查看內容

5分鐘看懂什么是FDA 21 CFR part 11?

  • 2018-07-27 17:08
  • 佚名
  • Views

FDA 21 CFR part 11

21 CFR Part 11是針對電子記錄和電子簽名的FDA法規,對于藥廠和醫療器械使用的眾多電子記錄和電子簽名提供了詳盡的要求和規范。彼得對這部分接觸的也不多,在研讀過程中將原文進行了翻譯,供大家交流和討論。
 





A部分通用規定
Subpart A--General Provisions
 
11.1 范圍
Sec. 11.1 Scope.
 
(a) 本部分的法規制定了接受標準,用于機構評估電子記錄、電子簽名、電子記錄加手寫簽名的可信性、可靠性,以及通常等同于紙質記錄和手寫簽名的形式。
(a) The regulations in this part setforth the criteria under which the agency considers electronic records,electronic signatures, and handwritten signatures executed to electronicrecords to be trustworthy, reliable, and generally equivalent to paper recordsand handwritten signatures executed on paper.
 
(b) 本部分適用于根據法規需求制定的,以電子形式生成、修改、維護、存檔、恢復或傳輸的任何記錄。還適用于提交給監管機構的關于聯邦食品、藥品和化妝品以及公共健康服務法案需求的電子記錄,即使此類記錄不是法規中特別提到的。但是,本部分不適用于以電子形式傳輸的紙質記錄。
(b) This part applies to records inelectronic form that are created, modified, maintained, archived, retrieved, ortransmitted, under any records requirements set forth in agency regulations.This part also applies to electronic records submitted to the agency underrequirements of the Federal Food, Drug, and Cosmetic Act and the Public HealthService Act, even if such records are not specifically identified in agencyregulations. However, this part does not apply to paper records that are, orhave been, transmitted by electronic means.
 
(c) 當電子簽名和相關的電子記錄符合本部分要求時,機構應認可電子簽名等同于手寫簽名、縮寫和其他法規中要求常用的簽名形式,除非是法規自1997年8月20日以來特別強調的情況。
(c) Where electronic signatures andtheir associated electronic records meet the requirements of this part, theagency will consider the electronic signatures to be equivalent to fullhandwritten signatures, initials, and other general signings as required byagency regulations, unless specifically excepted by regulation(s) effective onor after August 20, 1997.
 
(d) 根據11.2,符合本部分要求的電子記錄可以替代紙質記錄,除非特別強調需要紙質記錄的情況。
(d) Electronic records that meet therequirements of this part may be used in lieu of paper records, in accordancewith 11.2, unless paper records are specifically required.
 
(e) 計算機系統(包括硬件和軟件)、控制和服務文檔應準備好,并接受FDA的檢查。
(e) Computer systems (includinghardware and software), controls, and attendant documentation maintained underthis part shall be readily available for, and subject to, FDA inspection.
 
(f) 本部分不適用于1.326-1.368章節確定所需要的記錄。符合本章節第1部分J子部分要求的記錄,如果在其他適用的法規約束下需要的,仍然需要滿足本部分的要求。
(f) This part does not apply torecords required to be established or maintained by 1.326 through 1.368 of thischapter. Records that satisfy the requirements of part 1, subpart J of thischapter, but that also are required under other applicable statutory provisionsor regulations, remain subject to this part.
 
(g)到(o)的翻譯省略,對制造商的意義不大。
 


11.2執行
Sec. 11.2 Implementation.
 
(a) 對于需要保持但無需提交機構的記錄,只要本部分的要求得到滿足,可以部分或全部使用電子記錄代替紙質記錄,或電子簽名代替傳統簽名。
(a) For records required to bemaintained but not submitted to the agency, persons may use electronic recordsin lieu of paper records or electronic signatures in lieu of traditionalsignatures, in whole or in part, provided that the requirements of this partare met.
 
(b) 對于提交機構的記錄,可以部分或全部使用電子記錄代替紙質記錄,或電子簽名代替傳統簽名,前提是:
(b) For records submitted to theagency, persons may use electronic records in lieu of paper records orelectronic signatures in lieu of traditional signatures, in whole or in part,provided that:
 
(1) 本部分的要求得到滿足;
(1) The requirements of this partare met; and
 
(2) 文檔或文檔部分已在公共摘要第92S-0251號中識別為機構接受以電子形式提交的文件類型。這個摘要將特別識別哪些類型的文檔或文檔部分允許以電子而不是紙質形式提交,并識別此類型的提交可以用于的接收機構單位(例如,指定中心、辦公室、部門和分支)。對于公共摘要中沒有提到的接收單位,如果文檔以電子形式提交將不會被認定為正式文件;紙質形式的這類文件將被認定為正式文件,并且必須要附上任何的電子記錄。需要咨詢接收單位,以確定是否以電子形式提交以及提交的細節(例如,傳輸方法、媒介、文檔格式和技術方案等)。
(2) The document or parts of adocument to be submitted have been identified in public docket No. 92S-0251 asbeing the type of submission the agency accepts in electronic form. This docketwill identify specifically what types of documents or parts of documents areacceptable for submission in electronic form without paper records and theagency receiving unit(s) (e.g., specific center, office, division, branch) towhich such submissions may be made. Documents to agency receiving unit(s) notspecified in the public docket will not be considered as official if they aresubmitted in electronic form; paper forms of such documents will be consideredas official and must accompany any electronic records. Persons are expected toconsult with the intended agency receiving unit for details on how (e.g.,method of transmission, media, file formats, and technical protocols) andwhether to proceed with the electronic submission.
 
11.3 定義
Sec. 11.3 Definitions.
 
(a) 在法案201部分中包括的定義和條款解釋適用于本部分。
(a) The definitions andinterpretations of terms contained in section 201 of the act apply to thoseterms when used in this part.
 
(b) 以下定義同樣適用于本部分:
(b) The following definitions ofterms also apply to this part:
 
(1) 法案指聯邦食品藥品化妝品法案(21號美國法典321-393,第201-903部分)。
(1) Act means the FederalFood, Drug, and Cosmetic Act (secs. 201-903 (21 U.S.C. 321-393)).
 
(2) 機構指的是食品藥品監督管理局。
(2) Agency means the Food andDrug Administration.
 
(3) 生物識別指的是一種基于對個人生理特征或重復動作進行測量的用于驗證個人身份的方法,這些特征或動作是個人獨特的并可以測量的。
(3) Biometrics means a methodof verifying an individual's identity based on measurement of the individual'sphysical feature(s) or repeatable action(s) where those features and/or actionsare both unique to that individual and measurable.
 
(4) 封閉系統指的是系統的進入受到電子記錄內容負責人控制的環境。
(4) Closed system means anenvironment in which system access is controlled by persons who are responsiblefor the content of electronic records that are on the system.
 
(5) 數字簽名指的是基于發起人授權的加密方法的電子簽名,通過一系列規則和參數進行計算來完成,這樣簽署人的身份和數據的可靠性可以得到驗證。
(5) Digital signature meansan electronic signature based upon cryptographic methods of originatorauthentication, computed by using a set of rules and a set of parameters suchthat the identity of the signer and the integrity of the data can be verified.
 
(6) 電子記錄指的是任何文字、圖像、數據、音頻、繪畫或其他形式的信息組合以數字形式在計算機系統中被生成、修改、維持、存檔、恢復或分發。
(6) Electronic record meansany combination of text, graphics, data, audio, pictorial, or other informationrepresentation in digital form that is created, modified, maintained, archived,retrieved, or distributed by a computer system.
 
(7)電子簽名指的是個人對任何符號的計算機數據編譯的執行、采用或授權,以合法地約束其成為個人手寫簽名的等同物。
(7) Electronic signaturemeans a computer data compilation of any symbol or series of symbols executed,adopted, or authorized by an individual to be the legally binding equivalent ofthe individual's handwritten signature.
 
(8) 手寫簽名指的是個人手寫的姓名或法律記號,通過書寫在永久性表格上執行或采用以表示授權意圖。使用鋼筆或尖筆進行簽字的行動得到保留。姓名或法律記號雖然傳統上適用于紙張,也可以應用于其他可以捕捉姓名和記號的設備。
(8) Handwritten signaturemeans the scripted name or legal mark of an individual handwritten by thatindividual and executed or adopted with the present intention to authenticate awriting in a permanent form. The act of signing with a writing or markinginstrument such as a pen or stylus is preserved. The scripted name or legal mark,while conventionally applied to paper, may also be applied to other devicesthat capture the name or mark.
 
(9) 開放系統指的是系統的進入不會受到電子記錄內容負責人控制的環境。
(9) Open system means anenvironment in which system access is not controlled by persons who areresponsible for the content of electronic records that are on the system.
 
B部分電子記錄
Subpart B--Electronic Records



11.10 封閉系統的控制
Sec. 11.10 Controls for closed systems.
 
使用封閉系統進行創建、修改、維持或傳輸電子記錄的人員應使用經過設計的程序和控制,以確保電子記錄的真實性、可靠性以及保密性,并確保簽署人不能夠以記錄不真實為由進行否認。這樣的程序和控制應包括如下內容:
Persons who use closed systems tocreate, modify, maintain, or transmit electronic records shall employprocedures and controls designed to ensure the authenticity, integrity, and,when appropriate, the confidentiality of electronic records, and to ensure thatthe signer cannot readily repudiate the signed record as not genuine. Suchprocedures and controls shall include the following:
 
(a) 系統確認,以確保準確性、可靠性、持續的預期性能,以及識別無效或更改后的數據的能力。
(a) Validation of systems to ensureaccuracy, reliability, consistent intended performance, and the ability todiscern invalid or altered records.
 
(b) 產生準確和完整的記錄副本的能力,該副本應以可閱讀和電子表格的形式適于機構的檢查、評審和復制。如果有任何關于機構進行此類電子記錄評審和復制能力的疑問,應聯系機構。
(b) The ability to generate accurateand complete copies of records in both human readable and electronic formsuitable for inspection, review, and copying by the agency. Persons shouldcontact the agency if there are any questions regarding the ability of theagency to perform such review and copying of the electronic records.
 
(c) 對于記錄的保護應確保記錄保存期間的準確和可恢復。
(c) Protection of records to enabletheir accurate and ready retrieval throughout the records retention period.
 
(d) 對于授權個人的有限系統進入。
(d) Limiting system access toauthorized individuals.
 
(e) 使用安全的、計算機產生的、有時間印記的審計跟蹤,以獨立記錄操作人員進入和創建、修改或刪除電子記錄動作發生的日期和時間。記錄的變更不應掩蓋之前記錄的信息。此類審計跟蹤文件應保存至少和電子記錄所需同樣長的時間,并且可以被機構評審和復制。
(e) Use of secure,computer-generated, time-stamped audit trails to independently record the dateand time of operator entries and actions that create, modify, or deleteelectronic records. Record changes shall not obscure previously recordedinformation. Such audit trail documentation shall be retained for a period atleast as long as that required for the subject electronic records and shall beavailable for agency review and copying.
 
(f) 適用時,使用操作系統核查以強制允許的步驟和事件的順序。
(f) Use of operational system checksto enforce permitted sequencing of steps and events, as appropriate.
 
(g) 使用權限核查以確保只有經過授權的個人可以使用該系統,電子簽署記錄,進入操作或計算機系統的輸入和輸出設備,修改記錄,執行手頭的操作。
(g) Use of authority checks toensure that only authorized individuals can use the system, electronically signa record, access the operation or computer system input or output device, altera record, or perform the operation at hand.
 
(h) 使用終端設備核查以確定數據輸入或操作指南來源的有效性。
(h) Use of device (e.g., terminal)checks to determine, as appropriate, the validity of the source of data inputor operational instruction.
 
(i) 確定開發、維持或使用電子記錄/電子簽名系統的人員具備一定的教育、培訓和經歷來執行所分配的任務。
(i) Determination that persons whodevelop, maintain, or use electronic record/electronic signature systems havethe education, training, and experience to perform their assigned tasks.
 
(j) 對于書面方針的建立和遵守,使人員對于他們電子簽名的行動保證義務和責任,以阻止對于記錄和簽名的偽造。
(j) The establishment of, andadherence to, written policies that hold individuals accountable andresponsible for actions initiated under their electronic signatures, in orderto deter record and signature falsification.
 
(k) 使用適當的系統文檔控制,包括:
(k) Use of appropriate controls oversystems documentation including:
 
(1) 對于系統運行和維護文檔的分發、進入和使用的適當控制。
(1) Adequate controls over thedistribution of, access to, and use of documentation for system operation andmaintenance.
 
(2) 修改和變更控制程序,以保持審計跟蹤,記錄時間順序的系統文檔的開發和修訂。
(2) Revision and change controlprocedures to maintain an audit trail that documents time-sequenced developmentand modification of systems documentation.
 
11.30 開放系統的控制
Sec. 11.30 Controls for open systems.
 
使用開放系統進行創建、修改、維持或傳輸電子記錄的人員應采用經過設計的程序和控制,以確保電子記錄從創建到接收的真實性、可靠性和保密性。這些程序和控制應包括11.10中所識別的內容,以及額外的措施如文件加密和適當數字簽名標準的使用,以確保記錄的真實性、可靠性和保密性。
Persons who use open systems tocreate, modify, maintain, or transmit electronic records shall employprocedures and controls designed to ensure the authenticity, integrity, and, asappropriate, the confidentiality of electronic records from the point of theircreation to the point of their receipt. Such procedures and controls shallinclude those identified in 11.10, as appropriate, and additional measures suchas document encryption and use of appropriate digital signature standards toensure, as necessary under the circumstances, record authenticity, integrity,and confidentiality.
 
11.50簽名形式
Sec. 11.50 Signature manifestations.
 
(a) 簽署的電子記錄應包括簽署相關的信息,明確指明如下內容:
(a) Signed electronic records shallcontain information associated with the signing that clearly indicates all ofthe following:
 
(1) 簽署人的印刷體姓名;
(1) The printed name of the signer;
 
(2) 簽名時的日期和時間;
(2) The date and time when thesignature was executed; and
 
(3) 簽名相關的含義(如評審、批準、職責或身份)。
(3) The meaning (such as review,approval, responsibility, or authorship) associated with the signature.
 
(b) 上述3個項目也應執行和電子記錄同樣的控制,并應包含在任何可閱讀的電子記錄表格中(如電子顯示或打?。?。
(b) The items identified inparagraphs (a)(1), (a)(2), and (a)(3) of this section shall be subject to thesame controls as for electronic records and shall be included as part of anyhuman readable form of the electronic record (such as electronic display orprintout).
 
11.70 簽名/記錄鏈接
Sec. 11.70 Signature/record linking.
 
電子簽名和電子記錄加手寫簽名應和相應的電子記錄進行鏈接,以確保簽名不能通過通常手段被切除、復制或轉移來偽造電子記錄。
Electronic signatures andhandwritten signatures executed to electronic records shall be linked to theirrespective electronic records to ensure that the signatures cannot be excised,copied, or otherwise transferred to falsify an electronic record by ordinarymeans.
 
C部分電子簽名
Subpart C--Electronic Signatures



11.100 通用要求
Sec. 11.100 General requirements.
 
(a) 每個電子簽名對于每個人應是唯一的,不能夠被其他任何人再次使用或分配。
(a) Each electronic signature shallbe unique to one individual and shall not be reused by, or reassigned to,anyone else.
 
(b) 在組織建立、分配、認證或批準某人的電子簽名或其組成要素之前,組織應驗證該人的身份。
(b) Before an organizationestablishes, assigns, certifies, or otherwise sanctions an individual'selectronic signature, or any element of such electronic signature, theorganization shall verify the identity of the individual.
 
(c) 在使用電子簽名前,人員應向機構證明在1997年8月20日之后系統中的電子簽名預期與傳統的手寫簽名是合法等同的。
(c) Persons using electronicsignatures shall, prior to or at the time of such use, certify to the agencythat the electronic signatures in their system, used on or after August 20,1997, are intended to be the legally binding equivalent of traditionalhandwritten signatures.
 
(1) 證明應以紙質形式遞交區域運營辦公室(HFC-100),5600 Fishers Lane, Rockville, MD 20857,并簽署傳統的手寫簽名。
(1) The certification shall besubmitted in paper form and signed with a traditional handwritten signature, tothe Office of Regional Operations (HFC-100), 5600 Fishers Lane, Rockville, MD20857.
 
(2) 使用電子簽名的人員根據機構要求,應提供額外的證明或證據以證明特定的電子簽名同簽署人的手寫簽名是合法等同的。
(2) Persons using electronicsignatures shall, upon agency request, provide additional certification ortestimony that a specific electronic signature is the legally bindingequivalent of the signer's handwritten signature.
 
11.200 電子簽名的組成和控制
Sec. 11.200 Electronic signature components and controls.
 
(a) 非基于生物識別的電子簽名
(a) Electronic signatures that arenot based upon biometrics shall:
 
(1) 采用至少兩種獨特的識別部分,如一個識別碼和密碼。
(1) Employ at least two distinctidentification components such as an identification code and password.
 
(i) 當某人在一次持續的控制系統進入后,執行了一系列的簽字,那么第一次簽字應使用所有的電子簽名組成部分;接下來的簽字應至少使用一個電子簽名組成部分,且從設計上僅可以由該人執行和使用。
(i) When an individual executes aseries of signings during a single, continuous period of controlled systemaccess, the first signing shall be executed using all electronic signaturecomponents; subsequent signings shall be executed using at least one electronicsignature component that is only executable by, and designed to be used onlyby, the individual.
 
(ii) 當一個人不在一次持續的控制系統進入中執行一個或多個簽字時,每個簽字都應使用所有的電子簽名組成部分。
(ii) When an individual executes oneor more signings not performed during a single, continuous period of controlledsystem access, each signing shall be executed using all of the electronicsignature components.
 
(2) 僅能由真正的所有者使用;
(2) Be used only by their genuineowners; and
 
(3) 通過適當的管理和執行,以確保非真正所有人的任何其他人嘗試使用電子簽名時,需要兩個或多個人的協助。
(3) Be administered and executed toensure that attempted use of an individual's electronic signature by anyoneother than its genuine owner requires collaboration of two or more individuals.
 
(b) 基于生物識別的電子簽名應通過設計確保簽名不可以被除真正所有人的其他任何人所使用。
(b) Electronic signatures based uponbiometrics shall be designed to ensure that they cannot be used by anyone otherthan their genuine owners.
 
11.300 識別碼/密碼的控制
Sec. 11.300 Controls for identification codes/passwords.
 
使用基于識別碼和密碼組合的電子簽名的人員應采用合適的控制,以確保安全性和可靠性。此類控制應包括:
Persons who use electronicsignatures based upon use of identification codes in combination with passwordsshall employ controls to ensure their security and integrity. Such controlsshall include:
 
(a) 維持每個識別碼和密碼組合的唯一性,如沒有兩個人擁有相同的識別碼和密碼組合。
(a) Maintaining the uniqueness ofeach combined identification code and password, such that no two individualshave the same combination of identification code and password.
 
(b) 確保識別碼和密碼的發放是定期檢查、召回或修改的(例如使用密碼的有效期)。
(b) Ensuring that identificationcode and password issuances are periodically checked, recalled, or revised(e.g., to cover such events as password aging).
 
(c) 對于電子授權丟失、被盜、失蹤或受到潛在影響的代幣、卡片和其他擁有和產生識別碼和密碼信息的設備遵守遺失管理程序,并根據適當和嚴格的控制發放臨時或永久的替代物。
(c) Following loss managementprocedures to electronically deauthorize lost, stolen, missing, or otherwisepotentially compromised tokens, cards, and other devices that bear or generateidentification code or password information, and to issue temporary orpermanent replacements using suitable, rigorous controls.
 
(d) 使用交易安全保障來防止密碼和識別碼的非授權使用,對系統安全單元的任何非授權使用嘗試進行探測,并立刻向組織管理層緊急報告
(d) Use of transaction safeguards toprevent unauthorized use of passwords and/or identification codes, and todetect and report in an immediate and urgent manner any attempts at theirunauthorized use to the system security unit, and, as appropriate, toorganizational management.
 
(e) 對設備進行初次和定期測試,如擁有和產生識別碼和密碼信息的代幣或卡片,以確保物品功能正常,并且沒有被非授權地更改。
(e) Initial and periodic testing ofdevices, such as tokens or cards, that bear or generate identification code orpassword information to ensure that they function properly and have not beenaltered in an unauthorized manner.
 

国产学生情侣久久av免费看 越南少妇毛茸茸的大BBW,越南小妓女BBWWBBWW,老熟妇毛茸茸BBW视频| 我被两个老外抱着高爽翻了,娇妻被黑人杂交下呻吟,两根黑人粗大噗嗤噗嗤视频| 国产av无码专区亚洲a√,狠狠色噜噜狠狠狠狠7777米奇,奇米综合四色77777久久