The Cloud is now longer a buzzword, it's a byword. It's not something novel or new, it's an expectation from your customers, and if you are planning on staying competitive, it is a necessity. In the regulated world, there are a number of considerations when choosing a hosting partner – and finding one that is compliant with 21 CFR Part 11 is not so easy.
When 21 CFR Part 11 was written, it envisaged the traditional client/server model and the requirements are as apt to the XaaS model today as they were to the when it was implemented in 1997. For a SaaS vendor, creating and maintaining a cloud is relatively easy, and on the surface fairly inexpensive. However, if you are planning on using your SaaS application for any GXP or Part 11 regulated activity it's vital to ensure that the data center in question is fulfilling their 21 CFR Part 11 obligations. Consider these questions before selecting a Data center partner or a SaaS provider:
- Have they conducted a 21 CFR Part 11 assessment?
- Is their Infrastructure Qualified?
- Do they have a Quality Management System (Policies, SOP's Forms etc.)
- Do they have an independent Quality Group?
- Have they validated the core applications used to monitor and protect your data?
- Will they support you in an FDA audit?
If the answer to any of the above questions is no, then consider this: ISPE, DIA, IVT, ASQ, NIST and other industry groups are all working to create guidance material to address the above points. How long before FDA comes up with their guidance or regulation? Your data, your customers, your patients, your reputation are all far too important to be trusted with a data center that doesn't understand 21 CFR Part 11.
ByteGrid can answer yes to all of the above questions. Our Quality Team is based in both the US and Europe, and our CTO, Jason Silva, is a nationally recognized speaker on the topic of Cloud Compliance having presented directly to, and with the US FDA.