Dash Way, profile picture
Uploaded byDash Way
PPTX, PDF410 views

PSI Pharmaway 1.0

This document discusses guidelines for validating Microsoft cloud technology for use in life sciences and pharmaceutical industries. It provides an overview of Microsoft Azure and outlines responsibilities for cloud service providers and customers to ensure systems hosted on Azure meet regulatory requirements. Specifically, it discusses how PSI has developed pre-qualified cloud infrastructure and pre-validated software packages that can help customers more easily deploy compliant systems in a cost-effective manner without having to build and qualify entire platforms themselves.

Embed presentation

Downloaded 13 times
2016 FDA GMP Guideline for the Web-Cloud & Software Services White Paper and Use Case Juan Carlos Tirado Operations Director PSI /Pharmaway 1.0
Executive Summary PSI can help customers in the manufacturing industry establish a qualification strategy for the Windows Azure platform. In this presentation we will discuss:  White-Paper: Guidelines to validate Microsoft cloud technology for the life sciences industry.  Use case: PSI-Pharmaway 1.0
The challenge • Biotech and pharmaceutical systems have always been highly regulated, complex and expensive. Hardware and software requirements are daunting in scale, variety, and speed of obsolescence.
The challenge • The industry currently requires large teams of experts for installation, configuration, testing, operation, security, and maintenance. When you scale this effort across dozens or sometimes hundreds of applications, it’s easy to see why the largest companies with the best IT departments aren’t getting the systems they need. Small and mid-sized companies don’t stand a chance.
A new technological vision • We created an industry first web based FDA-Good Manufacturing Practices compliance and integrated software suite environment including an Manufacturing Execution System, Laboratory Information Management System, Change Control, None Conformance/CAPA and Business Intelligence system perfect for the manufacturing, biotechnology, biomedical and pharmaceutical industries.
Microsoft Azure Clouds • Over the last few years, Microsoft has paid an increasing amount of attention to compliance and the cloud. • Together these concepts represent a fairly radical departure from normal business in the life sciences industry and manufacturing in general. • By enabling cloud technologies, which provide an ease of use and ease of implementation, with compliance, which provides the ability to work with information in a regulatory compliant fashion, companies may find the best of both worlds.
WindowsAzure Overview • Windows Azure is a cloud services operating system that serves as the development, service hosting and service management environment for the Azure platform. • Windows Azure provides developers with on-demand compute and storage to host, scale, and manage web applications on the Internet through Microsoft data centers. • The Microsoft Global Foundation Services group administers the physical infrastructure on which the Azure platform runs and data is stored. • Customers provide and manage the GxP computerized systems and data that are deployed on the Azure platform. Applications Infrastructure Software & Tools Network Components Infrastructure Hardware Data Center Facilities Validation Qualification
Methodology Microsoft’s Azure platform services have undergone SSAE 16 Service Organization Control (SOC) audits and are also certified according to ISO/IEC 27001:2005 standards (see Section 0). This process has leveraged the reports produced by independent third party auditors to identify procedural. relation to controls for computerized systems. The qualification approach summarizes the activities and responsibilities shared between the regulated user (customer) and the cloud service provider (Microsoft) to qualify the system against the relevant regulatory requirements. The assessment described the responsibilities of the customer and Microsoft, as well as the activities, documentation and controls (technical/procedural) that are required to meet the regulatory requirement.
GAMP5® Category From the perspective of a regulated user (customer), the Azure platform is considered to be Category 1 – Infrastructure Software as defined in GAMP5® (Ref. [6]). This category contains two types of software; Established or commercially available layered software (e.g. operating systems, database managers, programming languages, etc.) and Infrastructure software tools (e.g. network monitoring software, batch job scheduling tools, security software, anti-virus and configuration management tools).
FDA Classification While Microsoft is not directly responsible for the electronic records contained within the Azure platform, it is responsible for maintaining the Azure platform. In addition, Microsoft configures the Azure platform infrastructure and establishes access control requirements for logical and physical security. The Azure platform is therefore considered to be “open” (refer to definition in Section 1.5). The FDA requires open systems to meet additional requirements, such as encryption, as defined in 21 CFR Part 11.30 (Ref. [5]). The customer should evaluate any GxP computerized system deployed on the Azure platform should to determine whether it should be considered an open or closed system per 21 CFR Part 11 and whether additional controls / procedures need to be implemented as a result of the evaluation.
Microsoft Azure Controls • Security Policies and Procedures • Physical and Environmental Security • Logical Security • System Monitoring and Maintenance • Data Backup, Recovery and Retention • Confidentiality • Software Development / Change Management • Incident Management • Service Level Agreements • Risk Assessment • Documentation / Asset Management • Training Management • Disaster Recovery • Vendor Management
Qualification Approach Applications Infrastructure Software & Tools Network Components Infrastructure Hardware Data Center Facilities Validation Qualification According to industry best practices as proposed within the GAMP Good Practice Guide: IT Infrastructure Control and Compliance7, in order for an IT infrastructure platform to be considered qualified and compliant, the following critical aspects need to be considered: • Installation and operational qualification of infrastructure components; • Configuration management and change control of infrastructure components; • Management of risks to IT Infrastructure; • Involvement of service providers in critical infrastructure processes; • Security management in relation to access controls, availability of services and data integrity; • Data Backup, Restore, Disaster Recovery, Archiving. Microsoft has implemented controls (see Section 2.5) which encompass these critical aspects of compliance.
Summary of Microsoft Responsibilities • Microsoft is responsible for ensuring that Windows Azure meets the terms defined within the governing Service Level Agreements (see Section 2.5.9). When new virtual machines are deployed within the Azure Platform, they are created using the default configuration established by Microsoft. Microsoft is responsible for ensuring the deployed VM’s are capable of meeting the specifications and the terms of the SLA(s). • The Azure platform must be managed in a controlled and secured manner, so as to provide the following key elements: – Confidentiality - ensuring that information is accessible only to those authorized to have access; – Integrity - safeguarding the accuracy and completeness of information and processing methods; – Availability - ensuring that authorized users have access to information and associated assets when required. – The controls identified in Section 2.5 are implemented, managed and maintained by Microsoft to ensure that the above key requirements can be met.
Customer Responsibilities 1. Develop or identify procedural controls governing the use of the GxP computerized system. These procedural controls should cover the topics as described in Appendix A, as well as any other controlled processes which are impacted by the GxP computerized system including the following. 2. Platform 3. Development Lifecycle on Windows Azure. 4. Windows Azure 5. Determine the GxP requirements that apply to the VM based on its intended use. 6. Follow internal procedures governing Qualification and/or Validation processes, expected deliverables. 7. Virtual Machine
Conclusion • In summary, when considering the use of a public, off-premise, third party managed cloud service to host GxP computerized systems it is important to assess the adequacy of the cloud service provider’s controls which ensure confidentiality, integrity and availability of data stored on the hosted platform. Defining roles and responsibilities shared between the regulated user and the cloud service provider is essential. • As outlined within this guidance document, Microsoft has implemented procedural and technical controls which are relevant to regulatory requirements stipulated within US FDA 21 CFR Part 11 and EudraLex Volume 4 Annex 11. These controls have been independently audited and could serve to demonstrate that the Azure platform is maintained in a state of control that is in accordance with the applicable regulatory requirements. • Of equal importance are the activities and controls which must be implemented by the customer to ensure that GxP computerized systems are maintained in a secured and qualified state.
Use Case Analysis
Introduction The combination of this Cloud Services with the possibility of qualify them give the industry the possibility to have for the first time cost/effective systems and infrastructure. As we all know Biotech and Pharmaceutical systems have always been highly regulated, complex and expensive. Using this services we created three industry first web based products that allow the deploying of new GMP and FDA compliance systems you can avoid the time, costs of building a fully Qualified platform by leveraging our integrated packages and existing IQ/OQ/PQ and SOP templates.
PSI New Products/Services PSI-Pharmaway 1.0 new Cloud services/products: 1. A pre-qualified infrastructure in the MS Azure cloud and regular webhost that companies can use to install /handle/backup/etc. our package or their own systems. 2. An XML integration service that well follow ISO/FDA rules and integrate ISO95 systems in level 4 and 3 into end to end coherent processes (i.e. ERP>MES>LMS> QMS>OEE>Equipment>BI, etc.) 3. A pre-validated web/cloud based package that include all the software that a manufacturing plant need to comply with the ISO95 already prequalified/reintegrated and ready to be deploy from the public cloud or on the plant premise servers. ***These three new products are all under one simple consolidated service we call Pharmaway 1.0.
Pharmaway 1.0 ™ Diagrams
Pharmaway 1.0 ™ Diagrams
SAP ”ERP”> Pharmaway “MES” Integration Points Create Material Master Inventory Create Batch Master Create Production Orders SAP “ERP” Pharmaway 1.0 “MES” Update Material Master Update Batch Master Update Production Orders Inventory
ISA95 Using the Microsoft Azure Hybrid Cloud Level 4 ERP/QMS/CMMS Level 3 MES/LIMS/OEE Level2 Controls/Automation Level 1 Equipment & Machinery Public Cloud On Premise Server
Use Case Approach › Allow PSI team access to clients data and process flows › Allocate hours required to develop for Master Data and MBR templating for MBR development, testing and validation › Partner with PSI to show case marketing and sales efforts for a two-year period › Implement solutions on Microsoft cloud › Test of full suite of applications › Deliver a validated core of applications › Deploy solution in Microsoft -hosted private cloud › Savings through startup due to Pharmaway sponsored FDA validation and foregone CapEx from hosted infrastructure › Reduced recurring OpEx due to lower long-term cost of ownership › Built operational excellence in manufacturing execution › Delivery model for operations › First –hand feedback from manufacturing and quality will improve our design of core applications improvement › Use of client name and ‘use case’ for commercial purposes CommitmentsBenefits
Tres Monjitas Operation Presently producing 12 dairy products under their brand, their primary product is milk packed aseptically to preserve its nutritional value. Offering four types of milk (from whole milk, chocolate milk, and fat free milk), 3 different flavored milks and lactose free milk introduced in 2014. Also offering white cheese since 2014 and butter Tres Monjitas exports milk to the Caribbean reaching Dominican Republic, Cuba and the neighboring islands and expands to the United States (Texas, New Jersey and Florida)
Pharmaway 1.0™ Demo
APPENDIX

More Related Content

PPTX
Pistoia Alliance Debates: PhUSE Framework for the Adoption of Cloud Technolog...
byPistoia Alliance
 
PDF
Mobile Workstations & Pharma 4.0 - Wai Wong, VP Validation, Pharmatech Associ...
bySIPRI
 
PDF
2018 ISPE Tieghi OT/ICS CyberSecurity per Pharma 4.0
byEnzo M. Tieghi
 
PDF
Rethinking compliance
byS. Hanau
 
PDF
PaaSing a Java EE Application
byJagadish Prasath
 
PDF
Accenture Cloud Platform: Control, Manage and Govern the Enterprise Cloud
byAccenture Operations
 
PDF
Moving healthcare applications to the cloud
byVelocity Technology Solutions
 
PDF
Factsheet: LifeSphere EV Triage
byArisGlobal
 
Pistoia Alliance Debates: PhUSE Framework for the Adoption of Cloud Technolog...
byPistoia Alliance
 
Mobile Workstations & Pharma 4.0 - Wai Wong, VP Validation, Pharmatech Associ...
bySIPRI
 
2018 ISPE Tieghi OT/ICS CyberSecurity per Pharma 4.0
byEnzo M. Tieghi
 
Rethinking compliance
byS. Hanau
 
PaaSing a Java EE Application
byJagadish Prasath
 
Accenture Cloud Platform: Control, Manage and Govern the Enterprise Cloud
byAccenture Operations
 
Moving healthcare applications to the cloud
byVelocity Technology Solutions
 
Factsheet: LifeSphere EV Triage
byArisGlobal
 

Viewers also liked

PDF
Case Study – Deploying SharePoint Based eTMF in the Cloud
byMontrium
 
PPT
Gamp Riskbased Approch To Validation
byRajendra Sadare
 
PDF
"GAMP 5 & 21 CFR Part 11 Compliance with Computer System Validation”
byMarcep Inc.
 
PPTX
Myths of validation
byJeff Thomas
 
PDF
Computer System Validation Then and Now — Learning Management in the Cloud
byInstitute of Validation Technology
 
PDF
Executing Validation of GxP Systems Electronically using SharePoint
byMontrium
 
PDF
Meet You GxP Compliance in the Cloud
byAppian
 
PPSX
Virtual infrastructure qualification
byUS Data Management LLC
 
PPTX
Good Practices for Computerised Systems : PIC/S Guidance
byGMP EDUCATION : Not for Profit Organization
 
PDF
Validating SharePoint for Regulated Life Sciences Applications
byMontrium
 
PDF
Regulatory Considerations for use of Cloud Computing and SaaS Environments
byInstitute of Validation Technology
 
PDF
IT Validation Training
byRobert Sturm
 
PPTX
computer system validation
byGopal Patel
 
PPT
Gamp5 new
byKalpeshkumar Vaghela
 
PPTX
Computer System Validation
byGMP EDUCATION : Not for Profit Organization
 
PPTX
Computer System Validation
byEric Silva
 
PPT
Qc-gmp-qa
byKhalid Hussain
 
PPTX
Good Manufacturing Practices(GMP)
byVirendra Singh
 
PDF
Good Manufacturing Practices
byJorge Torres
 
PPTX
Concept of URS,DQ,IQ,OQ,PQ
bydhavalrock24
 
Case Study – Deploying SharePoint Based eTMF in the Cloud
byMontrium
 
Gamp Riskbased Approch To Validation
byRajendra Sadare
 
"GAMP 5 & 21 CFR Part 11 Compliance with Computer System Validation”
byMarcep Inc.
 
Myths of validation
byJeff Thomas
 
Computer System Validation Then and Now — Learning Management in the Cloud
byInstitute of Validation Technology
 
Executing Validation of GxP Systems Electronically using SharePoint
byMontrium
 
Meet You GxP Compliance in the Cloud
byAppian
 
Virtual infrastructure qualification
byUS Data Management LLC
 
Good Practices for Computerised Systems : PIC/S Guidance
byGMP EDUCATION : Not for Profit Organization
 
Validating SharePoint for Regulated Life Sciences Applications
byMontrium
 
Regulatory Considerations for use of Cloud Computing and SaaS Environments
byInstitute of Validation Technology
 
IT Validation Training
byRobert Sturm
 
computer system validation
byGopal Patel
 
Gamp5 new
byKalpeshkumar Vaghela
 
Computer System Validation
byGMP EDUCATION : Not for Profit Organization
 
Computer System Validation
byEric Silva
 
Qc-gmp-qa
byKhalid Hussain
 
Good Manufacturing Practices(GMP)
byVirendra Singh
 
Good Manufacturing Practices
byJorge Torres
 
Concept of URS,DQ,IQ,OQ,PQ
bydhavalrock24
 

Similar to PSI Pharmaway 1.0

PDF
Microsoft certified azure fundamentals exam code az-900
byZabeel Institute
 
PDF
AZ-900 Summary with all information that
byFadiAlkanani1
 
PPTX
Cloud computing with MS Azure
bySyed Sabhi Haider
 
PPTX
Ms.azure in detail
byNeethu Kuruvilla
 
PPTX
Make IT Pro's great again: Microsoft Azure for the SharePoint professional
byBIWUG
 
PDF
Azure 13 effective security controls for iso 27001 compliance
byErlinkencana
 
PPTX
Azure Fundamentals || AZ-900
bythisiswali
 
PPTX
Azure Security Compass v1.1 - Presentation.pptx
byZaheerEbrahim5
 
PPTX
IAMCP - Cloud Platform Overview & Partner Opportunities
byRichard Harbridge
 
PPTX
Azure Security Overview
byAllen Brokken
 
PPTX
SNA3-Microsoft Azure Fundamentals AZ900.pptx
byEcmOdin
 
PPTX
Prestashop and Azure
byVito Flavio Lorusso
 
PDF
azure-security-overview-slideshare-180419183626.pdf
byBenAissaTaher1
 
PDF
Azure for business
byTechExpert
 
PDF
Building a Secure and Compliant Azure Virtual Data Center
byPatrick Sklodowski
 
PDF
Microsoft Windows Azure - Security Best Practices for Developing Windows Azur...
byMicrosoft Private Cloud
 
PDF
Guide to Sharpening Security in the Public Cloud
byInsight
 
PDF
Cortana Analytics Workshop: Cortana Analytics -- Security, Privacy & Compliance
byMSAdvAnalytics
 
PPTX
Webinar - Compliance with the Microsoft Cloud- 2017-04-19
byTechSoup
 
PDF
Microsoft Azure Fundamentals AZ 900 ####
byMohanArumugam24
 
Microsoft certified azure fundamentals exam code az-900
byZabeel Institute
 
AZ-900 Summary with all information that
byFadiAlkanani1
 
Cloud computing with MS Azure
bySyed Sabhi Haider
 
Ms.azure in detail
byNeethu Kuruvilla
 
Make IT Pro's great again: Microsoft Azure for the SharePoint professional
byBIWUG
 
Azure 13 effective security controls for iso 27001 compliance
byErlinkencana
 
Azure Fundamentals || AZ-900
bythisiswali
 
Azure Security Compass v1.1 - Presentation.pptx
byZaheerEbrahim5
 
IAMCP - Cloud Platform Overview & Partner Opportunities
byRichard Harbridge
 
Azure Security Overview
byAllen Brokken
 
SNA3-Microsoft Azure Fundamentals AZ900.pptx
byEcmOdin
 
Prestashop and Azure
byVito Flavio Lorusso
 
azure-security-overview-slideshare-180419183626.pdf
byBenAissaTaher1
 
Azure for business
byTechExpert
 
Building a Secure and Compliant Azure Virtual Data Center
byPatrick Sklodowski
 
Microsoft Windows Azure - Security Best Practices for Developing Windows Azur...
byMicrosoft Private Cloud
 
Guide to Sharpening Security in the Public Cloud
byInsight
 
Cortana Analytics Workshop: Cortana Analytics -- Security, Privacy & Compliance
byMSAdvAnalytics
 
Webinar - Compliance with the Microsoft Cloud- 2017-04-19
byTechSoup
 
Microsoft Azure Fundamentals AZ 900 ####
byMohanArumugam24
 

Recently uploaded

PDF
Common CRM Implementation Mistakes & How to Avoid Them.pdf
byCRMLeaf
 
PDF
Best SaaS Growth Strategy for 2026: Referral Programs That Retain Better
byReferral Factory
 
PDF
AI Concepts - MCP Neurons
byPhilip Schwarz
 
PDF
DSD-INT 2025 Coupled modeling in Ribasim - Linking Water Availability and Qua...
byDeltares
 
PDF
Job Interview for Global Federal Government MD Panel Presentation
byafnupe09
 
PDF
apidays Paris 2025 | AI and APIs - Ensuring Platform Migration Reliability wi...
byapidays
 
PDF
DSD-INT 2025 MODFLOW 6 Developments - Langevin
byDeltares
 
PDF
End-to-End Web & Mobile App Development Roadmap for Modern Businesses.pdf
byNaestinn
 
PDF
REST in Peace (Laravel Senegal Meetup 2025)
byWendell Adriel
 
PPTX
Managing Multiple Projects from One ERP Dashboard - by biCanvas ERP
bybiCanvasERP
 
PPTX
How to Extract Google Maps Business Leads Efficiently
bywakasoftteam
 
PPTX
Why Airline Platforms Fail at Change and How Etihad Fixed It
byIT IDOL Technologies
 
PDF
Achieving App Stability through mobile performance testing
byAvekshaa Technologies
 
PPTX
The Triple Bottom Line of Software: Uses, Misuses, and Strategic Risks
byrawaisah124
 
PDF
GOOGLE_VERTEX_AI web development 1.pdf
bydavidjohansen1597
 
PDF
HTML 5 CSS 3 DEVELOPMENT TECHNOLOGY.pdf
bydavidjohansen1597
 
PDF
The Hidden Cost of “Quick” Web App Development
byiProgrammer Solutions Private Limited
 
PDF
DSD-INT 2025 The National Hydrological Model of Denmark and its enhancements ...
byDeltares
 
PDF
Oracle AI Database 26ai _ AI-Native Database for Enterprises.pdf
byAstuteBusiness
 
PDF
DSD-INT 2025 Flexible Reservoir Modelling with Ribasim - From Simple to Compl...
byDeltares
 
Common CRM Implementation Mistakes & How to Avoid Them.pdf
byCRMLeaf
 
Best SaaS Growth Strategy for 2026: Referral Programs That Retain Better
byReferral Factory
 
AI Concepts - MCP Neurons
byPhilip Schwarz
 
DSD-INT 2025 Coupled modeling in Ribasim - Linking Water Availability and Qua...
byDeltares
 
Job Interview for Global Federal Government MD Panel Presentation
byafnupe09
 
apidays Paris 2025 | AI and APIs - Ensuring Platform Migration Reliability wi...
byapidays
 
DSD-INT 2025 MODFLOW 6 Developments - Langevin
byDeltares
 
End-to-End Web & Mobile App Development Roadmap for Modern Businesses.pdf
byNaestinn
 
REST in Peace (Laravel Senegal Meetup 2025)
byWendell Adriel
 
Managing Multiple Projects from One ERP Dashboard - by biCanvas ERP
bybiCanvasERP
 
How to Extract Google Maps Business Leads Efficiently
bywakasoftteam
 
Why Airline Platforms Fail at Change and How Etihad Fixed It
byIT IDOL Technologies
 
Achieving App Stability through mobile performance testing
byAvekshaa Technologies
 
The Triple Bottom Line of Software: Uses, Misuses, and Strategic Risks
byrawaisah124
 
GOOGLE_VERTEX_AI web development 1.pdf
bydavidjohansen1597
 
HTML 5 CSS 3 DEVELOPMENT TECHNOLOGY.pdf
bydavidjohansen1597
 
The Hidden Cost of “Quick” Web App Development
byiProgrammer Solutions Private Limited
 
DSD-INT 2025 The National Hydrological Model of Denmark and its enhancements ...
byDeltares
 
Oracle AI Database 26ai _ AI-Native Database for Enterprises.pdf
byAstuteBusiness
 
DSD-INT 2025 Flexible Reservoir Modelling with Ribasim - From Simple to Compl...
byDeltares
 

PSI Pharmaway 1.0

  • 1.
    2016 FDA GMPGuideline for the Web-Cloud & Software Services White Paper and Use Case Juan Carlos Tirado Operations Director PSI /Pharmaway 1.0
  • 2.
    Executive Summary PSI canhelp customers in the manufacturing industry establish a qualification strategy for the Windows Azure platform. In this presentation we will discuss:  White-Paper: Guidelines to validate Microsoft cloud technology for the life sciences industry.  Use case: PSI-Pharmaway 1.0
  • 3.
    The challenge • Biotechand pharmaceutical systems have always been highly regulated, complex and expensive. Hardware and software requirements are daunting in scale, variety, and speed of obsolescence.
  • 4.
    The challenge • Theindustry currently requires large teams of experts for installation, configuration, testing, operation, security, and maintenance. When you scale this effort across dozens or sometimes hundreds of applications, it’s easy to see why the largest companies with the best IT departments aren’t getting the systems they need. Small and mid-sized companies don’t stand a chance.
  • 5.
    A new technologicalvision • We created an industry first web based FDA-Good Manufacturing Practices compliance and integrated software suite environment including an Manufacturing Execution System, Laboratory Information Management System, Change Control, None Conformance/CAPA and Business Intelligence system perfect for the manufacturing, biotechnology, biomedical and pharmaceutical industries.
  • 6.
    Microsoft Azure Clouds •Over the last few years, Microsoft has paid an increasing amount of attention to compliance and the cloud. • Together these concepts represent a fairly radical departure from normal business in the life sciences industry and manufacturing in general. • By enabling cloud technologies, which provide an ease of use and ease of implementation, with compliance, which provides the ability to work with information in a regulatory compliant fashion, companies may find the best of both worlds.
  • 7.
    WindowsAzure Overview • WindowsAzure is a cloud services operating system that serves as the development, service hosting and service management environment for the Azure platform. • Windows Azure provides developers with on-demand compute and storage to host, scale, and manage web applications on the Internet through Microsoft data centers. • The Microsoft Global Foundation Services group administers the physical infrastructure on which the Azure platform runs and data is stored. • Customers provide and manage the GxP computerized systems and data that are deployed on the Azure platform. Applications Infrastructure Software & Tools Network Components Infrastructure Hardware Data Center Facilities Validation Qualification
  • 8.
    Methodology Microsoft’s Azure platformservices have undergone SSAE 16 Service Organization Control (SOC) audits and are also certified according to ISO/IEC 27001:2005 standards (see Section 0). This process has leveraged the reports produced by independent third party auditors to identify procedural. relation to controls for computerized systems. The qualification approach summarizes the activities and responsibilities shared between the regulated user (customer) and the cloud service provider (Microsoft) to qualify the system against the relevant regulatory requirements. The assessment described the responsibilities of the customer and Microsoft, as well as the activities, documentation and controls (technical/procedural) that are required to meet the regulatory requirement.
  • 9.
    GAMP5® Category From theperspective of a regulated user (customer), the Azure platform is considered to be Category 1 – Infrastructure Software as defined in GAMP5® (Ref. [6]). This category contains two types of software; Established or commercially available layered software (e.g. operating systems, database managers, programming languages, etc.) and Infrastructure software tools (e.g. network monitoring software, batch job scheduling tools, security software, anti-virus and configuration management tools).
  • 10.
    FDA Classification While Microsoftis not directly responsible for the electronic records contained within the Azure platform, it is responsible for maintaining the Azure platform. In addition, Microsoft configures the Azure platform infrastructure and establishes access control requirements for logical and physical security. The Azure platform is therefore considered to be “open” (refer to definition in Section 1.5). The FDA requires open systems to meet additional requirements, such as encryption, as defined in 21 CFR Part 11.30 (Ref. [5]). The customer should evaluate any GxP computerized system deployed on the Azure platform should to determine whether it should be considered an open or closed system per 21 CFR Part 11 and whether additional controls / procedures need to be implemented as a result of the evaluation.
  • 11.
    Microsoft Azure Controls •Security Policies and Procedures • Physical and Environmental Security • Logical Security • System Monitoring and Maintenance • Data Backup, Recovery and Retention • Confidentiality • Software Development / Change Management • Incident Management • Service Level Agreements • Risk Assessment • Documentation / Asset Management • Training Management • Disaster Recovery • Vendor Management
  • 12.
    Qualification Approach Applications Infrastructure Software &Tools Network Components Infrastructure Hardware Data Center Facilities Validation Qualification According to industry best practices as proposed within the GAMP Good Practice Guide: IT Infrastructure Control and Compliance7, in order for an IT infrastructure platform to be considered qualified and compliant, the following critical aspects need to be considered: • Installation and operational qualification of infrastructure components; • Configuration management and change control of infrastructure components; • Management of risks to IT Infrastructure; • Involvement of service providers in critical infrastructure processes; • Security management in relation to access controls, availability of services and data integrity; • Data Backup, Restore, Disaster Recovery, Archiving. Microsoft has implemented controls (see Section 2.5) which encompass these critical aspects of compliance.
  • 13.
    Summary of MicrosoftResponsibilities • Microsoft is responsible for ensuring that Windows Azure meets the terms defined within the governing Service Level Agreements (see Section 2.5.9). When new virtual machines are deployed within the Azure Platform, they are created using the default configuration established by Microsoft. Microsoft is responsible for ensuring the deployed VM’s are capable of meeting the specifications and the terms of the SLA(s). • The Azure platform must be managed in a controlled and secured manner, so as to provide the following key elements: – Confidentiality - ensuring that information is accessible only to those authorized to have access; – Integrity - safeguarding the accuracy and completeness of information and processing methods; – Availability - ensuring that authorized users have access to information and associated assets when required. – The controls identified in Section 2.5 are implemented, managed and maintained by Microsoft to ensure that the above key requirements can be met.
  • 14.
    Customer Responsibilities 1. Developor identify procedural controls governing the use of the GxP computerized system. These procedural controls should cover the topics as described in Appendix A, as well as any other controlled processes which are impacted by the GxP computerized system including the following. 2. Platform 3. Development Lifecycle on Windows Azure. 4. Windows Azure 5. Determine the GxP requirements that apply to the VM based on its intended use. 6. Follow internal procedures governing Qualification and/or Validation processes, expected deliverables. 7. Virtual Machine
  • 15.
    Conclusion • In summary,when considering the use of a public, off-premise, third party managed cloud service to host GxP computerized systems it is important to assess the adequacy of the cloud service provider’s controls which ensure confidentiality, integrity and availability of data stored on the hosted platform. Defining roles and responsibilities shared between the regulated user and the cloud service provider is essential. • As outlined within this guidance document, Microsoft has implemented procedural and technical controls which are relevant to regulatory requirements stipulated within US FDA 21 CFR Part 11 and EudraLex Volume 4 Annex 11. These controls have been independently audited and could serve to demonstrate that the Azure platform is maintained in a state of control that is in accordance with the applicable regulatory requirements. • Of equal importance are the activities and controls which must be implemented by the customer to ensure that GxP computerized systems are maintained in a secured and qualified state.
  • 16.
  • 17.
    Introduction The combination ofthis Cloud Services with the possibility of qualify them give the industry the possibility to have for the first time cost/effective systems and infrastructure. As we all know Biotech and Pharmaceutical systems have always been highly regulated, complex and expensive. Using this services we created three industry first web based products that allow the deploying of new GMP and FDA compliance systems you can avoid the time, costs of building a fully Qualified platform by leveraging our integrated packages and existing IQ/OQ/PQ and SOP templates.
  • 18.
    PSI New Products/Services PSI-Pharmaway1.0 new Cloud services/products: 1. A pre-qualified infrastructure in the MS Azure cloud and regular webhost that companies can use to install /handle/backup/etc. our package or their own systems. 2. An XML integration service that well follow ISO/FDA rules and integrate ISO95 systems in level 4 and 3 into end to end coherent processes (i.e. ERP>MES>LMS> QMS>OEE>Equipment>BI, etc.) 3. A pre-validated web/cloud based package that include all the software that a manufacturing plant need to comply with the ISO95 already prequalified/reintegrated and ready to be deploy from the public cloud or on the plant premise servers. ***These three new products are all under one simple consolidated service we call Pharmaway 1.0.
  • 19.
  • 20.
  • 21.
    SAP ”ERP”> Pharmaway“MES” Integration Points Create Material Master Inventory Create Batch Master Create Production Orders SAP “ERP” Pharmaway 1.0 “MES” Update Material Master Update Batch Master Update Production Orders Inventory
  • 22.
    ISA95 Using theMicrosoft Azure Hybrid Cloud Level 4 ERP/QMS/CMMS Level 3 MES/LIMS/OEE Level2 Controls/Automation Level 1 Equipment & Machinery Public Cloud On Premise Server
  • 23.
    Use Case Approach ›Allow PSI team access to clients data and process flows › Allocate hours required to develop for Master Data and MBR templating for MBR development, testing and validation › Partner with PSI to show case marketing and sales efforts for a two-year period › Implement solutions on Microsoft cloud › Test of full suite of applications › Deliver a validated core of applications › Deploy solution in Microsoft -hosted private cloud › Savings through startup due to Pharmaway sponsored FDA validation and foregone CapEx from hosted infrastructure › Reduced recurring OpEx due to lower long-term cost of ownership › Built operational excellence in manufacturing execution › Delivery model for operations › First –hand feedback from manufacturing and quality will improve our design of core applications improvement › Use of client name and ‘use case’ for commercial purposes CommitmentsBenefits
  • 24.
    Tres Monjitas Operation Presentlyproducing 12 dairy products under their brand, their primary product is milk packed aseptically to preserve its nutritional value. Offering four types of milk (from whole milk, chocolate milk, and fat free milk), 3 different flavored milks and lactose free milk introduced in 2014. Also offering white cheese since 2014 and butter Tres Monjitas exports milk to the Caribbean reaching Dominican Republic, Cuba and the neighboring islands and expands to the United States (Texas, New Jersey and Florida)
  • 25.
  • 26.