Cloud Computing: Which Persons should participate in the Audit of a CSP and which Topics should be addressed?
The trend in the pharmaceutical industry is also moving towards cloud computing. Financial but also organizational advantages speak for the cloud. At the same time, however, potential dangers and regulatory restrictions should also be taken into account. Nine experts from the pharmaceutical industry and regulatory authorities answer a comprehensive catalog of questions from the following GxP-relevant topics:
- Basics of Cloud Computing Technology
- Regulations and Expectations of Inspectors
- Customer-Supplier-Relationship
- Requirements for Cloud Service Providers (CSP)
- Requirements for Supplier Evaluation and Supplier Audits
- Requirements for Qualification / Validation
The following question is one of a series of questions that we will publish in further GMP News articles on this site in the coming weeks.
Question 10: Which persons (functions) should participate in the audit of a CSP and which topics should (must) be addressed? Topic: Requirements for Supplier Evaluation and Supplier Audits
According to the vote 1100202* the following applies:
Persons are to be included in the audit who are sufficiently experienced in this special technology. In principle, at least one person should come from IT. The lead auditor will normally come from quality assurance.
According to the vote the following topics should be addressed:
- Security of the data centre
- Server security
- Network security
- Application and platform security
- Data security
- Encryption and key management
- ID and rights management
- Selection and training of staff
- Validation and qualification
- External services and subcontractors
- Maintaining the validated state (change management, configuration management, patch management, monitoring and reporting, incident management)
*Zentralstelle der Länder für Gesundheitsschutz bei Arzneimitteln und Medizinprodukten - Vote V1100202 of the group of experts 11 "Anforderungen an die Aufbewahrung elektronischer Daten" (Requirements for the storage of electronic data) - only available in German.
Find more Q&As on the topic "Cloud Computing" which have been answered by the expert team.
The Experts
Frank Behnisch, CSL Behring GmbH, Marburg
Klaus Feuerhelm, Formerly Local GMP Inspectorate / Regierungspräsidium Tübingen
Oliver Herrmann; Q-FINITY Quality Management, Dillingen
Eberhard Kwiatkowski, PharmAdvantageIT GmbH, Neuschoo
Stefan Münch, Körber Pharma Consulting, Karlsruhe
Yves Samson, Kereon AG, Basel
Dr. Wolfgang Schumacher, Formerly F. Hoffmann-La Roche AG, Basel
Dr. Arno Terhechte, Local GMP Inspecorate / Bezirksregierung Münster
Sieghard Wagner, Chemgineering Germany GmbH, Stuttgart
Related GMP News
12.02.2025Cloud Computing: Documents for a smooth migration to the cloud
15.01.2025Cloud Computing: Open or Closed System according to 21 CFR Part 11?
11.12.2024Cloud Computing: Validation documents for a SaaS application
04.12.2024Cloud Computing: What happens if the CSP does not allow audits?
27.11.2024Cloud Computing: Are (GMP) Supervisory Authorities allowed to inspect CSP?
20.11.2024Cloud Computing - Content of a SLA/Contract with a XaaS Provider