欧盟 附录11 征求意见稿：

14.2. Scope of review. Where applicable, periodic reviews should include, but may not be limited to:
14.2. 审查范围。如适用，定期审查应包括但不限于以下内容：

Changes made since the previous review:
自上次审查以来所做的更改：

i. To the system’s hardware and software components, configuration, platform, infrastructure and interfaces.
i. 对系统的硬件和软件组件、配置、平台、基础设施和接口的更改。

ii. To the system documentation, e.g. requirements specifications, user guides and SOPs. This includes a verification that system changes are fully reflected in the system documentation.
ii. 对系统文件的更改，例如需求规范、用户指南和标准操作程序（SOP）。这包括验证系统更改是否已在系统文件中得到充分反映。

iii. The combined effect of multiple changes in this, and in other systems, should be assessed. Undocumented (unapproved) changes should be effectively identified, e.g. by means of configuration auditing.
iii. 应评估本系统和其他系统中多次更改的累积影响。应通过配置审计等手段有效识别未记录（未经批准）的更改。

Follow-up on supporting processes:
对支持流程的后续跟踪：

iv. Actions from previous periodic reviews, audits and inspections, and corrective and preventive actions.
iv. 以往定期审查、审计和检查的结果，以及纠正和预防措施。

v. Conduct of, and actions from, audit trail reviews, access reviews, and risks assessments.
v. 审计追踪审查、访问审查和风险评估的实施及其结果。

vi. Actions from incidents, problems and deviations, security incidents and new security threats.
vi. 事件、问题和偏差、安全事件以及新的安全威胁的处理。

vii. Maintenance, calibration, support contracts and service level agreements (SLA).
vii. 维护、校准、支持合同和服务等级协议（SLA）。

viii. Contracts and key performance indicators (KPI) with vendors and service providers.
viii. 与供应商和服务提供商的合同以及关键绩效指标（KPI）。

ix. Adequacy of backup procedures, restore tests and disaster recovery plans.
ix. 备份程序、恢复测试和灾难恢复计划的充分性。

x. Adequacy and timeliness of archival.
x. 归档的充分性和及时性。

xi. Conduct and actions from data integrity assessments.
xi. 数据完整性评估的实施及其结果。

xii. Changes to regulatory requirements.
xii. 法规要求的变更。

计算机化系统定期评估在实操层面建议分两部分进行，一块是对各部门分管的计算机化系统进行审查，另一块需建立对公司层面IT基础设施和服务器的定期评估要求。

具体也可以参照GMP指南6.3计算机化系统的生命周期

可参考EU gmp annex 11的相关要求，具体如下：

11. Periodic evaluation
Computerised systems should be periodically evaluated to confirm that they remain in a valid
state and are compliant with GMP. Such evaluations should include, where appropriate, the
current range of functionality, deviation records, incidents, problems, upgrade history,
performance, reliability, security and validation status reports.