Development and Lifecycle Management of Software as a Medical Device
If you work in the pharma industry you are undoubtedly hearing discussions about the importance of the “cloud” but what exactly does this mean? Do you know how much of your organisation’s pharmaceutical data is “in the cloud” and how this data has made its way to the cloud? Hopefully by the time you have completed reading this article you will understand that “cirrus” and “cumulus”are not the only types of “cloud” that exist.
What exactly is cloud technology and how does it relate to the pharma industry?
Cloud computing is the on-demand availability of computer system resources, particularly in relation to data storage, without direct active management by the user. Data storage in the cloud means that company data is stored in data centres that can be located anywhere in the world and transmit the data to and from a location that you can personally access i.e. company IT systems, your own personal internet or mobile phone and other such devices.
Clouds can be limited to a single organisation and these are called “private” clouds. Cloud storage can also be available to multiple organisations (public cloud) or a combination of both (hybrid cloud). A hybrid cloud model operates in such a manner that data runs on a private cloud or data centre and bursts into a public cloud when the demand for computing capacity spikes. The advantage of this type of model is that an organisation only pays for the extra resources on as needed basis, however, consideration must be given to the security and compliance risks associated with cloud bursting.
When a pharmaceutical organisation engages in the use of cloud service providers this becomes an outsourced activity. The level of service that is outsourced by your organisation determines the type of IT model that has been employed. The different models that exist are as follows:
- On premises
- Infrastructure as a service (IAAS)
- Platform as a service (PAAS)
- Software as a service (SAAS)
The platforms of the cloud services providers can be shared amongst multiple different industrial sectors, ranging from the retail and motor industries to the pharmaceutical industry. It should not be assumed that cloud service providers are knowledgeable on pharmaceutical GxP requirements and it is up to the pharmaceutical industry to ensure that GxP requirements are being met. This can be achieved by conducting an audit of the cloud service provider and incorporating compliance requirements into Service Level Agreements, Quality Technical Agreements and through training. A description of the qualification requirements and ongoing management of IT service providers should also be present in the pharmaceutical Quality Management System. You own your data regardless of where it resides and it is imperative that you understand the controls that are in place to protect it.
Data integrity is a popular topic with both EU and US regulators. The FDA issued a Q&A Guidance Document for industry in December 2018 in relation to “Data Integrity and Compliance with Drug CGMP”. This was issued in direct response to increasing numbers of violations involving data integrity issues during CGMP inspections. This document contains some key questions that must be asked in order to ensure adequate oversight and control of the integrity of data that is generated. The questions identified are:
- Are controls in place to ensure that data is complete?
- Are activities documented at the time of performance?
- Are activities attributable to a specific individual?
- Can only authorised individuals make changes to records?
- Is there a record of changes to data?
- Are records reviewed for accuracy, completeness, and compliance with established
- standards?
- Are data maintained securely from data creation through disposition after the record’s
retention period
The full document can be viewed be clicking on the following link: http://academy.gmp-compliance.org/guidemgr/files/UCM495891.PDF
PharmaLex can support your organisation in many ways. If you would like support with a compliant transition of your organisation’s data to the cloud then contact the PharmaLex team. The types of services that PharmaLex can offer include qualification of cloud service providers, data integrity assessment reviews and development of data integrity programmes. Why not connect with PharmaLex today +353 1 846 4742 or contactirl@pharmalex.com and discuss your individual needs with a member of the PharmaLex team.
Related posts
