Remote Access to Critical GxP Systems by Service Providers

Recommendation

3-5 November 2021

Live Online Training: Computer Validation: Maintaining Control of Operation

Presentation of the Issue

Remote access by the supplier provides many advantages when maintaining software, troubleshooting and installing new functionalities. However, what regulations must be in place for remote access by service providers to GxP-critical systems? What data integrity requirements must be included?

How can this Process be made GxP-compliant?

Remote access enables service providers to access computerised systems via a network connection in order to correct errors or change the configuration. If a GxP critical computerised system is accessed remotely, the system can be modified by the activities of the service provider or service company in such a way that the validated state is no longer maintained. Therefore, remote access and the actions performed during this session should be controlled and documented. This means that access should be actively enabled by the RU (regulated user). Besides, this should be done via a secure network connection and a record of the activities performed should be kept . If necessary, a change control process should be initiated. The aim is to maintain and control the validated status of the system.