Cloud Computing: QMS of the Cloud Service Provider (CSP)
Recommendation
11-13 October 2023
Including new requirements on Data Integrity
Register now for ECA's GMP Newsletter
The trend in the pharmaceutical industry is also moving towards cloud computing. Financial but also organizational advantages speak for the cloud. At the same time, however, potential dangers and regulatory restrictions should also be taken into account. Nine experts from the pharmaceutical industry and regulatory authorities answer a comprehensive catalog of questions from the following GxP-relevant topics:
- Basics of Cloud Computing Technology
- Regulations and Expectations of Inspectors
- Customer-Supplier-Relationship
- Requirements for Cloud Service Providers (CSP)
- Requirements for Supplier Evaluation and Supplier Audits
- Requirements for Qualification / Validation
The following question is one of a series of questions that we will publish in further GMP News articles on this site in the coming weeks.
Question 7: Can we assume that if there is an appropriate QMS implemented and if the CSP acts in compliance with this QMS (as a result of an audit), the service provided functions in accordance with the specification and the operational controls are carried as described in the CSP's internal procedures? Requirements for Supplier Evaluation and Supplier Audits
In accordance with Annex 11 the use of computerised systems may not result in a decrease in quality assurance. The assessment of a service provider includes the evaluation of its quality assurance system. In addition to this initial assessment Chapter 7 requires the RU (regulated user) to continuously monitor the service provider by means of the supervision of KPIs.
In the case of an applied and appropriate QMS it can be assumed that operative controls defined in the QMS will be carried out and that results not compliant with the specifications will be addressed within the meaning of deviations / OOS.
The RU (Regulated User) is nevertheless required to continuously evaluate compliance when implementing the QMS. Chapter 7 of the EU Guidelines to Good Manufacturing Practice specifies: "The Contract Giver is ultimately responsible to ensure processes are in place to assure the control of outsourced activities." Type and extent can be defined on the basis of risk, and they are influenced by the experiences from the continuous monitoring of the service provider.
Find more Q&As on the topic "Cloud Computing" which have been answered by the expert team.
The Experts
Frank Behnisch, CSL Behring GmbH, Marburg
Klaus Feuerhelm, Formerly Local GMP Inspectorate / Regierungspräsidium Tübingen
Oliver Herrmann; Q-FINITY Quality Management, Dillingen
Eberhard Kwiatkowski, PharmAdvantageIT GmbH, Neuschoo
Stefan Münch, Körber Pharma Consulting, Karlsruhe
Yves Samson, Kereon AG, Basel
Dr. Wolfgang Schumacher, Formerly F. Hoffmann-La Roche AG, Basel
Dr. Arno Terhechte, Local GMP Inspecorate / Bezirksregierung Münster
Sieghard Wagner, Chemgineering Germany GmbH, Stuttgart
Related GMP News
17/05/2023
GMP Conferences by Topics
- General Quality Assurance and GMP Compliance Topics
- Hygiene
- General Microbiology Topics
- Regulatory Affairs
- Development
- General Analytics Topics
- Good Distribution Practice
- Sterile Manufacturing
- Computer Validation
- General Qualification/Validation Topics
- General Engineering Topics
- APIs/Excipients
- GMP Basic Training Courses
- Medical Devices and Combination Products
- Packaging and Packaging Material
- Data Integrity
- Qualified Person (QP)
- GMP Auditing
- Documentation
- Cleaning Validation
- General IT Compliance Topics
- Impurities
- OOS / OOE / OOT
- Material Testing
- Validation of Analytical Methods
- Analytical Instrument Qualification
- Stability Testing
- Microbiological Testing
- Technology
- General Manufacturing Topics
- Solid Dosage Forms/Semi-Solid Dosage Forms
- Biotechnology/Blood/ATMP
- Herbal Drug Products/Cannabis/Radiopharmaceuticals
- Others