참고문헌

📍 여기는: 이 책 전체의 근거를 한곳에 모아 둔 참고문헌입니다.

이 책의 모든 장에서 사용한 인용([N] 표기)은 아래에 장별로 정리되어 있습니다. 각 항목의 번호는 본문의 [N] 표기와 일치합니다. 원자료가 영어이므로 서지 항목은 원문 그대로 표기합니다.

서문

1. Docker, Inc. (2026). Docker — Get Docker / Engine overview (official documentation). Docker Docs. https://docs.docker.com/get-started/get-docker/
2. Chacon, Scott; Straub, Ben. (2014). Pro Git (2nd Edition) — official Git documentation. Apress / git-scm.com (Git Project). https://git-scm.com/book/en/v2
3. U.S. Food and Drug Administration (FDA). (1997). 21 CFR Part 11 — Electronic Records; Electronic Signatures. Electronic Code of Federal Regulations (eCFR), Title 21, Chapter I, Subchapter A, Part 11. https://www.ecfr.gov/current/title-21/chapter-I/subchapter-A/part-11
4. U.S. Food and Drug Administration (FDA). (2003). Part 11, Electronic Records; Electronic Signatures — Scope and Application: Guidance for Industry. FDA Guidance for Industry, Docket FDA-2003-D-0143. https://www.fda.gov/regulatory-information/search-fda-guidance-documents/part-11-electronic-records-electronic-signatures-scope-and-application
5. European Commission. (2011). EudraLex — The Rules Governing Medicinal Products in the European Union, Volume 4, Annex 11: Computerised Systems. European Commission, EU GMP Guidelines (effective 30 June 2011). https://health.ec.europa.eu/system/files/2016-11/annex11_01-2011_en_0.pdf
6. ISPE (International Society for Pharmaceutical Engineering). (2022). ISPE GAMP 5: A Risk-Based Approach to Compliant GxP Computerized Systems (Second Edition). ISPE Guidance Document (DOI 10.1002/9781946964571). https://ispe.org/publications/guidance-documents/gamp-5-guide-2nd-edition
7. U.S. Food and Drug Administration (FDA), CDRH / CBER. (2022). Computer Software Assurance for Production and Quality System Software; Draft Guidance for Industry and FDA Staff; Availability. Federal Register 87 FR 56110, Docket FDA-2022-D-0795. https://www.federalregister.gov/documents/2022/09/13/2022-19763/computer-software-assurance-for-production-and-quality-system-software-draft-guidance-for-industry
8. Wilkinson, M. D.; Dumontier, M.; Aalbersberg, Ij. J.; et al. (2016). The FAIR Guiding Principles for scientific data management and stewardship. Scientific Data 3, 160018. https://doi.org/10.1038/sdata.2016.18
9. Docker, Inc. (2026). Docker Compose — Overview (official documentation). Docker Docs. https://docs.docker.com/compose/
10. International Society of Automation (ISA) / IEC. (2025). ANSI/ISA-95.00.01-2025 (IEC 62264-1 Mod), Enterprise-Control System Integration — Part 1: Models and Terminology. International Society of Automation; IEC 62264. https://www.isa.org/standards-and-publications/isa-standards/isa-95-standard

1장 — 레퍼런스 아키텍처: 한 스택, 계층별로

1. International Society of Automation (ISA) / IEC. (2025). ISA-95 Series of Standards: Enterprise-Control System Integration (ANSI/ISA-95 / IEC 62264). International Society of Automation; IEC 62264. https://www.isa.org/standards-and-publications/isa-standards/isa-95-standard
2. NAMUR (User Association of Automation Technology in Process Industries). (2020). NE 175 — NAMUR Open Architecture (NOA) Concept. NAMUR Recommendation NE 175. https://www.namur.net/en/work-areas-and-project-groups/focus-topics/namur-open-architecture.html
3. Timescale / Tiger Data. (2026). Hypertables — TimescaleDB Documentation. Tiger Data (TimescaleDB) official documentation. https://www.tigerdata.com/docs/use-timescale/latest/hypertables
4. OPC Foundation. (2025). OPC Unified Architecture — Part 1: Overview and Concepts (OPC 10000-1, IEC 62541-1). OPC Foundation; IEC 62541. https://reference.opcfoundation.org/Core/Part1/v105/docs/
5. Medicines and Healthcare products Regulatory Agency (MHRA). (2018). 'GXP' Data Integrity Guidance and Definitions, Revision 1. MHRA (UK), March 2018. https://assets.publishing.service.gov.uk/media/5aa2b9ede5274a3e391e37f3/MHRA_GxP_data_integrity_guide_March_edited_Final.pdf
6. Eclipse Foundation (Sparkplug Working Group; A. Nipper et al.). (2022). Sparkplug Specification 3.0 (MQTT topic namespace, payload, and session-state management for IIoT). Eclipse Foundation Specification Process (EFSP). https://sparkplug.eclipse.org/specification/
7. U.S. Food and Drug Administration (FDA). (2024). 21 CFR Part 11 — Electronic Records; Electronic Signatures. Electronic Code of Federal Regulations (eCFR), Title 21, Part 11. https://www.ecfr.gov/current/title-21/chapter-I/subchapter-A/part-11
8. International Society for Pharmaceutical Engineering (ISPE). (2022). GAMP 5: A Risk-Based Approach to Compliant GxP Computerized Systems (Second Edition). ISPE GAMP Guide, 2nd ed. https://ispe.org/publications/guidance-documents/gamp-5-guide-2nd-edition
9. U.S. Food and Drug Administration (FDA, CDRH/CBER). (2025). Computer Software Assurance for Production and Quality System Software — Guidance for Industry. FDA Guidance, Docket FDA-2022-D-0795 (final, Sept 2025). https://www.fda.gov/regulatory-information/search-fda-guidance-documents/computer-software-assurance-production-and-quality-system-software
10. International Society of Automation (ISA) / IEC. (2021). ISA/IEC 62443 Series of Standards (Security for Industrial Automation and Control Systems; formerly ISA-99). International Society of Automation; IEC 62443. https://www.isa.org/standards-and-publications/isa-standards/isa-iec-62443-series-of-standards

2장 — 스택 띄우기: docker compose up 한 번으로

1. Docker Inc. (2025). Docker Compose overview. Docker Documentation (docs.docker.com). https://docs.docker.com/compose/
2. Docker Inc. / Compose Specification contributors. (2025). Compose file reference (the Compose Specification). Docker Documentation (docs.docker.com). https://docs.docker.com/reference/compose-file/
3. PostgreSQL Global Development Group. (2025). PostgreSQL Documentation (current / version 18). postgresql.org documentation. https://www.postgresql.org/docs/
4. Tiger Data (creators of TimescaleDB). (2025). TimescaleDB hypertables and chunks reference. Tiger Data / TimescaleDB Documentation (tigerdata.com/docs, formerly docs.timescale.com). https://www.tigerdata.com/docs/reference/timescaledb/hypertables
5. Eclipse Foundation / cedalo. (2025). Eclipse Mosquitto — An open source MQTT broker. mosquitto.org (Eclipse Foundation project). https://mosquitto.org/
6. Grafana Labs. (2025). Grafana fundamentals / Introduction. Grafana Documentation (grafana.com/docs). https://grafana.com/docs/grafana/latest/fundamentals/
7. InfluxData Inc. (2025). Telegraf Documentation (v1). InfluxData Documentation (docs.influxdata.com). https://docs.influxdata.com/telegraf/v1/
8. OpenJS Foundation. (2025). Node-RED Documentation. nodered.org (OpenJS Foundation project). https://nodered.org/docs/
9. Open Container Initiative (Linux Foundation). (2025). OCI Image Format Specification, v1.1.1. Open Container Initiative (specs.opencontainers.org), image-spec. https://specs.opencontainers.org/image-spec/
10. Tom Preston-Werner. (2013). Semantic Versioning 2.0.0. semver.org specification. https://semver.org/
11. ISPE (International Society for Pharmaceutical Engineering). (2022). ISPE GAMP 5: A Risk-Based Approach to Compliant GxP Computerized Systems (Second Edition). ISPE Guidance Documents (DOI 10.1002/9781946964571). https://ispe.org/publications/guidance-documents/gamp-5-guide-2nd-edition
12. U.S. Food and Drug Administration (CDRH, CBER). (2025). Computer Software Assurance for Production and Quality System Software — Final Guidance for Industry and FDA Staff. Federal Register, 90 FR (FDA-2022-D-0795), notice of availability. https://www.federalregister.gov/documents/2025/09/24/2025-18468/computer-software-assurance-for-production-and-quality-system-software-guidance-for-industry-and

3장 — 배치·장비 데이터 모델: PostgreSQL로 구현하는 ISA-88/95

1. International Society of Automation (ISA). (2010). ISA-88 (S88) Batch Control Series of Standards — Part 1: Models and Terminology (ANSI/ISA-88.00.01-2010). ISA / IEC 61512-1. https://www.isa.org/standards-and-publications/isa-standards/isa-88-standards
2. International Society of Automation (ISA); IEC TC65/SC65E. (2013). Enterprise-Control System Integration — Part 1: Models and Terminology (IEC 62264-1:2013 / ANSI/ISA-95.00.01). IEC 62264-1 (ANSI/ISA-95.00.01). https://www.isa.org/standards-and-publications/isa-standards/isa-95-standard
3. IEC; ISO TC184/SC5. (2013). IEC 62264-1:2013 Enterprise-control system integration — Part 1: Models and terminology. ISO/IEC, IEC 62264-1:2013. https://www.iso.org/standard/57308.html
4. Pablo Vegetti, Horacio P. Leone, Gabriela P. Henning. (2014). ISA-88 Formalization. A Step Towards its Integration with the ISA-95 Standard. CEUR Workshop Proceedings, Vol. 1333 (FOMI 2014, Formal Ontologies Meet Industry). https://ceur-ws.org/Vol-1333/fomi2014_4.pdf
5. MESA International. (2020). B2MML-BatchML: XML Schema implementation of ANSI/ISA-95 (IEC 62264) and ANSI/ISA-88 (IEC 61512). MESA International GitHub repository (B2MML V0700). https://github.com/MESAInternational/B2MML-BatchML
6. PostgreSQL Global Development Group. (2025). PostgreSQL Documentation: 8.14 JSON Types (json and jsonb, GIN indexing). PostgreSQL official documentation (current). https://www.postgresql.org/docs/current/datatype-json.html
7. U.S. Food and Drug Administration. (2008). 21 CFR 211.188 — Batch production and control records. U.S. Code of Federal Regulations, Title 21, Part 211, Subpart J (eCFR). https://www.ecfr.gov/current/title-21/chapter-I/subchapter-C/part-211/subpart-J/section-211.188
8. U.S. Food and Drug Administration / Cornell Legal Information Institute. (2008). 21 CFR § 211.188 — Batch production and control records (LII mirror). Cornell Law School Legal Information Institute, 21 CFR 211.188. https://www.law.cornell.edu/cfr/text/21/211.188
9. U.S. Food and Drug Administration. (2008). 21 CFR 211.184 — Component, drug product container, closure, and labeling records. U.S. Code of Federal Regulations, Title 21, Part 211, Subpart J (eCFR). https://www.ecfr.gov/current/title-21/chapter-I/subchapter-C/part-211/subpart-J/section-211.184
10. CMC Biotech Working Group. (2009). A-Mab: A Case Study in Bioprocess Development (Version 2.1). ISPE / CASSS. https://ispe.org/sites/default/files/attachments/public/a-mab-case-study-version.pdf

4장 — 이름 붙이기: 태그, 계층구조, 통합 네임스페이스(UNS)

1. Kesler Isoko, Joan L. Cordiner, Zoltan Kis, Peyman Z. Moghadam. (2024). Bioprocessing 4.0: a pragmatic review and future perspectives. Digital Discovery (Royal Society of Chemistry), DOI:10.1039/D4DD00127C. https://doi.org/10.1039/D4DD00127C
2. Medicines and Healthcare products Regulatory Agency (MHRA). (2018). MHRA GXP Data Integrity Guidance and Definitions, Revision 1 (March 2018). MHRA (UK GxP data integrity guidance). https://assets.publishing.service.gov.uk/media/5aa2b9ede5274a3e391e37f3/MHRA_GxP_data_integrity_guide_March_edited_Final.pdf
3. U.S. Food and Drug Administration (FDA). (2018). Data Integrity and Compliance With Drug CGMP: Questions and Answers — Guidance for Industry. FDA / 21 CFR Parts 211 & 212 (Final Guidance, Dec 2018). https://www.fda.gov/regulatory-information/search-fda-guidance-documents/data-integrity-and-compliance-drug-cgmp-questions-and-answers
4. International Society of Automation (ISA). (2025). ISA-95 Series of Standards: Enterprise-Control System Integration. ANSI/ISA-95 (IEC 62264); ISA-95.00.01-2025, Part 1: Models and Terminology. https://www.isa.org/standards-and-publications/isa-standards/isa-95-standard
5. Inductive Automation. (2023). What is Unified Namespace (UNS) — UNS Defined. Inductive Automation resource article. https://inductiveautomation.com/resources/article/uns-unified-namespace
6. HiveMQ. (2023). Implementing Unified Namespace (UNS) With MQTT Sparkplug. HiveMQ technical documentation / blog. https://www.hivemq.com/blog/implementing-unified-namespace-uns-mqtt-sparkplug/
7. OASIS (eds. Andrew Banks, Rahul Gupta). (2014). MQTT Version 3.1.1 (OASIS Standard; ISO/IEC 20922:2016). OASIS Standard / ISO/IEC 20922:2016. https://www.oasis-open.org/standard/mqttv3-1-1/
8. HiveMQ. (2024). MQTT Topics, Wildcards, & Best Practices – MQTT Essentials: Part 5. HiveMQ MQTT Essentials (project/technical documentation). https://www.hivemq.com/blog/mqtt-essentials-part-5-mqtt-topics-best-practices/
9. Eclipse Sparkplug Contributors / Eclipse Foundation. (2022). Sparkplug 3.0.0 Specification. Eclipse Foundation Specification (Sparkplug Working Group), v3.0.0. https://sparkplug.eclipse.org/specification/version/3.0/documents/sparkplug-specification-3.0.0.pdf
10. International Society of Automation (ISA). (2024). ISA-5.1, Instrumentation Symbols and Identification (Instrumentation and Control Symbols). ANSI/ISA-5.1 (ISA5.1 standards committee). https://www.isa.org/standards-and-publications/isa-standards/isa-standards-committees/isa5-1
11. International Society of Automation (ISA). (2017). Enterprise-Control System Integration – Part 7: Alias Service Model. ANSI/ISA-95.00.07-2017 (Alias Service Model, ASM). https://www.isa.org/products/ansi-isa-95-00-07-2017-enterprise-control-system-i

5장 — OT의 언어: OPC UA, MQTT, 그리고 Sparkplug B

1. International Electrotechnical Commission (IEC) / OPC Foundation. (2020). OPC Unified Architecture - Part 1: Overview and Concepts (IEC 62541-1:2020). IEC 62541-1, OPC Foundation specification OPC 10000-1. https://opcfoundation.org/developer-tools/documents/view/158
2. OPC Foundation. (2025). OPC Unified Architecture - Part 2: Security Model (OPC 10000-2). OPC Foundation specification OPC 10000-2, v1.05.06 (also IEC 62541-2). https://reference.opcfoundation.org/Core/Part2/v105/docs/
3. Dahlmanns M, Lohmoller J, Fink IB, Pennekamp J, Wehrle K, Henze M. (2020). Easing the Conscience with OPC UA: An Internet-Wide Study on Insecure Deployments. Proceedings of the ACM Internet Measurement Conference (IMC '20), pp. 101-110. https://doi.org/10.1145/3419394.3423666
4. OASIS Message Queuing Telemetry Transport (MQTT) Technical Committee (Banks A, Briggs E, Borgendale K, Gupta R, eds.). (2019). MQTT Version 5.0 - OASIS Standard. OASIS Standard, 07 March 2019 (MQTT v3.1.1 is also published as ISO/IEC 20922:2016). https://docs.oasis-open.org/mqtt/mqtt/v5.0/os/mqtt-v5.0-os.html
5. Eclipse Sparkplug Contributors / Eclipse Foundation. (2022). Sparkplug 3.0.0 Specification (Sparkplug B). Eclipse Foundation, Sparkplug Working Group, version 3.0.0 (2022-11-16). https://sparkplug.eclipse.org/specification/version/3.0/documents/sparkplug-specification-3.0.0.pdf
6. open62541 project / o6 Automation GmbH. (2026). open62541 - Open Source C99 implementation of OPC UA. open62541 project documentation and source (MPL v2.0). https://www.open62541.org/
7. node-opcua project (Etienne Rossignon et al.). (2026). node-opcua - OPC UA stack for Node.js / TypeScript. node-opcua official documentation and source (MIT License). https://node-opcua.github.io/
8. FreeOpcUa project (opcua-asyncio / asyncua). (2026). opcua-asyncio: asyncio-based OPC UA / IEC 62541 client and server for Python. FreeOpcUa GitHub repository (LGPL-3.0). https://github.com/FreeOpcUa/opcua-asyncio
9. Eclipse Mosquitto project / Eclipse Foundation (Roger Light et al.). (2026). Eclipse Mosquitto - An open source MQTT broker. Eclipse Foundation project site (EPL/EDL); implements MQTT 5.0, 3.1.1, 3.1 with TLS. https://mosquitto.org/
10. Eclipse Tahu project / Eclipse Foundation. (2026). Eclipse Tahu - Reference implementations of the Sparkplug specification. Eclipse Tahu GitHub repository (EPL-2.0). https://github.com/eclipse-tahu/tahu
11. European Commission - EudraLex Volume 4 (EU GMP). (2011). EudraLex Volume 4, Annex 11: Computerised Systems. European Commission, EU Guidelines to Good Manufacturing Practice, effective 30 June 2011. https://health.ec.europa.eu/system/files/2016-11/annex11_01-2011_en_0.pdf
12. U.S. Food and Drug Administration (FDA). (1997). 21 CFR Part 11 - Electronic Records; Electronic Signatures. U.S. Code of Federal Regulations, Title 21, Chapter I, Subchapter A, Part 11. https://www.ecfr.gov/current/title-21/chapter-I/subchapter-A/part-11

6장 — 엣지 게이트웨이: Node-RED·Telegraf·NiFi로 현장 데이터 라우팅

1. International Electrotechnical Commission (IEC) / OPC Foundation. (2020). IEC TR 62541-1:2020, OPC Unified Architecture — Part 1: Overview and Concepts. IEC 62541-1 (OPC UA series). https://webstore.iec.ch/en/publication/61109
2. Yan Ai, Yuesheng Zhu, Yao Jiang, Yuanzhao Deng. (2026). MIGS: A Modular Edge Gateway with Instance-Based Isolation for Heterogeneous Industrial IoT Interoperability. Sensors (MDPI), 26(1):314. https://doi.org/10.3390/s26010314
3. Cornel Ventuneac, Vasile Gheorghita Gaitan. (2024). Industrial Internet of Things Gateway with OPC UA Based on Sitara AM335X with ModbusE Acquisition Cycle Performance Analysis. Sensors (MDPI), 24(7):2072. https://doi.org/10.3390/s24072072
4. OpenJS Foundation / Node-RED Project. (2024). Node-RED Documentation (User Guide and Concepts). nodered.org official documentation. https://nodered.org/docs/user-guide/
5. InfluxData. (2025). Telegraf Documentation. docs.influxdata.com (Telegraf v1). https://docs.influxdata.com/telegraf/v1/
6. Apache Software Foundation. (2024). Apache NiFi In Depth — Provenance Repository and Data Lineage / Chain of Custody. Apache NiFi official documentation. https://nifi.apache.org/docs/nifi-docs/html/nifi-in-depth.html
7. Timothy Lebo, Satya Sahoo, Deborah McGuinness (eds.), W3C Provenance Working Group. (2013). PROV-O: The PROV Ontology (W3C Recommendation, 30 April 2013). World Wide Web Consortium (W3C) Recommendation. https://www.w3.org/TR/prov-o/
8. Apache Software Foundation. (2024). Apache MiNiFi (subproject of Apache NiFi) — Project Overview. Apache NiFi official project page. https://nifi.apache.org/projects/minifi/
9. Medicines and Healthcare products Regulatory Agency (MHRA). (2018). GXP Data Integrity Guidance and Definitions, Revision 1. MHRA (UK) Guidance. https://assets.publishing.service.gov.uk/media/5aa2b9ede5274a3e391e37f3/MHRA_GxP_data_integrity_guide_March_edited_Final.pdf
10. U.S. Food and Drug Administration (FDA). (2018). Data Integrity and Compliance With Drug CGMP: Questions and Answers (Guidance for Industry). FDA Guidance / Docket FDA-2018-D-3984. https://www.fda.gov/media/119267/download
11. Andrew Banks, Rahul Gupta (eds.), OASIS MQTT Technical Committee. (2014). MQTT Version 3.1.1 (OASIS Standard; also ISO/IEC 20922:2016). OASIS Standard / ISO/IEC 20922. https://docs.oasis-open.org/mqtt/mqtt/v3.1.1/os/mqtt-v3.1.1-os.html

7장 — 업스트림 수집: 생산 바이오리액터

1. OPC Foundation / IEC TC65. (2020). OPC Unified Architecture - Part 1: Overview and Concepts (IEC 62541-1). IEC 62541-1; OPC Foundation specification series. https://opcfoundation.org/about/opc-technologies/opc-ua/
2. OPC Foundation. (2023). OPC UA Part 8: Data Access - Section 7.3 Data Access status codes (Good/Uncertain/Bad). OPC 10000-8 (IEC 62541-8), v1.05. https://reference.opcfoundation.org/Core/Part8/v105/docs/7.3
3. NAMUR (User Association of Automation Technology in Process Industries). (2017). NE 107: Self-Monitoring and Diagnosis of Field Devices. NAMUR Recommendation NE 107. https://www.namur.net/en/publications/news-archive/ne107-self-monitoring-and-diagnostics-of-field-devices-has-been-revised.html
4. International Society of Automation (ISA) / IEC. (2010). ANSI/ISA-88.00.01-2010 Batch Control Part 1: Models and Terminology (IEC 61512-1). ANSI/ISA-88.00.01-2010; IEC 61512-1. https://www.isa.org/products/isa-88-00-01-2010-batch-control-part-1-models
5. FreeOpcUa project. (2026). opcua-asyncio (asyncua) - Python OPC UA / IEC 62541 Client and Server documentation. FreeOpcUa, opcua-asyncio (Read the Docs / GitHub). https://opcua-asyncio.readthedocs.io/en/latest/
6. InfluxData. (2026). OPC UA Client Reader Input Plugin (inputs.opcua) - Telegraf Documentation. InfluxData Telegraf v1 documentation. https://docs.influxdata.com/telegraf/v1/input-plugins/opcua/
7. TigerData (Timescale). (2026). TimescaleDB Documentation - Hypertables, time partitioning, and continuous aggregates. TigerData / TimescaleDB official documentation. https://docs.tigerdata.com/
8. U.S. Food and Drug Administration (CDER). (2004). Guidance for Industry: PAT - A Framework for Innovative Pharmaceutical Development, Manufacturing, and Quality Assurance. FDA Guidance for Industry (PAT). https://www.fda.gov/media/71012/download
9. U.S. Food and Drug Administration. (2018). Data Integrity and Compliance With Drug CGMP: Questions and Answers - Guidance for Industry. FDA Guidance for Industry, Docket FDA-2018-D-3984. https://www.fda.gov/media/119267/download
10. UK Medicines and Healthcare products Regulatory Agency (MHRA). (2018). GXP Data Integrity Guidance and Definitions, Revision 1 (March 2018). MHRA GXP Data Integrity Guidance. https://assets.publishing.service.gov.uk/media/5aa2b9ede5274a3e391e37f3/MHRA_GxP_data_integrity_guide_March_edited_Final.pdf
11. Yee, J.C., Rehmann, M.S., Yao, G., Sowa, S.W., Aron, K.L., Tian, J., Borys, M.C., Li, Z.J. (2018). Advances in process control strategies for mammalian fed-batch cultures. Current Opinion in Chemical Engineering, vol. 22, pp. 34-41. https://doi.org/10.1016/j.coche.2018.09.002
12. Berry, B., et al. (Eyster T., Matanguihan C., et al.). (2018). Real-time monitoring of antibody glycosylation site occupancy by in situ Raman spectroscopy during bioreactor CHO cell cultures. Biotechnology Progress, vol. 34, no. 2, pp. 486-493. https://doi.org/10.1002/btpr.2604

8장 — 시드 트레인과 세포배양 오프라인 분석

1. International Electrotechnical Commission (IEC); ISA. (1997). IEC 61512-1 / ANSI/ISA-88.01 Batch Control — Part 1: Models and Terminology. IEC 61512-1:1997 (ISA-88 Part 1). https://webstore.iec.ch/publication/5530
2. ASTM International, Subcommittee E13.15 on Analytical Data. (2018). ASTM E1578-18 Standard Guide for Laboratory Informatics. ASTM International, E1578-18. https://store.astm.org/e1578-18.html
3. U.S. Food and Drug Administration. (2018). Data Integrity and Compliance With Drug CGMP: Questions and Answers — Guidance for Industry. FDA (CDER/CBER/CVM), Docket FDA-2018-D-3984. https://www.fda.gov/media/119267/download
4. UK Medicines and Healthcare products Regulatory Agency (MHRA). (2018). 'GXP' Data Integrity Guidance and Definitions, Revision 1 (March 2018). MHRA, UK Government (gov.uk). https://assets.publishing.service.gov.uk/media/5aa2b9ede5274a3e391e37f3/MHRA_GxP_data_integrity_guide_March_edited_Final.pdf
5. Pharmaceutical Inspection Co-operation Scheme (PIC/S). (2021). Good Practices for Data Management and Integrity in Regulated GMP/GDP Environments (PI 041-1). PIC/S, PI 041-1 (1 July 2021). https://picscheme.org/docview/4234
6. U.S. Food and Drug Administration. (2004). Guidance for Industry: PAT — A Framework for Innovative Pharmaceutical Development, Manufacturing, and Quality Assurance. FDA (CDER), September 2004. https://www.fda.gov/media/71012/download
7. Whelan J, Craven S, Glennon B. (2012). In situ Raman spectroscopy for simultaneous monitoring of multiple process parameters in mammalian cell culture bioreactors. Biotechnology Progress, 28(5):1355-1362; DOI 10.1002/btpr.1590. https://doi.org/10.1002/btpr.1590
8. Cadena-Herrera D, Esparza-De Lara JE, Ramírez-Ibañez ND, López-Morales CA, Pérez NO, Flores-Ortiz LF, Medina-Rivero E. (2015). Validation of three viable-cell counting methods: Manual, semi-automated, and automated. Biotechnology Reports, 7:9-16; DOI 10.1016/j.btre.2015.04.004. https://doi.org/10.1016/j.btre.2015.04.004
9. Yesudhas Dixilan / gorakhargosh and watchdog contributors. (2024). watchdog — Python API and shell utilities to monitor file system events (documentation). Read the Docs / PyPI (Apache-2.0 license). https://python-watchdog.readthedocs.io/en/stable/
10. pandas development team. (2024). Time series / date functionality — pandas User Guide. pandas documentation (BSD 3-Clause license). https://pandas.pydata.org/docs/user_guide/timeseries.html
11. PostgreSQL Global Development Group. (2024). Date/Time Types — PostgreSQL Documentation (timestamp with time zone). PostgreSQL 16 Documentation. https://www.postgresql.org/docs/current/datatype-datetime.html

9장 — 레거시·상용 스키드 연결: Modbus, Siemens S7, PLC4X

1. Modbus Organization, Inc. (2012). MODBUS Application Protocol Specification V1.1b3. Modbus Organization (modbus.org), application-layer messaging protocol specification. https://www.modbus.org/docs/Modbus_Application_Protocol_V1_1b3.pdf
2. Modbus Organization, Inc. (2021). MODBUS/TCP Security Protocol Specification (MB-TCP-Security v36). Modbus Organization (modbus.org). https://www.modbus.org/docs/MB-TCP-Security-v36_2021-07-30.pdf
3. PyModbus contributors / riptideio community. (2026). PyModbus Documentation (client, server, simulator; TCP and serial RTU). Read the Docs (official PyModbus project docs), v3.13.x. https://pymodbus.readthedocs.io/en/latest/
4. Gijs Molenaar et al. (python-snap7 project). (2025). python-snap7: a pure Python S7 communication library for Siemens S7 PLCs. Read the Docs / GitHub (gijzelaerr/python-snap7), MIT License, v3.0+. https://python-snap7.readthedocs.io/en/latest/introduction.html
5. The Apache Software Foundation (Apache PLC4X project). (2025). Apache PLC4X — the universal protocol adapter for Industrial IoT (S7 and Modbus drivers). Apache PLC4X official documentation, Apache License 2.0. https://plc4x.apache.org/plc4x/latest/users/protocols/s7.html
6. The Apache Software Foundation (Apache PLC4X project). (2025). Apache PLC4X Modbus (TCP/UDP/Serial) Driver Documentation. Apache PLC4X official documentation, Apache License 2.0. https://plc4x.apache.org/plc4x/latest/users/protocols/modbus.html
7. K. Stouffer, M. Pease, C. Tang, T. Zimmerman, V. Pillitteri, S. Lightman, A. Hahn, S. Saravia, A. Sherule, M. Thompson (NIST/MITRE). (2023). NIST Special Publication 800-82 Revision 3: Guide to Operational Technology (OT) Security. NIST Computer Security Resource Center, SP 800-82r3. https://csrc.nist.gov/pubs/sp/800/82/r3/final
8. International Electrotechnical Commission (IEC) / ISA. (2013). IEC 62443-3-3: Industrial communication networks — Network and system security — Part 3-3: System security requirements and security levels. IEC 62443-3-3 (IEC Webstore). https://webstore.iec.ch/publication/7033
9. Wael Alsabbagh, Peter Langendörfer. (2021). Vulnerability analysis of S7 PLCs: Manipulating the security mechanism. International Journal of Critical Infrastructure Protection, Vol. 35, 100470 (Elsevier). https://doi.org/10.1016/j.ijcip.2021.100470
10. U.S. Food and Drug Administration (CDRH/CBER). (2026). Computer Software Assurance for Production and Quality Management System Software (Final Guidance). FDA Guidance for Industry, Docket FDA-2022-D-0795 (supersedes Sept 2025 final guidance). https://www.fda.gov/regulatory-information/search-fda-guidance-documents/computer-software-assurance-production-and-quality-management-system-software

10장 — 다운스트림 수집: 크로마토그래피와 여과 스키드

1. International Electrotechnical Commission (IEC). (1997). IEC 61512-1:1997 Batch control - Part 1: Models and terminology. IEC 61512-1 (the international form of ANSI/ISA-88); IEC Webstore publication 5528. https://webstore.iec.ch/en/publication/5528
2. OPC Foundation / International Electrotechnical Commission (IEC). (2020). OPC Unified Architecture - the IEC 62541 series. IEC 62541 (OPC UA); OPC Foundation specification overview. https://opcfoundation.org/about/opc-technologies/opc-ua/
3. Ramos-de-la-Peña AM, González-Valdez J, Aguilar O. (2019). Protein A chromatography: Challenges and progress in the purification of monoclonal antibodies. Journal of Separation Science 42(9):1816-1827. https://doi.org/10.1002/jssc.201800963
4. FDA (U.S. Food and Drug Administration, CDER/CVM/ORA). (2004). Guidance for Industry: PAT - A Framework for Innovative Pharmaceutical Development, Manufacturing, and Quality Assurance. FDA, September 2004. https://www.fda.gov/regulatory-information/search-fda-guidance-documents/pat-framework-innovative-pharmaceutical-development-manufacturing-and-quality-assurance
5. Rathore AS, Bhambure R, Ghare V. (2010). Process analytical technology (PAT) for biopharmaceutical products. Analytical and Bioanalytical Chemistry 398(1):137-154. https://doi.org/10.1007/s00216-010-3781-x
6. Brestrich N, Hahn T, Hubbuch J (and related UV/Vis PAT group). (2019). Process Analytical Approach towards Quality Controlled Process Automation for the Downstream of Protein Mixtures by Inline Concentration Measurements Based on UV/Vis Spectral Analysis. Antibodies / NCBI PMC (open access). https://www.ncbi.nlm.nih.gov/pmc/articles/PMC6698811/
7. PostgreSQL Global Development Group. (2025). PostgreSQL Documentation (current release). postgresql.org official manual; relational model and SQL. https://www.postgresql.org/docs/current/
8. FDA (U.S. Food and Drug Administration). (2025). Questions and Answers on Current Good Manufacturing Practice Regulations - Production and Process Controls. FDA Guidance for Industry; addressing 21 CFR Part 211 in-process controls and time limits. https://www.fda.gov/drugs/guidances-drugs/questions-and-answers-current-good-manufacturing-practice-regulations-production-and-process
9. ASTM International (Committee E13.15 on Analytical Data). (2022). ASTM E1947-98(2022) Standard Specification for Analytical Data Interchange Protocol for Chromatographic Data. ASTM International; designation E1947-98(2022) (the ANDI/AIA chromatography interchange protocol). https://www.astm.org/e1947-98r22.html
10. European Commission (EudraLex, The Rules Governing Medicinal Products in the EU, Volume 4 GMP). (2011). Annex 11: Computerised Systems. EudraLex Volume 4, Good Manufacturing Practice; effective 30 June 2011. https://health.ec.europa.eu/system/files/2016-11/annex11_01-2011_en_0.pdf
11. PIC/S (Pharmaceutical Inspection Co-operation Scheme). (2021). PI 041-1 Good Practices for Data Management and Integrity in Regulated GMP/GDP Environments. PIC/S; PI 041-1, in force 1 July 2021. https://picscheme.org/docview/4234
12. OpenJS Foundation / Node-RED project. (2025). Node-RED Documentation. nodered.org official docs; low-code, event-driven flow runtime. https://nodered.org/docs/

11장 — 분석 실험실: 기기, LIMS, ELN

1. OPC Foundation, SPECTARIS, VDMA. (2023). OPC UA for Laboratory & Analytical Device Standard (LADS) – Part 1: Basics (OPC 30500-1), Version 1.0.0. OPC Foundation, OPC 30500-1. https://reference.opcfoundation.org/LADS/v100/docs/
2. Alexander Brendel, Franziska Dorfmüller, Albrecht Liebscher, Patrick Kraus, Kai Kress, Heiko Oehme, Matthias Arnold, Robert Koschitzki. (2022). Laboratory and Analytical Device Standard (LADS): A Communication Standard Based on OPC UA for Networked Laboratories. Advances in Biochemical Engineering/Biotechnology, vol. 182, pp. 175–194; DOI 10.1007/10_2022_209. https://doi.org/10.1007/10_2022_209
3. Allotrope Foundation. (2024). Allotrope Framework: ADF, Allotrope Data Models (ADM), Allotrope Foundation Ontologies (AFO) and the Allotrope Simple Model (ASM). Allotrope Foundation Technical Documentation. https://docs.allotrope.org/
4. Burkhard A. Schäfer, Dominik Poetz, Gary W. Kramer. (2004). Documenting Laboratory Workflows Using the Analytical Information Markup Language. JALA: Journal of the Association for Laboratory Automation, 9(6), 375–381; DOI 10.1016/j.jala.2004.10.003. https://doi.org/10.1016/j.jala.2004.10.003
5. AnIML / ASTM Subcommittee E13.15. (2024). AnIML – Analytical Information Markup Language (Core schema, technique schemas, technique definitions). animl.org / ASTM E13.15 on Analytical Data. https://www.animl.org/
6. Henning Bär, Remo Hochstrasser, Bernd Papenfuß. (2012). SiLA: Basic Standards for Rapid Integration in Laboratory Automation. Journal of Laboratory Automation, 17(2), 86–95; DOI 10.1177/2211068211424550. https://doi.org/10.1177/2211068211424550
7. SiLA Consortium. (2024). SiLA 2 Specification (SiLA Base): core specification, Feature Definition Language, gRPC/HTTP2 transport. SiLA Standard official documentation. https://sila2.gitlab.io/sila_base/
8. SENAITE Foundation. (2025). SENAITE.CORE – Enterprise Open Source Laboratory Information Management System (LIMS). GitHub senaite/senaite.core (GPL-2.0). https://github.com/senaite/senaite.core
9. SENAITE Community. (2019). SENAITE LIMS v1.3.2 – 21 CFR Part 11 Compliance GAP Analysis. SENAITE Community (community.senaite.org), 2019-10. https://community.senaite.org/uploads/default/original/1X/a6e03781b654c28c7844b37e34443b98b00568da.pdf
10. Deltablot (eLabFTW). (2026). eLabFTW User Guide – Trusted Timestamping (RFC 3161), Electronic Signatures (Ed25519ph), Audit Trail and Locking. eLabFTW Official Documentation (doc.elabftw.net). https://doc.elabftw.net/user-guide.html
11. C. Adams, P. Cain, D. Pinkas, R. Zuccherato (IETF PKIX WG). (2001). Internet X.509 Public Key Infrastructure Time-Stamp Protocol (TSP). IETF RFC 3161. https://www.rfc-editor.org/rfc/rfc3161
12. U.S. Food and Drug Administration. (2018). Data Integrity and Compliance With Drug CGMP: Questions and Answers – Guidance for Industry. FDA, Docket FDA-2018-D-3984 (final, Dec 2018). https://www.fda.gov/regulatory-information/search-fda-guidance-documents/data-integrity-and-compliance-drug-cgmp-questions-and-answers
13. U.S. Food and Drug Administration. (1997). 21 CFR Part 11 – Electronic Records; Electronic Signatures. Code of Federal Regulations, Title 21, Part 11. https://www.ecfr.gov/current/title-21/chapter-I/subchapter-A/part-11

12장 — 충전·포장과 환경 모니터링

1. OPC Foundation; OMAC (Organization for Machine Automation and Control). (2020). OPC UA for PackML - Common Object Model: PackML (Release 1.01). OPC Foundation, OPC 30050 (OPC UA Companion Specification); namespace http://opcfoundation.org/UA/PackML/. https://reference.opcfoundation.org/PackML/v101/docs/
2. OPC Foundation; OMAC. (2020). OPC UA for PackML - Common Object Model: PackML, Section 4.2 PackML Overview. OPC Foundation, OPC 30050; references ISA-TR88.00.02-2015. https://reference.opcfoundation.org/specs/OPC-30050/4.2
3. GS1. (2026). GS1 General Specifications (the foundational standard defining GTIN, the Serialized GTIN/SGTIN via Application Identifier (21), lot (10) and expiry (17)). GS1 (GS1 Reference / ref.gs1.org), Release 26.0. https://ref.gs1.org/standards/genspecs/
4. U.S. Food and Drug Administration (FDA). (2010). Standards for Securing the Drug Supply Chain - Standardized Numerical Identification for Prescription Drug Packages; Guidance for Industry. FDA Guidance for Industry (Section 505D FD&C Act); serialized NDC as the package-level SNI. https://www.fda.gov/regulatory-information/search-fda-guidance-documents/standards-securing-drug-supply-chain-standardized-numerical-identification-prescription-drug
5. European Commission (EudraLex Volume 4, GMP). (2022). EU GMP Annex 1: Manufacture of Sterile Medicinal Products (C(2022) 5938 final). European Commission, EudraLex Volume 4 Annex 1; in operation 25 Aug 2023. https://health.ec.europa.eu/system/files/2022-08/20220825_gmp-an1_en_0.pdf
6. International Organization for Standardization (ISO), TC 209. (2015). ISO 14644-1:2015 Cleanrooms and associated controlled environments — Part 1: Classification of air cleanliness by particle concentration. ISO 14644-1:2015 (reviewed and confirmed 2021). https://www.iso.org/standard/53394.html
7. Medicines and Healthcare products Regulatory Agency (MHRA). (2018). MHRA GXP Data Integrity Guidance and Definitions, Revision 1. MHRA (UK), March 2018. https://assets.publishing.service.gov.uk/media/5aa2b9ede5274a3e391e37f3/MHRA_GxP_data_integrity_guide_March_edited_Final.pdf
8. Pharmaceutical Inspection Co-operation Scheme (PIC/S). (2021). Good Practices for Data Management and Integrity in Regulated GMP/GDP Environments (PI 041-1). PIC/S PI 041-1 (entered into force 1 July 2021). https://picscheme.org/en/news/adoption-and-entry-into-force-of-pics-guidance-on-good-pract
9. InfluxData. (2026). Telegraf — agent for collecting, processing, aggregating and writing metrics (MIT license). InfluxData, GitHub (influxdata/telegraf). https://github.com/influxdata/telegraf
10. VictoriaMetrics. (2026). VictoriaMetrics documentation — time series database and monitoring solution (cardinality explorer / cardinality limiter). VictoriaMetrics (Apache-2.0). https://docs.victoriametrics.com/
11. python-snap7 maintainers (Gijs Molenaar et al.). (2025). python-snap7 — Python S7 communication library for interfacing with Siemens S7 PLCs (MIT license). GitHub (gijzelaerr/python-snap7). https://github.com/gijzelaerr/python-snap7
12. K. Rao Gurijala; Andrew Barnett. (2021). Statistical Method for Trending of Excursions in Clean Room Microbiological Monitoring Data. PDA Journal of Pharmaceutical Science and Technology, 75(5):407-424; DOI 10.5731/pdajpst.2020.011791; PMID 33608470. https://doi.org/10.5731/pdajpst.2020.011791

13장 — 오픈소스 히스토리안: 시계열 저장소 선택과 운영

1. Timescale, Inc. (TigerData). (2025). TimescaleDB LICENSE — Apache License 2.0 (core) and Timescale License (TSL, 'tsl' directory). GitHub: timescale/timescaledb (LICENSE file). https://github.com/timescale/timescaledb/blob/main/LICENSE
2. Timescale, Inc. (TigerData). (2025). Data retention — automatically drop old time-series data with add_retention_policy and drop_chunks. TimescaleDB official documentation. https://www.tigerdata.com/docs/use-timescale/latest/data-retention
3. Apache Software Foundation (Apache IoTDB project). (2025). Apache IoTDB Introduction — an Apache-2.0, IoT-native time-series database with a device/measurement data model and the TsFile format. Apache IoTDB official documentation (User Guide). https://iotdb.apache.org/UserGuide/latest-Table/IoTDB-Introduction/IoTDB-Introduction_apache.html
4. InfluxData, Inc. (2025). InfluxDB 3 Core — open-source time-series engine (MIT or Apache 2.0) built on Apache Arrow, DataFusion and Parquet. GitHub: influxdata/influxdb (repository README / license). https://github.com/influxdata/influxdb
5. QuestDB Ltd. (2025). QuestDB — high-performance open-source time-series database (Apache 2.0) with SQL time-series extensions (SAMPLE BY, LATEST ON, ASOF JOIN). GitHub: questdb/questdb (repository README / LICENSE.txt). https://github.com/questdb/questdb
6. Ellis H. Bristol (assignor). (1987). Data compression for display and storage (the 'swinging door' algorithm), US Patent 4,669,097. United States Patent and Trademark Office (USPTO). https://patents.google.com/patent/US4669097A/en
7. Juan David Arias Correa, Alex Sandro Roschildt Pinto, Carlos Montez, Erico Meneses Leao. (2019). Swinging Door Trending Compression Algorithm for IoT Environments. Anais Estendidos do IX Simposio Brasileiro de Engenharia de Sistemas Computacionais (SBESC), SBC, pp. 143-148; DOI 10.5753/sbesc_estendido.2019.8650. https://doi.org/10.5753/sbesc_estendido.2019.8650
8. U.S. Food and Drug Administration. (2024). 21 CFR 211.180 — General requirements (records retained at least 1 year after batch expiration; records may be kept as original or true copies). U.S. Code of Federal Regulations, Title 21 Part 211 Subpart J (eCFR). https://www.ecfr.gov/current/title-21/chapter-I/subchapter-C/part-211/subpart-J/section-211.180
9. European Commission, Health and Consumers Directorate-General. (2011). EudraLex Volume 4, GMP Annex 11: Computerised Systems (Data Storage clause 7 and Archiving clause 17). European Commission, EudraLex Volume 4 GMP guidelines. https://health.ec.europa.eu/system/files/2016-11/annex11_01-2011_en_0.pdf
10. Pacific Northwest National Laboratory (M. Kintner-Meyer et al.). (2021). Impacts of Swinging Door Lossy Compression of Synchrophasor Data. U.S. DOE Office of Scientific and Technical Information (OSTI), report 1851743. https://www.osti.gov/biblio/1851743

14장 — 맥락화: 시계열을 배치에 결합하기

1. International Society of Automation (ISA). (2010). ANSI/ISA-88.00.01-2010, Batch Control Part 1: Models and Terminology (adopted internationally as IEC 61512-1). ISA / IEC 61512-1. https://www.isa.org/standards-and-publications/isa-standards/isa-88-standards
2. International Society of Automation (ISA). (2025). ANSI/ISA-95.00.01-2025 (IEC 62264-1 Mod), Enterprise-Control System Integration Part 1: Models and Terminology. ISA / IEC 62264-1. https://www.isa.org/products/ansi-isa-95-00-01-2025-iec-62264-1-mod-enterprise
3. MESA International. (2020). B2MML-BatchML: XML schema implementation of the ANSI/ISA-95 / IEC 62264 family of standards (Version 7). MESA International, GitHub repository MESAInternational/B2MML-BatchML. https://github.com/MESAInternational/B2MML-BatchML
4. Nomikos P, MacGregor JF. (1994). Monitoring batch processes using multiway principal component analysis. AIChE Journal 40(8):1361-1375. https://doi.org/10.1002/aic.690400809
5. Ündey C, Ertunç S, Çınar A. (2003). Online batch/fed-batch process performance monitoring, quality prediction, and variable-contribution analysis for diagnosis. Industrial & Engineering Chemistry Research 42(20):4645-4658. https://doi.org/10.1021/ie0208218
6. Tiger Data (TimescaleDB). (2025). About continuous aggregates. TimescaleDB / Tiger Data Documentation. https://www.tigerdata.com/docs/use-timescale/latest/continuous-aggregates/about-continuous-aggregates
7. PostgreSQL Global Development Group. (2025). CREATE MATERIALIZED VIEW (PostgreSQL documentation, current version). PostgreSQL 18 Documentation. https://www.postgresql.org/docs/current/sql-creatematerializedview.html
8. PostgreSQL Global Development Group. (2025). postgres_fdw — access data stored in external PostgreSQL servers. PostgreSQL 18 Documentation, Appendix F. https://www.postgresql.org/docs/current/postgres-fdw.html
9. Grafana Labs. (2025). PostgreSQL data source. Grafana Documentation. https://grafana.com/docs/grafana/latest/datasources/postgres/
10. FDA (U.S. Food and Drug Administration). (2011). Guidance for Industry — Process Validation: General Principles and Practices. FDA CDER/CBER/CVM, January 2011. https://www.fda.gov/files/drugs/published/Process-Validation--General-Principles-and-Practices.pdf
11. ICH (International Council for Harmonisation). (2008). ICH Harmonised Tripartite Guideline Q10: Pharmaceutical Quality System. ICH, Current Step 4 version, June 2008. https://database.ich.org/sites/default/files/Q10%20Guideline.pdf

15장 — Grafana로 시각화와 트렌딩

1. Maruthamuthu, M.K.; Rudge, S.R.; Ardekani, A.M.; Ladisch, M.R.; Verma, M.S. (2020). Process Analytical Technologies and Data Analytics for the Manufacture of Monoclonal Antibodies. Trends in Biotechnology 38(10), DOI:10.1016/j.tibtech.2020.07.004. https://doi.org/10.1016/j.tibtech.2020.07.004
2. Grafana Labs. (2026). Provision Grafana. Grafana Documentation (latest). https://grafana.com/docs/grafana/latest/administration/provisioning/
3. Grafana Labs. (2026). Deploy, configure and provision Grafana with as-code workflows. Grafana Documentation (latest). https://grafana.com/docs/grafana/latest/as-code/
4. Grafana Labs. (2026). Grafana Alerting. Grafana Documentation (latest). https://grafana.com/docs/grafana/latest/alerting/
5. U.S. Food and Drug Administration. (1997). 21 CFR Part 11 — Electronic Records; Electronic Signatures (esp. 11.10(b) accurate and complete copies; 11.10(e) time-stamped audit trails). Electronic Code of Federal Regulations (eCFR), Title 21 Part 11. https://www.ecfr.gov/current/title-21/chapter-I/subchapter-A/part-11
6. European Commission, DG Health and Food Safety. (2011). EudraLex Volume 4, Annex 11: Computerised Systems. EudraLex — The Rules Governing Medicinal Products in the EU, Vol. 4 GMP. https://health.ec.europa.eu/system/files/2016-11/annex11_01-2011_en_0.pdf
7. U.S. Food and Drug Administration (CDER/CBER/CVM). (2018). Data Integrity and Compliance With Drug CGMP: Questions and Answers — Guidance for Industry. FDA Guidance (Docket FDA-2018-D-3984). https://www.fda.gov/media/119267/download
8. UK Medicines and Healthcare products Regulatory Agency (MHRA). (2018). GXP Data Integrity Guidance and Definitions, Revision 1. MHRA / gov.uk. https://assets.publishing.service.gov.uk/media/5aa2b9ede5274a3e391e37f3/MHRA_GxP_data_integrity_guide_March_edited_Final.pdf
9. Raj Dutt / Grafana Labs. (2021). Grafana, Loki, and Tempo will be relicensed to AGPLv3. Grafana Labs Blog. https://grafana.com/blog/2021/04/20/grafana-loki-tempo-relicensing-to-agplv3/
10. Free Software Foundation (OSI-approved). (2007). GNU Affero General Public License version 3 (AGPL-3.0), Section 13 Remote Network Interaction. Open Source Initiative. https://opensource.org/license/agpl-v3

16장 — 의미론과 디지털 스레드: 온톨로지와 지식그래프

1. Richard Cyganiak, David Wood, Markus Lanthaler (eds.). (2014). RDF 1.1 Concepts and Abstract Syntax. W3C Recommendation, 25 February 2014. https://www.w3.org/TR/rdf11-concepts/
2. Steve Harris, Andy Seaborne (eds.), W3C SPARQL Working Group. (2013). SPARQL 1.1 Query Language. W3C Recommendation, 21 March 2013. https://www.w3.org/TR/sparql11-query/
3. Holger Knublauch, Dimitris Kontokostas (eds.), W3C RDF Data Shapes Working Group. (2017). Shapes Constraint Language (SHACL). W3C Recommendation, 20 July 2017. https://www.w3.org/TR/shacl/
4. Allotrope Foundation. (2024). Allotrope Framework Technical Reference (Allotrope Foundation Ontologies AFO, Data Models ADM, and Data Format ADF). Allotrope Foundation official documentation. https://docs.allotrope.org/
5. QUDT.org. (2024). QUDT - Quantities, Units, Dimensions and Types Ontology (Schema and Vocabularies). QUDT.org official documentation (qudt.org/2.1). https://www.qudt.org/pages/QUDToverviewPage.html
6. Industrial Ontologies Foundry (IOF) / OAGi. (2026). IOF Ontologies (IOF Core mid-level ontology and BMIC Biopharma release), GitHub releases. Industrial Ontologies Foundry official ontology releases (spec.industrialontologies.org -> github.com/iofoundry/ontology). https://github.com/iofoundry/ontology/releases/
7. Milos Drobnjakovic, Boonserm Kulvatunyou, Farhad Ameri, Chris Will, Barry Smith, Albert T. Jones. (2022). The Industrial Ontologies Foundry (IOF) Core Ontology. Formal Ontologies Meet Industry (FOMI) 2022, Tarbes, France (NIST publication pub_id 935068). https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=935068
8. Apache Software Foundation (Apache Jena project). (2024). Apache Jena Fuseki - a SPARQL 1.1 server with TDB persistent triple store. Apache Jena official documentation. https://jena.apache.org/documentation/fuseki2/
9. RDFLib project contributors. (2024). RDFLib - a Python library for working with RDF (Graph API and SPARQL 1.1). RDFLib official documentation (Read the Docs) / GitHub. https://rdflib.readthedocs.io/
10. Oxigraph project (Tpt and contributors). (2026). Oxigraph - a SPARQL graph database (SPARQL 1.1 Query/Update, RocksDB-backed). Oxigraph official repository and documentation. https://github.com/oxigraph/oxigraph
11. Mark D. Wilkinson, Michel Dumontier, IJsbrand Jan Aalbersberg, et al. (2016). The FAIR Guiding Principles for scientific data management and stewardship. Scientific Data 3:160018 (Nature). https://doi.org/10.1038/sdata.2016.18
12. Tasnim A. Abdel-Aty, Elisa Negri. (2024). Conceptualizing the digital thread for smart manufacturing: a systematic literature review. Journal of Intelligent Manufacturing 35(8):3629-3653, Springer. https://doi.org/10.1007/s10845-024-02407-1
13. S. Bhowmik, M. Anandakrishnan, L. Klein, et al. (2026). Integrating text mining and knowledge graph to enhance biopharmaceutical process optimization. PLOS ONE 21(1): e0339197. https://doi.org/10.1371/journal.pone.0339197

17장 — 상용 히스토리안 연동: AVEVA/OSIsoft PI

1. AVEVA (OSIsoft). (2024). PI Asset Framework (PI AF) — Overview. OSIsoft/AVEVA Tech Support (techsupport.osisoft.com). https://techsupport.osisoft.com/Products/Layered%20Products/PI-AF/Overview
2. International Council for Harmonisation (ICH). (2023). ICH Harmonised Guideline Q9(R1): Quality Risk Management. ICH / EMA (Step 5, effective 26 July 2023). https://www.ema.europa.eu/en/documents/scientific-guideline/international-conference-harmonisation-technical-requirements-registration-pharmaceuticals-human-use-ich-guideline-q9-r1-quality-risk-management-step-5-revision-2_en.pdf
3. U.S. Food and Drug Administration (CDRH/CBER). (2025). Computer Software Assurance for Production and Quality System Software; Guidance for Industry and FDA Staff (final). Federal Register Vol. 90 (Sept 24, 2025); Docket FDA-2022-D-0795. https://www.federalregister.gov/documents/2025/09/24/2025-18468/computer-software-assurance-for-production-and-quality-system-software-guidance-for-industry-and
4. Chen, Y.; Yang, O.; Sampat, C.; Bhalode, P.; Ramachandran, R.; Ierapetritou, M. (2020). Digital Twins in Pharmaceutical and Biopharmaceutical Manufacturing: A Literature Review. Processes 8(9):1088, MDPI. https://doi.org/10.3390/pr8091088
5. Medicines and Healthcare products Regulatory Agency (MHRA). (2018). 'GXP' Data Integrity Guidance and Definitions, Revision 1. MHRA, UK Government (assets.publishing.service.gov.uk). https://assets.publishing.service.gov.uk/media/5aa2b9ede5274a3e391e37f3/MHRA_GxP_data_integrity_guide_March_edited_Final.pdf
6. AVEVA (OSIsoft). (2024). PI Web API Reference. AVEVA Documentation (docs.aveva.com). https://docs.aveva.com/bundle/pi-web-api-reference/page/help.html
7. AVEVA (OSIsoft). (2024). PI Connector for OPC UA (Gen 2) — Documentation. AVEVA Documentation (docs.aveva.com). https://docs.aveva.com/bundle/pi-connector-for-opc-ua-gen-2/page/1046458.html
8. OPC Foundation. (2017). OPC Unified Architecture (OPC UA) — technology overview (IEC 62541). OPC Foundation (opcfoundation.org), standardized as IEC 62541. https://opcfoundation.org/about/opc-technologies/opc-ua/
9. InfluxData. (2024). OPC UA Client Reader Input Plugin (inputs.opcua) — Telegraf Documentation. InfluxData Telegraf Documentation (docs.influxdata.com). https://docs.influxdata.com/telegraf/v1/input-plugins/opcua/
10. OPC Foundation. (2020). OPC Unified Architecture — Part 11: Historical Access (OPC 10000-11). OPC Foundation Online Reference; IEC 62541-11:2020. https://reference.opcfoundation.org/Core/Part11/v104/docs/
11. Apache Software Foundation. (2024). InvokeHTTP — Apache NiFi Processor Documentation. Apache NiFi (nifi.apache.org). https://nifi.apache.org/components/org.apache.nifi.processors.standard.InvokeHTTP/
12. ISPE (International Society for Pharmaceutical Engineering). (2022). GAMP 5: A Risk-Based Approach to Compliant GxP Computerized Systems (Second Edition). ISPE Guidance Documents (DOI 10.1002/9781946964571). https://guidance-docs.ispe.org/doi/book/10.1002/9781946964571

18장 — DCS·MES·ERP 연동: DeltaV, Siemens, SAP

1. International Society of Automation (ISA). (2025). ANSI/ISA-95.00.01-2025 (IEC 62264-1 Mod), Enterprise-Control System Integration — Part 1: Models and Terminology. International Society of Automation; ANSI/ISA-95 / IEC 62264-1. https://www.isa.org/products/ansi-isa-95-00-01-2025-iec-62264-1-mod-enterprise
2. MESA International (Manufacturing Enterprise Solutions Association). (2020). B2MML-BatchML: Business To Manufacturing Markup Language, an XML implementation of ANSI/ISA-95 (IEC 62264), Version 7. MESA International (official GitHub repository, royalty-free with attribution). https://github.com/MESAInternational/B2MML-BatchML
3. MESA International. (2024). B2MML — Business to Manufacturing Markup Language (topic page and licensing). MESA International. https://mesa.org/topics-resources/b2mml/
4. OPC Foundation. (2025). OPC Unified Architecture — Part 1: Overview and Concepts (OPC 10000-1 / IEC 62541-1), Release 1.05.06. OPC Foundation; IEC 62541-1. https://reference.opcfoundation.org/Core/Part1/v105/docs/
5. Emerson Automation Solutions. (2024). DeltaV Edge — Developer Guide: Connecting to the DeltaV Edge OPC UA Server. Emerson (EmersonDeltaV/deltav-edge GitHub repository). https://github.com/EmersonDeltaV/deltav-edge/blob/main/developer-guide/opc-ua/opc-ua.md
6. Siemens AG. (2024). OPC UA — Structured data up to the cloud (industrial communication for SIMATIC controllers). Siemens AG (official product documentation). https://www.siemens.com/global/en/products/automation/industrial-communication/opc-ua.html
7. Apache PLC4X (The Apache Software Foundation). (2024). Apache PLC4X — S7 (Step7) Protocol Driver Documentation. The Apache Software Foundation (Apache 2.0 license). https://plc4x.apache.org/plc4x/latest/users/protocols/s7.html
8. Sterfive / node-opcua project. (2024). node-opcua — OPC UA SDK for Node.js (client and server documentation). node-opcua open-source project (MIT license, GitHub). https://github.com/node-opcua/node-opcua
9. SAP SE. (2024). OData API: Production Order (Version 2) — API_PRODUCTION_ORDER_2_SRV. SAP Help Portal (SAP S/4HANA). https://help.sap.com/docs/SAP_S4HANA_ON-PREMISE/f296651f454c4284ade361292c633d69/70b20b5323164db1b560d7fee1eabb15.html
10. SAP SE. (2023). IDoc (Intermediate Document) Overview. SAP Help Portal. https://help.sap.com/docs/SUPPORT_CONTENT/abapconn/3354079801.html
11. Foued Cheikhrouhou; et al. (eds. K. Mertins, R. Jardim-Gonçalves, K. Popplewell, J. P. Mendonça). (2016). PLM Standards Modelling for Enterprise Interoperability: A Manufacturing Case Study for ERP and MES Systems Integration Based on ISA-95. Enterprise Interoperability VII (Proceedings of I-ESA), Springer; DOI 10.1007/978-3-662-47157-9_14. https://doi.org/10.1007/978-3-662-47157-9_14
12. International Society for Pharmaceutical Engineering (ISPE) GAMP. (2022). ISPE GAMP 5: A Risk-Based Approach to Compliant GxP Computerized Systems (Second Edition). ISPE (GAMP 5 Guide, 2nd ed., July 2022). https://ispe.org/publications/guidance-documents/gamp-5-guide-2nd-edition

19장 — 상용·오픈소스 LIMS 연동

1. ASTM International, Subcommittee E13.15 on Analytical Data. (2018). ASTM E1578-18: Standard Guide for Laboratory Informatics. ASTM International, designation E1578-18 (DOI 10.1520/E1578-18). https://www.astm.org/e1578-18.html
2. U.S. Food and Drug Administration (FDA). (2025). 21 CFR 211.165 — Testing and release for distribution. Electronic Code of Federal Regulations (eCFR), Title 21, Part 211, Subpart I. https://www.ecfr.gov/current/title-21/chapter-I/subchapter-C/part-211/subpart-I/section-211.165
3. U.S. Food and Drug Administration (FDA). (2025). 21 CFR 211.194 — Laboratory records. Electronic Code of Federal Regulations (eCFR), Title 21, Part 211, Subpart J. https://www.ecfr.gov/current/title-21/chapter-I/subchapter-C/part-211/subpart-J/section-211.194
4. Medicines and Healthcare products Regulatory Agency (MHRA). (2018). 'GXP' Data Integrity Guidance and Definitions, Revision 1, March 2018. MHRA (UK), assets.publishing.service.gov.uk. https://assets.publishing.service.gov.uk/media/5aa2b9ede5274a3e391e37f3/MHRA_GxP_data_integrity_guide_March_edited_Final.pdf
5. RIDING BYTES & NARALABS (SENAITE project). (2026). SENAITE — Open Source LIMS for serious laboratories. Official SENAITE project site (senaite.com); released under GNU GPL v2.0. https://www.senaite.com/
6. SENAITE project. (2026). senaite.jsonapi — CRUD over the SENAITE JSON API. SENAITE JSON API documentation (Read the Docs). https://senaitejsonapi.readthedocs.io/en/latest/crud.html
7. ETH Zurich Scientific IT Services (openBIS project). (2026). pyBIS — Python interface to the openBIS V3 API. openBIS documentation (Read the Docs). https://openbis.readthedocs.io/en/latest/software-developer-documentation/apis/python-v3-api.html
8. LabKey Corporation. (2026). Electronic Signatures / Sign Data. LabKey Server Documentation (labkey.org). https://www.labkey.org/Documentation/wiki-page.view?name=eSignatures
9. LabKey Corporation. (2026). LabKey Server Editions. LabKey Server Documentation (labkey.org). https://www.labkey.org/Documentation/wiki-page.view?name=labkeyServerEditions
10. International Society for Pharmaceutical Engineering (ISPE). (2022). ISPE GAMP 5: A Risk-Based Approach to Compliant GxP Computerized Systems (Second Edition). ISPE (DOI 10.1002/9781946964571). https://guidance-docs.ispe.org/doi/book/10.1002/9781946964571
11. U.S. Food and Drug Administration (FDA). (2025). 21 CFR Part 11 — Electronic Records; Electronic Signatures. Electronic Code of Federal Regulations (eCFR), Title 21, Part 11. https://www.ecfr.gov/current/title-21/chapter-I/subchapter-A/part-11

20장 — 설계로 구현하는 ALCOA+: 코드 속 데이터 무결성

1. U.S. Food and Drug Administration (FDA). (2018). Data Integrity and Compliance With Drug CGMP: Questions and Answers — Guidance for Industry. FDA Guidance for Industry, Docket FDA-2018-D-3984 (December 2018). https://www.fda.gov/regulatory-information/search-fda-guidance-documents/data-integrity-and-compliance-drug-cgmp-questions-and-answers
2. U.S. Food and Drug Administration (FDA) / National Archives — eCFR. (2026). 21 CFR Part 11 — Electronic Records; Electronic Signatures. U.S. Code of Federal Regulations, Title 21, Part 11 (eCFR, current). https://www.ecfr.gov/current/title-21/chapter-I/subchapter-A/part-11
3. European Commission (EudraLex Volume 4, EU GMP). (2011). Annex 11: Computerised Systems — EU Guidelines to Good Manufacturing Practice, Medicinal Products for Human and Veterinary Use. EudraLex, The Rules Governing Medicinal Products in the EU, Volume 4 (in force 30 June 2011). https://health.ec.europa.eu/system/files/2016-11/annex11_01-2011_en_0.pdf
4. Pharmaceutical Inspection Co-operation Scheme (PIC/S). (2021). Good Practices for Data Management and Integrity in Regulated GMP/GDP Environments (PI 041-1). PIC/S Guidance PI 041-1, 1 July 2021. https://picscheme.org/docview/4234
5. UK Medicines and Healthcare products Regulatory Agency (MHRA). (2018). 'GXP' Data Integrity Guidance and Definitions, Revision 1: March 2018. MHRA, Crown Copyright (9 March 2018). https://assets.publishing.service.gov.uk/media/5aa2b9ede5274a3e391e37f3/MHRA_GxP_data_integrity_guide_March_edited_Final.pdf
6. Krishna Kulkarni; Jan-Eike Michels. (2012). Temporal features in SQL:2011. ACM SIGMOD Record, Vol. 41(3), pp. 34–43, DOI 10.1145/2380776.2380786. https://doi.org/10.1145/2380776.2380786
7. Stuart Haber; W. Scott Stornetta. (1991). How to time-stamp a digital document. Journal of Cryptology, Vol. 3, pp. 99–111, DOI 10.1007/BF00196791. https://doi.org/10.1007/BF00196791
8. PostgreSQL Global Development Group. (2026). PL/pgSQL — Trigger Functions (Chapter 41.10). PostgreSQL 18 Documentation. https://www.postgresql.org/docs/current/plpgsql-trigger.html
9. PostgreSQL Global Development Group. (2026). pgcrypto — Cryptographic Functions (Appendix F.26). PostgreSQL 18 Documentation. https://www.postgresql.org/docs/current/pgcrypto.html
10. pytest developers (Holger Krekel and the pytest-dev team). (2026). How to write and report assertions in tests. pytest Documentation (stable). https://docs.pytest.org/en/stable/how-to/assert.html

21장 — 전자기록과 전자서명: 오픈소스로 구현하는 Part 11 / Annex 11

1. U.S. Food and Drug Administration. (1997). 21 CFR Part 11 — Electronic Records; Electronic Signatures. Electronic Code of Federal Regulations (eCFR), Title 21, Chapter I, Subchapter A, Part 11. https://www.ecfr.gov/current/title-21/chapter-I/subchapter-A/part-11
2. U.S. Food and Drug Administration (CDER, CBER, CDRH, CVM, et al.). (2003). Guidance for Industry — Part 11, Electronic Records; Electronic Signatures — Scope and Application. FDA Guidance Documents, Docket FDA-2003-D-0143. https://www.fda.gov/regulatory-information/search-fda-guidance-documents/part-11-electronic-records-electronic-signatures-scope-and-application
3. European Commission, DG Health and Food Safety. (2011). EudraLex — The Rules Governing Medicinal Products in the European Union, Volume 4, Good Manufacturing Practice, Annex 11: Computerised Systems. European Commission, EudraLex Volume 4 (Annex 11, in force 30 June 2011). https://health.ec.europa.eu/system/files/2016-11/annex11_01-2011_en_0.pdf
4. Pharmaceutical Inspection Co-operation Scheme (PIC/S). (2021). PI 041-1 — Good Practices for Data Management and Integrity in Regulated GMP/GDP Environments. PIC/S, Document PI 041-1 (in force 1 July 2021). https://picscheme.org/en/publications
5. U.S. Food and Drug Administration (CDER, CBER, CVM). (2018). Data Integrity and Compliance With Drug CGMP: Questions and Answers — Guidance for Industry. FDA Guidance Documents, Docket FDA-2018-D-3984. https://www.fda.gov/regulatory-information/search-fda-guidance-documents/data-integrity-and-compliance-drug-cgmp-questions-and-answers
6. C. Adams, P. Cain, D. Pinkas, R. Zuccherato (IETF PKIX Working Group). (2001). RFC 3161 — Internet X.509 Public Key Infrastructure Time-Stamp Protocol (TSP). IETF, RFC 3161 (Proposed Standard). https://datatracker.ietf.org/doc/html/rfc3161
7. pgAudit project (David Steele et al.). (2026). pgAudit — PostgreSQL Audit Extension (README / documentation). pgaudit.org / GitHub pgaudit/pgaudit. https://github.com/pgaudit/pgaudit/blob/main/README.md
8. eLabFTW project (Nicolas C. F. Bauche / Deltablot). (2026). eLabFTW Documentation — Experiments: Signatures and RFC 3161 Timestamping. eLabFTW official documentation (doc.elabftw.net). https://doc.elabftw.net/docs/usage/user-guide/experiments/
9. PostgreSQL Global Development Group. (2026). PostgreSQL Documentation — Triggers, Logging, and Roles/Privileges (basis for audit/history tables). PostgreSQL official documentation. https://www.postgresql.org/docs/current/
10. Keycloak project (CNCF / Red Hat). (2026). Keycloak Server Administration Guide — Authentication, MFA, and Sessions. Keycloak official documentation (Apache License 2.0). https://www.keycloak.org/documentation
11. International Society for Pharmaceutical Engineering (ISPE). (2022). GAMP 5: A Risk-Based Approach to Compliant GxP Computerized Systems (Second Edition). ISPE GAMP 5 Guide, 2nd Edition (incl. new appendices on Open-Source Software and CSA). https://ispe.org/publications/guidance-documents/gamp-5-guide-2nd-edition

22장 — 오픈소스 스택 밸리데이션: GAMP 5와 CSA

1. ISPE (International Society for Pharmaceutical Engineering), GAMP Community of Practice. (2022). GAMP 5: A Risk-Based Approach to Compliant GxP Computerized Systems (Second Edition). ISPE Good Practice Guide, 2nd ed.; DOI 10.1002/9781946964571. https://ispe.org/publications/guidance-documents/gamp-5-guide-2nd-edition
2. U.S. Food and Drug Administration (CDRH, CBER). (2022). Computer Software Assurance for Production and Quality System Software — Draft Guidance for Industry and FDA Staff. FDA, Docket No. FDA-2022-D-0795. https://www.fda.gov/media/162627/download
3. U.S. Food and Drug Administration (CDRH, CBER). (2026). Computer Software Assurance for Production and Quality Management System Software — Guidance for Industry and FDA Staff (final; Feb 3, 2026 update). FDA, Docket No. FDA-2022-D-0795. https://www.fda.gov/media/188844/download
4. U.S. Food and Drug Administration (CDRH). (2002). General Principles of Software Validation; Final Guidance for Industry and FDA Staff. FDA / HHS Guidance Portal. https://www.hhs.gov/guidance/sites/default/files/hhs-guidance-documents/FDA/General-Principles-of-Software-Validation---Final-Guidance-for-Industry-and-FDA-Staff_0.pdf
5. U.S. Food and Drug Administration / Office of the Federal Register. (2026). 21 CFR Part 11 — Electronic Records; Electronic Signatures. Electronic Code of Federal Regulations (eCFR), Title 21, Part 11. https://www.ecfr.gov/current/title-21/chapter-I/subchapter-A/part-11
6. U.S. Food and Drug Administration / Office of the Federal Register. (2026). 21 CFR Part 820, Subpart G — Production and Process Controls (incl. §820.70(i) automated processes). Electronic Code of Federal Regulations (eCFR), Title 21, Part 820. https://www.ecfr.gov/current/title-21/chapter-I/subchapter-H/part-820/subpart-G
7. James Canterbury and Petch Ashida Druar (ISPE GAMP CoP). (2022). GAMP Considerations When Relying on Open-Source Software. Pharmaceutical Engineering (ISPE), March/April 2022. https://ispe.org/pharmaceutical-engineering/march-april-2022/gamp-considerations-when-relying-open-source-software
8. Bjoern Koneswarakantha et al. (IMPALA Consortium: Roche, MSD, Boehringer Ingelheim). (2024). An Open-Source R Package for Detection of Adverse Events Under-Reporting in Clinical Trials: Implementation and Validation by the IMPALA Consortium. Therapeutic Innovation & Regulatory Science; DOI 10.1007/s43441-024-00631-8. https://doi.org/10.1007/s43441-024-00631-8
9. OWASP Foundation & Ecma International TC54. (2024). CycloneDX Bill of Materials Specification (ECMA-424). OWASP Flagship Project / Ecma International ECMA-424. https://owasp.org/www-project-cyclonedx/
10. The Linux Foundation / SPDX Project (ISO/IEC JTC 1). (2021). SPDX (Software Package Data Exchange) — ISO/IEC 5962:2021. ISO/IEC 5962:2021 / SPDX. https://spdx.dev/about/overview/
11. Anchore, Inc. (Syft project contributors). (2026). Syft — CLI tool and library for generating a Software Bill of Materials (SBOM) from container images and filesystems. GitHub (anchore/syft), Apache-2.0 License. https://github.com/anchore/syft
12. pytest development team (Holger Krekel et al.). (2026). pytest documentation — Get Started / How-to guides. pytest project documentation (docs.pytest.org). https://docs.pytest.org/en/stable/getting-started.html

23장 — 국경을 넘는 데이터: FDA, EU, PIC/S, NMPA, PMDA, MFDS

1. U.S. Food and Drug Administration (FDA). (2024). 21 CFR 211.180 — General requirements (Records and Reports). U.S. Code of Federal Regulations, Title 21, Part 211, Subpart J. https://www.law.cornell.edu/cfr/text/21/211.180
2. European Commission, Directorate-General for Health and Consumers. (2011). EudraLex Volume 4, EU GMP Guidelines — Chapter 4: Documentation. EudraLex Volume 4 (EU GMP), European Commission. https://health.ec.europa.eu/system/files/2016-11/chapter4_01-2011_en_0.pdf
3. Pharmaceutical Inspection Co-operation Scheme (PIC/S). (2021). Good Practices for Data Management and Integrity in Regulated GMP/GDP Environments (PI 041-1). PIC/S PI 041-1, 1 July 2021. https://picscheme.org/docview/4234
4. Medicines and Healthcare products Regulatory Agency (MHRA). (2018). 'GXP' Data Integrity Guidance and Definitions, Revision 1. MHRA, UK Government (gov.uk). https://assets.publishing.service.gov.uk/media/5aa2b9ede5274a3e391e37f3/MHRA_GxP_data_integrity_guide_March_edited_Final.pdf
5. National People's Congress of the PRC (English translation by R. Creemers & G. Webster, DigiChina, Stanford). (2021). Personal Information Protection Law of the People's Republic of China (Effective Nov. 1, 2021). Stanford Cyber Policy Center / DigiChina translation of the PRC PIPL. https://digichina.stanford.edu/work/translation-personal-information-protection-law-of-the-peoples-republic-of-china-effective-nov-1-2021/
6. National People's Congress of the PRC (English translation by R. Creemers et al., ed. G. Webster, DigiChina, Stanford). (2021). Data Security Law of the People's Republic of China (Effective Sept. 1, 2021). Stanford Cyber Policy Center / DigiChina translation of the PRC DSL. https://digichina.stanford.edu/work/translation-data-security-law-of-the-peoples-republic-of-china/
7. Pharmaceutical Inspection Co-operation Scheme (PIC/S). (2020). List of PIC/S Participating Authorities. PIC/S Secretariat, Geneva. https://picscheme.org/docview/3486
8. International Council for Harmonisation (ICH). (2019). ICH Harmonised Guideline Q12: Technical and Regulatory Considerations for Pharmaceutical Product Lifecycle Management (Step 4). ICH Q12, endorsed 20 November 2019. https://database.ich.org/sites/default/files/Q12_Guideline_Step4_2019_1119.pdf
9. PostgreSQL Global Development Group. (2025). PostgreSQL Documentation, Section 5.9: Row Security Policies. PostgreSQL 18 Documentation. https://www.postgresql.org/docs/current/ddl-rowsecurity.html
10. PostgreSQL Global Development Group. (2025). PostgreSQL Documentation, Section 5.12: Table Partitioning. PostgreSQL 18 Documentation. https://www.postgresql.org/docs/current/ddl-partitioning.html

24장 — 변경 관리: 공정 변경, 장비 교체, 스키마 진화

1. European Commission, Health and Consumers Directorate-General. (2011). EudraLex — The Rules Governing Medicinal Products in the European Union, Volume 4, Good Manufacturing Practice, Annex 11: Computerised Systems. European Commission, EudraLex Vol. 4, Annex 11 (effective 30 June 2011). https://health.ec.europa.eu/system/files/2016-11/annex11_01-2011_en_0.pdf
2. International Council for Harmonisation (ICH). (2008). ICH Harmonised Tripartite Guideline Q10: Pharmaceutical Quality System. ICH / EMA, Step 5, EMA/CHMP/ICH/214732/2007. https://www.ema.europa.eu/en/documents/scientific-guideline/international-conference-harmonisation-technical-requirements-registration-pharmaceuticals-human-guideline-q10-pharmaceutical-quality-system-step-5_en.pdf
3. U.S. Food and Drug Administration / International Council for Harmonisation (ICH). (2021). Q12 Technical and Regulatory Considerations for Pharmaceutical Product Lifecycle Management; Guidance for Industry. FDA / ICH, final guidance May 2021 (FDA media 148476). https://www.fda.gov/media/148476/download
4. U.S. Food and Drug Administration. (2018). Data Integrity and Compliance With Drug CGMP: Questions and Answers — Guidance for Industry. FDA CDER/CBER, final guidance Dec 2018 (FDA media 119267). https://www.fda.gov/media/119267/download
5. Pharmaceutical Inspection Co-operation Scheme (PIC/S). (2021). Good Practices for Data Management and Integrity in Regulated GMP/GDP Environments (PI 041-1). PIC/S, PI 041-1, 1 July 2021. https://picscheme.org/docview/4234
6. PostgreSQL Global Development Group. (2024). PostgreSQL Documentation: 5.5. Constraints — Exclusion Constraints. PostgreSQL official documentation (current). https://www.postgresql.org/docs/current/ddl-constraints.html
7. PostgreSQL Global Development Group. (2024). PostgreSQL Documentation: 8.17. Range Types. PostgreSQL official documentation (current). https://www.postgresql.org/docs/current/rangetypes.html
8. Sqitch project (David E. Wheeler et al.). (2024). Sqitch Documentation — sqitch-deploy, sqitch-revert and sqitch-verify. Sqitch official manual (sqitch.org). https://sqitch.org/docs/manual/sqitch-revert/
9. Redgate / Flyway project. (2024). Flyway Documentation — Migrations and Undo Migrations. Redgate Flyway Product Documentation. https://documentation.red-gate.com/fd/undo-migrations-273973334.html
10. Apache Software Foundation. (2024). apache/parquet-format — Apache Parquet Format Specification. Apache Software Foundation, GitHub repository / parquet.apache.org. https://github.com/apache/parquet-format
11. Treeverse / lakeFS project. (2024). lakeFS Documentation — Versioning, Commits, and Revert. lakeFS official documentation (docs.lakefs.io). https://docs.lakefs.io/
12. Iterative / DVC project (now Treeverse/lakeFS). (2024). DVC Documentation — Versioning Data and Models. Data Version Control (DVC) official docs (dvc.org). https://doc.dvc.org/use-cases/versioning-data-and-models

25장 — 운영·확장·보안

1. European Commission (DG Health and Food Safety). (2011). EudraLex – The Rules Governing Medicinal Products in the European Union, Volume 4, Annex 11: Computerised Systems. EudraLex Volume 4 EU GMP Guidelines, Annex 11 (clauses on Security, Backup, Business Continuity, Archiving). https://health.ec.europa.eu/medicinal-products/eudralex/eudralex-volume-4_en
2. International Society of Automation (ISA99 Committee) / IEC TC65 WG10. (2013). ANSI/ISA-62443-3-3 (IEC 62443-3-3): Security for Industrial Automation and Control Systems – Part 3-3: System Security Requirements and Security Levels. ISA/IEC 62443 series (IEC 62443-3-3). https://www.isa.org/standards-and-publications/isa-standards/isa-iec-62443-series-of-standards
3. PostgreSQL Global Development Group. (2026). Continuous Archiving and Point-in-Time Recovery (PITR). PostgreSQL 18 Documentation, Chapter 25.3. https://www.postgresql.org/docs/current/continuous-archiving.html
4. Crunchy Data / pgBackRest contributors (David Steele et al.). (2026). pgBackRest User Guide. pgBackRest project documentation (pgbackrest.org). https://pgbackrest.org/user-guide.html
5. EMQ Technologies (EMQX). (2025). EMQX's Next Chapter: Adopting Business Source License to Accelerate "MQTT + AI" Innovation. EMQ official blog (announcement dated 7 May 2025). https://www.emqx.com/en/blog/adopting-business-source-license-to-accelerate-mqtt-and-ai-innovation
6. Eclipse Foundation (Eclipse Mosquitto / Roger Light). (2025). mosquitto.conf – the configuration file for mosquitto (man page, incl. Configuring Bridges). Eclipse Mosquitto project documentation (mosquitto.org). https://mosquitto.org/man/mosquitto-conf-5.html
7. NanoMQ project (JaylinYu) via GitHub Security Advisories. (2026). MQTT v5 Variable Byte Integer parsing out-of-bounds in get_var_integer() (GHSA-cggc-6m7w-j7x5). GitHub Security Advisory GHSA-cggc-6m7w-j7x5 (CVE-2026-21888). https://github.com/nanomq/nanomq/security/advisories/GHSA-cggc-6m7w-j7x5
8. NIST National Vulnerability Database (NVD); source: GitHub, Inc. (2026). CVE-2026-21888 Detail (NanoMQ MQTT Broker out-of-bounds read, CWE-125). NIST National Vulnerability Database (published 2026-03-11). https://nvd.nist.gov/vuln/detail/CVE-2026-21888
9. FIRST (Forum of Incident Response and Security Teams). (2023). Common Vulnerability Scoring System version 4.0: Specification Document. FIRST CVSS v4.0 Specification. https://www.first.org/cvss/specification-document
10. VictoriaMetrics. (2026). Single-node version and Cluster version (deployment, replication, and HA). VictoriaMetrics official documentation. https://docs.victoriametrics.com/victoriametrics/single-server-victoriametrics/

26장 — 공정 분석: SPC, MVDA, 소프트 센서

1. FDA (Center for Drug Evaluation and Research, Center for Biologics Evaluation and Research, Center for Veterinary Medicine). (2011). Process Validation: General Principles and Practices — Guidance for Industry. U.S. Food and Drug Administration, Docket FDA-2008-D-0559. https://www.fda.gov/regulatory-information/search-fda-guidance-documents/process-validation-general-principles-and-practices
2. FDA (CDER, CVM, Office of Regulatory Affairs). (2004). PAT — A Framework for Innovative Pharmaceutical Development, Manufacturing, and Quality Assurance — Guidance for Industry. U.S. Food and Drug Administration, Docket FDA-2003-D-0032. https://www.fda.gov/media/71012/download
3. ICH (International Council for Harmonisation). (2023). ICH Q14 Guideline on Analytical Procedure Development (Step 5). ICH / EMA, EMA/CHMP/ICH (Step 5, Revision 1). https://www.ema.europa.eu/en/documents/scientific-guideline/ich-q14-guideline-analytical-procedure-development-step-5-revision-1_en.pdf
4. Svante Wold, Michael Sjöström, Lennart Eriksson. (2001). PLS-regression: a basic tool of chemometrics. Chemometrics and Intelligent Laboratory Systems 58(2):109-130; DOI 10.1016/S0169-7439(01)00155-1. https://doi.org/10.1016/S0169-7439(01)00155-1
5. Paul Nomikos, John F. MacGregor. (1994). Monitoring batch processes using multiway principal component analysis. AIChE Journal 40(8):1361-1375; DOI 10.1002/aic.690400809. https://doi.org/10.1002/aic.690400809
6. Vincent Brunner, Manuel Siegl, Dominik Geier, Thomas Becker. (2021). Challenges in the Development of Soft Sensors for Bioprocesses: A Critical Review. Frontiers in Bioengineering and Biotechnology 9:722202; DOI 10.3389/fbioe.2021.722202. https://doi.org/10.3389/fbioe.2021.722202
7. Jong Woo Park, et al. (2023). Data-driven prediction models for forecasting multistep ahead profiles of mammalian cell culture toward bioprocess digital twins. Biotechnology and Bioengineering; DOI 10.1002/bit.28405. https://doi.org/10.1002/bit.28405
8. Luke Gibbons, et al. (2023). An assessment of the impact of Raman based glucose feedback control on CHO cell bioreactor process development. Biotechnology Progress 39(5):e3371; DOI 10.1002/btpr.3371. https://doi.org/10.1002/btpr.3371
9. Fabian Pedregosa, Gaël Varoquaux, Alexandre Gramfort, et al. (2011). Scikit-learn: Machine Learning in Python. Journal of Machine Learning Research 12:2825-2830. https://www.jmlr.org/papers/v12/pedregosa11a.html
10. Skipper Seabold, Josef Perktold. (2010). statsmodels: Econometric and statistical modeling with python. Proceedings of the 9th Python in Science Conference (SciPy 2010), pp. 57-61; DOI 10.25080/Majora-92bf1922-011. https://doi.org/10.25080/Majora-92bf1922-011
11. MLflow / LF Projects, LLC. (2026). MLflow Model Registry (official documentation). MLflow AI Platform documentation (latest). https://mlflow.org/docs/latest/ml/model-registry/

27장 — 캡스톤: 배치 하나, 처음부터 끝까지

1. U.S. Food and Drug Administration (Office of the Federal Register). (2024). 21 CFR 211.188 — Batch production and control records. Electronic Code of Federal Regulations (eCFR), Title 21, Part 211, Subpart J. https://www.ecfr.gov/current/title-21/chapter-I/subchapter-C/part-211/subpart-J/section-211.188
2. European Commission, EudraLex Volume 4 GMP. (2011). Annex 11: Computerised Systems. EudraLex Volume 4, Good Manufacturing Practice, Medicinal Products for Human and Veterinary Use. https://health.ec.europa.eu/system/files/2016-11/annex11_01-2011_en_0.pdf
3. Medicines and Healthcare products Regulatory Agency (MHRA). (2018). 'GXP' Data Integrity Guidance and Definitions, Revision 1. MHRA, GOV.UK. https://assets.publishing.service.gov.uk/media/5aa2b9ede5274a3e391e37f3/MHRA_GxP_data_integrity_guide_March_edited_Final.pdf
4. International Council for Harmonisation (ICH). (2009). ICH Q8(R2) Pharmaceutical Development. ICH Harmonised Tripartite Guideline (Step 4). https://database.ich.org/sites/default/files/Q8_R2_Guideline.pdf
5. International Council for Harmonisation (ICH) / U.S. Food and Drug Administration. (2009). Guidance for Industry Q10 Pharmaceutical Quality System. ICH Harmonised Tripartite Guideline (Step 4, June 2008); FDA. https://www.fda.gov/media/71553/download
6. U.S. Food and Drug Administration. (2004). Guidance for Industry — PAT: A Framework for Innovative Pharmaceutical Development, Manufacturing, and Quality Assurance. FDA (CDER/CVM/ORA). https://www.fda.gov/media/71012/download
7. International Society for Pharmaceutical Engineering (ISPE). (2022). GAMP 5: A Risk-Based Approach to Compliant GxP Computerized Systems (Second Edition). ISPE GAMP Guide. https://guidance-docs.ispe.org/doi/book/10.1002/9781946964571
8. CMC Biotech Working Group. (2009). A-Mab: A Case Study in Bioprocess Development, Version 2.1. CASSS / ISPE. https://ispe.org/sites/default/files/attachments/public/a-mab-case-study-version.pdf
9. Free Software Foundation (Richard Stallman, Roland McGrath, Paul Smith). (2023). GNU Make Manual, Edition 0.77 (GNU make 4.4.1). GNU Project / Free Software Foundation. https://www.gnu.org/software/make/manual/make.html
10. Johannes Köster, Sven Rahmann. (2012). Snakemake — a scalable bioinformatics workflow engine. Bioinformatics, Vol. 28, Issue 19, pp. 2520–2522. https://doi.org/10.1093/bioinformatics/bts480
11. Mark D. Wilkinson et al. (2016). The FAIR Guiding Principles for scientific data management and stewardship. Scientific Data 3, 160018. https://doi.org/10.1038/sdata.2016.18
12. The PostgreSQL Global Development Group. (2026). PostgreSQL 18 Documentation. PostgreSQL Global Development Group. https://www.postgresql.org/docs/current/index.html

28장 — 정직한 결론: 오픈소스 대 상용

1. ISPE (International Society for Pharmaceutical Engineering). (2022). ISPE GAMP 5: A Risk-Based Approach to Compliant GxP Computerized Systems (Second Edition). ISPE Guidance Document (GAMP 5, 2nd ed.), DOI 10.1002/9781946964571. https://ispe.org/publications/guidance-documents/gamp-5-guide-2nd-edition
2. U.S. Food and Drug Administration (CDRH and CBER). (2022). Computer Software Assurance for Production and Quality System Software; Draft Guidance for Industry and FDA Staff; Availability (Docket FDA-2022-D-0795). Federal Register, 87 FR 56142 (notice 2022-19763). https://www.federalregister.gov/documents/2022/09/13/2022-19763/computer-software-assurance-for-production-and-quality-system-software-draft-guidance-for-industry
3. European Commission, Directorate-General for Health and Food Safety. (2011). EudraLex Volume 4 — EU GMP Guidelines, Annex 11: Computerised Systems. EudraLex Vol. 4 (Annex 11), effective 30 June 2011. https://health.ec.europa.eu/medicinal-products/eudralex/eudralex-volume-4_en
4. U.S. Food and Drug Administration. (2018). Data Integrity and Compliance With Drug CGMP: Questions and Answers — Guidance for Industry. FDA Guidance Document (Docket FDA-2018-D-3984), Dec. 2018. https://www.fda.gov/regulatory-information/search-fda-guidance-documents/data-integrity-and-compliance-drug-cgmp-questions-and-answers
5. Michael Nygard (Cognitect). (2011). Documenting Architecture Decisions. Cognitect Blog (origin of the Architecture Decision Record / ADR). https://www.cognitect.com/blog/2011/11/15/documenting-architecture-decisions
6. NIST (Murugiah Souppaya, Karen Scarfone, Donna Dodson). (2022). Secure Software Development Framework (SSDF) Version 1.1: Recommendations for Mitigating the Risk of Software Vulnerabilities. NIST Special Publication 800-218, DOI 10.6028/NIST.SP.800-218. https://doi.org/10.6028/NIST.SP.800-218
7. National Telecommunications and Information Administration (NTIA). (2021). The Minimum Elements For a Software Bill of Materials (SBOM). NTIA / U.S. Dept. of Commerce, per Executive Order 14028. https://www.ntia.gov/report/2021/minimum-elements-software-bill-materials-sbom
8. Anchore, Inc. (Syft project). (2024). Syft — CLI tool and Go library for generating a Software Bill of Materials (SBOM) from container images and filesystems. GitHub / open source (Apache-2.0 License). https://github.com/anchore/syft
9. Kesler Isoko, Joan L. Cordiner, Zoltan Kis, Peyman Z. Moghadam. (2024). Bioprocessing 4.0: a pragmatic review and future perspectives. Digital Discovery (RSC), vol. 3, pp. 1662-1681, DOI 10.1039/D4DD00127C. https://doi.org/10.1039/D4DD00127C
10. CMC Biotech Working Group (Abbott, Amgen, Genentech, GSK, Eli Lilly, MedImmune, Pfizer). (2009). A-Mab: A Case Study in Bioprocess Development (Version 2.1). CASSS / ISPE (publicly released QbD case study for a monoclonal antibody). https://ispe.org/publications/guidance-documents/a-mab-case-study-in-bioprocess-development