Add to collection(s) Add to saved
  1. Business
  2. Economics

Cloud Computing in GxP Environment Kathy Gniecko Hoffmann LaRoche

advertisement 
Cloud Computing in GxP
Environment
Kathy Gniecko
Hoffmann LaRoche
3rd April 2014, Stevenage
1
Introductions
• 18 years Experience in Pharma across all
aspects of CSV.
• Prior to CSV experience in Pharma
Research, Development and QC testing.
• Currently challenged to help IT deliver
GxP sensitive solutions to the cloud in a
compliant manner.
3rd April 2014, Stevenage
2
Cloud SIG - 2013
Cloud SIG was set up early 2013.
A small team representing cross section of large/small
Pharma and cloud service providers SMEs started working
together in delivering the guidance to the industry and FDA.
Goal
 Ongoing dialogue between GAMP/ISPE and FDA and
mutual understanding of the challenges of operating “in the
Cloud”
 Provide guidance on usage of cloud technologies in the
GxP environment in order to accelerate adoption of this
technology while maintaining control in a consistent
manner.
3rd April 2014, Stevenage
3
Cloud SIG - 2013
3rd April 2014, Stevenage
4
Cloud SIG - 2013
Working representation of the delivery models and “basic”
responsibilities
3rd April 2014, Stevenage
5
Cloud SIG - 2013
• Cloud providers offer:
•
•
•
•
Extremely fast and flexible solution delivery
On-demand scalability
Business continuity solutions
Easy solutions for backup and archiving
• For a considerably lower cost than traditional
in-house computing can match
3rd April 2014, Stevenage
6
Cloud SIG - 2013
• Cloud providers offer:
•
•
•
•
Extremely fast and flexible solution delivery
On-demand scalability
Business continuity solutions
Easy solutions for backup and archiving
• For a considerably lower cost than traditional
in-house computing can match
• BUT the framework for managing regulated
systems …. in the cloud needs examination
3rd April 2014, Stevenage
7
Cloud SIG - 2013
Cloud Providers:
• Diverse customer base (mostly non-pharma clients)
• Have more power than pharma companies to dictate
how the quality aspects of the cloud business should
run
• Some large cloud providers refuse to provide
transparency on processes, consider this as
“proprietary” information
3rd April 2014, Stevenage
8
Cloud SIG - 2013
High level problem statement
and approach
- the how
Identification of friction
areas _ business vs
regulatory
GAMP Position on
acceptable risks
3rd April 2014, Stevenage
9
2014 Closing the GAP
 Recognize the different cloud deployment
models.
 For each of these deployment modes,
analyze the traditional IT controls and
underlying actions.
 Obtain a clear and detailed overview of the
responsibilities between the cloud service
provider and pharma firms.
 Analyze if this new model will require different
or additional controls to ratify the rigor of the
pharma industry.
3rd April 2014, Stevenage
10
Cloud SIG - 2014
High level problem statement
and approach
- the how
Audit &
Oversight
Vendor
Mgt
Alternative
Standards
System
Delivery
Testing
3rd April 2014, Stevenage
System
Delivery
(Complete
Lifecycle)
11
Cloud SIG - 2014
Activities and Timelines
1Q14
2Q14
3Q14
3rd April 2014, Stevenage
4Q14
1Q15
12
Cloud SIG - 2014
Systematic Review of GAMP 5 Operational Controls
• Insert picture from big spreadsheet
Corresponding Responsibilities
Process element
Process element;
Identify and Log Incident
Health Authority
Initial assessment/
Service provider
regulated
audit
company
x - technical
Evaluate Incident
x - all
Resolve
Resume normal operations
notification
x
Evaluate for what was running
x
Incident Closeout
Identify and Log Problem
Determine Corrective Action
Root Cause Analysis
Determine Preventative Action
Document Outcome
Evaluate Success of CA and/or PA
x
x
x
x
x
x
x
SLA / ongoing
control
X - not being able to
access "stuff"
yes - notification
based on impact need to consider
where limit is and
timing
Incident Management
CAPA
Vendor management controls
x
3rd April 2014, Stevenage
x
x - for all incidents
that effect the
application
x
13
Objectives
To Discuss:
• Language and attributes to describe Cloud providers
• Risk models to use to consider when moving to a cloud
provider
• The level to which we would desire to be informed of
Cloud provider Incidents and Problems
3rd April 2014, Stevenage
14
Cloud Vendor Models
Capability/Enabler
Bucket 1
GXP capable
Bucket 2
GXP tolerant
Bucket 3
unaware and intolerant
Qualification
Documents
Customer Specific
Change Practices
Qualification Tools/
Guidance
Permits Onsite
Audit
Ability to Support
Enterprise Scale
Service/Deployment
Models
Cost Profile
3rd April 2014, Stevenage
15
Public – Cloud Provider - Private
Cloud Risk Profiles
Early Research – Process/Data - Mfg / Distribution
3rd April 2014, Stevenage
16
Related documents
Slide - People
Slide - People
Jordan University of Science and Technology Abstract: Authors
Jordan University of Science and Technology Abstract: Authors
Cloud Computing - Lutheran Services in America
Cloud Computing - Lutheran Services in America
Neighbours - Stevenage families
Neighbours - Stevenage families
I am a tornado
I am a tornado
Lisa Neal-Graves, Director Technology Insights, Intel
Lisa Neal-Graves, Director Technology Insights, Intel
Cisco Video Strategy - Distributed Computing Industry Association
Cisco Video Strategy - Distributed Computing Industry Association
Download
advertisement