审计跟踪,译自英文“Audit trail”,初遇这个词,略微有些奇怪,因为其中的“trail”,更多让人联想到刑侦一类的事件和人物,比如痕迹分析,比如李昌钰,比如卷福,好吧,跑题了。
首先,我们来看下国内外法规的定义:
中国CFDA在GMP附录《计算机化系统》中的定义:
“数据审计跟踪:是一系列有关计算机操作系统、应用程序及用户操作等事件的记录,用以帮助从原始数据追踪到有关的记录、报告或事件,或从记录、报告、事件追溯到原始数据。”
同时在该规范的第十六条也提到
“应当根据风险评估的结果,考虑在计算机化系统中建立数据审计跟踪系统,用于记录数据的输入和修改以及系统的使用和变更。”
欧盟HPRA在EU GMP的附录11 计算机化系统<Computerised Systems>(链接:http://academy.gmp-compliance.org/guidemgr/files/ANNEX11_01-2011_EN.PDF)中提到:
“Consideration should be given, based on a risk assessment, to building into the system the creation of a record of all GMP-relevant changes and deletions (a system generated "audit trail"). For change or deletion of GMP-relevant data the reason should be documented. Audit trails need to be available and convertible to a generally intelligible form and regularly reviewed. ”
大致翻译如下:
“在应该基于风险评估的考量,建立一个系统来记录所有与GMP相关的变更和删除(该审计跟踪系统应是由系统自动生成)。对于所有与GMP相关数据的变更和删除理由均应该被记录。审计追踪需要能将数据转换成可被通常理解的形式并可被定期审核。”
另外,欧盟在2015年公布的数据完整性指南<MHRA GxP Data Integrity Definitions and Guidance for Industry>(链接:https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/412735/Data_integrity_definitions_and_guidance_v2.pdf)中进一步解释了审计跟踪,
“Audit trails are metadata that are a record of critical information (for example the change or deletion of relevant data) that permit the reconstruction of activities.”
大致翻译如下:
“审计跟踪是元数据(计算机术语,用来描述数据属性的数据),用来记录对GMP关键信息的操作行为(例如相关数据的变更和删除)”
在该指南里,还对具体的计算机化系统中的审计跟踪提了具体的要求,例如:
“Where computerised systems are used to capture, process, report or store raw data electronically, system design should always provide for the retention of full audit trails to show all changes to the data while retaining previous and original data. It should be possible to associate all changes to data with the persons making those changes, and changes should be time stamped and a reason given. Users should not have the ability to amend or switch off the audit trail. ”
|