行业指南:数据完整性与药品 CGMP 合规问答-01

2024-01-23 13

This guidance represents the current thinking of the Food and Drug Administration (FDA or Agency) on this topic. It does not establish any rights for any person and is not binding on FDA or the public. You can use an alternative approach if it satisfies the requirements of the applicable statutes and regulations. To discuss an alternative approach, contact the FDA office responsible for this guidance as listed on the title page.

本指南代表了当前 FDA 对此主题的观点。它并未赋予任何人任何权力,对 FDA 和公众不具备强制力。替代方法满足适用法律法规要求时可以使用。关于替代方法的讨论,请联系本指南首页列出的 FDA 官员。
    

I. INTRODUCTION 前言

        

The purpose of this guidance is to clarify the role of data integrity in current good manufacturingpractice (CGMP) for drugs, as required in 21 CFR parts 210, 211, and 212. Unless otherwise noted, the term CGMP in this guidance refers to CGMPs for drugs (including biologics). FDA’s authority for CGMP comes from section 501(a)(2)(B) of the Federal Food, Drug, and Cosmetic Act (FD&C Act). Part 210 covers Current Good Manufacturing Practice in Manufacturing, Processing, Packing, or Holding of Drugs; General; part 211 covers Current Good Manufacturing Practice for Finished Pharmaceuticals; and part 212 covers Current Good Manufacturing Practice for Positron Emission Tomography (PET) Drugs. All citations to parts 211 and 212 in this document pertain to finished pharmaceuticals and PET drugs, but these requirements are also consistent with Agency guidance on CGMP for active pharmaceutical ingredients with respect to data integrity2. This guidance provides the Agency’s current thinking on the creation and handling of data in accordance with CGMP requirements.

本指南的目的是澄清数据完整性在 21CFR 第 210、211 和 212 部分所要求的药品 CGMP 中的地位。除另有说明外,本指南中的术语 CGMP 指药品 CGMP(包括生物制品)。FDA 对 CGMP 的权力来自于FDCA 第 501(a)(2)(B)条款。第 210 部分包括了药品生产、加工、包装和存贮中的CGMP、通则;第 211 部分包括了制剂的 CGMP;第 212 部分则包括了 PET 药品的 CGMP。在本文件中所有对第 211 和 212 部分中的引用均针对制剂和 PET 药品,但这些要求在数据完整性方面与 FDA 对 API 的 CGMP 指南亦是一致的。本指南提供的是 FDA 当前对于根据 CGMP 要求创建和处理数据的观点。
  

FDA expects that all data be reliable and accurate (see the “Background” section). CGMP regulations and guidance allow for flexible and risk-based strategies to prevent and detect data integrity issues. Firms should implement meaningful and effective strategies to manage their data integrity risks based on their process understanding and knowledge management of technologies and business models3

FDA 要求所有数据均是准确可靠的(参见“背景”部分)。CGMP 法规和指南允许使用基于风险的灵活策略来防止和发现数据完整性问题。公司应基于其对工艺的了解和对技术与业务模式的知识管理,实施有效的实质性策略来管理其数据完整性风险。
  

Meaningful and effective strategies should consider the design, operation, and monitoring of systems and controls based on risk to patient, process, and product. Management’s involvement in and influence on these strategies is essential in preventing and correcting conditions that can lead to data integrityproblems. It is the role of management with executive responsibility to create a quality culture where employees understand that data integrity is an organizational core value and employees are encouraged to identify and promptly report data integrity issues. In the absence of management support of a qualityculture, quality systems can break down and lead to CGMP noncompliance.

有效的实质性策略应考虑系统设计、运行和监测,以及基于对患者、工艺和产品风险的控制。管 理层有必要参与并对这些策略施加影响,以防止和纠正可能导致数据完整性问题的情形。管理层 有义务履行其职责,创建一种质量文化,让员工了解数据完整性是组织的核心价值,鼓励员工发 现并主动报告数据完整性问题。如果管理层不支持质量文化,质量体系有可能崩溃并导致 CGMP 不合规。
     

In general, FDA’s guidance documents do not establish legally enforceable responsibilities. Instead,guidances describe the Agency’s current thinking on a topic and should be viewed only as recommendations, unless specific regulatory or statutory requirements are cited. The use of the word should in Agency guidances means that something is suggested or recommended, but not required.

一般来说,FDA 的指南文件并不构成强制义务。相反,指南所描述的是 FDA 当前对某个主题的 观点,应仅作为是建议,引用具体法律法规要求者除外。SHOULD 一词在 FDA 指南的使用表示 建议或推荐做某事,但并非强制。
   

II. BACKGROUND 背景

               

inspections. This is troubling because ensuring data integrity is an important component of industry’s responsibility to ensure the safety, efficacy, and quality of drugs, and of FDA’s ability to protect the public health. These data integrity-related CGMP violations have led to numerous regulatory actions, including warning letters, import alerts, and consent decrees. The underlying premise in §§210.1 and 212.2 is that CGMP sets forth minimum requirements to assure that drugs meet the standards of the FD&C Act regarding safety, identity, strength, quality, and purity4. Requirements with respect to data integrity in parts 211 and 212 include, among other things:

  • 211.68 (requiring that “backup data are exact and complete” and “secure from alteration, inadvertent erasures, or loss” and that “output from the computer … be checked for accuracy”).
  • 212.110(b) (requiring that data be “stored to prevent deterioration or loss”).
  • 211.100 and 211.160 (requiring that certain activities be “documented at the time of performance” and that laboratory controls be “scientifically sound”).
  • 211.180 (requiring that records be retained as “original records,” or “true copies,” or other “accurate reproductions of the original records”).
  • 211.188, 211.194, and 212.60(g) (requiring “complete information,” “complete data derived from all tests,” “complete record of all data,” and “complete records of all tests performed”).
  • 211.22, 211.192, and 211.194(a) (requiring that production and control records be “reviewed” and that laboratory records be “reviewed for accuracy, completeness, and compliance with established standards”).
  • 211.182, 211.186(a), 211.188(b)(11), and 211.194(a)(8) (requiring that records be “checked,” “verified,” or “reviewed”).
         

近年,FDA 在 CGMP 现场检查中发现越来越多的 CGMP 违规涉及数据完整性问题。这种现象令人不安,因为数据完整性是药企确保药品安全性、有效性和质量的义务中的重要一环,亦是FDA 保护公众健康的重要内容。这些与数据完整性有关的 CGMP 违规已导致大量强制措施,包括警告信、进口禁令和合意判决。§§210.1 和 212.2 的基本前提是 CGMP 设定了确保药品符合FDCA 关于安全性、鉴别、剂量、质量和纯度方法标准的最低要求。在第 211 和 212 部分中关于数据完整性的要求包括:

  • 211.68(要求“备份数据应完整并准确”并且“受到保护不被修改、无意删除或丢失”以及“要检查计算机的输出信息的准确性”)
  • 212.110(b)(要求对数据进行“存贮以防止受损或丢失”)
  • 211.100 和 211.160(要求特定活动“在执行时即进行记录”并且实验室控制应“科学合理”)
  • 211.180(要求记录保存为“原始记录”或“真实副本”,或其它“原始记录的准确复制件”)
  • 211.188, 211.194 和 212.60(g)(要求“完整信息”、“所有检测的完整数据”、“所有数据的完整记录”以及“执行的所有检测的完整记录”)
  • 211.22, 211.192 和 211.194(a)(要求生产和检测记录经过“审核”,并且实验室记录应“检查其准确性、完整性和与既定标准的符合性”)
  • 211.182, 211.186(a), 211.188(b)(11)和 211.194(a)(8)(要求“检查”、“核对”或“审核”记录)
              

When considering how to meet many of these regulatory requirements, it may be useful to ask thefollowing questions:

  • Are controls in place to ensure that data is complete?
  • Are activities documented at the time of performance?
  • Are activities attributable to a specific individual?
  • Can only authorized individuals make changes to records?
  • Is there a record of changes to data?
  • Are records reviewed for accuracy, completeness, and compliance with established standards?
  • Are data maintained securely from data creation through disposition after the record’s retention period?
          

在考虑如何符合这些法规要求时,先提出以下问题可能会有所帮助:

  • 是否有制订有控制措施确保数据是完整的?
  • 是否在执行活动时即进行了记录?
  • 活动是否可追溯到具体人员?
  • 是否只有经过授权的人员方可修改记录?
  • 对数据的修改是否有记录?
  • 是否审核记录的准确性、完整性以及与既定标准的符合性?
  • 自创建开始直到记录达到保存时限后销毁期间,数据保存是否安全?
          

This guidance helps answer these questions and enables an understanding of key concepts behind the regulatory requirements.

本指南帮助回答这些问题,促进对法规要求背后的关键概念的理解。
         

While not in the scope of this guidance, data integrity-related CGMP violations can also impact or be directly linked to application filing, review, and regulatory actions.

虽然不在本指南范围内,但数据完整性有关的 CGMP 违规亦可能影响或直接关系到申报资料的提交、审核和强制措施。
              

Electronic signature and record-keeping requirements are laid out in 21 CFR part 11 and apply to certain records subject to records requirements set forth in Agency regulations, including parts 210, 211, and 212. For more information, see guidance for industry Part 11, Electronic Records; Electronic Signatures—Scope and Application, which outlines FDA’s current thinking regarding the scope and application of part 11 pending FDA’s reexamination of part 11 as it applies to all FDA-regulated products.

电子签名和记录保存要求在 21CFR 第 11 部分已有规定,适用于需要满足 FDA 法规(包括第210、211 和 212 部分)中指定要求的特定记录。更多信息参见行业指南“第 11 部分—电子记录和电子签名—范围与应用”,其中说明了 FDA 当前对第 11 部分在重新检查其是否适用于所有FDA 监管产品中对其范围和应用方面的观点。
      

索引

      
  1. This guidance has been prepared by the Office of Pharmaceutical Quality and the Office of Compliance in the Center for Drug Evaluation and Research in cooperation with the Center for Biologics Evaluation and Research, the Center for Veterinary Medicine, and the Office of Regulatory Affairs at the Food and Drug Administration.
  2. See the International Council for Harmonisation (ICH) guidance for industry Q7 Good Manufacturing Practice Guide for Active Pharmaceutical Ingredients. We update guidances periodically. To make sure you have the most recent version of a guidance, check the FDA Drugs guidance web page at
  3. See ICH guidance for industry Q9 Quality Risk Management.
  4. According to section 501(a)(2)(B) of the FD&C Act, a drug shall be deemed adulterated if “the methods used in, or the facilities or controls used for, its manufacture, processing, packing, or holding do not conform to or are not operated or administered in conformity with current good manufacturing practice to assure that such drug meets the requirement of the act as to safety and has the identity and strength, and meets the quality and purity characteristics, which it purports or is represented to possess.”
  1. 本指南由 FDA 的 CDER 与 CBER 的药品质量办公室和 CVM 以及 ORA 一起制订。
  2. https://www.fda.gov/Drugs/GuidanceComplianceRegulatoryInformation/Guidances/default.htm. 参见 ICH 行业指南 Q7“原料药GMP”。我们定期在官网更新指南,请检查最新版本。
  3. 参见 ICH 行业指南 Q9“质量风险管理”。
  4. 依据 FDCA 第 501(a)(2)(B)条款,如果“一种药品生产、加工、包装或保存所用方法或设施不符合 CGMP 要求,或不在 CGMP 合规状态下操作或管理,从而确保该药品满足法案关于安全的要求,不具备鉴别和剂要求,不符合其理应具备的质量和纯度属性”,则被认为是掺假药品。
声明:获取原文内容请前往官方网站,内容整理自网络,如有侵权,请联系删除。