Cloud Computing in a GxP Environment

Cloud Computing in a GxP Environment

Hamburg, Germany

Course No 15073


This conference already took place.

If you have any questions, please contact us:
Tel.: +49 (0)6221 / 84 44 0 E-Mail:


Dr Karel Bastiaanssen, Ingeborg Baars, Iperion Life Sciences, The Netherlands
Dr Wolfgang Schumacher, F. Hoffmann-La Roche Ltd.
Dr Arno Terhechte, Bezirksregierung Münster
Michael Wegmann, F. Hoffmann-La Roche Ltd.


Get to know the different types of cloud computing, their technical basics and their validation approaches
What are the pharmaceutical authorities’ requirements with regard to cloud computing and what regulations have to be observed? An inspector will present his perspective to these questions and the experience gained so far in audits and will further cover critical points
You can assess the use of cloud computing from the perspective of IT security and data protection rules, and based on that you can formulate requirements for cloud service providers
You can evaluate the opportunities and risks of cloud computing in the GxP environment.


As well as in other sectors, the use of cloud computing is discussed in the pharmaceutical industry. For commercial reasons there is a lot speaking for the use.

However, is cloud computing an acceptable way in a GxP environment of the pharmaceutical industry? And, if yes, what has to be observed from the point of view of IT and quality assurance, as well as from the perspective of a pharmaceutical inspector?

From the points of view of the user and the pharmaceutical inspector this event gives you an overview of the current state of the technical possibilities. The speakers evaluate opportunities and risks of the use of cloud computing in the GxP environment and make recommendations for the pharmaceutical practice.

Target Group

The event is aimed at employees who are entrusted with the planning and implementation of “cloud” projects in the GxP environment. The event also offers support for decision-making, whether cloud services are available as an alternative in the GxP environment.


Regulatory Background – important issues to consider from the point of view of an inspector
Requirements for CSP (cloud service providers) resulting from Annex 11
To do’s for regulated users with respect to chapter 7
of the EU GMP Guide
German drug law – does the German drug law or European Law effect the business of CSP;
enforcement of corrective actions

Definition and types of Cloud Computing
Service models: Private Cloud, Public Cloud,
Community Cloud, Hybrid Cloud
Infrastructure as a Service (IaaS)
Platform as a Service (PaaS)
Software as a Service (SaaS)
Cloud Computing scenarios, reference architectures, examples

Cloud Computing: IT Security
Examples of incidents
Strategic planning and preparation for going to
cloud services
Security management and security architecture
Security certifications (e.g. ISO 27001) and what
they really mean
Physical and logical security, encryption
Incident prevention and response
Professional security patch management
Identity management, authentication, authorization
Integration of cloud services with internal IT landscape

The technology behind cloud services
Service provided and their delivery processes
Technology and resource pools
Risk and challenges

Contracts with cloud service providers
Business & Technology Risks
Intellectual Property
Service Access / Service Quality KPIs
Data Storage requirements
Inspection & audit support
Example Contract/SLA
Lessons learnt

Cloud Computing: Use cases in a GxP environment
Risk-based approach
Specific responsibilities of the cloud service provider
Specific responsibilities of the cloud customer
Separation of GxP vs. non GxP

Compliance requirements for the cloud infrastructure
Regulatory requirements
Qualification of the cloud
Validation of the cloud

Inspections and Findings
European Framework to conduct inspections
Availability, data integrity and confidentiality of data
Possibility to perform inspections of CSP
State of the art defined by BSI, ENISA and NIST
Inspections: experiences and findings

Cloud Computing: Data protection
Data protection and privacy – legal requirements
Responsibilities of the cloud service provider
Responsibilities of the cloud customer

Data classification
Responsibility and integration in the IT project management framework
Handling, processing, commissioned processing of data
Forced disclosure
Applicable regulations
Examples and lessons learnt

How to validate a cloud process – manage the risks and stay in compliance
URS / GxP/functional risk assessment
Validation planning and testing
Validation report
Change control, bug fixes, monitoring

Business continuity management
Necessity for Sales/Patients/Annex11?
Assessing the Business Continuity Risk
Buss. Cont. Plan – BCP
Disaster Recovery-MTPD-RTO-RPO

Moving to the cloud: Working out how to do it
Requirements from different starting points
Mapping your needs to the different options in cloud services
Defining a strategy to move to the cloud
Learn how cloud service provider business can impact yours
Prepare for action: Plan the move

Government agencies and Cloud Computing
Objectives and capabilities of government agencies
How and where do they hook in
Internet surveillance and specific attacks
Industry espionage
Countermeasures and their limitations

Experiences with outsourcing and cloud computing
QA involvement
Pain points

Cloud Computing: Pro’s and con’s – includes closing discussion
Opportunities and risks of cloud computing
Rationale for using cloud services
Rationale for not using cloud services
Conclusions and recommendations

Go back

GMP Conferences by Topics

Cookies help us in providing our services. By using our services, you agree that we use cookies. Further information