cloud-computingThe GAMP CoP Cloud SIG published “Cloud Computing in a GxP Environment: The Promise, the Reality and the Path to Clarity” (Pharmaceutical Engineering Magazine: January/February 2014), the first in a series of articles relating to different aspects of cloud computing.  This introductory article provides an overview of some of the primary challenges and/or concerns the regulated industry debates on the topic of adopting cloud solutions.  The GAMP CoP Cloud SIG is formed of representatives from a cross-section of small and large life sciences companies and cloud service provider SMEs, all of whom are able to bring differing perspectives from real-world experience, research and interaction with both the cloud provider industry, and various regulatory bodies.

To help the life sciences industry address regulatory concerns while leveraging the cost savings of IaaS delivery models, the GAMP Cloud SIG has identified in “Challenges for Regulated Life Sciences Companies within the IaaS Cloud,”  the regulatory elements pertinent for information and systems moving to IaaS providers.  As we started the discussions within the SIG about the challenges of moving to an IaaS model, we were all perhaps a little naive in thinking that it would be the simplest of all the challenges the SIG would discuss.  What we have learned is that for a regulated firm, the IaaS model is not just about the storage, but also about the Vendor behind the storage, and the automation that the Vendor uses to provision capabilities (storage and computing).  The assets that a regulated company may decide to locate at an IaaS provider are only as secure and robust as the processes behind the capabilities of the provider.  During the development of “Challenges for Regulated Life Sciences Companies within the IaaS Cloud,” we discovered the “Ah Ha” moment which is that “There is no magic formula that can erase the need to apply fundamental good IT practices,  in the cloud or in house.” 

As a regulated company, one should stay open and pragmatic as to how an IaaS provider meets the controls.  The heart of the controls needed to be respected and allow IaaS providers flexibility in meeting the controls.  The “how” can be met with standards not typically used in a regulated firm’s IT department.

Read the complete article here.