IT / OT Infrastructure - Qualification and Operation in a GMP Environment - Online Training Recording

IT / OT Infrastructure - Qualification and Operation in a GMP Environment - Online Training Recording

Costs

ECA-Member*: EUR 1490,--
Regular Fee*: EUR 1690,--
EU/GMP Inspectorates*: EUR 845,--
APIC Member Discount*: EUR 1590,--

(All prices excl. VAT). Important notes on sales tax.

* also payable by credit card American Express Visa Mastercard

If you have any questions, please contact us:
Tel.: +49 (0)6221 / 84 44 0 E-Mail: info@concept-heidelberg.de

Speakers

Frank Behnisch, CSL Behring, Germany
Dr Bob McDowall, R.D.McDowall, Uk
Yves Samson, Kereon, Switzerland

Objectives

  • Get an overview of technologies discussed currently in the pharmaceutical environment
  • Learn what requirements are placed on the IT infrastructure and its qualification within the scope of GMP regulations
  • Principles outlined can be applied to Operation Technology (OT) for production systems
  • IT security and cybersecurity has now taken on a central role; here you will learn about the importance of the IT infrastructure in terms of an appropriate IT security concept
  • Case studies show you qualification approaches for key IT infrastructure components
  • Virtualization is a part of the IT infrastructure; learn strategies for qualifying the virtual machine and the virtualization platform

Background

In today’s pharmaceutical environment, the IT infrastructure is the backbone for the application of a wide range of software solutions. The requirements for IT security are becoming increasingly important. Only a robust IT infrastructure with suitable network topologies and security concepts can guarantee the appropriate security here.

Pharmaceutical regulations contain few or only indirect requirements for the IT infrastructure. The principles of the EU GMP guidelines state “The application should be validated, the IT infrastructure should be qualified”. Here the phrase “should” corresponds to a “must”! Further information can be found in the revised version of the GAMP® Good Practice Guide “IT Infrastructure Control and Compliance” published in August 2017.

Target Group

The Online Training is aimed at managers from the pharmaceutical industry, suppliers and service companies who plan, qualify and operate IT infrastructure in a GxP Environment.

Technical Requirements

To participate in an on demand training course or webinar, you do not need any software. The recordings are made available via a streaming server. In general, the recording is provided in MP4 format, which any PC (Microsoft Windows, Apple IOS) or tablet can easily display.

Timing and Duration:

When you register for the on demand Training course or webinar you can decide at what date you want to follow the training course online. For a 1-day training course you will have 2 days in which the stream is available (for 2-day training course 3 days and for a 3-day training course 4 days). Within in this timeframe you can start & stop the stream according to your needs.

In time before the scheduled date (your desired date) you will receive an e-mail from us with a link for direct participation as well as your log-in data.

Please be aware: The recording does not include the Q & A sessions.

Training Course Documentation and Certificate:

The presentations will be made available as PDF files via download shortly before the online training course. After the event, you will automatically receive your certificate of participation.

Programme

IT/OT Infrastructure Model
  • Overall IT/OT infrastructure enterprise model
  • GAMP IT infrastructure model
  • Applying GAMP software categories
  • OT specifics
  • Applicable to all options: on premise / data hotel / SaaS IT
Regulatory and Legal Requirements / Agreement for IT/OT infrastructure
  • GxP regulations with focus on Annex 11 and Chapter 7
  • Supplier assessment and agreements for IT suppliers
    • Risk management
    • Quality and technical agreements and service levels
    • Governance and Quality oversight
    • Time synchronisation
  • Brief summary of legal requirements
    • e.g. GDPR, HIPAA, etc.
Effective and Efficient Compliance
  • Supporting life cycle model
  • Specification
  • Design
  • Verification
Security and Cybersecurity for a Robust IT/OT Infrastructure
  • IT infrastructure security requirements
  • Cybersecurity: ransomware and malware
  • Sizing / Availability / Reliability
  • Basic security rules
  • Network topology
  • Network segregation
  • IT infrastructure monitoring
  • Recommendation for data archiving support
  • PEN testing
Planning Virtualisation Projects
  • User / Technical Requirements Specification
  • Definition of the installation and deployment approach
  • Risk management
  • Definition of backup cycles and scenarios
  • Efficient planning
  • Qualification planning
  • Life cycle of virtual environment
  • Differences between virtual, physical, and as-a-Service installation and deployment
Virtualisation Platform: Overview
  • Platform operation
    • SANs and VMs handling
  • RAID technology
Qualification of the Virtualisation Platform
  • Platform design
    • Requirements and constraints
    • Data management
    • Disaster recovery
  • Qualification planning
    • Specifications
    • Verifications
Qualification Documentation
  • QP – Qualification Plan
  • TRS – Technical Requirements Specification
  • CS – Configuration Specifications
  • IQ – Installation Qualification a.k.a. Configuration Testing
Design Review of IT Infrastructure
  • Design Review and Risk Management purpose
  • Performing Design Review
  • What might go wrong?
  • Critical review of the IT infrastructure
  • Design and monitoring of mitigation measures
Case Study: Firewall Qualification
  • Requirements
    • Purpose
    • Operation
  • Risk assessment
  • Configuration specification
    • Definition of the security rules
    • Operating parameters
  • Configuration Testing (IQ)
  • Functional Testing (OQ)
  • Operation
    • Monitoring
    • Change & Configuration Management
    • Incident Management
Disaster Recovery Planning
  • Regulatory requirements for disaster recovery
  • For virtual and physical environment
  • Disaster recovery or business continuity plans?
  • Disaster recovery plan and testing
    • Order of application recovery with associated data
    • RPO – Recovery Point Objective
    • RTO – Recovery Time Objective
Case Study: Central Backup Management System
  • Requirements
  • Verification
  • Risk assessment
  • Configuration specification
    • Server / Agent / Operating parameters
  • Configuration Testing (IQ)
  • Functional Testing (OQ)
  • Supporting SOPs
    • System management
    • Backup / Restore
    • Disaster Recovery
  • Operation
Incident and Problem Management
  • Definition of incident and problem
  • Incident investigation
  • Collating incidents into problems and their resolution
  • Linking with change control
Infrastructure as a Platform for Various Applications
  • Definition of Platform
  • Generic approach
  • Standard changes
  • Infrastructure lifecycle challenges for applications & GxP
  • Specialties in automation – challenge for infrastructure in 24/7 real-time applications
Change and Configuration Management
  • Regulatory requirements
  • Definitions of change control and configuration management
  • Outline of a change management process
Agile Infrastructure: Introduction to Infrastructure as Code (IaC)
  • Definition & scope
  • Toys or tool?
    • 40 years evolution
  • Flexibility & Agility
    • From installation to provisioning
  • The costs of Agility
    • Rigorous planning
    • Adequate tools
    • Training
    • Risks and Benefits

Recording from 23/24 June 2022
Duration of the recording: approx. 11 h 23 min

Go back

Online Training & Webinar Recordings by topic