Remote Access to Critical GxP Systems by Service Providers

Recommendation
4-6 November 2025
Copenhagen, Denmark
Including discussion on the brand new draft of EU GMP Guide Annex 22 ‚Artificial Intelligence‘.
Presentation of the Issue
Remote access by the supplier provides many advantages when maintaining software, troubleshooting and installing new functionalities. However, what regulations must be in place for remote access by service providers to GxP-critical systems? What data integrity requirements must be included?
How can this Process be made GxP-compliant?
Remote access enables service providers to access computerised systems via a network connection in order to correct errors or change the configuration. If a GxP critical computerised system is accessed remotely, the system can be modified by the activities of the service provider or service company in such a way that the validated state is no longer maintained. Therefore, remote access and the actions performed during this session should be controlled and documented. This means that access should be actively enabled by the RU (regulated user). Besides, this should be done via a secure network connection and a record of the activities performed should be kept . If necessary, a change control process should be initiated. The aim is to maintain and control the validated status of the system.
Related GMP News
09.07.2025Drafts of EU GMP Guideline Annex 11, Annex 22 and Chapter 4 released for comment
20.03.2025New FDA-Guidance for Industry draft on AI
12.02.2025Cloud Computing: Documents for a smooth migration to the cloud
15.01.2025Cloud Computing: Open or Closed System according to 21 CFR Part 11?
11.12.2024Cloud Computing: Validation documents for a SaaS application
04.12.2024Cloud Computing: What happens if the CSP does not allow audits?