Ever since the sensational arrival of cloud computing on the IT industry horizon, it has made life different in more ways than could be imagined, to make an understatement. With organizations realizing the enormous advantage cloud computing offers; almost every conceivable type of document is being pushed to the cloud.
The advantages are obvious, but let us repeat them at the cost of sounding banal: on-demand availability of data, flexibility, scalability, pay-for-use, and the choice of usages.
For the life sciences
So, why should life sciences, medical devices and pharmaceutical companies leave out documents pertaining to regulatory mechanisms, such as 21 CFR Part 11 and related regulations like Annex 11, and the cGMP’s?
It certainly makes immense sense to have these documents on the cloud. Or does it? Let us look at it this way: having 21 CFR Part 11 and related regulations on the cloud is not going to cost the company anything more; on the other hand, there is no headache involved in having to maintain them on the company premises.
It’s compliance, sir!
So, when companies decide to indeed go on the cloud for 21 CFR Part 11 and related regulations, what should they bear in mind? First of foremost, compliance! This is the mantra that they need to drill into their very being. Nothing moves forward without compliance. Compliance comes first, and everything else follows. Naturally, companies ought to ensure that compliance is built into every step of the planning, delivery and maintenance of their hosted solution.
There has always been the apprehension on the part of Part 11-regulated companies that using third party providers for hosting applications and data is not the wisest of steps to take because these parties may not be able to meet security concerns, audit transparency requirements and privacy laws. Many Part 11-regulated companies also feel that external, third party providers do not have the mechanisms to document policies and procedures in the prescribed manner to satisfy compliance for 21 CFR part 11 hosting.
Companies need to take the following into consideration if they have to satisfy compliance for 21 CFR part 11 hosting:
o Do the providers implement a service level agreement?
o What do they do about handling change control?
o What is their level of knowledge of and expertise in handling installation qualification?
o What is their way of handling encryption?
o What is their approach to handling an inspection or audit?
o What do they do in the event of a disaster?
o Do they have a standard set of SOP’s that the company can see?