GxP Cloud Part 2 of 5: Wrong Side of the Fence

GxP Cloud Part 2 of 5: Wrong Side of the Fence

Unfortunately, Life Sciences organizations are often unable to leverage hosting in the way that most major platforms currently provide it.  A platform designed with a broad audience in mind is kind of like cafeteria food.  It needs to function to service as wide of a consumer base as possible but is not capable of catering to niche tastes.  In this case, infrastructure and application hosting providers are not able to adequately service a niche Life Sciences market governed by very specific regulatory compliance guidelines. 

Typical platform providers obviously build quality infrastructures designed to host a variety of applications, but they lack the expertise or industry knowledge to maintain their environments to meet qualification or validation standards.  If the infrastructure is going to be utilized to host validated applications, that infrastructure needs to be built and maintained with certain qualification requirements in mind.   

As these requirements will not be the driving force for a broad market hosting provider, necessary policies and SOP’s will not be adequately defined and without those in place, proper documentation will not be generated.  Since the customer has no control over the infrastructure, they will have to rely on the vendor to provide verification of these items, which most often does not exist.   

This blind spot leaves the customer with nothing in hand when needing to verify to the FDA auditor that the infrastructure meets proper qualification standards for the hosting of their validated applications.  If the infrastructure is not qualified or can’t be verified to be stood up and maintained in a qualified state, then validated applications simply cannot reside there for fear of leaving gaps in compliance. 

Furthermore, if leveraging an OEM’s SaaS offering rather than just an IaaS platform, application control is generally completely out of the customer’s hands.  While that has its benefits as far as reducing internal requirements around application support, maintenance and administration, it also comes with downsides.  To reduce the effort of supporting multiple version and patch levels across a wide number of customers, SaaS providers often mandate frequent patch updates and version upgrades.   

For Life Sciences testing and validation teams, this essentially means that they will be on a never-ending hamster wheel of validation and UAT against that SaaS application.  Couple that with the fact that OEM’s are unable or unwilling to validate their own applications to supply their customers with validation documentation or audit responses and you can see how the validation effort stacks up when control is not allotted to the customer. 

In short, for both the infrastructure and application side, the provider rarely has the adequate documentation a Life Sciences customer needs to build out their own internal qualification and validation documentation.  This lack of transparency becomes extremely problematic when the FDA decides it’s time to initiate an audit and it is why Life Sciences companies have had a more difficult time embracing hosting, or at least finding an adequate hosting solution.

  Click here to request a download of our "Compliance for the Cloud" checklist.

Share to: