This week, Arithmos looks at the cloud solutions for the pharmaceutical, biotech and clinical trial industry as part of a presentation given by Chief Operations Officer, Stefano Piccoli, on the future of IT quality and compliance at the GIQAR conference in Italy.
According to the National Institute of Standards and Technology, cloud computing is defined as “a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing records that can be rapidly provisioned and released with minimal management effort or service provider interaction”.
The cloud delivers information and communication technology as a service, and benefits include on-demand, scalability, flexibility, self-service and pay-as-you-go options.
IT Compliance in the Cloud
Healthcare companies have concerns about cloud computing: it may not be secure, cannot meet privacy requirements, cannot be compliant, current regulations are not adequate.
There are numerous compliance issues:
- Validation/Part 11 criteria for the cloud environment and client applications hosted in the cloud
- Maintenance of validation for the provider’s cloud and the client’s application
- Security/Access controls for provider’s cloud
What is needed in terms of compliance in the Cloud?
The first step would be to implement a Service Level Agreement which outlines the intended use of the cloud, responsibilities associated with the intended use and who will define these responsibilities.
The next step would be to implement the following procedures:
- How will computer system validation be handled?
- How will disaster recovery be handled?
- How will the Installation Qualification be handled?
- How will change control be handled? Is there a standard set of SOPs?
- How will encryption be handled?
- How will regulatory inspections be handled?
There are no special compliance exceptions for cloud computing, and compliance control measures for internal computer systems apply to externally hosted systems as well. While systems supporting regulated activity can be outsourced to cloud providers, the client must still consider compliance responsibilities.
Computer System Validation and Part 11 compliance will depend on the type of cloud being provided, the intended use of the cloud environment, criteria defined in the Service Level Agreement and good documentation.
Arithmos has extensive experience in the computer system validation of GCP applications and can support customers in planning, conducting, reviewing and maintaining the validation status of their applications.