GAMP 5 as a Suitable Framework for Validation of Electronic Document Management Systems On Premise and 'In the Cloud' Keith Williams CEO GxPi
|
|
- Donna Brown
- 8 years ago
- Views:
Transcription
1 GAMP 5 as a Suitable Framework for Validation of Electronic Document Management Systems On Premise and 'In the Cloud' Keith Williams CEO GxPi
2 Disclaimer The views and opinions expressed in the following PowerPoint slides are those of the individual presenter and should not be attributed to Drug Information Association, Inc. ( DIA ), its directors, officers, employees, volunteers, members, chapters, councils, Special Interest Area Communities or affiliates, or any organization with which the presenter is employed or affiliated. These PowerPoint slides are the intellectual property of the individual presenter and are protected under the copyright laws of the United States of America and other countries. Used by permission. All rights reserved. Drug Information Association, DIA and DIA logo are registered trademarks or trademarks of Drug Information Association Inc. All other trademarks are the property of their respective owners. Drug Information Association 2
3 History and evolution of GAMP Group founded in 1991 in the UK from life sciences manufacturing (not called GAMP ) First GAMP (Good Automated Manufacturing Practice) guide published in 1994 Partnered with ISPE (International Society for Pharmaceutical Engineering) in 1994 GAMP 4 (2001) included a lot of detail in terms of checklists, templates, proposed V model etc. Replaced by a Quality Risk Management approach in GAMP 5 (2008) plus IT related best practice guides ( ) It s a guideline, not a Regulation, but still widely followed Drug Information Association 3
4 Context Trend of EDMS over the last Years- Matching the Evolution of GAMP 1994 Mostly In-house developed EDMS or bespoke by supplier (OP) 2002 Validation approaches have had to adapt to this change as more of the activities transfer to Outsourcing companies (OP= On-Premise ; Hosted may = Cloud) Configured EDMS on platforms- still some development (OP) 2010 COTS or Preconfigured (OP and Hosted EDMS) Drug Information Association 4
5 Can you Use GAMP 5 for Validation of an EDMS for On Premise and Hosted in the Cloud deployment? In short, Yes it is suitable (otherwise this would be a short talk). It is a framework designed to ensure that computerised systems are fit for purpose and compliant with current regulatory requirements BUT It should be employed as part of, and alongside your Validation Master Plan (VMP) A specific Validation Plan (VP) should be produced for each GxP regulated system VP should focus on aspects related to patient safety, product quality and data integrity You need to have a deep understanding of the underlying technologies that are being employed in the Hosting of the Infrastructure, Platforms and Software applications You should leverage as much of the Suppliers expertise, testing and documentation as possible (see examples later) Drug Information Association 5
6 Why is GAMP 5 useful now? Drug Information Association 6
7 Click to edit Master title style RISK ASSESSMENT AND OVERVIEW OF TOOLS Drug Information Association 7
8 How can a risk based approach cut costs? High Level Risk Assessment do you need to validate at all? Functional Risk Assessment where should you focus your efforts in terms of documentation and testing? Drug Information Association 8
9 Assessment- do you have a GxP Critical system? Drug Information Association 9
10 GAMP 5 Risk based approach at a functional level Drug Information Association 10
11 What does GAMP 5 suggest? Clear separation of Regulated Company and Supplier Responsibilities Advice on managing the interface with suppliers, including assessments / audits Full proposed set of documents, including templates Acknowledges differences between Information Systems and computer-controlled equipment. Application of a Risk-based approach Categorisation of Software or Components Emphasis on the Validation Plan and Validation Report The end-result should be not just be an auditable set of documents, but hopefully a computer system that does what it is meant to do! Drug Information Association 11
12 Click to edit Master title style VALIDATION OF AN EDMS ON-PREMISE VS CLOUD Drug Information Association 12
13 GAMP 5 Compliance by adopting a life cycle approach to Computerised Systems Drug Information Association 13
14 The Main Components of an EDMS that need to be managed Platform Hardware (Servers and clients) Server Software (Platform and Application) Client Software EDMS Processes (Process Owner) EDMS Community (People, SME, System Owner- may also be Process Owner) Drug Information Association 14
15 Some definitions of Cloud and Hosting (outsourcing) Cloud Computing -SaaS, Paas, Iaas, Cloud computing is a model for enabling ubiquitous, convenient, ondemand network access to a shared pool of configurable computing resources (e.g. networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. Software as a Service (SaaS). The capability provided to the consumer is to use the provider s applications running on a cloud infrastructure Platform as a Service (PaaS). The capability provided to the consumer is to deploy onto the cloud infrastructure consumer-created or acquired applications created using programming languages, libraries, services, and tools supported by the provider. Infrastructure as a Service (IaaS). The capability provided to the consumer is to provision processing, storage, networks, and other fundamental computing resources where the consumer is able to deploy and run arbitrary software, which can include operating systems and applications Drug Information Association 15
16 Some further definitions of Cloud and Hosting (outsourcing) Cloud-, Private, Public, Community, and Hybrid Private cloud: The cloud infrastructure is provisioned for exclusive use by a single organization comprising multiple consumers (e.g., business units). It may be owned, managed, and operated by the organization, a third party, or some combination of them, and it may exist on or off premises. Public cloud: The cloud infrastructure is provisioned for open use by the general public. It may be owned, managed, and operated by a business, academic, or government organization, or some combination of them. It exists on the premises of the cloud provider. Community cloud: The cloud infrastructure is provisioned for exclusive use by a specific community of consumers from organizations that have shared concerns (e.g., mission, security requirements, policy, and compliance considerations). It may be owned, managed, and operated by one or more of the organizations in the community, a third party, or some combination of them, and it may exist on or off premises. Hybrid cloud: The cloud infrastructure is a composition of two or more distinct cloud infrastructures (private, community, or public) that remain unique entities, but are bound together by standardized or proprietary technology that enables data and application portability (e.g., cloud bursting for load balancing between clouds). Drug Information Association 16
17 GAMP 5 Categories and what to do Infrastructure and OS are treated as GAMP Category 1 whether On Premise or Hosted The EDMS will be 3 if it is Pre-configured and deployed without any major changes (not likely) The EDMS will be 4 if it is configured Category 5 we won t cover here but your Software Application provider should have validated their core product to this Drug Information Association 17
18 Service and Deployment models for On Premise and Hosted and who controls and manages them Hybrid Clouds can be combinations of On-premise, Private or Public Drug Information Association 18
19 Example Component Categorisation for EDMS Cloud Implementation Service Components GAMP Category What to do? Who? IaaS Hardware, Internet Connectivity, Power, Servers, Storage and RAM, VMWare, Hyper-V 1 Qualify and manage infrastructure. Audit procedures. Infrastructure Vendor (IV). Application Vendor(AV) or Sponsor. PaaS O/S, Windows Server, SharePoint and SQL 1 Qualify the stack. Manage / control ongoing changes. Audit procedures. Platform Vendor (PV) PV. AV or Sponsor SaaS e.g. Hosted EDMS 4 Validate the hosted application. URS and UAT AV Sponsor Drug Information Association 19
20 All the areas below will have difference between On- Premise and Hosted implementation For EDMS Projects, the supplier involvement varies with On-Premise or Hosted Variations in these areas Drug Information Association 20
21 On Premise qualification and validation management Regulated Company handles everything in-house Owns and manages corporate IT infrastructure, relying on in-house IT department Sets up and qualifies separate machines / platforms / environments for informal development, formal testing and for live use Audits the software supplier Validates the application / system Drug Information Association 21
22 Hosted Cloud qualification and validation management Regulated company uses private/public cloud-based Software as a Service for submissible or inspectable data Allows IaaS provider to manage infrastructure flexibly, adjusting capacity and even location, as needed Relies on SaaS provider s validation documentation and testing of functionality Carries out minimal validation of software configuration to meet basic user requirements Carries out audits of service providers Drug Information Association 22
23 Click to edit Master title style EXAMPLE OF CATEGORY 4 EDMS QUALIFICATION Drug Information Association 23
24 Area examined for a CAT4 EDMS example EDMS Projects, the supplier involvement varies with On-Premise or Hosted Variations EDMS CAT 4 DETAILED PLAN EXAMPLE Drug Information Association 24
25 Category 4- Configuration of the EDMS Drug Information Association 25
26 EDMS Cat 4: Project Activities, Deliverables and Responsibilities Regulated Company and Supplier Drug Information Association 26
27 How could this breakdown into activities for a multisupplier Cloud delivery? Activities: Validation Plan & Report Organisations: User Requirements & Acceptance Testing Functional & Design Documentation Installation Qualification Regulated Company Software Developer SaaS Provider IaaS Provider Incident Management Infrastructure Qualification Operational Change Control Periodic Review Note: Can use separate matrices for Project activities and Ongoing Service Drug Information Association 27
28 Summary of Compliance Risk Management in the Cloud You can t mitigate risks unless: You know what you are managing You know what the risks are Biggest problems with Cloud are: Lack of understanding of what the Cloud is (and is not!) and to what the consistent terms are that apply to your company by Quality AND IT staff Lack of understanding of the enabling technologies, how they work and interactions between them and other applications Suppliers Sell Cloud services: Without understanding what the regulated company needs and where the risk is Without defining responsibilities Without appreciating and the cost of compliance the Life Science company requires *this is not unique to Cloud suppliers, this is general outsourcing and Supplier management misunderstanding, usually after the contracts have been signed by procurement and variations occur Drug Information Association 28
29 Click to edit Master title style SOME PRACTICAL EXAMPLES Drug Information Association 29
30 Example 1 Small Pharma Company (500 users) using on-premise EDMS software for document management. Company keen to minimise IT costs so they set up their server farm as virtual machines. Software supplier contractually responsible for software Change Management, including regression testing. Software supplier using IaaS provider to host virtual test environments, as part of the support provided.
31 Example 1: Lessons Learned Traditional On-premise model project went to plan on time and budget BUT; the capability to rapidly set-up an identical qualified test environment greatly speeded up the testing of an unrepeatable fault, the fix and then release of controlled changes Good support from a specialised IaaS provider, keen to explore ways of supporting Pharma clients Qualification of new virtual environments can also be greatly speeded up, via use of executable scripts to install the relevant files and to confirm that the installation meets specifications
32 Example 2 New virtual Pharma company using hosted SaaS for electronic document management. The Software Product is highly configurable (as distinct from customisable) to meet client business requirements Specialised software application / SaaS provider with auditable development documentation ready for Pharma clients. Extensive auditing carried out by Pharma Companyleveraged the document set and experince of the supplier Separate IaaS provider used for actual hosting, audited by the SaaS provider
33 Example 2 : Lessons Learned Niche service providers do understand needs of Pharma Clients, and expect to be audited hard as part of supplier selection SaaS provider can take on responsibility to audit and manage the IaaS provider, including Infrastructure and Installation Qualification and that can be audited by Pharma Company. Suppliers need to be pragmatic when faced with multiple opinions on compliance details from different clientsmake sure that they have a robust but cost effective system Configuration of the application needs to be managed carefully by the SaaS provider, with maximum input from actual users
34 Click to edit Master title style WHAT THE REGULATORS HAVE SAID ABOUT CLOUD USAGE THIS YEAR Drug Information Association 34
35 What are regulators interested in when they discover IT is in the Cloud? That the Integrity of the Data is assured Risks have been clearly identified & mitigated Client/Provider Contracts cover off key elements Supplier Quality Systems are adequate QMS, validation, change control, training Cybersecurity has been tested (ethical hacking?) Data Backup/Recovery processes are robust and fit for requirements Evidence of Audits of Providers by FDA/ other Clients Drug Information Association 35
36 SUMMARY GAMP 5 is widely used and referenced in our Industry It can help both Suppliers and Users of EDMS It can be applied to both on-premise and hosted environments I would advocate closer ties with DIA and ISPE so experiences and guidance can be shared and knowledge built Drug Information Association 36
37 Thanks for material and thoughts contributing to this presentation go to: Phil Harrison of GXPi Thana Subramanian of GE Randy Perez of Novartis (and Chair of ISPE) David Stokes of Business Decision ISPE for use of GAMP material Fujitsu Drug Information Association 37
38 Thanks for listening!! Keith Williams ) Drug Information Association 38
39 Click to edit Master title style REFERENCE MATERIAL Drug Information Association 39
40 Other Resources- Best Practice Guides Operation of GxP Computerized Systems (2010) Regulators usually focus on the integrity, consistency, and completeness of controls required to maintain compliance. Highlights the importance of the operation phase of the system lifecycle When the return on investment for the significant time and resource expended in implementing new computerized systems can be achieved. IT Infrastructure Control & Compliance Guide The validated status of EDMS applications that are dependent upon an underlying IT Infrastructure Being updated for Cloud elements ID and assessment of components Qualification Maintenance of the Qualified State Drug Information Association 40
41 Other Resources- Best Practice Guides Testing of GxP Systems (2012) Very Process and prescriptive Driven (around 200 pages) Helps maximize testing efficiency without compromising the quality of GxP Systems focusing testing on areas that have the greatest impact has been recently expanded and updated and reflects ICH Q8, Q9, and Q10 contains new information on Cloud computing Global Information Systems Control & Compliance (2005) Project Management on multiple geographic site Computer system projects Validation and Implementation approaches Global System management of Change Control Record retention Drug Information Association 41
42 Useful References GAMP 5: NIST: ICH: Annex 11: 21CFR Part11: GAMP Community of Practice: Drug Information Association 42
43 How Risk Management ICH maps to GAMP 5 Drug Information Association 43
44 The Advantages of using GAMP 5 Has had a lot of thought gone into it in a pragmatic way Is process driven and risk based so you can use the framework to do as much or as little as you see fit Gives you the latitude to do what is necessary for your business and allocate appropriate resource Establishes a common language and terminology (BUT see Cloud terms for further confusion) Has been harmonised where possible with other standards such as ICH Q8, Q9 and Q10 and various ISO standards Is designed to be compatible with other computer and software models and methods like ITIL, RUP etc. The validation of a computerised system to achieve and maintain GxP compliance throughout the lifecycle of that system It clarifies scalability of and central role of Quality Risk Management in a sensible justifiable approach to what you do (but document it!!) Drug Information Association 44
45 The Disadvantages of using GAMP 5 May not fit well to your existing Quality process Comes from a Manufacturing/Production bias So there may be a feeling of it doesn t apply to me Terminology and nomenclature may be different Less prescriptive than previous GAMP iterations The risk based approach requires complete product, process and technology understanding This in turn means you have to understand deeply the technologies being employed and their quality impact, and/or employ or pay for Subject Matter Experts (SMEs) For Hosting situations, you will require (and may have to educate) your Supplier to manage their QMS and activities in a way commensurate with GAMP (see next slide) Cost- perceived and otherwise, but mostly getting everyone on the same page and with agreed nomenclature Drug Information Association 45
46 Just a reflection on why we bother to validate? Minimise the risk that something goes wrong with the end customer s health and safety Keep the regulators confident in your business and prevent them issuing restrictions and actions against you (note: they require to see documented evidence in Human Readable format) BUT Cost of compliance adds to cost of doing things and ultimately cost of goods (which we want to reduce) Computer System Validation (and GAMP ) was traditionally associated with extra workload and greatly increased costs of compliance Drug Information Association 46
47 Challenges of imposing GAMP 5 on Suppliers of Hosted Services for the Life Sciences sector Change control: Sometimes even minor software tweaks or patching, whether necessary or not, can cause major breakdown. The rigour of change management, impact assessment and testing adds to the work burden and short term cost (and is one that the supplier may not be used to) QMS: Infrastructure suppliers may prefer not to work within the confines of specifications and procedures developed by others (Pharma Sector). If you are going to rely on suppliers, they may not want to bear the cost of implementing a formal QMS that will tick all of your requirements, especially the cloud providers who have many other customers Documentation: Effective documentation management is fundamental to demonstrate compliance, again suppliers may not be able to manage this, or their training records, auditing of their suppliers etc. Drug Information Association 47
48 Some things to look for in a Supplier to ease the implementation of a Cloud EDMS Minimum Documents and schematics that are understandable by the non-expert They manage change in an acceptable manner They have clear contracts and allocation of responsibilities They have been audited by other regulated companies They audit their suppliers Suitable test scripts for their environment to prove security and data integrity Ideally They have detailed experience of the compliance needs of the Life Sciences industry and tools to aid and ensure that compliance is achieved efficiently They have validation documents of a suitable quality that allows you to leverage, using risk-based approach to reduce your validation effort They can clearly communicate and educate complex technology environments to your team so they can understand the operation and design elements They have been audited by other Life Sciences companies They have a robust and suitable QMS that matches Life Sciences industry expectations They have adequate Subject Matter Experts that span IT technical and compliance Drug Information Association 48
How To Run A Cloud Based Data Centre
CAPA in the Cloud Keith Williams CEO GXPi 12 th June 2013 Controlling Pharma data in the Cloud- Overview Example of a CAPA from 3 years ago (2010) Example of a CAPA today (2013) Example of CAPA in Azure(2014)
More informationRegulated Applications in the Cloud
Keith Williams CEO Regulated Applications in the Cloud Aspects of Security and Validation Statement on the Cloud and Pharma s added Complexity Clouds already make sense for many small and mediumsize businesses,
More informationDeveloping a Risk-Based Cloud Strategy
Developing a Risk-Based Cloud Strategy Trevor Simmons, ZigZag Associates Ltd David Stokes, Venostic Consulting 23rd April 2015, Chertsey 1 Introductions Tell us briefly Who you are Who you work for What
More informationValidation of a Cloud-Based ERP system, in practice. Regulatory Affairs Conference Raleigh. 8Th September 2014
Validation of a Cloud-Based ERP system, in practice. Regulatory Affairs Conference Raleigh. 8Th September What is the The Cloud Some Definitions The NIST Definition of Cloud computing Cloud computing is
More informationThis interpretation of the revised Annex
Reprinted from PHARMACEUTICAL ENGINEERING The Official Magazine of ISPE July/August 2011, Vol. 31 No. 4 www.ispe.org Copyright ISPE 2011 The ISPE GAMP Community of Practice (COP) provides its interpretation
More informationCloud Computing in a Regulated Environment
Computing in a Regulated Environment White Paper by David Stephenson CTG Regulatory Compliance Subject Matter Expert February 2014 CTG (UK) Limited, 11 Beacontree Plaza, Gillette Way, READING, Berks RG2
More informationCloud Computing demystified! ISACA-IIA Joint Meeting Dec 9, 2014 By: Juman Doleh-Alomary Office of Internal Audit jdoleh@wayne.edu
Cloud Computing demystified! ISACA-IIA Joint Meeting Dec 9, 2014 By: Juman Doleh-Alomary Office of Internal Audit jdoleh@wayne.edu 2 If cloud computing is so simple, then what s the big deal? What is the
More informationKent State University s Cloud Strategy
Kent State University s Cloud Strategy Table of Contents Item Page 1. From the CIO 3 2. Strategic Direction for Cloud Computing at Kent State 4 3. Cloud Computing at Kent State University 5 4. Methodology
More informationPharma CloudAdoption. and Qualification Trends
Pharma CloudAdoption and Qualification Trends OurCloudExperience Numerous implementations of EDMS systems with external hosting for smaller life science clients Development of qualification strategy for
More informationStrategies for Secure Cloud Computing
WHITE PAPER Cloud Basics Strategies for Secure Cloud Computing An Introduction to Exploring the Cloud There is a lot of buzz these days about cloud computing and how it s going to revolutionize the way
More informationPrivate Cloud 201 How to Build a Private Cloud
Private Cloud 201 How to Build a Private Cloud Chris E. Avis Sr. IT Pro Evangelist Microsoft Corp. http://chrisavis.com Presented at Seattle Windows Networking User Group January 4, 2012 al 1 The Cloudscape
More informationCloud Computing. Course: Designing and Implementing Service Oriented Business Processes
Cloud Computing Supplementary slides Course: Designing and Implementing Service Oriented Business Processes 1 Introduction Cloud computing represents a new way, in some cases a more cost effective way,
More informationIS PRIVATE CLOUD A UNICORN?
IS PRIVATE CLOUD A UNICORN? With all of the discussion, adoption, and expansion of cloud offerings there is a constant debate that continues to rear its head: Public vs. Private or more bluntly Is there
More informationWHAT S ON YOUR CLOUD? Workload Deployment Strategies for Private and Hybrid Clouds RESEARCH AND ANALYSIS PROVIDED BY TECHNOLOGY BUSINESS RESEARCH
WHAT S ON YOUR CLOUD? Workload Deployment Strategies for Private and Hybrid Clouds RESEARCH AND ANALYSIS PROVIDED BY TECHNOLOGY BUSINESS RESEARCH Contents I. Private Cloud: Making IT a business partner
More informationSee Appendix A for the complete definition which includes the five essential characteristics, three service models, and four deployment models.
Cloud Strategy Information Systems and Technology Bruce Campbell What is the Cloud? From http://csrc.nist.gov/publications/nistpubs/800-145/sp800-145.pdf Cloud computing is a model for enabling ubiquitous,
More informationCompliance and the Cloud. Guiding principles and architecture for addressing Life Science compliance in the cloud
Compliance and the Cloud Guiding principles and architecture for addressing Life Science compliance in the cloud Life Sciences Industry Unit Microsoft Corporation June 2012 ii Legal Disclaimers The information
More informationCompliant Cloud Computing Managing the Risks
Reprinted from PHARMACEUTICAL ENGINEERING THE OFFICIAL TECHNICAL MAGAZINE OF ISPE JULY/AUGUST 2013, VOL 33, NO 4 Copyright ISPE 2013 www.pharmaceuticalengineering.org information systems Managing the Risks
More informationCompliant Cloud Computing Managing the Risks
Reprinted from PHARMACEUTICAL ENGINEERING THE OFFICIAL TECHNICAL MAGAZINE OF ISPE JULY/AUGUST 2013, VOL 33, NO 4 Copyright ISPE 2013 www.pharmaceuticalengineering.org information systems Managing the Risks
More informationCloud Computing in a GxP Environment: The Promise, the Reality and the Path to Clarity
Reprinted from PHARMACEUTICAL ENGINEERING THE OFFICIAL TECHNICAL MAGAZINE OF ISPE JANUARY/FEBRUARY 2014, VOL 34, NO 1 Copyright ISPE 2014 www.pharmaceuticalengineering.org information systems in a GxP
More informationVMware vcloud Powered Services
SOLUTION OVERVIEW VMware vcloud Powered Services VMware-Compatible Clouds for a Broad Array of Business Needs Caught between shrinking resources and growing business needs, organizations are looking to
More informationWhite Paper: Vendor Selection for Your Life Science Company Cloud
White Paper: Vendor Selection for Your Life Science Company Cloud GlobalSubmit 123 South Broad Street, Suite 1850 Philadelphia, PA 19109 www.globalsubmit.com Methodsense, Inc. P.O. Box 110352 Durham, NC
More informationTechnology & Business Overview of Cloud Computing
Your Place or Mine? In-House e-discovery Platform vs. Software as a Service Technology & Business Overview of Cloud Computing Janine Anthony Bowen, Esq. Jack Attorneys & Advisors www.jack-law.com Atlanta,
More informationGETTING THE MOST FROM THE CLOUD. A White Paper presented by
GETTING THE MOST FROM THE CLOUD A White Paper presented by Why Move to the Cloud? CLOUD COMPUTING the latest evolution of IT services delivery is a scenario under which common business applications are
More informationCapability Paper. Today, aerospace and defense (A&D) companies find
Today, aerospace and defense (A&D) companies find Today, aerospace and defense (A&D) companies find themselves at potentially perplexing crossroads. On one hand, shrinking defense budgets, an increasingly
More informationBuilding Private & Hybrid Cloud Solutions
Solution Brief: Building Private & Hybrid Cloud Solutions WITH EGENERA CLOUD SUITE SOFTWARE Egenera, Inc. 80 Central St. Boxborough, MA 01719 Phone: 978.206.6300 www.egenera.com Introduction When most
More informationCSO Cloud Computing Study. January 2012
CSO Cloud Computing Study January 2012 Purpose and Methodology Survey Sample Survey Method Fielded Dec 20, 2011-Jan 8, 2012 Total Respondents Margin of Error +/- 7.3% Audience Base Survey Goal 178 security
More informationQualification Guideline
Qualification Guideline June 2013 Disclaimer: This document is meant as a reference to Life Science companies in regards to the Microsoft O365 platform. Montrium does not warrant that the use of the recommendations
More informationCloud Procurement Discussion Paper. For Comment
Cloud Procurement Discussion Paper For Comment AUGUST 2014 Acronyms Acronym AGIMO ASD DCaaS MUL IaaS NIST PaaS RFT SaaS SCS Definition Australian Government Information Management Office Australian Signals
More informationCloud definitions you've been pretending to understand. Jack Daniel, Reluctant CISSP, MVP Community Development Manager, Astaro
Cloud definitions you've been pretending to understand Jack Daniel, Reluctant CISSP, MVP Community Development Manager, Astaro You keep using that word cloud. I do not think it means what you think it
More informationCloud Computing and Records Management
GPO Box 2343 Adelaide SA 5001 Tel (+61 8) 8204 8773 Fax (+61 8) 8204 8777 DX:336 srsarecordsmanagement@sa.gov.au www.archives.sa.gov.au Cloud Computing and Records Management June 2015 Version 1 Version
More informationGAMP 4 to GAMP 5 Summary
GAMP 4 to GAMP 5 Summary Introduction This document provides summary information on the GAMP 5 Guide and provides a mapping to the previous version, GAMP 4. It specifically provides: 1. Summary of Need
More informationPerspectives on Moving to the Cloud Paradigm and the Need for Standards. Peter Mell, Tim Grance NIST, Information Technology Laboratory 7-11-2009
Perspectives on Moving to the Cloud Paradigm and the Need for Standards Peter Mell, Tim Grance NIST, Information Technology Laboratory 7-11-2009 2 NIST Cloud Computing Resources NIST Draft Definition of
More informationCloud Computing; What is it, How long has it been here, and Where is it going?
Cloud Computing; What is it, How long has it been here, and Where is it going? David Losacco, CPA, CIA, CISA Principal January 10, 2013 Agenda The Cloud WHAT IS THE CLOUD? How long has it been here? Where
More informationIncident Handling in the Cloud and Audit s Role
Incident Handling in the Cloud and Audit s Role David Cole, CPA, CISA ISACA National Capital Area Chapter Cloud Computing Conference March 17, 2015 1 Outline Cloud Service Models Cloud Types Summary of
More informationValidation Best Practice for a SaaS
Validation Best Practice for a SaaS UL and the UL logo are trademarks of UL LLC 2012 Validation Best Practice for SaaS Validation Definition: Establishing documented evidence which provides a high degree
More informationOWASP Chapter Meeting June 2010. Presented by: Brayton Rider, SecureState Chief Architect
OWASP Chapter Meeting June 2010 Presented by: Brayton Rider, SecureState Chief Architect Agenda What is Cloud Computing? Cloud Service Models Cloud Deployment Models Cloud Computing Security Security Cloud
More informationCloud Computing: What needs to Be Validated and Qualified. Ivan Soto
Cloud Computing: What needs to Be Validated and Qualified Ivan Soto Learning Objectives At the end of this session we will have covered: Technical Overview of the Cloud Risk Factors Cloud Security & Data
More informationPlanning the Migration of Enterprise Applications to the Cloud
Planning the Migration of Enterprise Applications to the Cloud A Guide to Your Migration Options: Private and Public Clouds, Application Evaluation Criteria, and Application Migration Best Practices Introduction
More informationValidating Enterprise Systems: A Practical Guide
Table of Contents Validating Enterprise Systems: A Practical Guide Foreword 1 Introduction The Need for Guidance on Compliant Enterprise Systems What is an Enterprise System The Need to Validate Enterprise
More informationServices Providers. Ivan Soto
SOP s for Managing Application Services Providers Ivan Soto Learning Objectives At the end of this session we will have covered: Types of Managed Services Outsourcing process Quality expectations for Managed
More informationWhy Private Cloud? Nenad BUNCIC VPSI 29-JUNE-2015 EPFL, SI-EXHEB
Why Private Cloud? O P E R A T I O N S V I E W Nenad BUNCIC EPFL, SI-EXHEB 1 What Exactly Is Cloud? Cloud technology definition, as per National Institute of Standards and Technology (NIST SP 800-145),
More informationCloud Computing in the Federal Sector: What is it, what to worry about, and what to negotiate.
Cloud Computing in the Federal Sector: What is it, what to worry about, and what to negotiate. Presented by: Sabrina M. Segal, USITC, Counselor to the Inspector General, Sabrina.segal@usitc.gov Reference
More informationTopics. Images courtesy of Majd F. Sakr or from Wikipedia unless otherwise noted.
Cloud Computing Topics 1. What is the Cloud? 2. What is Cloud Computing? 3. Cloud Service Architectures 4. History of Cloud Computing 5. Advantages of Cloud Computing 6. Disadvantages of Cloud Computing
More informationyvette@yvetteagostini.it yvette@yvetteagostini.it
1 The following is merely a collection of notes taken during works, study and just-for-fun activities No copyright infringements intended: all sources are duly listed at the end of the document This work
More informationCloud Computing. Chapter 1 Introducing Cloud Computing
Cloud Computing Chapter 1 Introducing Cloud Computing Learning Objectives Understand the abstract nature of cloud computing. Describe evolutionary factors of computing that led to the cloud. Describe virtualization
More informationGAMP 5 and the Supplier Leveraging supplier advantage out of compliance
GAMP 5 and the Supplier Leveraging supplier advantage out of compliance Paul Osborne Performance PharmaTech Ltd. Overview This document is designed to assist suppliers who wish to sell computer based equipment
More informationDeveloping SAP Enterprise Cloud Computing Strategy
White Paper WFT Cloud Technology SAP Cloud Integration Service Provider Developing SAP Enterprise Cloud Computing Strategy SAP Cloud Computing is a significant IT paradigm change with the potential to
More informationGAMP5 - a lifecycle management framework for customized bioprocess solutions
GE Healthcare Life Sciences GAMP5 - a lifecycle management framework for customized bioprocess solutions imagination at work GE Healthcare s engineering department, Customized Bioprocess Solutions (CBS),
More informationBuild A private PaaS. www.redhat.com
Build A private PaaS WITH Red Hat CloudForms and JBoss Enterprise Middleware www.redhat.com Introduction Platform-as-a-service (PaaS) is a cloud service model that provides consumers 1 with services for
More informationPlant Software in the Cloud
Plant Software in the Cloud Fact vs. Myth February 2012 Greg Gorbach Vice President ARC Advisory Group ggorbach@arcweb.com Cloud 2 Manufacturing Performance Improvement Levers Systems People Processes
More informationSaaS Adoption Lifecycle in Life-Sciences Companies
www.arisglobal.com A White Paper Presented By ArisGlobal SaaS Adoption Lifecycle in Life-Sciences Companies by Achal Verma, Associate Director - Program Delivery, Cloud Services Abstract With increasing
More informationOVERVIEW Cloud Deployment Services
OVERVIEW Cloud Deployment Services Audience This document is intended for those involved in planning, defining, designing, and providing cloud services to consumers. The intended audience includes the
More informationMigration of Controlled. Compliant SharePoint Document Management Systems. Presented by: Joe Lucadamo
Migration of Controlled Documents into Compliant SharePoint Document Management Systems Presented by: Joe Lucadamo Focused dconsulting The views and opinions expressed in the following PowerPoint slides
More informationThe Cloud in Regulatory Affairs - Validation, Risk Management and Chances -
45 min Webinar: November 14th, 2014 The Cloud in Regulatory Affairs - Validation, Risk Management and Chances - www.cunesoft.com Rainer Schwarz Cunesoft Holger Spalt ivigilance 2014 Cunesoft GmbH PART
More informationFrom Private to Hybrid Clouds through Consistency and Portability
Extending IT Governance From Private to Hybrid Clouds through Consistency and Portability Gordon Haff 2 Executive summary 3 beyond information security 3 from private to public and back again 4 consistency
More informationITL BULLETIN FOR JUNE 2012 CLOUD COMPUTING: A REVIEW OF FEATURES, BENEFITS, AND RISKS, AND RECOMMENDATIONS FOR SECURE, EFFICIENT IMPLEMENTATIONS
ITL BULLETIN FOR JUNE 2012 CLOUD COMPUTING: A REVIEW OF FEATURES, BENEFITS, AND RISKS, AND RECOMMENDATIONS FOR SECURE, EFFICIENT IMPLEMENTATIONS Shirley Radack, Editor Computer Security Division Information
More informationWhite Paper on CLOUD COMPUTING
White Paper on CLOUD COMPUTING INDEX 1. Introduction 2. Features of Cloud Computing 3. Benefits of Cloud computing 4. Service models of Cloud Computing 5. Deployment models of Cloud Computing 6. Examples
More informationCLOUD COMPUTING. A Primer
CLOUD COMPUTING A Primer A Mix of Voices The incredible shrinking CIO CIO Magazine, 2004 IT Doesn t Matter, The cloud will ship service outside the institution and ship power from central IT groups to
More informationCloud Computing Overview
Cloud Computing Overview Mark Troester CIO/IT Product Marketing 1 WHY CLOUD COMPUTING? The cloud computing model can significantly help agencies grappling with the need to provide highly reliable, innovative
More informationCloud Computing. Chapter 1 Introducing Cloud Computing
Cloud Computing Chapter 1 Introducing Cloud Computing Learning Objectives Understand the abstract nature of cloud computing. Describe evolutionary factors of computing that led to the cloud. Describe virtualization
More informationCloud for Credit Unions Leveraging New Solutions to Increase Efficiency & Reduce Costs Presented by: Hugh Smallwood, Chief Technology Officer
Cloud for Credit Unions Leveraging New Solutions to Increase Efficiency & Reduce Costs Presented by: Hugh Smallwood, Chief Technology Officer Plan. Prepare. Protect. About Us Formed by a Group of DC Metro
More informationManaging Cloud Computing Risk
Managing Cloud Computing Risk Presented By: Dan Desko; Manager, Internal IT Audit & Risk Advisory Services Schneider Downs & Co. Inc. ddesko@schneiderdowns.com Learning Objectives Understand how to identify
More informationCloud Computing. Bringing the Cloud into Focus
Cloud Computing Bringing the Cloud into Focus November 2011 Introduction Ken Cochrane CEO, IT/NET Partner, KPGM Performance and Technology National co-leader IT Advisory Services KPMG Andrew Brewin Vice
More informationSkySight: New Capabilities to Accelerate Your Journey to the Cloud
SkySight: New Capabilities to Accelerate Your Journey to the Cloud There is no longer any question about the business value of the cloud model. The new question is how to expedite the transition from strategy
More informationTop five lessons learned from enterprise hybrid cloud projects
Top five lessons learned from enterprise hybrid cloud projects Top performer highlights More than half of top performers give users access to selfservice provisioning across both private and public cloud
More informationSCADA Cloud Computing
SCADA Cloud Computing Information on Cloud Computing with SCADA systems Version: 1.0 Erik Daalder, Business Development Manager Yokogawa Electric Corporation Global SCADA Center T: +31 88 4641 360 E: erik.daalder@nl.yokogawa.com
More informationCreative Configurations
Creative Configurations Mixing and Matching Public, Private and Hybrid Clouds for Maximum Benefits Through this year-long series of whitepapers and webinars, independent analyst Ben Kepes is creating a
More informationThe Safe Harbor. 1 Copyright 2013, Oracle and/or its affiliates. All rights reserved.
The Safe Harbor The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to
More informationFujitsu Managed Hosting Delivers your Cloud Infrastructure as a Service environment with confidence
Fujitsu Managed Hosting Delivers your Cloud Infrastructure as a Service environment with confidence Fujitsu supports and accelerates your adoption of cloud through a range of managed hosting services.
More informationINTRODUCTION TO CLOUD COMPUTING CEN483 PARALLEL AND DISTRIBUTED SYSTEMS
INTRODUCTION TO CLOUD COMPUTING CEN483 PARALLEL AND DISTRIBUTED SYSTEMS CLOUD COMPUTING Cloud computing is a model for enabling convenient, ondemand network access to a shared pool of configurable computing
More informationPlant Software in the Cloud Fact vs. Myth
Plant Software in the Cloud Fact vs. Myth Andy Chatha President ARC Advisory Group AChatha@ARCweb.com Manufacturing Performance Improvement Levers Systems People Processes Information Things 2 Transformational
More informationWhere in the Cloud are You? Session 17032 Thursday, March 5, 2015: 1:45 PM-2:45 PM Virginia (Sheraton Seattle)
Where in the Cloud are You? Session 17032 Thursday, March 5, 2015: 1:45 PM-2:45 PM Virginia (Sheraton Seattle) Abstract The goal of this session is to understanding what is meant when we say Where in the
More informationPlatform as a Service: The IBM point of view
Platform as a Service: The IBM point of view Don Boulia Vice President Strategy, IBM and Private Cloud Contents 1 Defining Platform as a Service 2 The IBM view of PaaS 6 IBM offerings 7 Summary 7 For more
More informationVMware vcloud Architecture Toolkit Public VMware vcloud Service Definition
VMware vcloud Architecture Toolkit Version 2.0.1 October 2011 This product is protected by U.S. and international copyright and intellectual property laws. This product is covered by one or more patents
More informationBuilding Private & Hybrid Cloud Solutions
Solution Brief: Building Private & Hybrid Cloud Solutions WITH EGENERA CLOUD SUITE SOFTWARE Egenera, Inc. 80 Central St. Boxborough, MA 01719 Phone: 978.206.6300 www.egenera.com Introduction When most
More informationThe HIPAA Security Rule: Cloudy Skies Ahead?
The HIPAA Security Rule: Cloudy Skies Ahead? Presented and Prepared by John Kivus and Emily Moseley Wood Jackson PLLC HIPAA and the Cloud In the past several years, the cloud has become an increasingly
More informationWhat is Cloud Computing? First, a little history. Demystifying Cloud Computing. Mainframe Era (1944-1978) Workstation Era (1968-1985) Xerox Star 1981!
Demystifying Cloud Computing What is Cloud Computing? First, a little history. Tim Horgan Head of Cloud Computing Centre of Excellence http://cloud.cit.ie 1" 2" Mainframe Era (1944-1978) Workstation Era
More informationCloud Computing. Chapter 1 Introducing Cloud Computing
Cloud Computing Chapter 1 Introducing Cloud Computing Learning Objectives Understand the abstract nature of cloud computing. Describe evolutionary factors of computing that led to the cloud. Describe virtualization
More informationGET CLOUD EMPOWERED. SEE HOW THE CLOUD CAN TRANSFORM YOUR BUSINESS.
GET CLOUD EMPOWERED. SEE HOW THE CLOUD CAN TRANSFORM YOUR BUSINESS. Cloud computing is as much a paradigm shift in data center and IT management as it is a culmination of IT s capacity to drive business
More informationCONTENTS. List of Tables List of Figures
Prelims 13/3/06 9:11 pm Page iii CONTENTS List of Tables List of Figures ix xi 1 Introduction 1 1.1 The Need for Guidance on ERP System Validation 1 1.2 The Need to Validate ERP Systems 3 1.3 The ERP Implementation
More informationPerspectives on Cloud Computing and Standards. Peter Mell, Tim Grance NIST, Information Technology Laboratory
Perspectives on Cloud Computing and Standards Peter Mell, Tim Grance NIST, Information Technology Laboratory Caveats and Disclaimers This presentation provides education on cloud technology and its benefits
More informationHadoop in the Hybrid Cloud
Presented by Hortonworks and Microsoft Introduction An increasing number of enterprises are either currently using or are planning to use cloud deployment models to expand their IT infrastructure. Big
More informationPROTECTED CLOUDS: Symantec solutions for consuming, building, or extending into the cloud
PROTECTED CLOUDS: Symantec solutions for consuming, building, or extending into the cloud Blue skies ahead? Yes if you are protected when you move to the cloud. Lately, it seems as if every enterprise
More informationThe NIST Definition of Cloud Computing (Draft)
Special Publication 800-145 (Draft) The NIST Definition of Cloud Computing (Draft) Recommendations of the National Institute of Standards and Technology Peter Mell Timothy Grance NIST Special Publication
More informationCloud Computing: Contracting and Compliance Issues for In-House Counsel
International In-house Counsel Journal Vol. 6, No. 23, Spring 2013, 1 Cloud Computing: Contracting and Compliance Issues for In-House Counsel SHAHAB AHMED Director Legal and Corporate Affairs, Microsoft,
More informationData Protection Act 1998. Guidance on the use of cloud computing
Data Protection Act 1998 Guidance on the use of cloud computing Contents Overview... 2 Introduction... 2 What is cloud computing?... 3 Definitions... 3 Deployment models... 4 Service models... 5 Layered
More informationWelcome. Panel. Cloud Computing New Challenges in Data Integrity and Security 13 November 2014
Welcome Cloud Computing New Challenges in Data Integrity and Security 13 November 2014 Panel Tracy Lampula, Associate Director of GIS Compliance, Vertex Pharmaceuticals William Sanborn, Director of Information
More informationHyper-V Private Cloud Virtualization & Optimization
Hyper-V Private Cloud Virtualization & Optimization Formerly known as Windows Server Virtualization, Hyper-V Server Virtualization enables increased availability, support for host clustering, and deep
More informationClinical Trials in the Cloud: A New Paradigm?
Marc Desgrousilliers CTO at Clinovo Clinical Trials in the Cloud: A New Paradigm? Marc Desgrousilliers CTO at Clinovo What is a Cloud? (1 of 3) "Cloud computing is a model for enabling convenient, on-demand
More informationWelcome Computer System Validation Training Delivered to FDA. ISPE Boston Area Chapter February 20, 2014
Welcome Computer System Validation Training Delivered to FDA ISPE Boston Area Chapter February 20, 2014 1 Background Training Conducted on April 24, 2012 Food & Drug Administration Division of Manufacturing
More informationTutorial on Client-Server Architecture
Tutorial on Client-Server Architecture SEEM3430 Information Systems Analysis and Design Pengfei Liu Department of Systems Engineering and Engineering Management The Chinese University of Hong Kong March
More informationDatacenter Management and Virtualization. Microsoft Corporation
Datacenter Management and Virtualization Microsoft Corporation June 2010 The information contained in this document represents the current view of Microsoft Corporation on the issues discussed as of the
More informationSecuring and Auditing Cloud Computing. Jason Alexander Chief Information Security Officer
Securing and Auditing Cloud Computing Jason Alexander Chief Information Security Officer What is Cloud Computing A model for enabling convenient, on-demand network access to a shared pool of configurable
More informationThe NIST Definition of Cloud Computing
Special Publication 800-145 The NIST Definition of Cloud Computing Recommendations of the National Institute of Standards and Technology Peter Mell Timothy Grance NIST Special Publication 800-145 The NIST
More informationvision realize your software-defined with the Digital Data Center from Atos Whitepaper
realize your software-defined vision with the Digital Data Center from Atos Whitepaper Revolutionize agility and flexibility. Accelerate time to market. Mitigate risk without inhibiting innovation. Reduce
More informationRisk-Based Approach to 21 CFR Part 11
3109 W. Dr. Martin Luther King, Jr. Blvd., Suite 250 Tampa, FL 33607 USA Tel: 813/960-2105 Fax: 813/264-2816 www.ispe.org Risk-Based Approach to 21 CFR Part 11 The 21 CFR Part 11 regulation is a comprehensive
More informationAskAvanade: Answering the Burning Questions around Cloud Computing
AskAvanade: Answering the Burning Questions around Cloud Computing There is a great deal of interest in better leveraging the benefits of cloud computing. While there is a lot of excitement about the cloud,
More informationUnderstanding Financial Cloud Services
Understanding Financial Cloud Services A Complete Guide for Hedge Funds About RFA RFA (Richard Fleischman & Associates) has been a Financial Cloud and trusted technology partner to our financial services
More information