Cloud Computing: Which Persons should participate in the Audit of a CSP and which Topics should be addressed?
Recommendation
22-24 November 2023
Book together with the course "Computerised System Validation - Introduction to Risk Management" and save up to € 590,-
Register now for ECA's GMP Newsletter
The trend in the pharmaceutical industry is also moving towards cloud computing. Financial but also organizational advantages speak for the cloud. At the same time, however, potential dangers and regulatory restrictions should also be taken into account. Nine experts from the pharmaceutical industry and regulatory authorities answer a comprehensive catalog of questions from the following GxP-relevant topics:
- Basics of Cloud Computing Technology
- Regulations and Expectations of Inspectors
- Customer-Supplier-Relationship
- Requirements for Cloud Service Providers (CSP)
- Requirements for Supplier Evaluation and Supplier Audits
- Requirements for Qualification / Validation
The following question is one of a series of questions that we will publish in further GMP News articles on this site in the coming weeks.
Question 10: Which persons (functions) should participate in the audit of a CSP and which topics should (must) be addressed? Topic: Requirements for Supplier Evaluation and Supplier Audits
According to the vote 1100202* the following applies:
Persons are to be included in the audit who are sufficiently experienced in this special technology. In principle, at least one person should come from IT. The lead auditor will normally come from quality assurance.
According to the vote the following topics should be addressed:
- Security of the data centre
- Server security
- Network security
- Application and platform security
- Data security
- Encryption and key management
- ID and rights management
- Selection and training of staff
- Validation and qualification
- External services and subcontractors
- Maintaining the validated state (change management, configuration management, patch management, monitoring and reporting, incident management)
*Zentralstelle der Länder für Gesundheitsschutz bei Arzneimitteln und Medizinprodukten - Vote V1100202 of the group of experts 11 "Anforderungen an die Aufbewahrung elektronischer Daten" (Requirements for the storage of electronic data) - only available in German.
Find more Q&As on the topic "Cloud Computing" which have been answered by the expert team.
The Experts
Frank Behnisch, CSL Behring GmbH, Marburg
Klaus Feuerhelm, Formerly Local GMP Inspectorate / Regierungspräsidium Tübingen
Oliver Herrmann; Q-FINITY Quality Management, Dillingen
Eberhard Kwiatkowski, PharmAdvantageIT GmbH, Neuschoo
Stefan Münch, Körber Pharma Consulting, Karlsruhe
Yves Samson, Kereon AG, Basel
Dr. Wolfgang Schumacher, Formerly F. Hoffmann-La Roche AG, Basel
Dr. Arno Terhechte, Local GMP Inspecorate / Bezirksregierung Münster
Sieghard Wagner, Chemgineering Germany GmbH, Stuttgart
Related GMP News
17/05/2023
GMP Conferences by Topics
- General Quality Assurance and GMP Compliance Topics
- Hygiene
- General Microbiology Topics
- Regulatory Affairs
- Development
- General Analytics Topics
- Good Distribution Practice
- Sterile Manufacturing
- Computer Validation
- General Qualification/Validation Topics
- General Engineering Topics
- APIs/Excipients
- GMP Basic Training Courses
- Medical Devices and Combination Products
- Packaging and Packaging Material
- Data Integrity
- Qualified Person (QP)
- GMP Auditing
- Documentation
- Cleaning Validation
- General IT Compliance Topics
- Impurities
- OOS / OOE / OOT
- Material Testing
- Validation of Analytical Methods
- Analytical Instrument Qualification
- Stability Testing
- Microbiological Testing
- Technology
- General Manufacturing Topics
- Solid Dosage Forms/Semi-Solid Dosage Forms
- Biotechnology/Blood/ATMP
- Herbal Drug Products/Cannabis/Radiopharmaceuticals
- Others