Cloud Infrastructure is the foundational support for the computing requirements of a cloud computing model. As migration to the cloud becomes increasingly prevalent, hyper-scale companies like Amazon Web Services (AWS), Microsoft Azure, and Google provide customized solutions that simplify the infrastructure layer in a cost-effective model. Once the cloud infrastructure is qualified, infinite GMP-regulated applications may be compliantly deployed on top of this layer at scale.
Organizations in the Life Sciences must ensure their systems adequately protect sensitive data. Consequently, companies choose private clouds provided by Amazon Web Services (AWS), Microsoft Azure, or Google to host their critical information. However, a private cloud does not ensure a compliant environment that meets regulatory standards.
The responsibility for US Food and Drug Administration (FDA) compliance in virtual private cloud (VPC) environments is shared. A customer will usually be responsible for their workloads, data, and other related components. The cloud provider will generally be responsible for physical component maintenance, security, and storage. These responsibilities can vary widely based on the cloud model. Understanding who is responsible for each infrastructure component is critical to maintaining effective compliance. Visit our Cloud Compliance services to find out more information.
The following model characterizes the current best practices approach:
Arbour Group Services
Industry standards evolve as new technologies emerge and become essential to your organization's processes. Arbour Group offers a Cloud Infrastructure Qualification Compliance methodology that ensures applicable compliance standards are met and your data is secure. Arbour provides clearly defined roles with the associated compliance responsibility.
The Cloud Infrastructure Qualification process will incorporate identification of potential GMP impacts, assessment of associated risks, and determination of testing rigor toward the development of the following deliverables:
- Qualification Plan - Outlines the objectives, scope, approach, and responsibilities for qualification as well as requirements for ongoing change and records management
- Requirements and Specifications - Describes the requirements and functions that the infrastructure must provide for GMP related areas
- SOC Assessment & Customer End User Controls Test Protocols - Test protocols are developed to assess the SOC Reports provided by the cloud service organization and Complementary User Entity Controls (CUEC) as implemented by the end-user
- Traceability Matrix - Verification of test coverage relative to the requirements and specifications for SOC Assessment reports and CUECs
- Qualification Summary Report - Summarizes the results of qualification activities, including discrepancies, and provides a concluding statement to close the qualification phases
Whether you are implementing Microsoft Azure, Google, or Amazon Web Services (AWS), Contact Arbour Group to discuss Cloud Infrastructure Qualification services.
Arbour Group has provided us with competent validation project leadership that has enabled us to complete projects in a timely and cost effective manner.
The use of Arbour’s validation product greatly facilitated the process.
Arbour Group provided effective validation services to us and were a valuable part of the overall success of our company-wide ERP implementation.
Their integration into our multi-phase ERP roll out was seamless and assured us of comprehensive regulatory compliance.
The regulatory assistance provided by Arbour Group has enabled us to enhance our compliance profile with life sciences customers.
Their Managed Services for software development and quality assurance play a key role in controlling business risk and reducing costs.