Regulated Hosting: Questions and Answers Session with Stephen Ferrell - GAMP Special Interest Chairman.

Posted by Lisa Ackerson on September 3, 2015

Hosting was once the domain of websites, poetry blogs, and small businesses. In the last 10 years the industry has taken hold and an outsourced infrastructure is now the norm for corporations big and small, local and global. The added burden placed on companies regulated by 21 CFR Part 11, Annex 11 and the associated GMP’s, has caused many to shy away from Compliant Hosting. I recently had the opportunity to discuss this topic with Stephen Ferrell. Stephen is the outgoing chair of the GAMP IT Infrastructure Special Interest Group, he leads the V&V group for a local BioTech company, and he supports Sidus BioData as a Regulatory Advisor.

Q: From your knowledge of the Regulations 21 CFR Part 11 etc. is there anything that precludes companies from pursuing a Compliant Hosting Strategy?
A: No. I think there is a general hesitancy around the cloud, virtualization and outsourcing in general, however, if placed in the hands of a Compliant Hosting provider such as Sidus, I’m confident that all of the regulations would be satisfied.

Q: Is a different approach to validation required that is substantially different from that recommended by GAMP5?
A; I think that the current GAMP IT Infrastructure Guide is a great place to start. The validation of a virtualized infrastructure really is no different than a traditional physical one. The key is defining your boundaries in a virtual sense and making sure security is robust so that data remains within the correct repository.

Q: How would you differentiate that which is required for HIPAA/HITECH data from that which is required by 21 CFR part 11, Annex 11 and the GMP’s?
A: My recommendation would be to start with a Risk Assessment including the constraining factors from each regulation and build your case from there. Having had the opportunity to review the Quality System at Sidus and given your recent EHNAC certification, I’m completely confident that Sidus has struck the right balance between process, procedure and technology, to satisfy all of the regulators expectations.

Stay tuned for future conversations with Stephen Ferrell. We will further discuss regulatory affairs surrounding compliant cloud hosting. In the mean time, please visitSidus BioData for information about how our compliant hosting solutions can help your company.