22-24 May 2024
The trend in the pharmaceutical industry is also moving towards cloud computing. Financial but also organizational advantages speak for the cloud. At the same time, however, potential dangers and regulatory restrictions should also be taken into account. Nine experts from the pharmaceutical industry and regulatory authorities answer a comprehensive catalog of questions from the following GxP-relevant topics:
The following question is one of a series of questions that we will publish in further GMP News articles on this site in the coming weeks.
SaaS means "Software as a Service" and describes one of several service models of Cloud Service Providers (CSP). SaaS means that the CSP provides and manages the complete application including infrastructure and platform. The regulated company pays a subscription fee but does not have to invest in server hardware and software development. Thus, it pays for provision and operation only, whereas the CSP takes care of IT administration and further services like maintenance and updates of the solution.
However, to be frank: Accountability cannot be delegated! The regulated company is still fully responsible for the regular use of the application and its implementation by the CSP. This responsibility can be realized by qualifying the CSP and validating the provided SaaS solution(s).
As for any other software application, the initial step is to write down the requirements, e.g. as a user requirements specification (URS). The URS defines the application's purpose and can be used as a baseline for the evaluation of different CSPs and its applications, often complemented by commercial aspects. CSPs on the short list should be qualified, ranging from filling in a questionnaire to conducting a multi-day on-site audit, depending on the application's risk and the data to be processed.
Therefore, transparency of the CSP as well as the customer / supplier relationship and the collaboration method will significantly impact the validation process. Basically, SaaS should be considered a "black box" solution that is going to be validated like any other type of software. However, the following aspects require special attention:
Generally, validation of SaaS follows the same principles as traditional computerized system validation (CSV). However, SaaS introduces new risks and shifts the focus, as the CSP's / supplier's activities take a larger role.
Find more Q&As on the topic "Cloud Computing" which have been answered by the expert team.
Frank Behnisch, CSL Behring GmbH, Marburg
Klaus Feuerhelm, Formerly Local GMP Inspectorate / Regierungspräsidium Tübingen
Oliver Herrmann; Q-FINITY Quality Management, Dillingen
Eberhard Kwiatkowski, PharmAdvantageIT GmbH, Neuschoo
Stefan Münch, Körber Pharma Consulting, Karlsruhe
Yves Samson, Kereon AG, Basel
Dr. Wolfgang Schumacher, Formerly F. Hoffmann-La Roche AG, Basel
Dr. Arno Terhechte, Local GMP Inspecorate / Bezirksregierung Münster
Sieghard Wagner, Chemgineering Germany GmbH, Stuttgart