SYLOGENT DEDICATED HOSTING



Similar documents
Cloud Computing: What needs to Be Validated and Qualified. Ivan Soto

Pharma CloudAdoption. and Qualification Trends

Validating Cloud. June 2012 Merry Danley

Cloud Vendor Evaluation

StratusLIVE for Fundraisers Cloud Operations

Testing Automated Manufacturing Processes

CONTENTS. List of Tables List of Figures

GAMP 4 to GAMP 5 Summary

Client Security Risk Assessment Questionnaire

Domain 1 The Process of Auditing Information Systems

Services Providers. Ivan Soto

Introduction to Cloud Computing What is SaaS? Conventional vs. SaaS Methodologies Validation Requirements Change Management Q&A

Clinical Trials in the Cloud: A New Paradigm?

SmartImpact MS Dynamics CRM. Support Service Definition

Secure, Scalable and Reliable Cloud Analytics from FusionOps

G-Cloud 6 Service Definition DCG Cloud Disaster Recovery Service

HIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT

SMS. Cloud Computing. Systems Management Specialists. Grupo SMS option 3 for sales

The Difference Between Disaster Recovery and Business Continuance

Unlimited Server 24/7/365 Support

Blackboard Collaborate Web Conferencing Hosted Environment Technical Infrastructure and Security

SaaS Service Level Agreement (SLA)

Enterprise level security, the Huddle way.

Ellucian Cloud Services. Joe Street Cloud Services, Sr. Solution Consultant

This interpretation of the revised Annex

SERVICE SCHEDULE INFRASTRUCTURE AND PLATFORM SERVICES

INTRODUCTION. This book offers a systematic, ten-step approach, from the decision to validate to

CLOUD SERVICES FOR EMS

Validating Enterprise Systems: A Practical Guide

CounselorMax and ORS Managed Hosting RFP 15-NW-0016

Considerations When Validating Your Analyst Software Per GAMP 5

Computerised Systems. Seeing the Wood from the Trees

Managed IT Secure Infrastructure Flexible Offerings Peace of Mind

Page 1 of 7 Effective Date: 12/18/03 Software Supplier Process Requirements

Cloud Hosting. Quick Guide 7/30/ EarthLink. Trademarks are property of their respective owners. All rights reserved.

Level I - Public. Technical Portfolio. Revised: July 2015

TL 9000 and TS16949 Comparison

Clinical database/ecrf validation: effective processes and procedures

OECD DRAFT ADVISORY DOCUMENT 16 1 THE APPLICATION OF GLP PRINCIPLES TO COMPUTERISED SYSTEMS FOREWARD

G-Cloud 6 brightsolid Secure Cloud Servers. Service Definition Document

Hosted SharePoint: Questions every provider should answer

15 Organisation/ICT/02/01/15 Back- up

Exhibit to Data Center Services Service Component Provider Master Services Agreement

White Paper: Librestream Security Overview

Attachment E. RFP Requirements: Mandatory Requirements: Vendor must respond with Yes or No. A No response will render the vendor nonresponsive.

Intel Enhanced Data Security Assessment Form

How To Get Atos Paas For Free

Welcome. Panel. Cloud Computing New Challenges in Data Integrity and Security 13 November 2014

API Q2 Specification for Quality Management System Requirements for Service Supply Organizations for the Petroleum and Natural Gas Industries

Cloud Computing in GxP Environment

ensurcloud Service Level Agreement (SLA)

Information Technology General Controls (ITGCs) 101

SWAP EXECUTION FACILITY OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE

Course 2788A: Designing High Availability Database Solutions Using Microsoft SQL Server 2005

ANDREW HERTENSTEIN Manager Microsoft Modern Datacenter and Azure Solutions En Pointe Technologies Phone

Tailored Technologies LLC

Using SharePoint 2013 for Managing Regulated Content in the Life Sciences. Presented by Paul Fenton President and CEO, Montrium

A CRO's Dilemma - The CDMS Validation Package that Failed Client Audits 19.OCT Disclaimer

GAMP5 - a lifecycle management framework for customized bioprocess solutions

Cloud Risk Management: How to Consolidate your CSP and Corporate Risk Profile

Managed Hosting is a managed service provided by MN.IT. It is structured to help customers meet:

LabChip GX/GXII with LabChip GxP Software

Data Security and Privacy Principles for IBM SaaS How IBM Software as a Service is protected by IBM s security-driven culture

Sage Nonprofit Online and Sage Virtual Services. Frequently Asked Questions

Basic knowledge of the Microsoft Windows operating system and its core functionality Working knowledge of Transact-SQL and relational databases

The SaaS LMS and Total Cost of Ownership in FDA-Regulated Companies

Designing, Optimizing and Maintaining a Database Administrative Solution for Microsoft SQL Server 2008

M6422A Implementing and Managing Windows Server 2008 Hyper-V

Considerations for validating SDS Software v2.x Enterprise Edition for the 7900HT Fast Real-Time PCR System per the GAMP 5 guide

Qualification Guideline

University of Pittsburgh Security Assessment Questionnaire (v1.5)

Troux Hosting Options

Paragon Protect & Restore

Information Security Risk Assessment Checklist. A High-Level Tool to Assist USG Institutions with Risk Analysis

Birst Security and Reliability

Planning and Administering Windows Server 2008 Servers

Cloud Security and Managing Use Risks

STREAM FRBC

DESIGNATED CONTRACT MARKET OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE

MS Design, Optimize and Maintain Database for Microsoft SQL Server 2008

Computer Visions Course Outline

Computer System Configuration Management and Change Control

Ancero Backup & Disaster Recovery (BDR) Service Guide

Training Course Computerized System Validation in the Pharmaceutical Industry Istanbul, January Change Control

Learning Management System Evaluation Guide

Validated SaaS LMS SuccessFactors Viability

Why SaaS (Software as a Service) and not COTS (Commercial Off The Shelf software)?

Transcription:

HOSTING & PROCESS

SYLOGENT DEDICATED HOSTING VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM HYPERVISOR HYPERVISOR HYPERVISOR DB1 active DB2 passive Clustered hypervisors that host dedicated VMs integrated with clustered Active / Passive databases utilizing a scaleable SAN. SAN Sylogent utilizes Rackspace Critical Care Support which guarantees 1 hour hardware replacement. Sylogent performs periodic failover tests. Patch management and virus protection is coordinated with Sylogent IT and Rackspace. The work is typically completed during preset scheduled maintenance periods.

SYLOGENT DEDICATED HOSTING PROD TEST TRAIN VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM HYPERVISOR HYPERVISOR HYPERVISOR DB1 active DB2 passive Each client typically receives three dedicated instances of the system - Production. Testing. Training. SAN Rackspace performs nightly differential backups with weekly offsite full backups utilizing 4 week overwrite rotation.

Validation Plan ( optional ) Should be established and agreed between CLIENT and the SYLOGENT to meet regulatory requirements and expectations Sylogent will provide CLIENT a 21 CFR Part 11 Compliance Assessment document along with a Validation Certificate. As an option, CLIENT is welcome to validate the system if they prefer. Role Assignment Log Should be established and agreed between CLIENT and the SYLOGENT to meet regulatory requirements and expectations The Role Assignment is managed within the application by either Sylogent support team and or CLIENT. Additionally, CLIENT can provide Sylogent an Excel file with CLIENT users and their assigned roles that can be input into the system by either party. The system includes a User Report that can be generated at any time to verify Role Assignments. Risk Assessment for Application System Provider needs to be aware of identified risk and mitigating measures Sylogent performs a risk assessment for each application prior to development and will provide CLIENT with its AA-02-004 Risk Assessment Procedure. Specific design risks are also reviewed and addressed in validation document: This document is considered proprietary and may be viewed on-site. User Requirements Should be established on the system level and agreed between CLIENT and the SYLOGENT to meet regulatory requirements and expectations Sylogent will provide CLIENT with document [ X ] Product Requirements. CLIENT may map their user requirements to the Functional Requirements within this document, if desired. Any additional agreed upon requirements will be processed per Sylogent s FF-01-001 Change Control of Computerized Systems Procedure which Sylogent will make available to CLIENT. Data Migration Plan Must execute relevant parts of the migration plan as indicated by CLIENT Sylogent will migrate all CLIENT date from existing systems or documents as needed. Additional migration efforts need to be defined by CLIENT.

System Design Specifications Should be established on the system level and agreed between CLIENT and the SYLOGENT to meet regulatory requirements and expectations Sylogent Design Specifications for all applications are considered proprietary. An on-site visit is required to view applicable design specifications. Configuration Specification Should be established on the system level and agreed between CLIENT and the SYLOGENT to meet regulatory requirements and expectations, provider should maintain a current system configuration specification Sylogent will provide CLIENT with System Configuration Document. Upon completion, Sylogent will configure the application with settings defined in the configuration document. Any changes to the application configuration, post launch, will be managed through the FF-01-004 Change Control of Computerized Systems Procedure. Traceability Matrix Supplier should be able to demonstrate traceability of requirements and specifications to testing. Will be verified during supplier assessment. Per Sylogent s EE-01-003 Software Validation Documentation procedure, Sylogent traces from Requirement to Design Specification to Test Case. Although full documents in some cases can only be viewed on-site, Sylogent will provide CLIENT with the matrix portion of each document. Technical Installation Should exist for all CLIENT installations (GxP or otherwise) Sylogent performs qualification on all application instances. Sylogent will provide CLIENT with its EE-01-008 Installation Qualification Documentation Procedure. This includes the TEC-01-0010 Installation Protocol document that addresses technical installation. Installation Qualification Should exist for all CLIENT installations (GxP or otherwise) Sylogent performs qualification on all application instances. Sylogent will provide CLIENT with its EE-01-008 Installation Qualification Documentation Procedure. The installation qualification documentation includes the TEC-01-0011 Installation Report which will be provided to CLIENT post-launch.

Software Design Specification. Software Development Plan. Software Development Testing. The supplier must follow an acceptable software development process. Sylogent follows its EE-01-001 Software Development Life Cycle Procedure in conjunction with its EE-01-003 Software Validation Documentation Procedure. Sylogent will provide both procedures to CLIENT. Validation documentation consists of the following documents: OQ Plan/Report o TEC-01-0001 Product Requirements o TEC-01-0002 Project Plan o TEC-01-0003 Design Specifications (on-site only) o TEC-01-0004 Technical Specifications (on-site only) o TEC-01-0005 Code Review Report (on-site only) o TEC-01-0006 Build Notes (on-site only) o TEC-01-0007 SQA Testing Protocol (partial) o TEC-01-0008 SQA Testing Report (partial) o TEC-01-0009 Release Notes o TEC-01-0012 Validation Summary Report Should exist for all CLIENT installations (GxP or otherwise) Sylogent will execute a set of test cases to verify application is configured to CLIENT Configuration Document and application is functioning as expected. Sylogent will deliver to CLIENT a report of the test case results. PQ Plan/Report Should be established on the system level and agreed between CLIENT and the SYLOGENT to meet regulatory requirements and expectations Sylogent will execute a set of test cases to verify system is performing as expected. Sylogent will deliver to CLIENT a report of the system performance results. Change Control Process During the supplier assessment, CLIENT will verify a change control process that meets regulatory expectations is in place and followed. Sylogent will provide CLIENT with its FF-01-004 Change Control of Computerized Systems Procedure.

Periodic Review Process During the supplier assessment CLIENT will verify a periodic review process on the system level that meets regulatory expectations is in place and followed. Sylogent will provide CLIENT with its II-01-006 Product Review and Improvement Procedure. Incident Management Process During the supplier assessment CLIENT will verify an incident management process on the system level that meets regulatory expectations is in place and followed. Sylogent will provide CLIENT with its II-01-002 Incident Handling Procedure. Service Level Agreement An SLA should be established between CLIENT and the supplier Sylogent will work with CLIENT to establish an appropriate SLA. SLA generally includes the following: Scope of Work and Services, Deliverables, Sylogent and Hosting Responsibilities, Customer Responsibilities, Key Contact Information, Service Requests and Notifications, Technical Support, Maintenance, Upgrades, Response Times, Standard Training Services, Exclusions, Supported Versions, Escrow. A sample of a standard SLA is attached. Training Process The supplier should have a formal training program in place and this will be verified as part of the supplier assessment. The training program should include relevant GxP topics Staff training is conducted annually and records are available on-site. Sylogent will provide CLIENT with its CC-01-001 Training Procedure. Security Administration The provider must have a thorough provisioning/de-provisioning process in place and be amicable to CLIENT auditing the process routinely. Sylogent will provide CLIENT with its Sylogent s DD-01-001 Master Security Procedure.

Retirement The supplier should have a process for system retirement as part of the life cycle approach and will be verified as part of the supplier assessment, including elimination of "CLIENT data" residing on their systems. Sylogent will provide CLIENT with its EE-01-009 Application and Instance Retirement Procedure. Data Center Qualification The supplier must have a properly qualified data center; the status of the qualification must be periodically reviewed. This will be verified as part of the supplier assessment. Sylogent will provide CLIENT with its AA-02-003 SYLOGENT Qualification Procedure. SYLOGENT Evaluation and SYLOGENT Assessment forms can viewed on-site, if desired. In addition, the ISO 27001 and SSAE16 Certifications (SOC reports) will be provided. Data Center Security The supplier must have data center security processes that ensure only authorized individuals have access to the data center. CLIENT will verify the existence of procedure governing these activities during the supplier assessment Sylogent will provide CLIENT with Sylogent s DD-01-001 Master Security Procedure and the following documents in support of the Rackspace data center: ISO 27001 and SSAE16 Certifications (SOC Reports). Disaster Recovery CLIENT must verify a disaster recovery that meets CLIENT s requirements is in place and that it is periodically tested. This will be done as part of the supplier assessment. Sylogent will provide CLIENT with its GG-01-006 Disaster Recovery and GG-01-005 Business Continuity Procedures. Back Up - Recovery The supplier should have a documented process for BU&R and have evidence of successful testing. This will be verified during the supplier assessment. Sylogent will provide CLIENT with its FF-01-004 Rackspace Data Hosting Procedure which addresses back up of client data. Sylogent will also provide CLIENT with its GG-01-003 Administration Systems Backup and Recovery Procedure (Sylogent data only and does not house client data). Data Transfer Appropriate processes for data transfer from the provider site to a CLIENT site, or for transfer from system to system within the provider site, must be established and agreed (e.g. encryption etc.). Sylogent will provide CLIENT with its DD-01-004 Data Interchange Procedure.

SYLOGENT 411 South State Street Newtown, PA 18940 +1 215.504.7000 Jack Yeager - CEO jack.yeager@sylogent.com +1 215.504.7000 x26 Dawn Albano - QC dawn.albano@sylogent.com +1 215.504.7000 x25

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information