本文转载自GMP办公室.
问题现状:
Remote access by the supplier provides many advantages when maintaining software, troubleshooting and installing new functionalities. However, what regulations must be in place for remote access by service providers to GxP-critical systems? What data integrity requirements must be included?
供应商远程访问在软件维护、故障排除和安装新功能方面,带来了许多便利。
但是,对于服务提供商远程访问 GxP 关键系统,需要进行什么样的监管?
需要包括什么样的数据完整性要求?
How can this Process be made GxP-compliant?
如何使这种程序符合GxP?
Remote access enables service providers to access computerised systems via a network connection in order to correct errors or change the configuration. If a GxP critical computerised system is accessed remotely, the system can be modified by the activities of the service provider or service company in such a way that the validated state is no longer maintained. Therefore, remote access and the actions performed during this session should be controlled and documented. This means that access should be actively enabled by the RU (regulated user). Besides, this should be done via a secure network connection and a record of the activities performed should be kept . If necessary, a change control process should be initiated. The aim is to maintain and control the validated status of the system.
远程访问使服务提供商能够通过网络连接访问计算机化系统,以便更正错误或更改配置。
如果远程访问 GxP 关键计算机化系统,服务提供商或服务公司的活动可能修改系统,从而不再保持已验证的状态。
因此,应控制和记录远程访问和在此期间执行的操作。
这意味着 RU(受监管用户)应主动启用访问权限。
此外,应通过安全的网络连接来完成,并应保存所执行活动的记录。
如有必要,应启动变更控制程序。
目的是维护和控制系统的验证状态。
