SlideShare uma empresa Scribd logo
1 de 36
Baixar para ler offline
Regulatory Considerations for Use of 
Regulatory Considerations for Use of
Cloud Computing and SaaS Environments
Institute of Validation Technology Conference
Qualifying and Validating Cloud and Virtualized IT Infrastructure  
Philadelphia PA 
Philadelphia PA
21‐August‐2012

Chris Wubbolt, BS, MS
Chris Wubbolt BS MS


John Patterson, MSE
Challenges / Defintions
Challenges / Defintions
 h ll       / fi i
Historical Perspective
Regulatory Requirements for computing service 
providers
Paradigm Shift :  Software Vendors to Software‐
Paradigm Shift :  Software Vendors to Software‐
as‐ Service Providers
as‐a‐Service Providers
Qualification / Validation of hosted applications
Key Risk Areas
                                               2
Challenges Faced by Consumers Contemplating Cloud 
Challenges Faced by Consumers Contemplating C
Computing Adoption Include:1
 omputing A
   Policy
   Technology
   Guidance
   Security
   Standards




                                                3
Cloud computing is still in an early deployment stage, 
Cloud computing is still in an early deployment stage, 
and standards are crucial to increased adoption. 
Urgency is driven by rapid deployment of cloud 
Urgency is driven by rapid deployment of cloud 
computing in response to financial incentives. 
Strategically, there is a need to augment standards 
and to establish additional security, interoperability, 
and portability standards :
   to ensure cost‐
   to ensure cost‐effective and easy migration, 
   to ensure that mission‐
   to ensure that mission‐critical requirements can be met, 
   and to reduce the risk that sizable investments may 
   and to reduce the risk that sizable investments may 
      d     d      h kh             bl
   become prematurely technologically obsolete.                4
Cloud Computing2
Virtual Machines3
Infrastructure as a Service (IaaS)2
Infrastructure as a Service 
Infrastructure as a Service (IaaS)
Platform as a Service (PaaS) 2
Platform as a Service (PaaS)
Software as a Service (SaaS)2
Software as a Service (SaaS)




                                      5
Public Cloud 2‐ The cloud infrastructure is made available to
Public Cloud 
Public Cloud  The cloud infrastructure is made available to 
the general public or a large industry group and is owned 
by an organization selling cloud services.
by an organization selling cloud services.

Private Cloud 2‐ The cloud infrastructure is operated solely 
for an organization.  It may be managed by the organization 
for an organization It may be managed by the organization
or a third party and may exist on premise or off premise.




                                                           6
A virtual machine is a tightly isolated software 
container that can run its own operating systems 
                                   p      g y
and applications as if it were a physical computer. A 
virtual machine behaves exactly like a physical 
computer and contains it own virtual (ie, software‐
computer and contains it own virtual (ie software
based) CPU, RAM hard disk and network interface 
card (NIC).
     ( )




                                                    7
The capability provided to the consumer is to 
p
provision processing, storage, networks, and other 
          p        g,      g ,         ,
fundamental computing resources where the 
consumer is able to deploy and run software, which 
can include operating systems and applications. 
can include operating systems and applications

The consumer does not manage or control the
The consumer does not manage or control the 
underlying cloud infrastructure but has control over 
operating systems, storage, and deployed 
applications; and possibly limited control of select 
networking components (e.g., host firewalls). 

                                                   8
The capability provided to the consumer is to 
deploy onto the cloud infrastructure consumer‐
   p y
created or acquired applications created using 
programming languages, libraries, services, and 
tools supported by the provider.
tools supported by the provider

 The consumer does not manage or control the
 The consumer does not manage or control the 
underlying cloud infrastructure including network, 
servers, operating systems, or storage, but has 
control over the deployed applications and possibly 
configuration settings for the application‐hosting 
environment
environment.
                                                   9
The capability provided to the consumer is to use the 
provider s appls running on a cloud infrastructure. 
provider’s appls running on a cloud infrastructure

The apps are accessible from various client devices 
The apps are accessible from various client devices
through either a thin client interface, such as a web 
browser (e.g., web‐based email), or program interface.

The consumer does not manage or control the 
underlying cloud infrastructure including network, 
   d l i     l di f t t          i l di       t   k
servers, operating systems, storage, or even individual 
application capabilities, with the possible exception of 
  pp          p         ,          p            p
limited user‐specific application configuration settings. 
                                                       1
                                                       0
11
12
GxP Electronic Recordkeeping Controls
Qualified Infrastructure
Q lifi d I f
Standard Operating Procedures
Trained Personnel (including IT)
Validated Applications
Validated Applications

           Record Integrity
          Record Availability
          Record Retention

                                        13
Record Integrity     Record Availability    Record Retention
  Electronic           SOPs                   SOPs
  Recordkeeping 
  Recordkeeping        Backup and             Backup and 
  Compliance           Restore                Restore
  Program
                       Problem 
                       P bl                   Business 
                                              B i
  SOPs                 Reporting              Continuity
  Validation           Business 
                       Business               Disaster Recovery 
                                              Disaster Recovery
  Infrastructure       Continuity             Plan
  Qualification        Disaster Recovery      Record Retention 
  Security Program     Plan                   Policy
  Training                                    Archival

                                                               14
Pharma A Data Center Inc




             GxPElectronic Recordkeeping Controls
             GxP Electronic Recordkeeping Controls
                                                     Trained Personnel (including IT)
STILL NEED
STILL NEED   Qualified Infrastructure
             QualifiedInfrastructure
                                                     Validated Applications
             Standard Operating Procedures
             Standard Operating Procedures
                                                                                        15
A computerised
A computerised system is a set of software and hardware 
components which together fulfill certain functionalities
Applications should be validated
IT infrastructure should be qualified
IT infrastructure should be qualified
   Hardware and software such as networking software and operation 
   systems which makes it possible for the application to function
   systems which makes it possible for the application to function
    y                     p                 pp
Risk Management 
Risk Management 
    Extent of validation and data integrity controls  patient safety, data 
    Extent ofvalidationand dataintegritycontrols – patient safety, data
                              dataintegritycontrols–
    integrity, product quality
    integrity, product quality



                                                                              16
Suppliers and Service Providers
Suppliers and Service Providers
  Formal Agreements required to include 
  clear statements of responsibilities
  clear statements of 
  clear statements of responsibilities
  Provide   Configure   Validate   Modify
  Install
       ll   Integrate   Maintain
                            i i    Retain
                                       i



  IT departments should be considered 
  IT d
     departments should be considered 
                  h ld b        d d
  analogous
        g
                                            17
GxPElectronic Recordkeeping Controls
GxP Electronic Recordkeeping Controls
                         p g
                                        TrainedPersonnel(includingIT)
                                        Trained Personnel (including IT)
Qualified Infrastructure
                                        Validated Applications
Standard Operating Procedures
Standard Operating Procedures
                                                                           18
Quality System
                               SLC Processes 
                               SLC P
Software Vendor                Customer Support
                                          pp
  Typically not directly regulated or inspected by regulatory agencies.
  Typically not directly regulated or inspected by regulatory agencies.
  Audited by clients for adherence to standards.
  Audited by clients for adherence to standards.
  A di db li         f dh                 d d
  Quality of SLC Documentation, Testing, etc. varies considerably for each vendor.
  Quality of SLC Documentation, Testing, etc. varies considerably for each vendor.
  S
  Sponsor responsible for installation, validation, and electronic recordkeeping 
                   ibl f i t ll ti        lid ti      d l t i           dk i
  controls at sponsor location.



                                                                                     19
Electronic Recordkeeping       Backup and Restore
Compliance Program
      l                        Problem Reporting
                               Problem Reporting
SOPs                           Business Continuity
                                                 y
Validation                     Disaster Recovery Plan
Infrastructure Qualification   Record Retention Policy
                               Record Retention Policy
Security Program               Archival
Training



                                                         20
Electronic Recordkeeping Compliance Program   Electronic Recordkeeping Compliance Program
SOPs
SOP                                           SOPs
                                              SOP
Validation                                    Validation / SDLC
Infrastructure Qualification                  Infrastructure Program
Security Program                              Security Program
Training                                      Training
Problem Reporting
ProblemReporting                              Backup and Restore
                                              Backup and Restore
                                              BackupandRestore
                                              Backup andRestore
Business Continuity Plan                      Problem Reporting
                                              Problem Reporting
Record Retention Policy                       Business Continuity
                                              Disaster Recovery Plan
                                              Record Retention Policy
                                              Archival


                                                                                      21
Validation                    Validation
                               SOPs
   SOPs
                               SDLC Methodology
   User Requirements 
   User Requirements
                               Functional Specification
   Specification
                               Configuration
   User Acceptance Testing 
   U A         t   T ti
                               Installation (IQ)
   (Performance 
   Qualification)              System Testing (Operational 
                               Qualification)
   Traceability                System Release to Customer
   System Acceptance           Traceability
                                                          22
Specifications
   Not complete
   Not updated periodically after changes
Test Records
Test Records
   Not pre‐
   Not pre‐approved
   Results not reviewed by second person
   R lt t i d b                 d
   Integrity of test results
   No approved summary reports
Release Management
Release Management
                                            23
Test Record Integrity
   Results typed into Word document or Excel 
   spreadsheet
   No failures documented
   Test dates and times do not correlate
   Test dates and times do not correlate 
                                                24
Quality System
                              Quality System
                            SLC Processes 
                             SLC Processes 
                             SLC P
                            Customer Support                 Hosted Environment
Software Vendor              Customer Support
                            Validation  pp
                            Record Keeping Controls
  Hosted Environment is used for a direct GxP function (record keeping) and is 
  Typically not directly regulated or inspected by regulatory agencies.
  Hosted Environment is used for a direct GxPfunction (record keeping) and is 
  Typically not directly regulated or inspected by regulatory agencies.
  more likely to be inspected by regulatory agencies.
  Audited by clients for adherence to standards.
  Audited by clients for adherence to standards.
  Audited by clients for adherence to standards (GxP, Part 11).
  Audited by clients for adherence to standards (GxP, Part 11).
  Quality of SLC Documentation, Testing, etc. varies considerably for each vendor.
  Quality of SLC Documentation, Testing, etc. varies considerably for each vendor.
  QualityofSLCDocumentation Testing etc variesconsiderably foreachvendor
  Quality of SLC Documentation, Testing, etc. varies considerably for each vendor.
  Quality of SLC Documentation, Testing, etc. varies considerablyforeach vendor
                                                varies considerably for each vendor.
  Sponsor responsible for installation, validation, and electronic recordkeeping 
  SaaSprovider responsible for some aspects of installation, validation, and 
  SaaS provider responsible for some aspects of installation, validation, and 
  controls at sponsor location.
  electronic recordkeeping controls.
  electronic recordkeeping controls.

                                                                                       25
This could now be the documentation used to 
This could now be the documentation used to 
        support your validation effort!
     Make sure you understand (and audit) your SaaS
     Make sure you understand (and audit) your SaaS
   Service Providers Validation/Qualification Procedures 
                   and Documentation
                      dD            i
                                                            26
SAS 70  / SSAE‐
SAS 70  / SSAE‐16
   Internationally recognized financial auditing standard
    nternationally recognized financial auditing standard 
    nternationally recognized financial auditing standard 
   developed by the AICPA
   developed by the AICPA
   SAS 70 was replaced by SSAE
   SAS 70 was replaced by SSAE 16 in June 2011
   SAS 70 was replaced by SSAE‐16 in June 2011
                              SSAE‐
   There is no SAS 70 / SSAE‐16 certification 
   There is no SAS 70 / SSAE‐
   There is no list of published SAS 70 / SSAE 16 
   There is no list of published SAS 70 / SSAE‐16
                                          SSAE‐
   standards




                                                             27
SAS 70  / SSAE‐
SAS 70  / SSAE‐16
   Requires a description of controls and attestation of 
   Requires a description of controls and attestation of 
   Requires a description of controls and attestation of
   controls by management
   CPA firms issue Type I (design) and Type II (design 
   CPA firms issue Type I (design) and Type II (design
   and effectiveness) reports
   Neither SAS 70 or SSAE‐
   Neither SAS 70 or SSAE‐16 discuss qualification or 
                                       q
   validation of network infrastructure




                                                            28
A SAS 70 Report by itself may not be sufficient to assure 
       regulatory requirements are being met.
          g     y q                       g

                                                             29
System Unavailable
   System Down
   Connection Problems
   Data Center Disaster
   Legal / Contractual Disputes

      Make sure your Business Continuity Plans are 
                     established.

   Be sure your legal contracts are carefully constructed 
                       and reviewed.
                       and reviewed
                                                             30
Change
Change Control
Change Control
   In a shared environment with multiple customers, 
   how are hardware or software platform changes 
   how are hardware or software platform changes
   communicated or approved?
   How are application upgrades handled?
   How are application upgrades handled?
Backups
   What is the frequency of the backup?
   What is the freq enc of the back p?
   What happens if a backup fails?
Security
S    i
   Who has access to the computing environment 
   (logically or physically)?
   (l i ll        h i ll )?
                                                       31
Disaster Recovery
Disaster Recovery 
   Where are the backup locations in the event of a 
   disaster?
   How is the disaster recovery program tested?
Environmental Controls
E i       t lC t l
   What are the requirements for monitoring of 
   environmental controls?
   en ironmental controls?

    A Service Level Agreement is a KEY document to 
    A Service Level Agreement is a KEY document to
       maintain compliance with a SaaS provider.
       maintain compliance with a SaaS


                                                       32
Formal Agreements (e.g. SLAs) in Place with Cloud 
Providers to include:
   Security/Incident/Problem/Change Mgt.
   Back‐up Recovery/Business Continuity
   Back‐ R
   B k             /B i      C ti it
   Periodic Review/Monitoring
Interface Management
   Ensuring alignment of Cloud Providers/Consumers 
   Ensuring alignment of Cloud Providers/Consumers
   control processes


                                                      33
34
1. NIST Special Publication 500‐293, US Government Cloud 
   NIST Special Publication 500‐
   Computing Technology Roadmap , Volume I, Release 1.0 
   (draft) ,  High‐Priority Requirements to Further USG Agency 
   (draft) ,  
   ( f ) High‐Priority Requirements to Further USG Agency 
   Cloud Computing Adoption,  November 2011 
   Cloud Computing Adoption,  November 2011 
2. NIST Special Publication 800 145, The NIST Definition of Cloud 
2 NIST Special Publication 800‐145 The NIST Definition of Cloud
   NIST Special Publication 800‐
   Computing,   September 2011
   Computing,   September 2011
3. VMWare (http://www.vmware.com/virtualization/virtual‐machine.html)
                  p //              /           /                   )
4. Federal Cloud Computing Strategy, The White House, 
   February 8, 2011




                                                                   35
Chris Wubbolt, BS, MS     www.QACVConsulting.com
Principal Consultant      3242 Regal Road
QACV Consulting, LLC
QACV Consulting LLC       Bethlehem, PA 18020 USA
                          Bethlehem, PA 18020 USA
                             hl h

                          Telephone:  610‐442‐
                          Telephone:  610‐442‐2250
                          E‐mail:  chris.wubbolt@QACVConsulting.com
                            mail:  chris.wubbolt@QACVConsulting.com



John Patterson, MSE       1 Merck Drive
Executive  Director –     Whitehouse Station NJ  08889
Compliance; 
Manufacturing , Supply 
      f     i         l
Chain IT; Merck & Co.     Telephone:  908‐423‐5675
                          Telephone:  908‐423‐
                          E‐mail:  john.patterson@merck.com


                                                                      36

Mais conteúdo relacionado

Mais procurados

ISPE-CCPIE China Conference 2010 (Stokes-GAMP Legacy Systems - English)
ISPE-CCPIE China Conference 2010 (Stokes-GAMP Legacy Systems - English)ISPE-CCPIE China Conference 2010 (Stokes-GAMP Legacy Systems - English)
ISPE-CCPIE China Conference 2010 (Stokes-GAMP Legacy Systems - English)David Stokes
 
Computerized system validation_final
Computerized system validation_finalComputerized system validation_final
Computerized system validation_finalDuy Tan Geek
 
FDA/EC/WHO Expectations for Computer System Validation
FDA/EC/WHO Expectations for Computer System Validation FDA/EC/WHO Expectations for Computer System Validation
FDA/EC/WHO Expectations for Computer System Validation Muhammad Luqman Ikram
 
Gamp Riskbased Approch To Validation
Gamp Riskbased Approch To ValidationGamp Riskbased Approch To Validation
Gamp Riskbased Approch To ValidationRajendra Sadare
 
Computerized System Validation : Understanding basics
Computerized System Validation : Understanding basics Computerized System Validation : Understanding basics
Computerized System Validation : Understanding basics Anand Pandya
 
Overview of computer system validation
Overview of computer system validationOverview of computer system validation
Overview of computer system validationNilesh Damale
 
Computerized System Validation Business Intelligence Solutions
Computerized System Validation Business Intelligence SolutionsComputerized System Validation Business Intelligence Solutions
Computerized System Validation Business Intelligence SolutionsDigital-360
 
CSV - Computer System Validation
CSV - Computer System Validation CSV - Computer System Validation
CSV - Computer System Validation JayaKrishna161
 
Overview on “Computer System Validation” CSV
Overview on  “Computer System Validation” CSVOverview on  “Computer System Validation” CSV
Overview on “Computer System Validation” CSVAnil Sharma
 
Management of e-SOP in GxP environment .
Management of e-SOP in GxP environment .Management of e-SOP in GxP environment .
Management of e-SOP in GxP environment .Anand Pandya
 
Computer system validation
Computer system validationComputer system validation
Computer system validationGaurav Kr
 
Kelis king - a storehouse of vast knowledge on software testing and quality ...
Kelis king  - a storehouse of vast knowledge on software testing and quality ...Kelis king  - a storehouse of vast knowledge on software testing and quality ...
Kelis king - a storehouse of vast knowledge on software testing and quality ...KelisKing
 
Smart Data Management and Advanced Analytics with Bio4C™ ProcessPad
Smart Data Management and Advanced Analytics with Bio4C™ ProcessPadSmart Data Management and Advanced Analytics with Bio4C™ ProcessPad
Smart Data Management and Advanced Analytics with Bio4C™ ProcessPadMerck Life Sciences
 
Multidimensional Challenges and the Impact of Test Data Management
Multidimensional Challenges and the Impact of Test Data ManagementMultidimensional Challenges and the Impact of Test Data Management
Multidimensional Challenges and the Impact of Test Data ManagementCognizant
 
ProcessGene GRC Software Suite
ProcessGene GRC Software SuiteProcessGene GRC Software Suite
ProcessGene GRC Software SuiteProcessGene Ltd
 
From Vision to Implementation: A Complete, Consistent and Compliant eTMF
From Vision to Implementation: A Complete, Consistent and Compliant eTMFFrom Vision to Implementation: A Complete, Consistent and Compliant eTMF
From Vision to Implementation: A Complete, Consistent and Compliant eTMFWingspan Technology
 

Mais procurados (20)

ISPE-CCPIE China Conference 2010 (Stokes-GAMP Legacy Systems - English)
ISPE-CCPIE China Conference 2010 (Stokes-GAMP Legacy Systems - English)ISPE-CCPIE China Conference 2010 (Stokes-GAMP Legacy Systems - English)
ISPE-CCPIE China Conference 2010 (Stokes-GAMP Legacy Systems - English)
 
Computerized system validation_final
Computerized system validation_finalComputerized system validation_final
Computerized system validation_final
 
FDA/EC/WHO Expectations for Computer System Validation
FDA/EC/WHO Expectations for Computer System Validation FDA/EC/WHO Expectations for Computer System Validation
FDA/EC/WHO Expectations for Computer System Validation
 
Gamp Riskbased Approch To Validation
Gamp Riskbased Approch To ValidationGamp Riskbased Approch To Validation
Gamp Riskbased Approch To Validation
 
Computerized System Validation : Understanding basics
Computerized System Validation : Understanding basics Computerized System Validation : Understanding basics
Computerized System Validation : Understanding basics
 
Overview of computer system validation
Overview of computer system validationOverview of computer system validation
Overview of computer system validation
 
Computerized System Validation Business Intelligence Solutions
Computerized System Validation Business Intelligence SolutionsComputerized System Validation Business Intelligence Solutions
Computerized System Validation Business Intelligence Solutions
 
CSV - Computer System Validation
CSV - Computer System Validation CSV - Computer System Validation
CSV - Computer System Validation
 
Services catalogue 2019
Services catalogue 2019Services catalogue 2019
Services catalogue 2019
 
Csv concepts
Csv conceptsCsv concepts
Csv concepts
 
Overview on “Computer System Validation” CSV
Overview on  “Computer System Validation” CSVOverview on  “Computer System Validation” CSV
Overview on “Computer System Validation” CSV
 
Management of e-SOP in GxP environment .
Management of e-SOP in GxP environment .Management of e-SOP in GxP environment .
Management of e-SOP in GxP environment .
 
Computer systems compliance
Computer systems complianceComputer systems compliance
Computer systems compliance
 
Computer system validation
Computer system validationComputer system validation
Computer system validation
 
Kelis king - a storehouse of vast knowledge on software testing and quality ...
Kelis king  - a storehouse of vast knowledge on software testing and quality ...Kelis king  - a storehouse of vast knowledge on software testing and quality ...
Kelis king - a storehouse of vast knowledge on software testing and quality ...
 
IV&V Cox Overview
IV&V Cox OverviewIV&V Cox Overview
IV&V Cox Overview
 
Smart Data Management and Advanced Analytics with Bio4C™ ProcessPad
Smart Data Management and Advanced Analytics with Bio4C™ ProcessPadSmart Data Management and Advanced Analytics with Bio4C™ ProcessPad
Smart Data Management and Advanced Analytics with Bio4C™ ProcessPad
 
Multidimensional Challenges and the Impact of Test Data Management
Multidimensional Challenges and the Impact of Test Data ManagementMultidimensional Challenges and the Impact of Test Data Management
Multidimensional Challenges and the Impact of Test Data Management
 
ProcessGene GRC Software Suite
ProcessGene GRC Software SuiteProcessGene GRC Software Suite
ProcessGene GRC Software Suite
 
From Vision to Implementation: A Complete, Consistent and Compliant eTMF
From Vision to Implementation: A Complete, Consistent and Compliant eTMFFrom Vision to Implementation: A Complete, Consistent and Compliant eTMF
From Vision to Implementation: A Complete, Consistent and Compliant eTMF
 

Destaque

Computer System Validation Then and Now — Learning Management in the Cloud
Computer System Validation Then and Now — Learning Management in the CloudComputer System Validation Then and Now — Learning Management in the Cloud
Computer System Validation Then and Now — Learning Management in the CloudInstitute of Validation Technology
 
Meet You GxP Compliance in the Cloud
Meet You GxP Compliance in the CloudMeet You GxP Compliance in the Cloud
Meet You GxP Compliance in the CloudAppian
 
Overview of Computerized Systems Compliance Using the GAMP® 5 Guide
Overview of Computerized Systems Compliance Using the GAMP® 5 GuideOverview of Computerized Systems Compliance Using the GAMP® 5 Guide
Overview of Computerized Systems Compliance Using the GAMP® 5 GuideProPharma Group
 
The Cloud, Cold Chain, and Compliance
The Cloud, Cold Chain, and ComplianceThe Cloud, Cold Chain, and Compliance
The Cloud, Cold Chain, and ComplianceMichael Miller
 
Cloud-based vs. On-site CTMS - Which is Right for Your Organization?
Cloud-based vs. On-site CTMS - Which is Right for Your Organization?Cloud-based vs. On-site CTMS - Which is Right for Your Organization?
Cloud-based vs. On-site CTMS - Which is Right for Your Organization?Perficient
 
GxP in the Cloud is a good practice. Here's why.
GxP in the Cloud is a good practice. Here's why.GxP in the Cloud is a good practice. Here's why.
GxP in the Cloud is a good practice. Here's why.Appian
 
AWS re:Invent 2016: Continuous Compliance in the AWS Cloud for Regulated Life...
AWS re:Invent 2016: Continuous Compliance in the AWS Cloud for Regulated Life...AWS re:Invent 2016: Continuous Compliance in the AWS Cloud for Regulated Life...
AWS re:Invent 2016: Continuous Compliance in the AWS Cloud for Regulated Life...Amazon Web Services
 
Informatica Cloud Address Validation as a Service
Informatica Cloud Address Validation as a ServiceInformatica Cloud Address Validation as a Service
Informatica Cloud Address Validation as a ServiceDarren Cunningham
 
Brand positioning-1231961903820264-3
Brand positioning-1231961903820264-3Brand positioning-1231961903820264-3
Brand positioning-1231961903820264-3Aastha Munjal
 
Madness of the Clouds
Madness of the CloudsMadness of the Clouds
Madness of the Cloudsgazdagf
 
Virtualizáció az EGISben
Virtualizáció az EGISbenVirtualizáció az EGISben
Virtualizáció az EGISbengazdagf
 
CW - SaaS Implementation - Software Timeline & HR Change Management
CW - SaaS Implementation -   Software Timeline & HR Change ManagementCW - SaaS Implementation -   Software Timeline & HR Change Management
CW - SaaS Implementation - Software Timeline & HR Change ManagementChristopher Wien, CCP, PHR
 
Model Approach for Infrastructure Quality of Primary Education Facilities. Im...
Model Approach for Infrastructure Quality of Primary Education Facilities. Im...Model Approach for Infrastructure Quality of Primary Education Facilities. Im...
Model Approach for Infrastructure Quality of Primary Education Facilities. Im...SSA KPI
 
Pistoia Alliance Debates: PhUSE Framework for the Adoption of Cloud Technolog...
Pistoia Alliance Debates: PhUSE Framework for the Adoption of Cloud Technolog...Pistoia Alliance Debates: PhUSE Framework for the Adoption of Cloud Technolog...
Pistoia Alliance Debates: PhUSE Framework for the Adoption of Cloud Technolog...Pistoia Alliance
 
Cybersecurity Skills Audit
Cybersecurity Skills AuditCybersecurity Skills Audit
Cybersecurity Skills AuditVilius Benetis
 
PSI Pharmaway 1.0
PSI Pharmaway 1.0PSI Pharmaway 1.0
PSI Pharmaway 1.0Dash Way
 

Destaque (20)

Computer System Validation Then and Now — Learning Management in the Cloud
Computer System Validation Then and Now — Learning Management in the CloudComputer System Validation Then and Now — Learning Management in the Cloud
Computer System Validation Then and Now — Learning Management in the Cloud
 
Virtual infrastructure qualification
Virtual infrastructure qualificationVirtual infrastructure qualification
Virtual infrastructure qualification
 
Meet You GxP Compliance in the Cloud
Meet You GxP Compliance in the CloudMeet You GxP Compliance in the Cloud
Meet You GxP Compliance in the Cloud
 
Good Practices for Computerised Systems : PIC/S Guidance
Good Practices for Computerised Systems : PIC/S GuidanceGood Practices for Computerised Systems : PIC/S Guidance
Good Practices for Computerised Systems : PIC/S Guidance
 
Overview of Computerized Systems Compliance Using the GAMP® 5 Guide
Overview of Computerized Systems Compliance Using the GAMP® 5 GuideOverview of Computerized Systems Compliance Using the GAMP® 5 Guide
Overview of Computerized Systems Compliance Using the GAMP® 5 Guide
 
The Cloud, Cold Chain, and Compliance
The Cloud, Cold Chain, and ComplianceThe Cloud, Cold Chain, and Compliance
The Cloud, Cold Chain, and Compliance
 
Cloud-based vs. On-site CTMS - Which is Right for Your Organization?
Cloud-based vs. On-site CTMS - Which is Right for Your Organization?Cloud-based vs. On-site CTMS - Which is Right for Your Organization?
Cloud-based vs. On-site CTMS - Which is Right for Your Organization?
 
Ispe Article
Ispe ArticleIspe Article
Ispe Article
 
GxP in the Cloud is a good practice. Here's why.
GxP in the Cloud is a good practice. Here's why.GxP in the Cloud is a good practice. Here's why.
GxP in the Cloud is a good practice. Here's why.
 
Gamp5 new
Gamp5 newGamp5 new
Gamp5 new
 
AWS re:Invent 2016: Continuous Compliance in the AWS Cloud for Regulated Life...
AWS re:Invent 2016: Continuous Compliance in the AWS Cloud for Regulated Life...AWS re:Invent 2016: Continuous Compliance in the AWS Cloud for Regulated Life...
AWS re:Invent 2016: Continuous Compliance in the AWS Cloud for Regulated Life...
 
Informatica Cloud Address Validation as a Service
Informatica Cloud Address Validation as a ServiceInformatica Cloud Address Validation as a Service
Informatica Cloud Address Validation as a Service
 
Brand positioning-1231961903820264-3
Brand positioning-1231961903820264-3Brand positioning-1231961903820264-3
Brand positioning-1231961903820264-3
 
Madness of the Clouds
Madness of the CloudsMadness of the Clouds
Madness of the Clouds
 
Virtualizáció az EGISben
Virtualizáció az EGISbenVirtualizáció az EGISben
Virtualizáció az EGISben
 
CW - SaaS Implementation - Software Timeline & HR Change Management
CW - SaaS Implementation -   Software Timeline & HR Change ManagementCW - SaaS Implementation -   Software Timeline & HR Change Management
CW - SaaS Implementation - Software Timeline & HR Change Management
 
Model Approach for Infrastructure Quality of Primary Education Facilities. Im...
Model Approach for Infrastructure Quality of Primary Education Facilities. Im...Model Approach for Infrastructure Quality of Primary Education Facilities. Im...
Model Approach for Infrastructure Quality of Primary Education Facilities. Im...
 
Pistoia Alliance Debates: PhUSE Framework for the Adoption of Cloud Technolog...
Pistoia Alliance Debates: PhUSE Framework for the Adoption of Cloud Technolog...Pistoia Alliance Debates: PhUSE Framework for the Adoption of Cloud Technolog...
Pistoia Alliance Debates: PhUSE Framework for the Adoption of Cloud Technolog...
 
Cybersecurity Skills Audit
Cybersecurity Skills AuditCybersecurity Skills Audit
Cybersecurity Skills Audit
 
PSI Pharmaway 1.0
PSI Pharmaway 1.0PSI Pharmaway 1.0
PSI Pharmaway 1.0
 

Semelhante a Regulatory Considerations for use of Cloud Computing and SaaS Environments

Con8154 controlling for multiple erp systems with oracle advanced controls
Con8154 controlling for multiple erp systems with oracle advanced controlsCon8154 controlling for multiple erp systems with oracle advanced controls
Con8154 controlling for multiple erp systems with oracle advanced controlsOracle
 
Customers talk about controlling access for multiple erp systems with oracle ...
Customers talk about controlling access for multiple erp systems with oracle ...Customers talk about controlling access for multiple erp systems with oracle ...
Customers talk about controlling access for multiple erp systems with oracle ...Oracle
 
CIO IT Audit Survival TNS07
CIO IT Audit Survival TNS07CIO IT Audit Survival TNS07
CIO IT Audit Survival TNS07Thomas Danford
 
NERC CIP - Top Testing & Compliance Challenges, How to Address Them
NERC CIP - Top Testing & Compliance Challenges, How to Address ThemNERC CIP - Top Testing & Compliance Challenges, How to Address Them
NERC CIP - Top Testing & Compliance Challenges, How to Address ThemInflectra
 
Posecco clustering meeting
Posecco clustering meetingPosecco clustering meeting
Posecco clustering meetingfcleary
 
Electronic Software Delivery at IOM
Electronic Software Delivery at IOMElectronic Software Delivery at IOM
Electronic Software Delivery at IOMFlexera
 
Security Challenges in Cloud Integration - Cloud Security Alliance, Austin Ch...
Security Challenges in Cloud Integration - Cloud Security Alliance, Austin Ch...Security Challenges in Cloud Integration - Cloud Security Alliance, Austin Ch...
Security Challenges in Cloud Integration - Cloud Security Alliance, Austin Ch...Glen Roberts, CISSP
 
A DevOps adoption playbook- achieving business value at scale
A DevOps adoption playbook- achieving business value at scaleA DevOps adoption playbook- achieving business value at scale
A DevOps adoption playbook- achieving business value at scaleSanjeev Sharma
 
IBM Relay 2015: Securing the Future
IBM Relay 2015: Securing the Future IBM Relay 2015: Securing the Future
IBM Relay 2015: Securing the Future IBM
 
V&V Lessons Learnt under multiple Standards
V&V Lessons Learnt under multiple StandardsV&V Lessons Learnt under multiple Standards
V&V Lessons Learnt under multiple StandardsOak Systems
 
CISQ and Software Quality Measurement - Software Assurance Forum (March 2010)
CISQ and Software Quality Measurement - Software Assurance Forum (March 2010)CISQ and Software Quality Measurement - Software Assurance Forum (March 2010)
CISQ and Software Quality Measurement - Software Assurance Forum (March 2010)CISQ - Consortium for IT Software Quality
 
Give ‘Em What They Want! Self-Service Middleware Monitoring in a Shared Servi...
Give ‘Em What They Want! Self-Service Middleware Monitoring in a Shared Servi...Give ‘Em What They Want! Self-Service Middleware Monitoring in a Shared Servi...
Give ‘Em What They Want! Self-Service Middleware Monitoring in a Shared Servi...SL Corporation
 
NERC Critical Infrastructure Protection (CIP) and Security for Field Devices
NERC Critical Infrastructure Protection (CIP) and Security for Field DevicesNERC Critical Infrastructure Protection (CIP) and Security for Field Devices
NERC Critical Infrastructure Protection (CIP) and Security for Field DevicesSchneider Electric
 
Bindu Chintalapudi - Software Testing -latest (1)
Bindu Chintalapudi - Software Testing -latest (1)Bindu Chintalapudi - Software Testing -latest (1)
Bindu Chintalapudi - Software Testing -latest (1)bindu chintalapudi
 
Entitlement and Compliance Management: Trends and 2012 Vision
Entitlement and Compliance Management: Trends and 2012 VisionEntitlement and Compliance Management: Trends and 2012 Vision
Entitlement and Compliance Management: Trends and 2012 VisionFlexera
 
360is Capabilities
360is Capabilities360is Capabilities
360is Capabilitiesnickhutton
 

Semelhante a Regulatory Considerations for use of Cloud Computing and SaaS Environments (20)

Con8154 controlling for multiple erp systems with oracle advanced controls
Con8154 controlling for multiple erp systems with oracle advanced controlsCon8154 controlling for multiple erp systems with oracle advanced controls
Con8154 controlling for multiple erp systems with oracle advanced controls
 
Customers talk about controlling access for multiple erp systems with oracle ...
Customers talk about controlling access for multiple erp systems with oracle ...Customers talk about controlling access for multiple erp systems with oracle ...
Customers talk about controlling access for multiple erp systems with oracle ...
 
CIO IT Audit Survival TNS07
CIO IT Audit Survival TNS07CIO IT Audit Survival TNS07
CIO IT Audit Survival TNS07
 
NERC CIP - Top Testing & Compliance Challenges, How to Address Them
NERC CIP - Top Testing & Compliance Challenges, How to Address ThemNERC CIP - Top Testing & Compliance Challenges, How to Address Them
NERC CIP - Top Testing & Compliance Challenges, How to Address Them
 
Text-DISA_Review_Questions.docx
Text-DISA_Review_Questions.docxText-DISA_Review_Questions.docx
Text-DISA_Review_Questions.docx
 
Text-DISA_Review_Questions.docx
Text-DISA_Review_Questions.docxText-DISA_Review_Questions.docx
Text-DISA_Review_Questions.docx
 
Posecco clustering meeting
Posecco clustering meetingPosecco clustering meeting
Posecco clustering meeting
 
Electronic Software Delivery at IOM
Electronic Software Delivery at IOMElectronic Software Delivery at IOM
Electronic Software Delivery at IOM
 
Security Challenges in Cloud Integration - Cloud Security Alliance, Austin Ch...
Security Challenges in Cloud Integration - Cloud Security Alliance, Austin Ch...Security Challenges in Cloud Integration - Cloud Security Alliance, Austin Ch...
Security Challenges in Cloud Integration - Cloud Security Alliance, Austin Ch...
 
A DevOps adoption playbook- achieving business value at scale
A DevOps adoption playbook- achieving business value at scaleA DevOps adoption playbook- achieving business value at scale
A DevOps adoption playbook- achieving business value at scale
 
Adopting DevOps for 2-Speed IT
Adopting DevOps for 2-Speed ITAdopting DevOps for 2-Speed IT
Adopting DevOps for 2-Speed IT
 
IBM Relay 2015: Securing the Future
IBM Relay 2015: Securing the Future IBM Relay 2015: Securing the Future
IBM Relay 2015: Securing the Future
 
V&V Lessons Learnt under multiple Standards
V&V Lessons Learnt under multiple StandardsV&V Lessons Learnt under multiple Standards
V&V Lessons Learnt under multiple Standards
 
CISQ and Software Quality Measurement - Software Assurance Forum (March 2010)
CISQ and Software Quality Measurement - Software Assurance Forum (March 2010)CISQ and Software Quality Measurement - Software Assurance Forum (March 2010)
CISQ and Software Quality Measurement - Software Assurance Forum (March 2010)
 
Give ‘Em What They Want! Self-Service Middleware Monitoring in a Shared Servi...
Give ‘Em What They Want! Self-Service Middleware Monitoring in a Shared Servi...Give ‘Em What They Want! Self-Service Middleware Monitoring in a Shared Servi...
Give ‘Em What They Want! Self-Service Middleware Monitoring in a Shared Servi...
 
NERC Critical Infrastructure Protection (CIP) and Security for Field Devices
NERC Critical Infrastructure Protection (CIP) and Security for Field DevicesNERC Critical Infrastructure Protection (CIP) and Security for Field Devices
NERC Critical Infrastructure Protection (CIP) and Security for Field Devices
 
IT & the Auditor
IT & the AuditorIT & the Auditor
IT & the Auditor
 
Bindu Chintalapudi - Software Testing -latest (1)
Bindu Chintalapudi - Software Testing -latest (1)Bindu Chintalapudi - Software Testing -latest (1)
Bindu Chintalapudi - Software Testing -latest (1)
 
Entitlement and Compliance Management: Trends and 2012 Vision
Entitlement and Compliance Management: Trends and 2012 VisionEntitlement and Compliance Management: Trends and 2012 Vision
Entitlement and Compliance Management: Trends and 2012 Vision
 
360is Capabilities
360is Capabilities360is Capabilities
360is Capabilities
 

Mais de Institute of Validation Technology

Incorporate Domestic and International Regulations for Effective GMP Auditing
Incorporate Domestic and International Regulations for Effective GMP AuditingIncorporate Domestic and International Regulations for Effective GMP Auditing
Incorporate Domestic and International Regulations for Effective GMP AuditingInstitute of Validation Technology
 
Notification Tactics for Improved Notification Tactics For Improved Field Act...
Notification Tactics for Improved Notification Tactics For Improved Field Act...Notification Tactics for Improved Notification Tactics For Improved Field Act...
Notification Tactics for Improved Notification Tactics For Improved Field Act...Institute of Validation Technology
 
Management Strategies to Facilitate Continual Quality Improvement
Management Strategies to Facilitate Continual Quality ImprovementManagement Strategies to Facilitate Continual Quality Improvement
Management Strategies to Facilitate Continual Quality ImprovementInstitute of Validation Technology
 
Understand the Evolving Regulations for Aseptic Cleaning and Environmental Mo...
Understand the Evolving Regulations for Aseptic Cleaning and Environmental Mo...Understand the Evolving Regulations for Aseptic Cleaning and Environmental Mo...
Understand the Evolving Regulations for Aseptic Cleaning and Environmental Mo...Institute of Validation Technology
 
Designing Stability Studies for Early Stages of Pharmaceutical Development
Designing Stability Studies for Early Stages of Pharmaceutical DevelopmentDesigning Stability Studies for Early Stages of Pharmaceutical Development
Designing Stability Studies for Early Stages of Pharmaceutical DevelopmentInstitute of Validation Technology
 
Incorporate CPV and Continual Improvement into your Validation Plan
Incorporate CPV and Continual Improvement into your Validation PlanIncorporate CPV and Continual Improvement into your Validation Plan
Incorporate CPV and Continual Improvement into your Validation PlanInstitute of Validation Technology
 
Introduction to Statistical Applications for Process Validation
Introduction to Statistical Applications for Process ValidationIntroduction to Statistical Applications for Process Validation
Introduction to Statistical Applications for Process ValidationInstitute of Validation Technology
 
GMP Systems Integration–Combine Results and Utilize as a Compliance Tool
GMP Systems Integration–Combine Results and Utilize as a Compliance ToolGMP Systems Integration–Combine Results and Utilize as a Compliance Tool
GMP Systems Integration–Combine Results and Utilize as a Compliance ToolInstitute of Validation Technology
 

Mais de Institute of Validation Technology (20)

Incorporate Domestic and International Regulations for Effective GMP Auditing
Incorporate Domestic and International Regulations for Effective GMP AuditingIncorporate Domestic and International Regulations for Effective GMP Auditing
Incorporate Domestic and International Regulations for Effective GMP Auditing
 
Notification Tactics for Improved Notification Tactics For Improved Field Act...
Notification Tactics for Improved Notification Tactics For Improved Field Act...Notification Tactics for Improved Notification Tactics For Improved Field Act...
Notification Tactics for Improved Notification Tactics For Improved Field Act...
 
Lifecycle Approach to Cleaning Validation
Lifecycle Approach to Cleaning ValidationLifecycle Approach to Cleaning Validation
Lifecycle Approach to Cleaning Validation
 
Applying QbD to Biotech Process Validation
Applying QbD to Biotech Process ValidationApplying QbD to Biotech Process Validation
Applying QbD to Biotech Process Validation
 
Management Strategies to Facilitate Continual Quality Improvement
Management Strategies to Facilitate Continual Quality ImprovementManagement Strategies to Facilitate Continual Quality Improvement
Management Strategies to Facilitate Continual Quality Improvement
 
Understand the Evolving Regulations for Aseptic Cleaning and Environmental Mo...
Understand the Evolving Regulations for Aseptic Cleaning and Environmental Mo...Understand the Evolving Regulations for Aseptic Cleaning and Environmental Mo...
Understand the Evolving Regulations for Aseptic Cleaning and Environmental Mo...
 
Effective Use of Environmental Monitoring Data Trending
Effective Use of Environmental Monitoring Data TrendingEffective Use of Environmental Monitoring Data Trending
Effective Use of Environmental Monitoring Data Trending
 
Mock Inspection Case Studies
Mock Inspection Case StudiesMock Inspection Case Studies
Mock Inspection Case Studies
 
Validation Master Plan
Validation Master PlanValidation Master Plan
Validation Master Plan
 
Designing Stability Studies for Early Stages of Pharmaceutical Development
Designing Stability Studies for Early Stages of Pharmaceutical DevelopmentDesigning Stability Studies for Early Stages of Pharmaceutical Development
Designing Stability Studies for Early Stages of Pharmaceutical Development
 
Determine Exceptions to Validation
Determine Exceptions to ValidationDetermine Exceptions to Validation
Determine Exceptions to Validation
 
Conduct a Gap Analysis of a Validation Programme
Conduct a Gap Analysis of a Validation ProgrammeConduct a Gap Analysis of a Validation Programme
Conduct a Gap Analysis of a Validation Programme
 
FDA Inspection
FDA InspectionFDA Inspection
FDA Inspection
 
Incorporate CPV and Continual Improvement into your Validation Plan
Incorporate CPV and Continual Improvement into your Validation PlanIncorporate CPV and Continual Improvement into your Validation Plan
Incorporate CPV and Continual Improvement into your Validation Plan
 
Compliance by Design and Compliance Master Plan
Compliance by Design and Compliance Master PlanCompliance by Design and Compliance Master Plan
Compliance by Design and Compliance Master Plan
 
Introduction to Statistical Applications for Process Validation
Introduction to Statistical Applications for Process ValidationIntroduction to Statistical Applications for Process Validation
Introduction to Statistical Applications for Process Validation
 
Risk-Based Approaches in GMP’s Project Life Cycles
Risk-Based Approaches in GMP’s Project Life CyclesRisk-Based Approaches in GMP’s Project Life Cycles
Risk-Based Approaches in GMP’s Project Life Cycles
 
GMP Systems Integration–Combine Results and Utilize as a Compliance Tool
GMP Systems Integration–Combine Results and Utilize as a Compliance ToolGMP Systems Integration–Combine Results and Utilize as a Compliance Tool
GMP Systems Integration–Combine Results and Utilize as a Compliance Tool
 
A Lifecycle Approach to Process Validation
A Lifecycle Approach to Process ValidationA Lifecycle Approach to Process Validation
A Lifecycle Approach to Process Validation
 
Setting Biological Process Specifications
Setting Biological Process SpecificationsSetting Biological Process Specifications
Setting Biological Process Specifications
 

Último

Male Infertility, Antioxidants and Beyond
Male Infertility, Antioxidants and BeyondMale Infertility, Antioxidants and Beyond
Male Infertility, Antioxidants and BeyondSujoy Dasgupta
 
CONNECTIVE TISSUE (ANATOMY AND PHYSIOLOGY).pdf
CONNECTIVE TISSUE (ANATOMY AND PHYSIOLOGY).pdfCONNECTIVE TISSUE (ANATOMY AND PHYSIOLOGY).pdf
CONNECTIVE TISSUE (ANATOMY AND PHYSIOLOGY).pdfDolisha Warbi
 
The Importance of Mental Health: Why is Mental Health Important?
The Importance of Mental Health: Why is Mental Health Important?The Importance of Mental Health: Why is Mental Health Important?
The Importance of Mental Health: Why is Mental Health Important?Ryan Addison
 
DNA nucleotides Blast in NCBI and Phylogeny using MEGA Xi.pptx
DNA nucleotides Blast in NCBI and Phylogeny using MEGA Xi.pptxDNA nucleotides Blast in NCBI and Phylogeny using MEGA Xi.pptx
DNA nucleotides Blast in NCBI and Phylogeny using MEGA Xi.pptxMAsifAhmad
 
MedMatch: Your Health, Our Mission. Pitch deck.
MedMatch: Your Health, Our Mission. Pitch deck.MedMatch: Your Health, Our Mission. Pitch deck.
MedMatch: Your Health, Our Mission. Pitch deck.whalesdesign
 
blood bank management system project report
blood bank management system project reportblood bank management system project report
blood bank management system project reportNARMADAPETROLEUMGAS
 
Good Laboratory Practice (GLP) in Pharma-LikeWays.pptx
Good Laboratory Practice (GLP) in Pharma-LikeWays.pptxGood Laboratory Practice (GLP) in Pharma-LikeWays.pptx
Good Laboratory Practice (GLP) in Pharma-LikeWays.pptxLikeways
 
SGK LEUKEMIA KINH DÒNG BẠCH CÂU HẠT HAY.pdf
SGK LEUKEMIA KINH DÒNG BẠCH CÂU HẠT HAY.pdfSGK LEUKEMIA KINH DÒNG BẠCH CÂU HẠT HAY.pdf
SGK LEUKEMIA KINH DÒNG BẠCH CÂU HẠT HAY.pdfHongBiThi1
 
Adenomyosis or Fibroid- making right diagnosis
Adenomyosis or Fibroid- making right diagnosisAdenomyosis or Fibroid- making right diagnosis
Adenomyosis or Fibroid- making right diagnosisSujoy Dasgupta
 
ayurvedic formulations herbal drug technologyppt
ayurvedic formulations herbal drug technologypptayurvedic formulations herbal drug technologyppt
ayurvedic formulations herbal drug technologypptPradnya Wadekar
 
Pregnacny, Parturition, and Lactation.pdf
Pregnacny, Parturition, and Lactation.pdfPregnacny, Parturition, and Lactation.pdf
Pregnacny, Parturition, and Lactation.pdfMedicoseAcademics
 
SGK RỐI LOẠN TOAN KIỀM ĐHYHN RẤT HAY VÀ ĐẶC SẮC.pdf
SGK RỐI LOẠN TOAN KIỀM ĐHYHN RẤT HAY VÀ ĐẶC SẮC.pdfSGK RỐI LOẠN TOAN KIỀM ĐHYHN RẤT HAY VÀ ĐẶC SẮC.pdf
SGK RỐI LOẠN TOAN KIỀM ĐHYHN RẤT HAY VÀ ĐẶC SẮC.pdfHongBiThi1
 
Physiotherapy Management of Rheumatoid Arthritis
Physiotherapy Management of Rheumatoid ArthritisPhysiotherapy Management of Rheumatoid Arthritis
Physiotherapy Management of Rheumatoid ArthritisNilofarRasheed1
 
concept of total quality management (TQM).
concept of total quality management (TQM).concept of total quality management (TQM).
concept of total quality management (TQM).kishan singh tomar
 
Unit I herbs as raw materials, biodynamic agriculture.ppt
Unit I herbs as raw materials, biodynamic agriculture.pptUnit I herbs as raw materials, biodynamic agriculture.ppt
Unit I herbs as raw materials, biodynamic agriculture.pptPradnya Wadekar
 
AUTONOMIC NERVOUS SYSTEM organization and functions
AUTONOMIC NERVOUS SYSTEM organization and functionsAUTONOMIC NERVOUS SYSTEM organization and functions
AUTONOMIC NERVOUS SYSTEM organization and functionsMedicoseAcademics
 
ANATOMICAL FAETURES OF BONES FOR NURSING STUDENTS .pptx
ANATOMICAL FAETURES OF BONES  FOR NURSING STUDENTS .pptxANATOMICAL FAETURES OF BONES  FOR NURSING STUDENTS .pptx
ANATOMICAL FAETURES OF BONES FOR NURSING STUDENTS .pptxWINCY THIRUMURUGAN
 
How to cure cirrhosis and chronic hepatitis naturally
How to cure cirrhosis and chronic hepatitis naturallyHow to cure cirrhosis and chronic hepatitis naturally
How to cure cirrhosis and chronic hepatitis naturallyZurück zum Ursprung
 
High-Performance Thin-Layer Chromatography (HPTLC)
High-Performance Thin-Layer Chromatography (HPTLC)High-Performance Thin-Layer Chromatography (HPTLC)
High-Performance Thin-Layer Chromatography (HPTLC)kishan singh tomar
 
CPR.nursingoutlook.pdf , Bsc nursing student
CPR.nursingoutlook.pdf , Bsc nursing studentCPR.nursingoutlook.pdf , Bsc nursing student
CPR.nursingoutlook.pdf , Bsc nursing studentsaileshpanda05
 

Último (20)

Male Infertility, Antioxidants and Beyond
Male Infertility, Antioxidants and BeyondMale Infertility, Antioxidants and Beyond
Male Infertility, Antioxidants and Beyond
 
CONNECTIVE TISSUE (ANATOMY AND PHYSIOLOGY).pdf
CONNECTIVE TISSUE (ANATOMY AND PHYSIOLOGY).pdfCONNECTIVE TISSUE (ANATOMY AND PHYSIOLOGY).pdf
CONNECTIVE TISSUE (ANATOMY AND PHYSIOLOGY).pdf
 
The Importance of Mental Health: Why is Mental Health Important?
The Importance of Mental Health: Why is Mental Health Important?The Importance of Mental Health: Why is Mental Health Important?
The Importance of Mental Health: Why is Mental Health Important?
 
DNA nucleotides Blast in NCBI and Phylogeny using MEGA Xi.pptx
DNA nucleotides Blast in NCBI and Phylogeny using MEGA Xi.pptxDNA nucleotides Blast in NCBI and Phylogeny using MEGA Xi.pptx
DNA nucleotides Blast in NCBI and Phylogeny using MEGA Xi.pptx
 
MedMatch: Your Health, Our Mission. Pitch deck.
MedMatch: Your Health, Our Mission. Pitch deck.MedMatch: Your Health, Our Mission. Pitch deck.
MedMatch: Your Health, Our Mission. Pitch deck.
 
blood bank management system project report
blood bank management system project reportblood bank management system project report
blood bank management system project report
 
Good Laboratory Practice (GLP) in Pharma-LikeWays.pptx
Good Laboratory Practice (GLP) in Pharma-LikeWays.pptxGood Laboratory Practice (GLP) in Pharma-LikeWays.pptx
Good Laboratory Practice (GLP) in Pharma-LikeWays.pptx
 
SGK LEUKEMIA KINH DÒNG BẠCH CÂU HẠT HAY.pdf
SGK LEUKEMIA KINH DÒNG BẠCH CÂU HẠT HAY.pdfSGK LEUKEMIA KINH DÒNG BẠCH CÂU HẠT HAY.pdf
SGK LEUKEMIA KINH DÒNG BẠCH CÂU HẠT HAY.pdf
 
Adenomyosis or Fibroid- making right diagnosis
Adenomyosis or Fibroid- making right diagnosisAdenomyosis or Fibroid- making right diagnosis
Adenomyosis or Fibroid- making right diagnosis
 
ayurvedic formulations herbal drug technologyppt
ayurvedic formulations herbal drug technologypptayurvedic formulations herbal drug technologyppt
ayurvedic formulations herbal drug technologyppt
 
Pregnacny, Parturition, and Lactation.pdf
Pregnacny, Parturition, and Lactation.pdfPregnacny, Parturition, and Lactation.pdf
Pregnacny, Parturition, and Lactation.pdf
 
SGK RỐI LOẠN TOAN KIỀM ĐHYHN RẤT HAY VÀ ĐẶC SẮC.pdf
SGK RỐI LOẠN TOAN KIỀM ĐHYHN RẤT HAY VÀ ĐẶC SẮC.pdfSGK RỐI LOẠN TOAN KIỀM ĐHYHN RẤT HAY VÀ ĐẶC SẮC.pdf
SGK RỐI LOẠN TOAN KIỀM ĐHYHN RẤT HAY VÀ ĐẶC SẮC.pdf
 
Physiotherapy Management of Rheumatoid Arthritis
Physiotherapy Management of Rheumatoid ArthritisPhysiotherapy Management of Rheumatoid Arthritis
Physiotherapy Management of Rheumatoid Arthritis
 
concept of total quality management (TQM).
concept of total quality management (TQM).concept of total quality management (TQM).
concept of total quality management (TQM).
 
Unit I herbs as raw materials, biodynamic agriculture.ppt
Unit I herbs as raw materials, biodynamic agriculture.pptUnit I herbs as raw materials, biodynamic agriculture.ppt
Unit I herbs as raw materials, biodynamic agriculture.ppt
 
AUTONOMIC NERVOUS SYSTEM organization and functions
AUTONOMIC NERVOUS SYSTEM organization and functionsAUTONOMIC NERVOUS SYSTEM organization and functions
AUTONOMIC NERVOUS SYSTEM organization and functions
 
ANATOMICAL FAETURES OF BONES FOR NURSING STUDENTS .pptx
ANATOMICAL FAETURES OF BONES  FOR NURSING STUDENTS .pptxANATOMICAL FAETURES OF BONES  FOR NURSING STUDENTS .pptx
ANATOMICAL FAETURES OF BONES FOR NURSING STUDENTS .pptx
 
How to cure cirrhosis and chronic hepatitis naturally
How to cure cirrhosis and chronic hepatitis naturallyHow to cure cirrhosis and chronic hepatitis naturally
How to cure cirrhosis and chronic hepatitis naturally
 
High-Performance Thin-Layer Chromatography (HPTLC)
High-Performance Thin-Layer Chromatography (HPTLC)High-Performance Thin-Layer Chromatography (HPTLC)
High-Performance Thin-Layer Chromatography (HPTLC)
 
CPR.nursingoutlook.pdf , Bsc nursing student
CPR.nursingoutlook.pdf , Bsc nursing studentCPR.nursingoutlook.pdf , Bsc nursing student
CPR.nursingoutlook.pdf , Bsc nursing student
 

Regulatory Considerations for use of Cloud Computing and SaaS Environments

  • 1. Regulatory Considerations for Use of  Regulatory Considerations for Use of Cloud Computing and SaaS Environments Institute of Validation Technology Conference Qualifying and Validating Cloud and Virtualized IT Infrastructure   Philadelphia PA  Philadelphia PA 21‐August‐2012 Chris Wubbolt, BS, MS Chris Wubbolt BS MS John Patterson, MSE
  • 2. Challenges / Defintions Challenges / Defintions h ll / fi i Historical Perspective Regulatory Requirements for computing service  providers Paradigm Shift :  Software Vendors to Software‐ Paradigm Shift :  Software Vendors to Software‐ as‐ Service Providers as‐a‐Service Providers Qualification / Validation of hosted applications Key Risk Areas 2
  • 4. Cloud computing is still in an early deployment stage,  Cloud computing is still in an early deployment stage,  and standards are crucial to increased adoption.  Urgency is driven by rapid deployment of cloud  Urgency is driven by rapid deployment of cloud  computing in response to financial incentives.  Strategically, there is a need to augment standards  and to establish additional security, interoperability,  and portability standards : to ensure cost‐ to ensure cost‐effective and easy migration,  to ensure that mission‐ to ensure that mission‐critical requirements can be met,  and to reduce the risk that sizable investments may  and to reduce the risk that sizable investments may  d d h kh bl become prematurely technologically obsolete.  4
  • 5. Cloud Computing2 Virtual Machines3 Infrastructure as a Service (IaaS)2 Infrastructure as a Service  Infrastructure as a Service (IaaS) Platform as a Service (PaaS) 2 Platform as a Service (PaaS) Software as a Service (SaaS)2 Software as a Service (SaaS) 5
  • 6. Public Cloud 2‐ The cloud infrastructure is made available to Public Cloud  Public Cloud  The cloud infrastructure is made available to  the general public or a large industry group and is owned  by an organization selling cloud services. by an organization selling cloud services. Private Cloud 2‐ The cloud infrastructure is operated solely  for an organization.  It may be managed by the organization  for an organization It may be managed by the organization or a third party and may exist on premise or off premise. 6
  • 7. A virtual machine is a tightly isolated software  container that can run its own operating systems  p g y and applications as if it were a physical computer. A  virtual machine behaves exactly like a physical  computer and contains it own virtual (ie, software‐ computer and contains it own virtual (ie software based) CPU, RAM hard disk and network interface  card (NIC). ( ) 7
  • 8. The capability provided to the consumer is to  p provision processing, storage, networks, and other  p g, g , , fundamental computing resources where the  consumer is able to deploy and run software, which  can include operating systems and applications.  can include operating systems and applications The consumer does not manage or control the The consumer does not manage or control the  underlying cloud infrastructure but has control over  operating systems, storage, and deployed  applications; and possibly limited control of select  networking components (e.g., host firewalls).  8
  • 9. The capability provided to the consumer is to  deploy onto the cloud infrastructure consumer‐ p y created or acquired applications created using  programming languages, libraries, services, and  tools supported by the provider. tools supported by the provider The consumer does not manage or control the The consumer does not manage or control the  underlying cloud infrastructure including network,  servers, operating systems, or storage, but has  control over the deployed applications and possibly  configuration settings for the application‐hosting  environment environment. 9
  • 10. The capability provided to the consumer is to use the  provider s appls running on a cloud infrastructure.  provider’s appls running on a cloud infrastructure The apps are accessible from various client devices  The apps are accessible from various client devices through either a thin client interface, such as a web  browser (e.g., web‐based email), or program interface. The consumer does not manage or control the  underlying cloud infrastructure including network,  d l i l di f t t i l di t k servers, operating systems, storage, or even individual  application capabilities, with the possible exception of  pp p , p p limited user‐specific application configuration settings.  1 0
  • 11. 11
  • 12. 12
  • 13. GxP Electronic Recordkeeping Controls Qualified Infrastructure Q lifi d I f Standard Operating Procedures Trained Personnel (including IT) Validated Applications Validated Applications Record Integrity Record Availability Record Retention 13
  • 14. Record Integrity Record Availability Record Retention Electronic  SOPs SOPs Recordkeeping  Recordkeeping Backup and  Backup and  Compliance  Restore Restore Program Problem  P bl Business  B i SOPs Reporting Continuity Validation Business  Business Disaster Recovery  Disaster Recovery Infrastructure  Continuity Plan Qualification Disaster Recovery  Record Retention  Security Program Plan Policy Training Archival 14
  • 15. Pharma A Data Center Inc GxPElectronic Recordkeeping Controls GxP Electronic Recordkeeping Controls Trained Personnel (including IT) STILL NEED STILL NEED Qualified Infrastructure QualifiedInfrastructure Validated Applications Standard Operating Procedures Standard Operating Procedures 15
  • 16. A computerised A computerised system is a set of software and hardware  components which together fulfill certain functionalities Applications should be validated IT infrastructure should be qualified IT infrastructure should be qualified Hardware and software such as networking software and operation  systems which makes it possible for the application to function systems which makes it possible for the application to function y p pp Risk Management  Risk Management  Extent of validation and data integrity controls  patient safety, data  Extent ofvalidationand dataintegritycontrols – patient safety, data dataintegritycontrols– integrity, product quality integrity, product quality 16
  • 17. Suppliers and Service Providers Suppliers and Service Providers Formal Agreements required to include  clear statements of responsibilities clear statements of  clear statements of responsibilities Provide Configure Validate Modify Install ll Integrate Maintain i i Retain i IT departments should be considered  IT d departments should be considered  h ld b d d analogous g 17
  • 18. GxPElectronic Recordkeeping Controls GxP Electronic Recordkeeping Controls p g TrainedPersonnel(includingIT) Trained Personnel (including IT) Qualified Infrastructure Validated Applications Standard Operating Procedures Standard Operating Procedures 18
  • 19. Quality System SLC Processes  SLC P Software Vendor  Customer Support pp Typically not directly regulated or inspected by regulatory agencies. Typically not directly regulated or inspected by regulatory agencies. Audited by clients for adherence to standards. Audited by clients for adherence to standards. A di db li f dh d d Quality of SLC Documentation, Testing, etc. varies considerably for each vendor. Quality of SLC Documentation, Testing, etc. varies considerably for each vendor. S Sponsor responsible for installation, validation, and electronic recordkeeping  ibl f i t ll ti lid ti d l t i dk i controls at sponsor location. 19
  • 20. Electronic Recordkeeping  Backup and Restore Compliance Program l Problem Reporting Problem Reporting SOPs Business Continuity y Validation Disaster Recovery Plan Infrastructure Qualification Record Retention Policy Record Retention Policy Security Program Archival Training 20
  • 21. Electronic Recordkeeping Compliance Program Electronic Recordkeeping Compliance Program SOPs SOP SOPs SOP Validation Validation / SDLC Infrastructure Qualification Infrastructure Program Security Program Security Program Training Training Problem Reporting ProblemReporting Backup and Restore Backup and Restore BackupandRestore Backup andRestore Business Continuity Plan Problem Reporting Problem Reporting Record Retention Policy  Business Continuity Disaster Recovery Plan Record Retention Policy Archival 21
  • 22. Validation Validation SOPs SOPs SDLC Methodology User Requirements  User Requirements Functional Specification Specification Configuration User Acceptance Testing  U A t T ti Installation (IQ) (Performance  Qualification) System Testing (Operational  Qualification) Traceability System Release to Customer System Acceptance Traceability 22
  • 23. Specifications Not complete Not updated periodically after changes Test Records Test Records Not pre‐ Not pre‐approved Results not reviewed by second person R lt t i d b d Integrity of test results No approved summary reports Release Management Release Management 23
  • 24. Test Record Integrity Results typed into Word document or Excel  spreadsheet No failures documented Test dates and times do not correlate Test dates and times do not correlate  24
  • 25. Quality System Quality System SLC Processes  SLC Processes  SLC P Customer Support Hosted Environment Software Vendor  Customer Support Validation pp Record Keeping Controls Hosted Environment is used for a direct GxP function (record keeping) and is  Typically not directly regulated or inspected by regulatory agencies. Hosted Environment is used for a direct GxPfunction (record keeping) and is  Typically not directly regulated or inspected by regulatory agencies. more likely to be inspected by regulatory agencies. Audited by clients for adherence to standards. Audited by clients for adherence to standards. Audited by clients for adherence to standards (GxP, Part 11). Audited by clients for adherence to standards (GxP, Part 11). Quality of SLC Documentation, Testing, etc. varies considerably for each vendor. Quality of SLC Documentation, Testing, etc. varies considerably for each vendor. QualityofSLCDocumentation Testing etc variesconsiderably foreachvendor Quality of SLC Documentation, Testing, etc. varies considerably for each vendor. Quality of SLC Documentation, Testing, etc. varies considerablyforeach vendor varies considerably for each vendor. Sponsor responsible for installation, validation, and electronic recordkeeping  SaaSprovider responsible for some aspects of installation, validation, and  SaaS provider responsible for some aspects of installation, validation, and  controls at sponsor location. electronic recordkeeping controls. electronic recordkeeping controls. 25
  • 26. This could now be the documentation used to  This could now be the documentation used to  support your validation effort! Make sure you understand (and audit) your SaaS Make sure you understand (and audit) your SaaS Service Providers Validation/Qualification Procedures  and Documentation dD i 26
  • 27. SAS 70  / SSAE‐ SAS 70  / SSAE‐16 Internationally recognized financial auditing standard nternationally recognized financial auditing standard  nternationally recognized financial auditing standard  developed by the AICPA developed by the AICPA SAS 70 was replaced by SSAE SAS 70 was replaced by SSAE 16 in June 2011 SAS 70 was replaced by SSAE‐16 in June 2011 SSAE‐ There is no SAS 70 / SSAE‐16 certification  There is no SAS 70 / SSAE‐ There is no list of published SAS 70 / SSAE 16  There is no list of published SAS 70 / SSAE‐16 SSAE‐ standards 27
  • 28. SAS 70  / SSAE‐ SAS 70  / SSAE‐16 Requires a description of controls and attestation of  Requires a description of controls and attestation of  Requires a description of controls and attestation of controls by management CPA firms issue Type I (design) and Type II (design  CPA firms issue Type I (design) and Type II (design and effectiveness) reports Neither SAS 70 or SSAE‐ Neither SAS 70 or SSAE‐16 discuss qualification or  q validation of network infrastructure 28
  • 29. A SAS 70 Report by itself may not be sufficient to assure  regulatory requirements are being met. g y q g 29
  • 30. System Unavailable System Down Connection Problems Data Center Disaster Legal / Contractual Disputes Make sure your Business Continuity Plans are  established. Be sure your legal contracts are carefully constructed  and reviewed. and reviewed 30
  • 31. Change Change Control Change Control In a shared environment with multiple customers,  how are hardware or software platform changes  how are hardware or software platform changes communicated or approved? How are application upgrades handled? How are application upgrades handled? Backups What is the frequency of the backup? What is the freq enc of the back p? What happens if a backup fails? Security S i Who has access to the computing environment  (logically or physically)? (l i ll h i ll )? 31
  • 32. Disaster Recovery Disaster Recovery  Where are the backup locations in the event of a  disaster? How is the disaster recovery program tested? Environmental Controls E i t lC t l What are the requirements for monitoring of  environmental controls? en ironmental controls? A Service Level Agreement is a KEY document to  A Service Level Agreement is a KEY document to maintain compliance with a SaaS provider. maintain compliance with a SaaS 32
  • 33. Formal Agreements (e.g. SLAs) in Place with Cloud  Providers to include: Security/Incident/Problem/Change Mgt. Back‐up Recovery/Business Continuity Back‐ R B k /B i C ti it Periodic Review/Monitoring Interface Management Ensuring alignment of Cloud Providers/Consumers  Ensuring alignment of Cloud Providers/Consumers control processes 33
  • 34. 34
  • 35. 1. NIST Special Publication 500‐293, US Government Cloud  NIST Special Publication 500‐ Computing Technology Roadmap , Volume I, Release 1.0  (draft) ,  High‐Priority Requirements to Further USG Agency  (draft) ,   ( f ) High‐Priority Requirements to Further USG Agency  Cloud Computing Adoption,  November 2011  Cloud Computing Adoption,  November 2011  2. NIST Special Publication 800 145, The NIST Definition of Cloud  2 NIST Special Publication 800‐145 The NIST Definition of Cloud NIST Special Publication 800‐ Computing,   September 2011 Computing,   September 2011 3. VMWare (http://www.vmware.com/virtualization/virtual‐machine.html) p // / / ) 4. Federal Cloud Computing Strategy, The White House,  February 8, 2011 35
  • 36. Chris Wubbolt, BS, MS www.QACVConsulting.com Principal Consultant 3242 Regal Road QACV Consulting, LLC QACV Consulting LLC Bethlehem, PA 18020 USA Bethlehem, PA 18020 USA hl h Telephone:  610‐442‐ Telephone:  610‐442‐2250 E‐mail:  chris.wubbolt@QACVConsulting.com mail:  chris.wubbolt@QACVConsulting.com John Patterson, MSE 1 Merck Drive Executive  Director – Whitehouse Station NJ  08889 Compliance;  Manufacturing , Supply  f i l Chain IT; Merck & Co. Telephone:  908‐423‐5675 Telephone:  908‐423‐ E‐mail:  john.patterson@merck.com 36