use Cloud solutions? Pharmaceutical Users Software Exchange - - PowerPoint PPT Presentation

use cloud solutions
SMART_READER_LITE
LIVE PREVIEW

use Cloud solutions? Pharmaceutical Users Software Exchange - - PowerPoint PPT Presentation

Feb 26, 2024 280 likes •365 views

What are the issues from a regulated point of view in relation to use Cloud solutions? Pharmaceutical Users Software Exchange Copenhagen, Denmark, June 11 th 2014 Anders Vidstrup Agenda Status on Phuse group Issues from a regulated

slide-1
SLIDE 1

What are the issues from a regulated point of view in relation to use Cloud solutions?

Pharmaceutical Users Software Exchange Copenhagen, Denmark, June 11th 2014 Anders Vidstrup

slide-2
SLIDE 2

Agenda

  • Status on Phuse group
  • Issues from a regulated point of view in

relation to use Cloud solutions.

Classification External Author AVid Approved by n/a Version 1.0 2

slide-3
SLIDE 3

Classification External Author AVid Approved by n/a Version 1.0 3

Barriers

  • NOT technology
  • Mindset, terminology, understanding
  • Diversified controls – client, supplier,

sub-suppliers

  • Absence of standards
  • SIMT apps
  • QMS fitness for purpose

Our Draft Framework

  • Intro
  • Background
  • Definitions
  • Scope
  • Regulatory Interpretation
  • Cloud Service Provider - procurement
  • Appendices
  • Quality Responsibility Matrix
  • Buildings and Facilities
  • Equipment and physical infrastructure
  • Software - physical infrastructure
  • Software – virtualization services
  • Equipment – virtual infrastructure
  • Software – application platform
  • Software – GxP apps
  • Organization and personnel
  • Privacy and Security
  • Quality Systems
  • Record Keeping
  • Validation and Qualification
  • Quality Amendment Considerations
  • System Security Plan
  • FAQ
  • Acknowledgements
  • References
slide-4
SLIDE 4

The regulatory perspective

  • FDA has proposed guidance entitled "GXP Consideration for

Outsourced IT (Cloud Computing) Systems in Medical Product Manufacturing and Clinical Study Environments".

  • The working group has gived input to this guidance.
  • Krishna Ghosh, CDER/OC/OMPQ/DGMPA
  • Crystal Allard, CDER/CSC
  • Debate with EMA also in progress via working group

Classification External Author AVid Approved by n/a Version 1.0 4

slide-5
SLIDE 5

The regulatory expectations

  • FDA will exercise enforcement discretion in regard to certain

part 11 requirements.

  • FDA will continue to enforce all predicate rule requirements,

including requirements for record and recordkeeping.

  • Cloud computing and 21 CFR part 11 controls, including

requirements for validation

  • Accurate and complete copies of records
  • Protection of records
  • Limiting system access
  • Operational system check
  • Authority checks
  • Device checks
  • Policy for accountability
  • System documentation
  • Integrity of electronic records
  • Electronic signature controls
  • Password controls
  • Training

Classification External Author AVid Approved by n/a Version 1.0 5

slide-6
SLIDE 6

The regulatory expectations

  • Challenges to data integrity
  • Sponsors loss of control
  • Data, applications, resources are located with cloud providers
  • User identity management is handled by the provider
  • User access control rules, security policies and enforcement are

managed by the cloud provider

  • Unclear roles and responsibilities
  • Cloud providers may have limited FDA regulatory knowledge. It is

expected they must comply with technical and regulatory requirements.

  • Require careful risk assessment and mitigations.
  • The regulated company is ultimately responsible for data security

and integrity and meet the regulatory requirements

  • Possible Mitigations
  • Robust Quality/Service level agreements to address all the

challenges above.

Classification External Author AVid Approved by n/a Version 1.0 6

slide-7
SLIDE 7

In practice

  • EMA and FDA requirements for IT systems
  • Highly regulated applications
  • Highly regulated data
  • Typical implementation cost +20-25% for GxP vs

Enterprise

  • Impacts design and implementation time equally
  • Internal audit every 1-2 years
  • External audits by FDA: High (perceived) business risk:

Non-compliance can eventually lead to closing down of businesses

  • High requirements on process and quality management

(QM system in place)

Classification External Author AVid Approved by n/a Version 1.0 7

slide-8
SLIDE 8

Cloud – Quality, Security and Compliance

Enterprise

  • Quality Management

System

  • ISO 9001
  • ISO 27001(*)
  • ITIL
  • Tier 3+ Data Center
  • Audits
  • Partner Certifications
  • Data Location
  • Customization
  • Integration
  • Sourcing
  • Customer Intimacy

Life Sciences

  • EMA/FDA Requirements
  • GxP Qualified Platform
  • Quality & Validation

Resources

Finance Public

  • Act on Processing of

Personal Data

  • RS3402(*)
  • Financial Business

Act

  • RS3402(*)

(*) In Progress

Classification External Author AVid Approved by n/a Version 1.0 8