Translated by April from CPAPE, only for study and communication, not for commercialization 1 EMA Data integrity Q 是否有可能对原始数据和元数据进行重建、修改或删除？ Controls over paper records are discussed elsewhere in this guidance. 指南中每处都讨论了对纸质记录的控制。 Computerised system controls may be more complex, including setting of user privileges and system configuration to limit or prevent access to amend data. It is important to review all data access opportunities, including IT helpdesk staff, who may make changes at the request of the data user. These changes should be procedurally controlled, visible and approved within the quality system. 计算机化系统控制可能更为复杂，包括使用者权限的设置，以及限制或阻止修改数据的系统设 置。审查所有接触数据的机会很重要，包括 IT 技术支持维护员工，该员工可能按照数据使用者 的要求改动数据。这些改动应该程序受控、可视化，并且在质量体系中得到批准。 How data is transferred to other locations or systems for processing or storage; Data should be protected from possibility of intentional or unintentional loss or amendment during transfer to other systems (e.g. for processing, review or storage). Paper records should be protected from amendment, or substitution. Electronic interfaces should be validated to demonstrate security and no corruption of data, particularly where systems require an interface to present data in a different structure or file format. 如何转移数据到其他地方或系统以进行处理或存储；在转移到其他系统过程中（例如出于处理、 审查或存储的目的），应避免有意或无意丢失或修改数据的可能性。应避免修改或替换纸质文 件。应对电子界面进行验证，证明数据安全无破坏，尤其当系统要求以不同结构或文件格式显示 数据时。 Translated by April from CPAPE, only for study and communication, not for commercialization 6 Does the person processing the data have the ability to influence what data is reported, or how it is presented. 处理数据的人员是否有能力影响报告哪些数据，或者如何呈现数据。 7. Data lifecycle: What risks should be considered when assessing the processing data into usable information? 7. “数据数据生命周期生命周期”：当当评估处理评估处理数据为有效数据为有效信息时应考虑何种风险？信息时应考虑何种风险？ The following aspects should be considered when determining risk and control measures: 在确定风险和控制措施时应考虑以下因素： How is data processed; 如何处理数据； Data processing methods should be approved, identifiable and version controlled. In the case of electronic data processing, methods should be locked where appropriate to prevent unauthorised amendment. How is data processing recorded; 如何记录数据处理（情况）； The processing method should be recorded. In situations where raw data has been processed more than once, each iteration (including method and result) should be available to the data checker for verification. Does the person processing the data have the ability to influence what data is reported, or how it is presented; 处理数据的人员是否有能力影响报告哪些数据，或者如何呈现数据。 Even validated systems which do not permit the user to make any changes to data may be at risk if the user can choose what data is printed, reported or transferred for processing. This includes performing the activity multiple times as separate events and reporting a desired outcome from one of these repeats. 如果使用者可选择性的打印、报告或转移处理数据，即使不允许使用者改变数据的“确认后系 统”也会承担风险。包括多次进行活动作为分开的事件，以及在重复结果中报告理想的结果。 Data presentation (e.g. changing scale of graphical reports to enhance or reduce presentation of analytical peaks) can also influence decision making, and therefore impact data integrity. 数据呈现（例如：改变图像报告的比例以加强或减弱分析峰值的展现）也能影响决策的制定，因 此影响数据完整性。 8. Data lifecycle: What risks should be considered when checking the completeness and accuracy of reported data and processed information? Translated by April from CPAPE, only for study and communication, not for commercialization 7 8. “数据数据生命周期生命周期”：当检查当检查报告数据和处理后信息的完整性和准确性时应考虑何种风险报告数据和处理后信息的完整性和准确性时应考虑何种风险? The following aspects should be considered when determining risk and control measures: 在确定风险和控制措施时应考虑以下因素： Is original data (including the original data format) available for checking; 能否检查原始数据（包括原始数据的格式）； The format of the original data (electronic or paper) should be preserved, and available to the data reviewer in a manner which permits interaction with the data (e.g. search, query). This approach facilitates a risk-based review of the record, and can also reduce administrative burden for instance utilising validated audit trail exception reports instead of an onerous line-by-line review. 应保留原始数据的格式（电子数据或纸质数据），并能限制数据审查员对数据的操作（例如：检 索，查询）。此方法促进对记录进行基于风险的审查，也能减少监管压力，例如使用验证后审计 追踪“异常报告”替代繁重的逐行检查。 Are there any periods of time when data is not audit trailed; 有没有不能对数据进行审计追踪的时期； This may present opportunity for data amendment which is not subsequently visible to the data reviewer. Additional control measures should be implemented to reduce risk of undisclosed data manipulation. 这条能显示使数据审查员无法看到数据修改的机会。应采取额外的控制措施，减少隐蔽操纵数据 的风险。 Does the data reviewer have visibility and access to all data generated; 数据审查员是否有权限能看到所有产生的数据； This should include any data from failed or aborted activities, discrepant or unusual data which has been excluded from processing or the final decision-making process. Visibility of all data provides protection against selective data reporting or testing into compliance. 这应包括所有失败或中止活动的数据，被处理过程或最终制定决策过程排除掉的不一致或异常的 数据。所有数据的可视性避免选择性使用数据进行报告