To ensure your life sciences system can stand up to an audit, here are the top 10 data integrity requests that auditors are likely to make during review of procedures and supporting GxP records:

为确保你们的生命科学系统经得起检查，以下是检查人员在检查程序和支持GxP 记录时可能提出的 10 大数据完整性要求：

Data Governance and SOPs

数据治理和 SOP

Auditors will review your company’s data governance framework, ensuring you have policies in place to maintain the accuracy, completeness, consistency, and security of your data.

检查人员将审查你们公司的数据治理框架，确保你们制定了政策来维护数据的准确性、完整性、一致性和安全性。

They’ll check your SOPs to see if they align with regulatory expectations, such as ALCOA plus principles, which emphasize the attributes of data integrity: Attributable, Legible, Contemporaneous, Original, Accurate, Complete, Consistent, Enduring, and Available. They may also look for more evidence of compliance with regulations such as 21 CFR Part 11 or EudraLex Volume 4 Annex 11.

他们将检查你们的 SOP，看看它们是否符合监管要求，例如ALCOA plus 原则，这些原则强调数据完整性的属性：可归因、清晰、同步、原始、准确、完整、一致、持久和可用。他们还可能寻找更多符合法规的证据，例如21 CFR Part 11 或 EU GMP附录 11。

Inventory List

系统清单

Provide a full inventory list of all systems, especially high-risk ones like a GAMP category 5 system. These systems handle complex functionality and require rigorous validation.

提供所有系统的完整清单列表，尤其是 GAMP 5 类系统等高风险系统。这些系统处理复杂的功能，需要严格的验证。

Validation Report

验证报告

Auditors will review your system’s validation report, looking for a clear description of the business need and evidence that proper validation activities (including code review for a GAMP category 5 customized system) have taken place.

检查员将审查你们系统的验证报告，寻找关于业务需求的明确描述，以及已进行适当验证活动（包括GAMP 第 5 类定制系统的代码审查）的证据。

Initial System Assessment

系统初始评估

An initial assessment (such as a system risk assessment) will be performed to determine the system as GxP and its criticality and GAMP categorization to determine further controls, and this document should be available for review.

将执行初始评估（例如系统风险评估）以确定系统为 GxP 及其关键性，并进行 GAMP 分类以确定进一步的控制措施，并且该文件应可供审查。

Requirements Traceability Matrix (RTM)

需求追溯矩阵（RTM）

The RTM is critical in demonstrating that each system requirement has been validated and that data integrity controls are in place. Auditors may focus on how risk assessment of requirements was performed and that applicable testing is available to review as a mitigation control.

需求追溯矩阵（RTM）对于证明每个系统需求都经过验证并且数据完整性控制已到位至关重要。检查人员可能会关注如何对需求进行风险评估，以及是否有适用的测试可以作为缓解控制进行审查。

Admin SOP

管理员SOP

An SOP for system administrators is crucial, as these individuals often have high-level access to the system. Auditors will ensure that admin tasks, including user account management and system maintenance, are properly governed.

系统管理员的 SOP 至关重要，因为这些人通常对系统具有高级访问权限。检查人员将确保管理任务（包括用户帐户管理和系统维护）得到适当的管理。

User SOPs

用户SOP

User SOPs will also be reviewed to ensure they reflect the business need for the system. Proper user training and documented procedures are essential to maintaining data integrity.

还将审查用户 SOP，以确保它们反映系统的业务需求。适当的用户培训和书面程序对于维护数据完整性至关重要。

QMS Documentation – Change Controls, Deviations, CAPAs

QMS文件 – 变更控制、偏差、CAPA

Auditors will request evidence from yourquality management system (QMS) showing how changes to the system, deviations, and corrective and preventive actions (CAPAs) are documented and managed. They will want to see that all changes and deviations are tracked, assessed for impact on data integrity, and properly approved, ensuring that data remains accurate and reliable throughout the system’s life cycle.

检查人员将要求你们的质量管理体系 （QMS） 提供证据，说明如何记录和管理系统变更、偏差以及纠正和预防措施 （CAPA）。他们希望看到所有变更和偏差都得到跟踪，评估对数据完整性的影响，并得到适当的批准，从而确保数据在系统的整个生命周期内保持准确和可靠。

Backup and Restore Evidence

备份和恢复的证据

Auditors will request evidence of successful system backups stored off-site, as well as documentation proving that a restore has been performed successfully to the timelines mentioned in the procedure. Lack of a viable backup could mean the loss of data in the event of a disaster, which is a critical risk that is mitigated through restore testing.

检查人员将要求提供成功异地存储进行系统备份的证据，以及证明已按照规程中提到的时间表成功执行还原的文件。缺少可行的备份可能意味着在发生灾难时会丢失数据，这是一个关键风险，可以通过还原测试来缓解。

Periodic Review Evidence

定期审查的证据

Auditors will ask for documentation of the last completed periodic review of the system to ensure it continues to meet regulatory requirements and operates as intended. This review should cover system performance, data integrity controls, and any changes or issues identified since the previous review, ensuring that risks are properly assessed and mitigated.

检查人员将要求提供最近一次系统定期审查的文件，以确保其继续满足监管要求并按预期运行。此审查应涵盖系统性能、数据完整性控制以及自上次审查以来发现的任何变更或问题，以确保正确评估和缓解风险。

Once the review is complete, a “show and tell” demonstration will be largely led by the auditor based on any findings so far. System users may be asked to demonstrate procedures in action, while administrators may be asked to demonstrate access controls, user role segregation, and audit trail or modification logs to prove data remains accurate and unaltered.

审查完成后，检查员将主要根据所进行的任何检查情况进行“实操”演示。可能会要求系统用户演示实际操作规程，而管理员可能会被要求演示访问控制、用户角色分离以及审计追踪或修改日志，以证明数据保持准确且未更改。

Conclusion: Preparing For The Next Audit

结论：为下一次检查做准备

Preparing for a data integrity audit can feel overwhelming but knowing what to expect can make the process much smoother and improve the team’s audit readiness. From reviewing SOPs to providing evidence of successful backups, being ready with the right documentation is key.

准备数据完整性检查可能会让人不知所措，但知道会发生什么可以使流程更加顺畅并提高团队的审计准备情况。从审查SOP 到提供成功备份的证据，准备好正确的文件是关键。