IT / OT Infrastructure Qualification and Operation in a GxP Environment
19-21 May 2027, Copenhagen, Denmark
Course No. 22801
Speakers
Dr Bob McDowall
R.D. McDowall Ltd.
Frank Behnisch
Formerly CSL Behring
Yves Samson
Kereon
Highlights - Information Technology (IT) / Operation Technology (OT) Infrastructure Enterprise Model - New Regulatory Requirements? - IT Compliance for the IT Infrastructure
Target Group
The event is aimed at managers from
the pharmaceutical industry,
suppliers and
service companies
who plan, qualify and operate IT infrastructure in a GxP Environment.
Objectives
Get an overview of technologies discussed currently in the pharmaceutical environment
Learn what requirements are placed on the IT infrastructure and its qualification within the scope of GMP regulations
Principles outlined can be applied to Operation Technology (OT) for production systems
IT security and cybersecurity has now taken on a central role; here you will learn about the importance of the IT infrastructure in terms of an appropriate IT security concept
Case studies show you qualification approaches for key IT infrastructure components
Virtualization is a part of the IT infrastructure; learn strategies for qualifying the virtual machine and the virtualization platform
Programme
IT/OT Infrastructure Model
Overall IT/OT infrastructure enterprise model
GAMP IT infrastructure model
Applying GAMP software categories
OT specifics
Applicable to all options: on premise / data hotel / SaaS IT
Regulatory and Legal Requirements / Agreement for IT/OT Infrastructure
GxP regulations with focus on Annex 11 and Chapter 7
Supplier assessment and agreements for IT suppliers: Risk management; Quality and technical agreements and service levels; Governance and Quality oversight; Time synchronisation
Brief summary of legal requirements: e.g. GDPR, HIPAA, etc.
Effective and Efficient Compliance
Supporting life cycle model
Specification
Design
Verification
Workshop: “How can you ensure IT and QA work together?”
Although there needs to be quality oversight of IT operations and associated records, what is the best way for IT and Quality to collaborate? Suggestions made in the workshop will be discussed with the course attendees.
Content of an Agreement with an IT Service Provider
Annex 11 clause 3 requires that there is a formal agreement between an IT service provider and the business but provides little detail other the document should include clear statements of the responsibilities of the third party. What else is required in an IT agreement?
Scope of the IT services provided
Roles and responsibilities of both parties
Reporting with metrics against defined service Levels
Escalation pathway
Is an agreement for an internal IT department the same as a cloud service Provider?
Agile Infrastructure: Leveraging to Infrastructure as Code (IaC) for Efficiency
Definition & scope
Toys or tool?
40 years evolution
Flexibility & Agility
From Installation to provisioning
The costs of Agility
Rigorous planning
Adequate Tools
Training
Risks and benefits
Change and Configuration Management
Regulatory requirements
Definitions of change control and configuration management
Outline of a change management process
Security and Cybersecurity for a robust IT/OT Infrastructure
IT infrastructure security requirements
Cybersecurity: ransomware and malware
Sizing / Availability / Reliability
Basic security rules
Network topology
Network segregation
IT infrastructure monitoring
Recommendation for data archiving suppor
PEN testing
Incident and Problem Management
Definition of incident and problem
Incident investigation
Collating incidents into problems and their resolution
Linking with change control
Qualification Documentation
QP – Qualification Plan
TRS – Technical Requirements Specification
CS – Configuration Specifications
IQ – Installation Qualification a.k.a. Configuration Testing
Disaster Recovery Planning
Regulatory requirements for disaster recovery
For virtual and physical environment
Disaster recovery or business continuity plans?
Disaster recovery plan and testing
Order of application recovery with associated data
RPO / RTO – Recovery Point / Time Objective
Workshop: Disaster Recovery Planning
Business continuity is an Annex 11 requirement. What should a disaster recover plan cover? How detailed should it be? What would be the triggers to activate a plan? How should it be tested? Does it need to be reviewed? If so how frequently? Could the same plan apply equally to an on-premises and cloud computerised system?
IT Service Provider Assessment
Annex 11 clause 3.2: The competence and reliability of a supplier are key factors when selecting a product or service provider. The need for an audit should be based on a risk assessment.
What facilities, services and operations should be covered in an assessment or audit of an in-house IT Department?
Are there any differences if the IT department was outsourced to a third party but operated on site?
What would an audit of a Cloud Service or SaaS Provider cover differently?
Design Review of IT Infrastructure
Design Review and Risk Management purpose
Performing Design Review
What might go wrong?
Critical review of the IT infrastructure
Design and monitoring of mitigation measures
Infrastructure as a Platform for Various Applications
Definition of Platform
Generic approach
Standard changes
Infrastructure lifecycle challenges for applications & GxP
Specialties in automation – challenge for infrastructure in 24/7 real-time applications
Accommodation CONCEPT HEIDELBERG has reserved a limited number of rooms in the conference hotel. You will receive a room reservation form/POG when you have registered for the course. Reservation should be made directly with the hotel. Early reservation is recommended.
Conference language The official conference language will be English.
Fees (per delegate, plus VAT) ECA Members € 2,290 APIC Members € 2,390 Non-ECA Members € 2,490 EU GMP Inspectorates € 1,245 The conference fee is payable in advance after receipt of invoice and includes conference documentation, Get-Together and dinner on the first day, lunch on day 1 and day 2, standing lunch on day 3 and all refreshments. VAT is reclaimable.
Get-Together On the evening of the first course day, you are cordially invited to a Get-Together. This is an excellent opportunity to share your experiences with colleagues from other companies in a relaxed atmosphere.
Presentations/Certificate The presentations for this event will be available for you to download and print before and after the event. Please note that no printed materials will be handed out on site and that there will not be any opportunity to print the presentations on site.
Wed, 19 May 2027, 9:00-17:30 h (Registration/coffee 8:30-9:00 h) Thu, 20 May 2027, 8:30-17:30 h Fri, 21 May 2027, 8:30-13:00 h All times mentioned are CEST
Testimonials
