OMCL Network of the Council of Europe

QUALITY ASSURANCE DOCUMENT

PA/PH/OMCL (08) 69 3R

VALIDATION OF COMPUTERISED SYSTEMS

计算机化系统的验证

CORE DOCUMENT

核心文件

Full document title and reference Validation of COmputerised Systems – Core Document

文件全名和索引号 PA/PH/OMCL(08)69 3R

Document type 文件类型 Guideline

Legislative basis 立法基础 -

Date of first adoption May 2009

首次发行日期

Date of original entry into force July 2009

首次执行日期

Date of entry into force of revised document -

修订后执行日期

Previous titles/other references -

原文件名/其它索引号

Custodian Organisation The present document was elaborated by the OMCL

保管机构 Network/ EDQM of the Council of Europe

Concerned Network GEON

相关网络
 VALIDATION OF COMPUTERISED SYSTEMS

计算机化系统验证

CORE DOCUMENT

核心文件
SCOPE 范围
This guideline defines basic principles for the validation of computerised systems
used within Official Medicines Control Laboratories (OMCLs) with impact on quality of
results. The purpose of this validation is to guarantee the confidence in scientific results
obtained with each computerised system. A validated system ensures accurate results and
reduces the risk of failure of the system.
本指南给出了在 OMCL 化验室使用的计算机化系统验证的基本原则。本验证的
目的是保证由每个计算机化系统所得到的科学结果的可信性。一个验证体系会保证
准确的结果，降低系统失败的风险。
This document covers in-house and commercial software for calculation, database
computerised systems, Laboratory Information Management Systems (LIMS), Electronic
Laboratory Notebooks (ELN) and computers as part of test equipment.
本文件包括了内控和商业计算软件，数据库计算机化系统，化验室信息管理系
统（LIMS），化验室电子笔记本（ELN）和计算机作为检测仪器的一部分。
INTRODUCTION 介绍
This guideline outlines general validation principles for computerised systems of
OMCLs in accordance with ISO/IEC 17025. It gives general requirements and it also lists
the minimum elements required for the validation of different types of software. Actually,
due to the great variety of software, it is not possible to state in one single document all
the specific validation elements that are applicable.
本指南给出了根据 ISO/IEC 17025 制订的 OMCL 计算机化系统通用验证原则的
纲要。它给出了通用要求，同时列出了对不同软件类型的验证所需的最低元素清单。
实际上，由于软件之间差异巨大，不可能在一个文件中给出所有实用的特定的验证
元素。
This guideline is intended for use by OMCLs working under Quality Management
Systems based on the ISO/IEC 17025 standard, which use computerised systems for a
part or the totality of the processes related to the quality control of medicines, and it is not
addressed to manufacturers working under GMP requirements.
本指南是提供采用计算机系统作为一部分或全部药品质量控制有关的过程的
OMCL，在基于 ISO/IEC 17025 标准的质量管理系统的工作使用，不是针对在 GMP
要求下工作的供应商。
In order to simplify the management of the guideline, the present document contains
only a general introduction and general requirements for different types of computerised
systems. The core document is supplemented with system-related annexes, containing
additional requirements and/or practical examples of validation documentation, which are
to be used in combination with the general recommendations given in the core document.
 为了简化指南的管理，本文件仅包括通用介绍和不同计算机化系统类型的通用
要求。本核心文件增补有系统相关附件，包括额外要求和/或部分验证文件举例，这
些可以与核心文件中给出的通用推荐结合使用。
The list of annexes, included in this document, will be updated as soon as new
annexes are issued.
一旦新的附件签署，包括在本文件的附件清单将会被更新。
This document should be considered as a guide to OMCLs for planning, performing
and documenting the validation of their computerised systems. It should not be taken as a
list of compulsory requirements. It is left to the professional judgement and background
experience of each OMCL to decide on the most relevant procedures to be undertaken in
order to give evidence that their computerised systems are working properly and are
appropriate for their intended use.
应将本文作为 OMCL 计划、实施和记录计算机化系统验证时的指南，而不是作
为一个强制的清单。应该由专家判断和每个 OMCL 背景经验来决定，为了给出证据
说明各实验室的计算机化系统正常工作并适合其用途，哪些最相关的程序是需要执
行的。

DEFINITIONS 定义
Computer system: Computer hardware components assembled to perform in
conjunction with a set of software programmes, which are collectively designed to
perform a specific function or group of functions.
计算机系统：组装起来的计算机硬件组件，与一系列软件程序相关联，组合设
计可以实施一个特定功能或一些功能。
Computerised system: a computer system plus the controlled function that it operates.
Includes hardware, software, peripheral devices, personnel, and documentation; e.g.,
manuals and Standard Operating Procedures (SOPs).
计算机化系统：一个计算机系统和其操作的控制功能。包括硬件、软件、外围
设备、人员和文件，例如手册和标准操作程序（SOPs）。
Commercial (off-the-shelf, configurable) software: Configurable programmes that
can be configured to specific user applications by “filling in the blanks”, without altering
the basic programme.
商业（集成、已设定参数）软件：可以由指定用户通过“填写空白”设定参数的
程序，不改变基本程序
In-house developed software: system developed by the user (or by a contracted
company), with the purpose of specifically meeting a defined set of user requirements.
自主开发的软件：由用户自己（或由合同公司）开发的系统，可以满足用户设
定的专用目的
Electronic laboratory notebook (ELN): software programme designed to replace
paper laboratory notebooks.
化验室电子笔记本（ELN）：设计用于代替纸质化验室笔记本的软件程序
Laboratory Information Management System (LIMS): Automated laboratory systems
that collect and manage data.
化验室信息管理系统（LIMS）：可以收集和管理数据的自动化实验室系统
 1. HARDWARE 硬件
The hardware used shall fulfil the technical requirements so that the work to be
completed can be carried out. Such requirements include e.g. minimum system
requirements indicated by the manufacturer of the equipment. These requirements should
be predefined in accordance with the intended use.
使用的硬件应满足技术规格要求，使得需要完成的工作可以实施。这些规格要
求包括，例如由仪器供应商指出的最低系统要求。这些要求应根据用途预先设定。
The hardware components shall be installed by skilled personnel (e.g. staff from the
Information Technology (IT) Unit, the technician from the manufacturer of the equipment,
or other trained personnel), and shall be checked for their functionality and compared
with the requirements.
硬件组件应由熟练的人员安装（例如 IT 部门的员工，设备供应商的技术人员，
或其它经过培训的人员），应检查组件的功能并与规格要求相比较。
Computerised systems that are part of test equipment must be labelled
unambiguously.
作为检测仪器的一部分的计算机化系统必须清楚地进行标识。
For computerised systems which are components of test equipment, records must be
kept on hardware configuration, installation and changes. These records can be entered in
the logbook of the test equipment.
对于检测仪器的组件的计算机化系统，必须保存硬件参数、安装和变更的记录。
这些记录可以输入检测仪器的日志中。
2. GENERAL REQUIREMENTS FOR SOFTWARE 软件通用要求
Inventory 系统清单
An inventory or listing of all computerised systems should be available.
一个计算机化系统的清单应保存
The following minimum information should be included in the computerised systems
inventory:
以下最少的信息应包括在计算机化软件的系统清单中
— unique identification
— 唯一识别
— Purpose
— 目的
— validation status
— 验证状态
— physical or storage (drive and files path) location of the software and related
documentation
— 软件和相关文件的物理或贮存（驱动器和文件路径）位置
— responsible or contact person
— 负责人或联系人
In the case of local installation (workstation), each copy of the software needs its
own unique identification.
 如果在本地进行安装（工作站），每个软件的复制件均需要其唯一的识别号。
In the case of software related to scientific equipment (e.g. HPLC) its identification
(such as license number or serial number, and version number) should be independent
from the equipment identification, whenever possible.
如果软件与科学仪器相关（例如 HPLC），只要是在可能的情况下，其识别号
（例如许可号或序列号，和版本号）应独立于仪器识别号。
Validation of the software 软件验证
Prior to routine use, the software should be validated.
在日常使用前，软件需要进行验证。
Validation consists in confirmation by examination and provision of objective
evidence that software specifications conform to user needs and intended uses, and that
the particular requirements implemented through software can be consistently fulfilled.
验证包含在相关的检查确认和客观证据内容中，包括软件规格是否符合用户需
求和所设定的使用目的，以及软件应用的特殊规格要求可以持续地得到满足。
Change control 变更控制
In case of changes in the software, the validation status needs to be re-established. If
a revalidation analysis is needed, it should be conducted not just for validation of the
individual change, but also to determine the extent and impact of that change on the entire
computerised system.
如果变更是针对软件的，验证状态需要更新。如果需要一个再验证分析，则应
进行再验证分析，这个分析不仅是针对单个的变更的验证，同时应确认其验证深度
和变更对整个计算机化系统的影响。
In the same way, changes in the computer environment could have an impact on the
software running. In this case, a revalidation could be required.
同样，对于计算机环境的变更可能会影响到软件运行。在此情况下，可能需要
进行再验证。
In both cases, the extent of the revalidation will depend on the nature of the change.
The nature of the changes should be documented.
两种情况下，再验证的深度均取决于变更的性质。变更的性质应有记录。
Automatic updates should ideally be controlled by IT or a system administrator and
installed at pre-defined dates to minimize both disruption and unexpected behaviour of
the system. Following installation of updates, verification should be carried out, the extent
of which will depend on the extent of the update(s). Each update should be documented.
自动升级的理想情况是由 IT 来控制，或者由系统管理员控制，并在预订的日期
进行安装，以最大程度减小对系统的干扰和意外行为。在升级安装完成后，应进行
验证，验证的深度取决于升级的深度。每一次升级均应该记录。
Note: this does not necessarily apply to service patches for commercial office
software.
注：对于商业办公软件的服务补丁，可能不需要这些工作。
Verification of the software 软件确认
Commercial software should be checked at installation.
商业软件在安装时应进行检查。
Concerning in-house software, it should be verified not only at installation but also
on a regular basis to avoid any error and guarantee good results. The regularity of the
verification depends on software safety, usage frequency and the possible impact, if there
is a failure.
对于自主开发的软件，应不仅对安装进行确认，还要进行常规确认，以避免任
何错误及保证良好结果。确认的常规性取决于软件的安全性，使用频次和可能的影
响，如果有失败的话。
In both cases, the OMCL?s policy should be described in a procedure.
OMCL 的政策应在某个程序中描述以上两种情况。
Protection of the software 软件保护
Software must be protected against any intrusion that could generate wrong scientific
results. One way could be to secure software or computers/systems access by a password.
It must also be protected against any external interference that could change the data and
affect the final results.
软件应受到保护，使其不会受到干扰而产生错误的科学结果。保护软件或计算
机/系统的一个方法是使用密码登录。同时还必须保护使其不受到任何外来干扰而改
变数据及影响最终结果。
Backup 备份
Traceability must be ensured from raw data to results. If all or part of the traceability
of parameters relevant for the quality of the results is available only in electronic form, a
backup process must be implemented to allow for recovery of the system following any
failure which compromises its integrity. Back up frequency depends on data criticality,
amount of stored data and frequency of data generation.
必须保证从原始数据到结果的可追溯性。如果与结果质量相关参数的所有或部
分追溯性仅采用电子形式，则需要有备份程序以允许在任何失败后进行系统恢复，
以保证其完整性。备份频次取决于数据是否关键，存贮数据的数量和数据产生的频
次。
The OMCLs should have a policy and procedure in place for ensuring the integrity
of backups (secure storage location, adequately separated from the primary storage
location, etc) – this may be part of a more general ?disaster recovery plan?.
OMCL 应制订政策和程序以保证备份的完整性（保护贮存位置，与原始存贮位
置有充分分开等）--这可能是“灾难恢复计划”的一部分。
A procedure for regular testing of backup data (restore test), to verify the proper
integrity and accuracy of data, should be also in place.
对于备份数据应有一个常规测试的程序（恢复测试），以确认数据完整性和准
确性。
Archive of superseded software versions 软件前版本的存档
Superseded versions of software should be archived (if required for access to
historical data) for at least 5 years[1] in a retrievable and readable electronic format.
软件的前版本应进行保存（如果需要进入历史数据）至少 5 年，且应是可以恢
复和可读的电子格式。
Note: this requirement is not applicable to commercial off-the-shelf office software
(including service patches), software that is archived by a qualified subcontractor or when
historical data (raw data and results) are documented in paper format
 注：这个要求不适用于商业现成的应用办公软件（包括服务补丁），不适用于
由有资质的分包商进行存档的软件或当历史数据采用纸质方式存档的情况（原始数
据和结果）。
Identification of software version 软件版本的识别
The version and name of the software should be displayed to the user at an
appropriate stage of the operation of the software (e.g. on the screen when opening the
application) and it should be traceable in any reports generated by the software.
软件的名称和版本号应在进行软件操作过程适当的进程中显示给用户（例如当
启动应用软件时显示在屏幕上），且在软件形成的任何报告中均应可追溯。
For laboratory software on computers as part of test equipment, software updates
including the version number should be traceable in the equipments? log book.
对于作为检测仪器一部分的计算机上的化验室软件，软件升级，包括版本号均
应在仪器的日志上可追溯。
Review of computerised systems 计算机化系统回顾
Risk management activities and/or audits should be performed on a regular basis for
computerised systems.
应对计算机化系统进行常规的风险管理活动和/或审计。
Training of software operators 软件操作人员的培训
Correct operation of the software should be ensured. This may be done either by
appropriate and documented training or through detailed information in the relevant
SOPs.
必须要保证软件的正确操作。这可以通过适当的，经过记录的培训来进行，或
通过在相关 SOP 中所载的详细信息。

3. VALIDATION OF CALCULATION SOFTWARE 计算软件的验证

Commercial or in-house developed software may be used for calculation and data
analysis.
商业或自主开发软件都可能会被用于计算和数据分析。
The requested documentation/information, applicable to both commercial and for
in-house developed software for calculations, is shown in Table I.
要求的文件/信息，适用于商业软件和自主开发计算软件，显示在表 1 中
a) Commercial software 商业软件
If several pieces of commercial software are available, the laboratory should select
the one that better fits the intended purpose.
如果有几个商业性软件均可用，实验室应选择更适用于其用途的一个。
According to ISO/IEC 17025 standard[2], commercial off-the-shelf software (e.g.
word-processing, database and statistical programmes), in general use within their
designed application range, may be considered to be sufficiently validated. However,
laboratory software configurations/modifications should be validated.
根据 ISO/IEC 17025 标准， 商业现成的应用软件（例如文字处理软件，数据库
和统计程序），一般在其设计的应用范围使用，可以作为已经过充分验证。但是，
化验室软件参数赋值/修改需要进行验证。
 A reduced validation procedure (of these configurations/modifications) is acceptable
if the documentation supplied with the commercial off-the-shelf product has been
reviewed and considered as fulfilling the user requirements.
如果商业现成的应用产品提供的文件已经过审阅，并被认为满足用户需求的话，
可以接受（对这些参数赋值/修订）只进行简化的验证程序。
b) In-house software 自建软件
If in-house software are used, they are under the supervision of the main user; they
must be validated, checked and secured. For more details on validation, see Annex 1.
如果使用了自建软件，则应处于主使用者的监督之下，还必须进行验证、检查
和保护。关于验证的细节，参见附件 1.
General requirements: 一般要求
— Concerning spreadsheets (e.g. Excel?), for security reasons, all cells
including calculations must be locked in such a way that formulas are not accidentally
overwritten. Free access should only be given to cells to be filled in with data. Formulas
should also be protected from accidental input of inappropriate data type (e.g. text in a
numeric field).
— 关于应用表格（例如 EXCEL），出于安全原因，所有包括计算的单元格
必须锁定，以免其中的计算公式被意外改写。仅需要输入数据的单元格才可以被输
入内容。另外还需要设定对不适当数据类型的意外输入（例如在数字区域输入文本）
— Each calculation algorithm should be tested with another validated software
(the software version used for the calculations should be traceable in the records) or by a
pocket calculator and documented or in comparison with published data.
— 每个计算运算应采用另一个验证过的软件进行测试（用于计算的该软件
版本应在记录中可追溯），或者采用手工计算器，并记录与出版的数据进行比较。
— A known dataset should be used for the verification of the software, for
which the expected final results are identified.
— 应使用一个已知的数据集来对软件进行确认，该软件中应给出期望的最
终结果。

Table I: Software documentation 表 1：软件文件

Information/documentation that should be available Commercial In-house
需要的信息/文件 商业的 内控的
Name, version and unique identification of the software
X X
软件名称、版本和唯一识别
Original files (CD-ROM…) or storage location to install the software and
software to manage the computer environment
X X
原始文件（CD-ROM。。。）或安装软件的存贮位置，管理计算机环
境的软件
Date at which the software was put into operation
X X
软件投入使用的日期
Current physical location, where appropriate
X X
目前的物理存贮位置，如适用
Responsible person in charge of the software
X X
管理软件的负责人
Manufacturer’s name, license number and serial number or other unique
identification X
供应商名称、许可证号和序列号或其它唯一的识别号
Conditions under which the software runs, where applicable (hardware,
operating system….) X X
软件运行的条件，适用时（软件、操作系统。。。）
Manufacturer’s certificate of validation, if available
X
供应商验证证明，如有
Manufacturer’s instructions, if available, or reference to their location
X
供应商提供的指南，如有，或其位置的索引号
Documentation on validation of configurations/modifications performed by
the user that may impact the results (see Annexes)
X X
用户修改后或重新设置参数后可能会影响结果的参数/修订的验证文件
（见附件）
Name of the person who developed and validated the software, and the date
of validation X
研发和验证软件的人员姓名，验证日期
Source code, if available
X
源代码，如有
Operating rules, where appropriate
X
操作规则，如适用
Documentation on software regular verification
X
软件日常确认的文件
Documentation on software validation (see Annexes)
X
软件验证文件 （见附件）
Follow-up of encountered failures, maintenance of the process, updated
versions and , where appropriate, configuration management X X
遭遇失败、过程维护、版本升级、参数管理（如适用）的跟踪

4. VALIDATION OF DATABASE COMPUTERISED SYSTEMS 计算机化系

统数据库的验证
Databases used for the storage and retrieval of test results and preparation of test
reports, which have been developed in-house by using commercial software (e.g.
Access?), in its normal configuration, are considered to be sufficiently validated.
用于检验结果和检验报告制作的存贮和恢复的数据库，如果是公司采用商业软
件（例如 ACCESS）进行了自主开发，在其常规参数时，可以认为是已经过了充分
验证。
Nevertheless, the following minimum documentation/information has to be kept up
to date, in the corresponding file of each database:
无论如何，最少以下的文件/信息必须要保持与每个数据库的文件同步更新
— A schematic representation of the database.
— 数据库的纲要表述
 — Changes to forms, queries, macros, field types or properties that could have
an impact on the quality of results should be traceable.
— 表格的变更，询问，宏，域类型或可能会对质量结果造成影响的特性需
要是可追踪的
— Each user should have a personal access code.
— 每个用户应有一个个人进入代码
— User rights should be defined.
— 用户权限应进行定义
— Operating rules should be recorded.
— 操作规则应记录
— Any modification for improvement or failure should be documented.
— 所有的改进性修订或失败均应进行记录

5. VALIDATION OF LIMS and ELN 化验室信息管理系统和电子笔记本的验

证
For commercial Laboratory Information Management System (LIMS) and Electronic
Laboratory Notebook (ELN), system validation must ensure that the entire system has
been properly tested. For more details on validation, see Annex 2.
对于商业化验室信息管理系统（LIMS）和实验室电子笔记本（ELN），系统验
证必须要保证整个系统经过适当测试。验证的细节参见附件 2.
Validation of any modification, configuration or calculation that may have an impact
on the results are under the users? responsibility (see chapter 3.a and table 1 for
commercial software).
对于任何可能会对结果产生影响的修改、给参数赋值或计算的验证应归属于使
用者职责范围。（见第 3 章 a 和表 1 商业软件）
6. VALIDATION OF COMPUTERS AS PART OF TEST EQUIPMENT 作为
检验仪器一部分的计算机的验证
In some test methods (e.g. HPLC, particle counting), test equipment is used, which is
controlled by computerised systems. In doing so, the raw data are in general also
evaluated directly via the computer. The quality of such test results is thus largely
dependent on the correct use of the software and the functionality of the computerised
system. For more details on validation, see Annex 3.
在一些检测方法中（例如 HPLC，粒径计数），使用了由计算机化系统控制的
检测设备。在这样做的时候，原始数据一般也会由计算机直接评价。这些检验结果
的质量因而很大程度上取决于对软件及计算机化系统功能的的正确使用。更多验证
细节参见附件 3.
As part of the equipment qualification, the computerised system, together with the
software relating to it must be validated with regard to reliability, accuracy, and
reproducibility (it may however be sufficient to qualify the testing equipment with the
software as a whole).
作为仪器确认的一部分，计算机化系统和与其相关的软件必须验证其可靠性、
准确性和重复性（它可能足以对仪器和软件同时进行确认）。
A revalidation is required if modifications to the computerised systems (hardware or
software) might influence the quality of the test results.
 如果对计算机化系统（硬件或软件）进行了可能影响检测结果的质量的修订，
则需要进行再验证。

REFERENCES 参考文献
For all references, the latest version applies.
所有参考文献均以最新版本为准
1) Good Automated Manufacturing Practices (GAMP).
优良自动化生产规范
2) Good Practices for Computerized Systems in regulated “GXP” environments.
Pharmaceutical Inspection Convention/Pharmaceutical Inspections Co-operation Scheme
(PIC/S).
优良规范“GXP”环境下的计算机系统规范，药物检查委员会/药物合作框架检检
查（PIC/S）
3) EU Guidelines to Good Manufacturing Practice (GMP). Annex 11. Computerized
Systems.
欧盟 GMP 指南，附件 11，计算机化系统
4) OECD Series on Principles of Good Laboratory Practices and Compliance
Monitoring. Number 10. The Application of the Principles of GLP to Computerized
Systems. Environment Monograph no. 116.
OECD 系列：优良实验室规范原则和符合性监控，第 10，计算机化系统的 GLP
原则实践，环境各论第 116 号
5) U.S. Food and Drug Agency (FDA) General Principles of Software Validation;
FDA Glossary of computerized system and software development terminology
(http://www.fda.gov/ora/inspect_ref/igs/gloss.html).
美国 FDA 软件验证通用原则，FDA 计算机化系统和软件研发术语

LIST OF ANNEXES (the latest version applies): 附件清单（适用最新版本）

Annex 1: Validation of computerised calculation systems - PA/PH/OMCL (08) 87
附件 1：计算机化计算系统的验证- PA/PH/OMCL (08) 87
Annex 2: Validation of databases, Laboratory Information Management Systems
(LIMS) and Electronic Laboratory Notebooks (ELN) - PA/PH/OMCL (08) 88
附件 2：数据库、化验室信息管理系统（LIMS）和电子实验室笔记本（ELN）
的验证- PA/PH/OMCL (08) 88
Annex 3: Validation of computers as part of test equipment - PA/PH/OMCL (08) 89
附件 3：计算机作为检测设备的一部分的验证- PA/PH/OMCL (08) 89

[1] OMCL Guideline “ARCHIVING WITHIN THE OMCL NETWORK” OMCL 指

南“OMCL 网络文件归档”

[2] ISO/IEC 17025 standard, chapter 5.4.7 and 5.5.5.