header-image

Cloud Computing in a GxP Environment - Online Training Recording

Seminar-Nr. 21677

Referent:innen

Dr. Wolfgang Schumacher

Dr. Wolfgang Schumacher

formerly F. Hoffmann-La Roche

Michael Wegmann

Michael Wegmann

F. Hoffmann-La Roche

Dr Arno Terhechte

Dr Arno Terhechte

GMP inspectorate / Bezirksregierung Münster

Robert Gärtner

Robert Gärtner

Veeva Systems

Zielsetzung

  • Get to know the different types of Cloud Computing, their technical basics and their validation approaches.
  • What are the pharmaceutical authorities’ requirements with regard to Cloud Computing and what regulations have to be observed? An inspector will present his perspective to these questions and the experience gained so far in audits and will further cover critical points.
  • You can assess the use of  Cloud Computing from the perspective of IT security and data protection rules, and based on that you can formulate requirements for cloud service providers.
  • You can evaluate the opportunities and risks of cloud computing in the GxP environment.

Hintergrund

As well as in other sectors, the use of Cloud Computing is discussed in the pharmaceutical industry. For commercial reasons there is a lot speaking for the use.

However, is Cloud Computing an acceptable way in a GxP environment of the pharmaceutical industry? And, if yes, what has to be observed from the point of view of IT and quality assurance, as well as from the perspective of a pharmaceutical inspector?

From the points of view of the user and the pharmaceutical inspector this event gives you an overview of the current state of the technical possibilities. The speakers evaluate opportunities and risks of the use of Cloud Computing in the GxP environment and make recommendations for the pharmaceutical practice.

Zielgruppe

The ECA Online Training is aimed at employees who are entrusted with the planning and implementation of “cloud” projects in the GxP environment. The online training also offers support for decision-making, whether cloud services are available as an alternative in the GxP environment.

Technical Details

To participate in an on demand training course or webinar, you do not need any software. The recordings are made available via a streaming server. In general, the recording is provided in MP4 format, which any PC (Microsoft Windows, Apple IOS) or tablet can easily Display.
 
Timing and Duration:
When you register for the on demand Training course or webinar you can decide at what date you want to follow the training course online. For a 1-day training course you will have 2 days in which the stream is available (for 2-day training course 3 days and for a 3-day training course 4 days). Within in this timeframe you can start & stop the stream according to your needs.
In time before the scheduled date (your desired date) you will receive an e-mail from us with a link for direct participation as well as your log-in data.
Please be aware: The recording does not include the Q & A sessions.
 
Training Course Documentation and Certificate:
The presentations will be made available as PDF files via download shortly before the online training course.  After the event, you will automatically receive your certificate of participation.

Programm

Regulatory Background – Important Issues to consider from the Point of View of an Inspector
  • Requirements for CSP (cloud service providers) resulting from Annex 11
  • To dos for regulated users with respect to chapter 7 of the EU GMP Guide
  • German Drug Law – does the German Drug Law or European Law effect the business of CSP; enforcement of corrective actions
Definition and Types of Cloud Computing
  • Service models: Private Cloud, Public Cloud, Community Cloud, Hybrid Cloud
  • Infrastructure as a Service (IaaS)
  • Platform as a Service (PaaS)
  • Software as a Service (SaaS)
  • Cloud Computing scenarios, reference architectures, examples
Case Study: Cloud Computing Risk Assessment
  • In this workshop the participants will perform a risk assessment for a given cloud strategy. A practical exercise that helps to understand and get on top of the risks involved with cloud computing.
Inspections and Findings
  • European Framework to conduct inspections
  • Availability, data integrity and confidentiality of data
  • Possibility to perform inspections of CSP
  • State of the art defined by BSI, ENISA and NIST
  • Inspections: experiences and findings
Cloud Computing: IT Security
  • Examples of incidents
  • Strategic planning and preparation for going to cloud services
  • Security management and security architecture
  • Security certifications (e.g. ISO 27001) and what they really mean
  • Physical and logical security, encryption
  • Incident prevention and response
  • Professional security patch management
  • Identity management, authentication, authorization
  • Integration of cloud services with internal IT landscape
The Technology behind Multi-Tenant Cloud Services
  • Why Multi-tenancy
  • Typical service provided and their delivery processes
  • Technology and resource pools
  • Risk and opportunities
Compliance Requirements for the Cloud Infrastructure
  • Regulatory requirements
  • Qualification of the cloud
  • Validation of the cloud
Cloud Computing in a GxP Environment from a Service Provider Perspective
  • Cloud Computing in a GxP Environment from a Service Provider Perspective
  • Current adoption of Cloud Computing in GxP Areas
  • Expectations from a Customer perspective, pre-requisites on the Service Provider side
  • Shared operating model and handling of planned/unplanned Events
  • What information does a CSP need from the customer before signing a contract?
  • Transparency & Auditability of CSP operations, e.g., compliance of data storage
  • Future progression of partnering models
Contracts with Cloud Service Providers
  • Business & Technology Risks
  • Intellectual Property
  • Service Access / Service Quality KPIs
  • Data storage requirements
  • Inspection & audit Support
  • Example Contract/SLA
  • Lessons learned
Case Study: Audit of a Cloud Provider
  • Audit preparation based on risk-based approach
  • How to interpret audit results
  • How to manage various CSPs of SaaS solutions
  • Tips and tricks about the audit topics
GxP, Data Integrity, Best Practice: How to partner with your Cloud Provider
  • Understanding GxP Applicability based on intended use
  • Assessing risks that include GxP, but also broader (e.g., Data Integrity, Privacy, Security)
    • Applying intended use to applicable GxPs, regulatory guidance, etc. expectations
    • Effectively leveraging an FRA - What does it drive and where efforts should be focused by the Supplier and Life Science company?
  • Review Case Study with examples of risk assessment, validation, and associated deliverables.  And, discussion on how to effectively leverage and supplement internal requirements
Discussion: How to effectively partner with your Cloud Provider
  • This will be a facilitated Panel Discussion that allows the participants to ask the speakers specific questions.
Cloud Computing: Data Protection
  • Data protection and privacy – legal requirements
  • Responsibilities of the cloud service provider
  • Responsibilities of the cloud customer
Impact of the EU Court of Justice Ruling (311/18 – “Schrems-II”) on the Use of Cloud Services
 
Data Classification
  • Responsibility and integration in the IT project management framework
  • Handling, processing, commissioned processing of data
  • Forced disclosure
  • Applicable regulations
  • Examples and lessons learned
Cloud Computing: Use Cases in a GxP Environment
  • Risk-based approach
  • Specific responsibilities of the cloud service provider
  • Specific responsibilities of the cloud customer
  • Separation of GxP vs. non GxP
  • Examples
How to validate a Cloud Process – Manage the Risks and stay in Compliance
  • URS / GxP/functional risk assessment
  • Validation planning and testing
  • Validation report
  • Change control, bug fixes, monitoring
Government Agencies and Cloud Computing
  • Objectives and capabilities of government agencies
  • How and where do they hook in
  • Internet surveillance and specific attacks
  • Industry espionage
  • Countermeasures and their limitations
Experiences With Outsourcing and Cloud Computing
  • QA involvement
  • Pain points
Cloud Computing: Pros and Cons
  • Opportunities and risks of cloud computing
  • Rationale for using cloud services
  • Rationale for not using cloud services
  • Conclusions and recommendations
 
Recording from 21-23 February 2024
Duration of the recording: approx. 14 h 30 min

ECA-Member*: € 2090,-
Regular Fee*: € 2290,-
EU/GMP Inspectorates*: € 1145,-
APIC Member Discount*: € 2190,-

Alle Preise zzgl. MwSt. Wichtige Hinweise zur Umsatzsteuer.

* auch unkompliziert per Kreditkarte bezahlbar
American Express Visa Mastercard

icon
Weitere Termine vor Ort
Weitere Termine vor Ort nicht verfügbar
icon
Weitere Termine online
Weitere Termine online nicht verfügbar

Haben Sie noch Fragen?

Wir stehen Ihnen für weitere Auskünfte gerne zur Verfügung.

Frau mit Headset
Tel.: +49 6221 84 44 0
E-Mail: info@concept-heidelberg.de

Zurück

Teilnehmerstimmen - das sagen andere über unsere Seminare:

"Die Umsetzung mit Memberspot ist wirklich ausgezeichnet gelungen.
Es unterstützt die Wissensvermittlung und gewährleistet auch die richtige Durchführung des Kurses.”
Christian Wagener, WAGENER & CO. GmbH
GMP Basis-Einstiegsschulung (B 1) - Aufzeichnung Online Seminar, April 2024

„Kurzweilig, informativ“
Behrendt, Christian, IOI Oleo GmbH


„Austausch zwischen Teilnehmern & Vortragenden sorgt für Anstöße & Optimierungsmöglichkeiten im eigenen Unternehmen! Praxisnahe Beispiele veranschaulichen und vertiefen die Theorie sehr gut“
Marina Maier, CHEPLAPHARM Arzneimittel GmbH

Abweichungen und CAPA (QS 12)
November 2024

„Danke für das tolle und interessante Seminar! Ich nehme mir fachlich total viel mit und habe viele tolle Menschen kennengelernt.“
Melanie Schifferer, DAIICHI SANKYO EUROPE GmbH
Batch Record Review (QS 23)
September 2024

Guter, breit gefächerter Überblick mit interessanten Verknüpfungen zur Praxis,
welche die Theorie super veranschaulicht.”
Marina Kicoranovic, Labor Hartmann GmbH
GMP/Basis-Einstiegsschulung (B 14), September 2023

Die Referenten waren sehr gut! Sie haben sehr klar gesprochen, nur sehr wenige englische Begriffe
verwendet (super) und waren sehr praxisbezogen.”
Astrid Gießler, Regierungspräsidium Karlsruhe
Live Online Seminar - Basiskurs Computervalidierung & Datenintegrität im GxP Umfeld (B 3), Juni 2023

Sehr guter Bezug zur Schulung für einen GMP-Anfänger. Habe mich sehr gut abgeholt gefühlt.”
Dr. Harald Werner, Infraserv GmbH & Co. Höchst KG
GMP-Basisschulung (B 1), Juni 2023

„Interessante Themen, gut vorgetragen, die eigenen Erfahrungen der Vortragenden helfen, dies noch besser nachzuvollziehen.“ „Gute Gestaltung der Workshops, das Zusammenarbeiten in Gruppen und der Austausch mit anderen hilft sehr.“
Manuela Seibert, Merck, GMP-Leadauditor/in (FA 2), April 2024

NEWSLETTER

Bleiben Sie informiert mit dem GMP Newsletter von Concept Heidelberg!

GMP Newsletter

Concept Heidelberg bietet verschieden GMP Newsletter die Sie auf Ihren Bedarf hin zusammenstellen können.

Hier können Sie sich kostenfrei registrieren.

Kontakt

Kontaktieren Sie uns

Haben Sie Fragen?

Concept Heidelberg GmbH
Rischerstraße 8
69123 Heidelberg

Tel. :+49622184440
Fax : +49 6221 84 44 84
E-Mail: info@concept-heidelberg.de

zum Kontaktformular

Wichtiger Hinweis

Aufgrund unserer Betriebsferien können zwischen dem 21.12.2024 und dem 01.01.2025 keine Registrierungen für die Aufzeichnungen bearbeitet werden.

Danke für Ihr Verständnis.

Das Team von CONCEPT HEIDELBERG