General Procedure Corporate Manual

Number / version: Document name:

CPR-13-02-a
计算机系统验证
翻译：李劲晖
1. REFERENCE TO A POLICY 相关方针
1.1. CPO-13: Validation. 验证

2. PURPOSE 目的
1.2. The purpose of this procedure is to harmonise the structure and
principles of computer systems validation within Actavis.　
此程序目的是规范阿特维斯的计算机系统验证

3. SCOPE 范围
1.3. This procedure pertains to all computer systems which are
considered to be GXP critical and for which validation has been deemed
necessary.
此程序适用于所有涉及 GXP 要求的确定需要验证的计算机系统

4. RESPONSIBILITY 职责
1.4. It is the responsibility of the relevant department manager to
ensure that GXP critical computer systems are validated.
各相关部门经理负责确保涉及 GXP 要求的计算机系统经过验证。
1.5. It is the responsibility of the Quality Affairs manager, in cooperation
with relevant department managers of each site to delegate responsibility for
computer systems validation and to ensure that adequate resources are
available to perform the necessary validations.
质量事务经理负责协调各区域的相关部门经理分配计算机系统验证职责，以确保适当的资
源实施必要的验证。
1.6. The individuals in charge of computer systems validation at each
site are responsible for the relevant Validation Project Plan(s) and the overall
progress of validation activities.
各区域负责计算机系统验证的个人负责相关的验证项目计划及整个验证过程。

5. DEFINITIONS 定义
1.7. Computer System: A system of one or more computers and
associated software.
计算机系统：由一个或多个计算机及关联软件组成的系统。
1.8. Computer System Validation: Documented evidence that a
computer system conforms consistently to user requirements and is under
control and qualified for its intended use. The completed validation
deliverables with references to or including the applicable supporting
documents constitute the validation package.
计算机系统验证：证明一个计算机系统符合设计要求、受控并且始终如一地满足用户需求
的形成文件的行为。

Actavis Group This document is uncontrolled if printed out Page 1 of 5

 Number / version: Document name:
CPR-13-02-a Computer System Validation

1.9. Installation Qualification (IQ): Documented verification that a

computer system is installed according to written and pre-approved
specifications.
安装确认（IQ）：证明一个计算机系统已经按照所描述并预先批准的标准进行安装的形成
文件的行为。
1.10. Legacy System: The name given to an old hardware or software
system that has been in use for some time and is considered outdated.
遗留系统：已经使用一段时间并且确认过时的旧硬件或软件的名称
1.11. Operational Qualification (OQ): Documented verification that a
computer system operates according to written and pre-approved specifications
throughout all specified operating ranges.
运行确认（OQ）：证明一个计算机系统全部规定的操作范围均完全符合所描述并预先批
准的标准的形成文件的行为。
1.12. Performance Qualification (PQ): Documented verification that a
computer system is capable of performing or controlling the activities of the
processes it is required to perform or control, according to written and pre-
approved specification, while operating in its specified operating environment.
性能确认（PQ）：证明一个计算机系统在指定的操作环境下能够按照所描述并预先批准的
标准履行或控制它所需要履行或控制的程序活动的形成文件的行为。
1.13. Risk Assessment: The method used to assess the GXP risks
associated with computer systems in order to evaluate the need, scope and
extent of validation.
风险评估：用于评估计算机系统与 GXP 风险的关系以评估其验证的需要、范围及程度的方
法。

6. PROCEDURES 规程

General 概要
1.14. Each site shall have an inventory list over computer systems in use,
with their GAMP (Good Automated Manufacturing Practice) classification, GXP
criticality, the extent of validation required and the validation status.
每一个场所均应有在用计算机系统的详细清单及其 GAMP（良好自动制造行为规范）分类，
GXP 风险程度，需要验证的程度及验证情况。
1.15. Actavis shall review and approve validation protocols that are
purchased from a vendor, prior to the validation.
在验证前，阿待维斯应复核及批准从供应商购买的验证草案。
1.16. When validation activities are conducted by a vendor, the validation
work shall be witnessed by Actavis personnel. When the validation is completed
the validation report shall be approved by Actavis.
当验证活动由供应商管理时，验证工作应由阿待维斯人员证明。当验证结束时，验证报告
应由阿待维斯批准。

Actavis Group This document is uncontrolled if printed out Page 2 of 5

 Number / version: Document name:
CPR-13-02-a Computer System Validation

Computer Systems Validation Project Plan (VPP) 计 算 机 系 统 验 证 项 目 计 划

（VPP）
1.17. For each facility a Computer Systems Validation Project Plan will be
issued. The VPP defines the scope and schedules for the validation activities
and will be updated as the validation activities progress. A VPP should include
at least, but is not limited to the following:
对于每一设施，必须发行计算机系统验证项目计划。VPP 详细说明验证活动范围及时间表
并根据验证活动进程更新。一份 VPP 至少但不限于包括以下内容：
 The scope of the computer system validation activities.
计算机系统验证活动涉及的范围。
 A description of the facility.
设施的描述。
 A list of relevant personnel and their associated responsibilities.
相关人员的清单以及他们相应的责任。
 A list of computer systems for which validation has been deemed
necessary according to risk assessment.
设备和系统的清单，以风险评估为依据确定其验证的必要性。
 A schedule for validation activities.
验证活动的时间表。
 A description of the computer system validation methodology.
计算机系统验证方法的描述。
 A description of the document management.
文件管理的描述。
1.18. The Computer System Validation Project Plan shall be updated at
least every three years.
计算机系统验证项目计划应该至少每三年更新一次。
1.19. Standardised form for a Computer System VPP is issued as part of
this Manual.
计算机系统验证项目计划的标准形式作为本手册的一部分发行。

User Requirement Specification (URS) 用户需求标准（URS）

1.20. Where appropriate, a URS will be documented in a clear, concise
and testable manner. The URS will outline the basic requirements for a
computer system and therefore contains a set of criteria or conditions that
have to be met.
在适用时，URS 应以清晰、简明及可检测的方式进行归档， URS 应描述计算机系统的甚佳
础需求，从而包含一套需要满足的标准或条件。
1.21. Standardised form for a URS is issued as part of this Manual.
URS 的标准形式作为本手册的一部分发行。

Functional Specification 功能标准

1.22. For complex computer systems a functional specification may be
issued. The document includes technical details on the functions of the system.
The functional specification defines a system to meet the user’s needs, as
described in the URS.
对于复杂的计算机系统可以发行功能标准。该文件包括该系统功能的详细技术资料。功能
标准详细说明一个系统如何实现在 URS 中描述的用户需求。

Actavis Group This document is uncontrolled if printed out Page 3 of 5

 Number / version: Document name:
CPR-13-02-a Computer System Validation

Design Specification 设计标准

1.23. For complex computer systems a design specification may be issued.
The document will define the software and hardware modules that will form
the complete system and the interfaces between these modules.
对于复杂的计算机系统可以发行设计标准。该文件详细说明组成计算机系统的软件及硬件
的模块及这些模块间的界面。

Validation Plan 验证计划

1.24. A validation plan is generated for each computer system for which
validation has been deemed necessary. The validation plan summarises what
will be done, how it will be conducted, who is responsible, necessary
documentation, resource required, the overall acceptance criteria for the
validation and how the validation status will be maintained.
对于确认需要验证的每个计算机系统均要拟定验证计划。验证计划概述将要做什么、如何
操控、认负责、必需的文件、资源需求、验证的总体可接受标准及验证状态如何维护。

Qualification Protocols 确认方案

1.25. Qualification of computer systems will be performed using
Installation Qualification, Operational Qualification and/or Performance
Qualification protocols as defined in the Validation Plan.
计算机系统的确认要根据验证计划的要求完成安装确认、运行确认及/或性能确认方案。
1.26. If data are transferred from a legacy system to a new system, the
data conversion requirements, design, and testing must be addressed as a part
of the validation.
如果数据由遗留系统转移至新系统，则数据的转换需求、设计及测试必须作为验证的一部
分。
1.27. When computer validation activities are conducted by a vendor,
Actavis is ultimately responsible for the validation. Therefore, if a vendor
conducts a portion of the validation activities, the responsibilities of the vendor
must be documented.
当计算机系统的验证活动由供应商管理时，验证最终由阿特维斯负责。

Validation Report 验证报告

1.28. Upon completion of qualification and signed acceptance of all
qualification protocols, a Validation Report is generated. The report cross-
references the qualification protocols, summarises the results obtained during
the qualification, comments on deviations observed and changes to the
validation plan. Acceptance signatures of the validation report indicate that
the validation activity has been completed successfully and the computer
system is ready for use.
在完成各项确认并签署接受各项确认草案后，要书写验证报告。验证报告交叉对照各个确
认草案，总结在确认过程中获得的结果，解释与验证方案的偏差及变更。验证报告的最终
接受签署表明验证已经成功地完成。

Validation of Legacy Systems 遗留系统的验证

1.29. A risk based approach shall be used in the evaluating the validation
approach of legacy systems. The main factors that must be evaluated are risk

Actavis Group This document is uncontrolled if printed out Page 4 of 5

 Number / version: Document name:
CPR-13-02-a Computer System Validation

to public health and safety, risk to the business, expected lifetime and history
of use. The validation work is the same as listed above but the extent of the
effort is based on the evaluation.
由于使用的风险将会用于评估遗留系统的验证使用。必须评估的主要因素有：公众健康安
全的风险、商业风险、预期寿命、使用历史。验证工作与上述一样，但进行的程度是基于
评估。

Change Control / Revalidation 变更控制/再确认

1.30. All changes made to validated computer systems are documented
according to a written procedure. Likely impact on GMP of all changes made to
computer systems must be evaluated with a risk based approach. Changes that
can impact product quality may require full or partial revalidation of the
computer system. The need for revalidation or re-qualification is determined
and documented as a part of the change control system at each site.
已验证的计算机系统发生的所有变更要根据规定的程序进行文件归档。发生在计算机系统
上的有可能影响 GMP 的所有变更必须经过使用风险评估。对产品质量有影响的变更可能
需要对计算机系统进行全面或部分的再验证。再验证或再确认的需求要明确并应作为各区
域变更控制系统的一部分进行文件归档。
1.31. For critical system a separate test environment should be
established in order to minimise the risk to the operational environment.　
对于关键系统，应建立一个独立的测试环境应以尽是减少操作环境的的风险。

Validation Status Review 验证状况回顾

1.32. In order to maintain the validation and GMP status of computer
systems, validation documents and change control history are reviewed at least
every other year. The conclusion of the Validation Review Report will
determine the validation status of the computer system and if revalidation is
required.
为了维护计算机系统的验证及 GMP 状况，至少每年一次对验证文件及变更控制历史进行
回顾，验证回顾报告的结论将决定计算机系统的验证状况以及是否需要再验证。

Retirement 退役
1.33. Retirement of validated computer systems shall be documented. A
backup of the system software and a copy of system documentation shall be
retained and stored with the Retirement Protocol for a defined period of time.
已验证的计算机系统的退役需要有文件归档。系统软件的备份和系统文件副本应与退役方
案一起保存至确定的时间。
1.34. If the system data is not transferred onto a new computer system, it
shall be backed up and retained for minimum of 11 years (any data which
product registration is based on may need to be kept for a longer period of
time). If the system hardware is specially designed for the system it shall be
retained with the data.
如果系统数据没有转移到新的计算机系统，应有备份并保存至少 11 年（产品注册的基础
数据需要保存更长时间）。如果系统硬件是为系统特别设计的，它应与数据一起保存。

Actavis Group This document is uncontrolled if printed out Page 5 of 5