21_业务连续性和灾难恢复计划规程

业务连续性和灾难恢复计划规程

Business Continuity and Disaster Recovery Plan

1 目的/Purpose

本规程规定系统发生不同程度中断时需要维持安全的业务连续性所需要准备的业务连续性和灾难恢复计划。

This document is to define the procedures on preparing a business continuity and disaster recovery plan to allow for the safe continuance of business in the event of disruption of various multitudes.

2 范围/Scope

2.1 所有GMP计算机系统All GMP computerized system

3 职责/Responsibilities

3.1 系统用户System User

参与编写业务连续性和灾难恢复计划

Co-author business continuity and disaster recovery plan

3.2 部门/车间负责人Head of Department/Workshop

a) 审核业务连续性和灾难恢复计划

Review of the business continuity and disaster recovery plan

b) 实施业务连续性和灾难恢复计划

Execution of the business continuity and disaster recovery plan

3.3 验证Validation

a) 审核业务连续性和灾难恢复计划

Review of business continuity and disaster recovery plan

b) 对发生的系统中断进行质量影响评估

Perform quality impact assessment in the event of system disruption

3.4 技术管理员Technical Administrator

a) 编写业务连续性和灾难恢复计划

Author business continuity and disaster recovery plan

b) 审核业务连续性和灾难恢复计划

Review of business continuity and disaster recovery plan

c) 实施业务连续性和灾难恢复计划

Execution of business continuity and disaster recovery plan

3.5 质量管理部QM Department

a) 审核业务连续性和灾难恢复计划

Review of the business continuity and disaster recovery plan

b) 实施业务连续性和灾难恢复计划

Execution of business continuity and disaster recovery plan

3.6 质量负责人Head of Quality

a) 批准业务连续性和灾难恢复计划

Approval of business continuity and disaster recovery plan

b) 批准调用业务连续性和灾难恢复计划

Approval of invoking business continuity and disaster recovery plan

4 定义Definition

业务连续性管理：涵盖系统中断后需要恢复业务同时继续为客户/用户提供产品和服务的步骤。

Business continuity management: Encompasses the steps required to restore business processes following a disruption while continuing to provide product or services to the customer/user.

业务连续性计划：涵盖保证连续性的为客户/用户提供产品和服务的规程或工艺并且是业务连续性管理的一部分。

Business continuity plan: Covers the procedures/processes required to ensure the continuance provision of product or services to the customer/user and is part of business continuity management.

灾难恢复计划：涵盖针对系统的技术恢复并且是业务连续性管理的一部分。Disaster recovery plan: covers the technical recovery of a specific system and is a part of business continuity management.

CAPA：纠正预防措施Corrective Action Preventive Action

GMP：药品生产管理规范Good Manufacturing Practice

SOP：标准操作规程Standard Operating Procedure

5 程序/Procedure

5.1 重大业务中断Significant business disruption

5.1.1 影响工厂运行和通讯不超过三小时的内部重大业务中断。此类中断不仅限于通讯和公用系统的中断。

Internal significant business disruption that affects the operation and communication within the plant for not more than 3 hours, it may include but not limited to loss of communication or utilities.

5.1.2 影响工厂运行和通讯超过三小时的内部重大业务中断并不仅限于：Internal significant business disruption that affects the operation and communication within the plant for more than 3 hours and includes but not limited to:

5.1.2.1 不同程度的系统故障或瘫痪，如服务器瘫痪

Multitude of system failure or breakdown i.e. server breakdown

5.1.2.2 系统安全受到破坏Breach of security

5.1.3 外部重大业务中断指的是导致工厂所在的整个区域的运行和通讯中断并不仅限于：

External significant business disruption refers to disruption that cripples the operation and communication of the entire area where the plant is located and includes but not limited to:

5.1.3.1 恐怖分子袭击Terrorist attack

5.1.3.2 自然灾害如地震Natural disaster i.e. earthquake.

5.1.3.3 大规模的区域中断如洪水泛滥Wide scale, regional disruption i.e. flood.

5.2 除了5.1.1描述的中断，一旦发现任何5.1.2和5.1.3描述的中断即直接实施业务连续性管理。

Except for disruptions described in 5.1.1, proceed to business continuity management upon observation of any disruptions described in 5.1.2 and 5.1.3.