Cloud Computing in GxP Environments

Cloud computing

When the pharmaceutical companies started the transition from manual operations to computerized system they had to rely on large, dedicated mainframes oftentimes underused. The appearance of hypervisors improved this situation, allowing IT departments to create virtual servers sharing a single pool of in-house resources, thus increasing the utilization rate and easing the management of the systems. However, this situation still requires significant initial investments in computer infrastructure and an in-house team able to configure and manage it. The next evolutionary step of IT outsources the management of IT infrastructure, platforms or even end-user software to external companies, moving from an investment approach (Capital Expenditure) to a pay-per-use model (Operating Expenditures). This is the cloud computing in its more usual kinds (Infrastructure as a Service (IaaS), Platform as a Service (PaaS) and Software as a Service (SaaS)).

This last step, a few years ago on the mouth of most IT-related people but with not many GxP systems actually being moved to the cloud, has changed dramatically. The serialization regulations require the implementation of totally new systems that should be interconnected with multiple other systems around the world. The use of SaaS based systems was, by large, the preferred approach in the industry, thus showing the future. This has evolved in a way that nowadays, cloud computing of all kinds is becoming more and more popular. Traditional and well-known software providers, leaders in different GxP areas, are launching their new cloud versions.

However, the use of cloud solution in GxP processes entails new regulatory challenges in terms of control, security and data integrity. The traditional approach to Computerized Systems Validation (CSV), following the spoon model, that has been successfully used for a long time for on-premise systems, reveals serious gaps when applied to cloud solutions. Organizations are posing on their suppliers the control of the systems and platforms thereby requiring the traditional approach be readjusted. The assessment of the vendor Quality Systems, security and control measures, business continuity plans, as well as their own validation procedures, are key factors to ensure compliance of GxP cloud solutions and define the best validation strategy under a risk-based approach.

The TDV proven experience in the validation of cloud platforms includes:

  • Full knowledge of the best practices in the pharmaceutical industries GxP computerized systems, digital transformation processes and adoption of cloud solutions.
  • Validation of computerized systems in different cloud model scenarios: IaaS, PaaS and SaaS.
  • Hands-on experience in the implementation and configuration of cloud systems.
  • Design of Quality Systems for cloud suppliers, aligned with GXP requirements.
  • Auditing cloud systems suppliers all over the world.
  • Advice on Service Level Agreements (SLA).


If you are interested in more information, please email us.