Remote Access to Critical GxP Systems by Service Providers
Recommendation
29-31 October 2024
Presentation of the Issue
Remote access by the supplier provides many advantages when maintaining software, troubleshooting and installing new functionalities. However, what regulations must be in place for remote access by service providers to GxP-critical systems? What data integrity requirements must be included?
How can this Process be made GxP-compliant?
Remote access enables service providers to access computerised systems via a network connection in order to correct errors or change the configuration. If a GxP critical computerised system is accessed remotely, the system can be modified by the activities of the service provider or service company in such a way that the validated state is no longer maintained. Therefore, remote access and the actions performed during this session should be controlled and documented. This means that access should be actively enabled by the RU (regulated user). Besides, this should be done via a secure network connection and a record of the activities performed should be kept . If necessary, a change control process should be initiated. The aim is to maintain and control the validated status of the system.
Related GMP News
31.07.2024FDA Warning Letter on Data Integrity Issues
14.02.2024Cloud Computing: Workaround for non-compliant PaaS
07.02.2024Cloud Computing: Validation performed by a CSP on its own - what is the Value?
24.01.2024Cloud Computing: Can an automated Deployment Chain replace an IQ?
17.01.2024Cloud Computing: Consequences of different service models for Qualification / Validation
10.01.2024Cloud Computing: Validation of SaaS; who is accountable?