Digital and electronic signatures:数字及电子签名:

Q: What is the difference between a digital and an e-signature?

数字签名和电子签名有什么不同?

A: A digital signature is attached to an electronic file and not maintained within an electronic system and stays with the data and moves with the data. The signature can be verified by the recipient. An e-signature is executed and maintained within a validated electronic system and stays in the electronic system. The e-signature can only be verified in the source system.

数字签名附在电子文件上，并不保存在电子系统内，它随数据而存，随数据而动。该签名可由接收方验证。电子签名在经过验证的电子系统内执行和维护，并保留在电子系统中。电子签名只能在原系统中验证。

 Q: What is the best practice to handle hybrid signature?

处理混合签名的最佳操作是什么?

(Hybrid signature is mixing handwritten or ‘wet’ signatures and digital signatures/e-signature on the same document)

(混合签名是在同一文件上既有手写或“湿”签名，也有数字签名/电子签名) 

A: It is the preference to sign off documents fully wet or fully digital. Hybrid signature should be more exceptional if there are no other options.

最好是全湿式或全数字化签名文件。如果没有其他选择，混合签名应该更加特殊。

In that case the handwritten signature(s) must be applied first and afterwards the document can be prepared for digital signature(s). In that way the metadata for the digital signature(s)/e-signature(s) can be maintained. The fully signed electronic document is the official GXP document. (a printout doesn’t contain the metadata and verification of digital signatures/e-signatures can’t be done). The wet or a true copy of the wet signature and e-signed copy must be kept as a linked document in a secure, validated for intended use, environment, in line with the company’s record management policy.

在这种情况下，必须先使用手写签名，然后才能为文件准备数字签名。这样就可以维护数字签名/电子签名的元数据。完全签名的电子文档是官方的GXP文档。(打印件不包含元数据，不能进行数字签名/电子签名的确认)。湿（手写）签名和电子签名件的湿副本或真实副本必须作为链接文件保存在安全的、经过预期用途验证的环境中，遵循公司的记录管理政策

Q: Is it acceptable to use a scanned image of a wet signed document as GXP? (internal use)

是否可以使用湿签名文件的扫描图像作为GXP用途?(内部使用)

A: It is only acceptable if the scanned image is a verified true copy of the original wet signed record and allowed by your local legal and regulatory requirements.

只有当扫描图像是原始湿（手写）签名记录的经过验证的真实副本，并且符合您当地的法律和法规要求时，才能接受扫描图像

Q: How do I need to handle a document with a scanned image of a wet signed document that I also need to sign? (external use, e.g. with third parties, working on different locations)

如果文件附有须签名的湿签名文件的扫描图像，我应如何处理?(外部使用，例如与第三方，在不同地点工作)

A: This document can be used if the party who’s sending this scanned document has an established true copy process in place and the scanned document is already verified and attested as a true copy. The sender should have and an established document retention policy in line with your expectations.

如果发送此扫描文件的一方有既定的真实副本流程，并且扫描文件已经被验证和证明为真实副本，则可以使用此文件。发件人应该有一个符合您期望的既定文件保留政策

Q: How do we handle digitally signed documents in an electronic document management system? (e.g. loading an Adobe digitally signed document into your document management systems without losing the digital signature certificate)

在电子文件管理系统内，我们如何处理数字签名的文件?(例如，在不丢失数字签名证书的情况下，将Adobe数字签名文档加载到您的文档管理系统中)

A: The document management system should be validated for this intended use, verifying that the digital signature is maintained in the system and that it is possible to retrieve it when necessary. This process should be defined and documented.

文件管理系统应根据预期用途进行验证，验证数字签名是否保存在系统中，并且在必要时可以检索到。这个过程应该被定义和记录。

If it is not possible to maintain this digital signature in the system, the digitally signed document should be stored in a secure validated environment.

如果不可能在系统中维护此数字签名，则应将数字签名的文档存储在经过验证的安全环境中

Password management: 密码管理

Q: How do I define when a password should be entered during a specific operation when data is being recorded?

在记录数据时，如何定义特定操作什么时候需要输入密码?

A: This practice is described in 21CFR11, chapter 11.200 ‘e-signature and components’:

这种做法在21CFR11第11.200章“电子签名和组件”中有描述:

(i) When an individual executes a series of signings during a single, continuous period of controlled system access, the first signing shall be executed using all electronic signature components (= user ID and password or biometrics); subsequent signings shall be executed using at least one electronic signature component that is only executable by, and designed to be used only by, the individual.

当个人在单一、连续的受控系统访问期间执行一系列签名时，第一次签名时应使用所有电子签名元素(=用户ID和密码或生物识别技术);后续签名应使用至少一个电子签名元素，该元素只能由个人执行，并设计为仅由个人使用

(ii) When an individual executes one or more signings not performed during a single, continuous period of controlled system access, each signing shall be executed using all of the electronic signature components

当个人执行一个或多个非在单一、连续的受控系统访问期间执行的签名时，每个签名应使用所有电子签名元素执行

Q: Is the storage of passwords in the internet browser allowed for GXP applications?

GXP应用程序是否允许在互联网浏览器中存储密码?

A: No, ideally this feature should be deactivated in all browsers used for GXP applications.

不，理想情况下，这个功能应该在所有用于GXP应用程序的浏览器中禁用

Access management:权限管理

Q: Can I use generic accounts for 3rd party support employees? (e.g. lab technicians, on-line support SAP)

我可以为第三方支持员工使用通用账户吗?(如实验室技术人员，在线支持SAP)

A: No. The account should be attributable to the person executing the actions and there should be processes and systems in place to manage this.

不。该账户应归属于执行行动的人，并且应该有适当的流程和系统来管理这一点

Record life cycle management:记录的生命周期管理

Q: How to protect critical paper records? Is it necessary to scan all records or is physical protection (fire protected cabinets, location of the paper record archive(s)) sufficient?

如何保护重要的纸质记录?是否有必要扫描所有记录，或者物理保护(防火柜，纸质记录存档的位置)是否足够?

A: Records should be protected and retrievable for the appropriate retention period. There is no need to scan under the condition that the documents are stored in a safe and secure environment.

记录应在适当的保存期限内得到保护和检索。在文件存储在安全可靠的环境下，不需要扫描

Q: Is it allowed to replace a physical paper archive if your scan your records? Can the paper records be destroyed afterwards?

如果你扫描你的记录，是否可以取代纸质的存档?纸质记录事后可以销毁吗?

A: In practice this is possible if the digital copy is a true copy, however you need to comply with local legal and regulatory requirements to decide if you can destroy the paper records or not.

实际上，如果数字副本是真实副本，这是可能的，但是你需要遵守当地的法律和监管要求，以决定你是否可以销毁纸质记录

Q: If hardware and/or software packages are not supported anymore (Windows updates, application software), is it possible to print out the electronic data or do you need to keep the ‘old’ systems up and running? (with the risk that you’re not able to see the electronic data anymore in case of soft and hardware errors)

如果硬件和/或软件包(Windows更新、应用软件)不再被支持，是否可以打印出电子数据，还是需要保持“旧”系统的运行?(有因软硬件错误而无法看到电子数据的风险)

A: A print-out is only allowed if it is a true copy with all raw data and meta-data. In practice this is very difficult. The first option is to migrate those data to an appropriate system. Another option is to create a virtual environment where you can run the legacy system in a validated state and where all data can be retrieved.

只有当它是包含所有原始数据和元数据的真实副本时才允许打印出来。在实际操作中，这是非常困难的。第一种选择是将这些数据迁移到适当的系统。另一种选择是创建一个虚拟环境，您可以在其中以已验证的状态运行遗留系统，并且可以在其中检索所有数据