计算机化系统:用户离职,账户能否删除?
WHO 最新发布的《数据完整性指南》中提及关于计算机化系统用户停用后的管理要求:
停用的用户应在系统中保留。
应在整个系统生命周期中维护活动用户和非活动用户的列表。
此外,系统管理员的活动也应能够被审计追踪,或至少应有这些帐户的活动日志并指定人员审查该日志,以确保适当的监督。
Access and privileges 访问和权限
11.6. There should be a documented systemin place that defines the access and privileges of users of systems. Thereshould be no discrepancy between paper records and electronic records wherepaper systems are used to request changes for the creation and inactivation ofusers. Inactivated users should be retained in the system. A list of active andinactivated users should be maintained throughout the system life cycle. 应该有一个文件化的系统来定义系统用户的访问和权限。当使用纸质系统申请用户创建和停用时,纸质记录和电子记录之间不应存在差异。停用的用户应在系统中保留。应在整个系统生命周期中维护活动用户和非活动用户的列表。
11.7. Access and privileges should be inaccordance with the role and responsibility of the individual with theappropriate controls to ensure data integrity (e.g. no modification, deletion orcreation of data outside the defined privilege and in accordance with theauthorized procedures defining review and approval where appropriate). 访问和权限应与人员的角色和责任相一致,并进行适当的控制以确保数据完整性(例如,不得在规定权限之外修改、删除或创建数据,并在适当情况下按照已批准程序审查和批准)。
11.8. A limited number of personnel, withno conflict of interest in data, should be appointed as system administrators.Certain privileges such as data deletion, database amendment or systemconfiguration changes should not be assigned to administrators without justification– and such activities should only be done with documented evidence of authorizationby another responsible person. Records should be maintained and audit trailsshould be enabled in order to track activities of system administrators. As aminimum, activity logging for such accounts and the review of logs by designatedroles should be conducted in order to ensure appropriate oversight. 应分配一定数量且在数据上没有利益冲突的人员作为系统管理员。某些权限,如数据删除、数据库修改或系统配置更改,不应该在没有正当理由的情况下分配给管理员,且此类活动应在另一个负责人批准的书面证明下进行。为了跟踪系统管理员的活动,应该保持记录并启用审计追踪。至少,应有这些帐户的活动日志并指定角色审查该日志,以确保适当的监督。
11.9. For systems generating, amending orstoring GxP data, shared logins or generic user access
should not be used. Thecomputerised system design should support individual user access. Where a computerisedsystem supports only a single user login or limited numbers of user logins andno suitable alternative computerised system is available, equivalent control shouldbe provided by third-party software or a paper-based method that providestraceability (with version control). The suitability of alternative systemsshould be justified and documented (8). The use of legacy hybrid systems shouldbe discouraged and a priority timeline for replacement should be established. 对于产生、修改或存储 GxP 数据的系统,不应使用共享登录或通用用户。计算机化系统设计应支持个人用户访问。如果计算机化系统只支持单个用户登录或有限数量的用户登录,且没有合适的替代计算机化系统,应由第三方软件或提供可追溯性(通过版本控制)的纸质方法提供相应的控制。替代系统的适用性应被证明并记录(8)。不建议使用遗留混合系统,并应建立更换的优先时间表。