The following aspects should be considered when determining risk and control measures:

在确定风险和控制措施时，应考虑以下方面。

· How / where is data stored; 数据是如何/在哪里存储的。

Storage of data (paper or electronic) should be at secure locations, with access limited to authorised persons. The storage location must provide adequate protection from damage due to water, fire, etc.

数据（纸质或电子）的存储应在安全的地点，只允许被授权的人进入。存储地点必须提供足够的保护，防止因水、火等原因造成的损坏。

·What are the measures protecting against loss or unauthorised amendment;

有哪些措施可以防止丢失或未经授权的修改。

Data security measures should be at least equivalent to those applied during the earlier Data lifecycle stages. Retrospective data amendment (e.g. via IT helpdesk or data base amendments) should be controlled by the pharmaceutical quality system, with appropriate segregation of duties and approval processes.

数据安全措施应至少等同于在早期数据生命周期阶段所应用的措施。追溯性的数据修改（如通过IT服务台或数据库的修改）应该由药品质量体系控制，并有适当的职责分工和审批程序。

· Is data backed up in a manner permitting reconstruction of the activity;

数据是否以允许重建活动的方式进行备份。

Back-up arrangements should be validated to demonstrate the ability to restore data following IT system failure. In situations where metadata (including relevant operating system event logs) are stored in different file locations from raw data, the back-up process should be carefully designed to ensure that all data required to reconstruct a record is included.

备份安排应得到验证，以证明在IT系统故障后恢复数据的能力。在元数据（包括相关的操作系统事件日志）与原始数据存储在不同的文件位置的情况下，备份过程应仔细设计，以确保包括重建记录所需的所有数据。

Similarly, 'true copies' of paper records may be duplicated on paper, microfilm, or electronically, and stored in a separate location.

同样，纸质记录的 "真实副本 "可以用纸质、微缩胶卷或电子方式复制，并储存在一个单独的地方。

· What are ownership / retrieval arrangements, particularly considering outsourced activities or data storage;

什么是所有权/检索安排，特别是考虑到外包的活动或数据存储。

A technical agreement should be in place which addresses the requirements of Part I Chapter 7 and Part II Section 16 of the GMP guide.

应该有一个技术协议，解决GMP指南第一部分第七章和第二部分第16节的要求。