10.
5 ( )11. Alterations to a system or to a computer programshould only be made in accordance with a definedprocedure which should include provision for validating,checking, approving and implementing the change. Such analteration should only be implemented with the agreementof the person responsible for the part of the systemconcerned, and the alteration should be recorded. Everysignificant modification should be 12. For quality auditing purposes, it should be possible toobtain meaningful printed copies of electronically 3/313.
6 Data should be secured by physical or electronicmeans against wilful or accidental damage, and this inaccordance with item of the Guide. Stored data shouldbe checked for accessibility, durability and are proposed to the computer equipment or itsprograms, the above mentioned checks should beperformed at a frequency appropriate to the storagemedium being 14. Data should be protected by backing-up at regularintervals. Back-up data should be stored as long asnecessary at a separate and secure 15. There should be available adequate alternativearrangements for systems which need to be operated inthe event of a breakdown. The time required to bring thealternative arrangements into use should be related to thepossible urgency of the need to use them.
7 For example,information required to effect a recall must be available atshort 16. The procedures to be followed if the system fails orbreaks down should be defined and validated. Any failuresand remedial action taken should be 17. A procedure should be established to record andanalyse errors and to enable corrective action to be 18. When outside agencies are used to provide a computerservice, there should be a formal agreement including aclear statement of the responsibilities of that outsideagency (see Chapter 7).18. ( 7 ) 19. When the release of batches for sale or supply iscarried out using a computerised system, the systemshould recognize that only an Authorised Person canrelease the batches and it should clearly identify andrecord the person releasing the
