RSS Newsfeed  Your shopping cart.
ECA Academy - Your GMP/GDP Information Source

Search in



This conference already took place.

Here you will conferences containing related topics

Course No 16733

Cloud Computing in a GxP Environment

21-22 February 2019, Berlin, Germany


If you have any questions, please contact us:
Tel.: +49 (0)6221 / 84 44 0 E-Mail:


Msc. Karel Bastiaanssen, Iperion

Dr Wolfgang Schumacher, formerly F. Hoffmann-La Roche Ltd.

Dr Arno Terhechte, Bezirksregierung Münster

Michael Wegmann, F. Hoffmann-La Roche Ltd.

Learning Objectives

  • Get to know the different types of cloud computing, their technical basics and their validation approaches
  • What are the pharmaceutical authorities’ requirements with regard to cloud computing and what regulations have to be observed? An inspector will present his perspective to these questions and the experience gained so far in audits and will further cover critical points
  • You can assess the use of cloud computing from the perspective of IT security and data protection rules, and based on that you can formulate requirements for cloud service providers
  • You can evaluate the opportunities and risks of cloud computing in the GxP environment.


As well as in other sectors, the use of Cloud Computing is discussed in the pharmaceutical industry. For commercial reasons there is a lot to be said for its use.

However, is Cloud Computing an acceptable way in a GxP environment of the pharmaceutical industry? And, if yes, what has to be observed from the point of view of IT and quality assurance, as well as from the perspective of a pharmaceutical inspector?

From the points of view of the user and the pharmaceutical inspector, this event gives you an overview of the current state of the technical possibilities. The speakers evaluate opportunities and risks of the use of Cloud Computing in the GxP environment and make recommendations for the pharmaceutical practice.

Target Group

The event is aimed at employees who are entrusted with the planning and implementation of “cloud” projects in the GxP environment. The event also offers support for deciding, whether cloud services are available as an alternative in the GxP environment.


Regulatory Background – important issues to consider from the point of view of an inspector
  • Requirements for CSP (cloud service providers) resulting from Annex 11
  • To do’s for regulated users with respect to chapter 7 of the EU GMP Guide
  • German drug law – does the German drug law or European Law effect the business of CSP; enforcement of corrective actions
Definition and types of Cloud Computing
  • Service models: Private Cloud, Public Cloud, Community Cloud, Hybrid Cloud
  • Infrastructure as a Service (IaaS)
  • Platform as a Service (PaaS)
  • Software as a Service (SaaS)
  • Cloud Computing scenarios, reference architectures, examples
Cloud Computing: IT Security
  • Examples of incidents
  • Strategic planning and preparation for going to cloud services
  • Security management and security architecture
  • Security certifications (e.g. ISO 27001) and what they really mean
  • Physical and logical security, encryption
  • Incident prevention and response
  • Professional security patch management
  • Identity management, authentication, authorization
  • Integration of cloud services with internal IT landscape
The technology behind cloud services
  • Service provided and their delivery processes
  • Technology and resource pools
  • Risk and challenges
Contracts with cloud service providers
  • Business & Technology Risks
  • Intellectual Property
  • Service Access / Service Quality KPIs
  • Data Storage requirements
  • Inspection & audit support
  • Example Contract/SLA
  • Lessons learnt
Cloud provider contract walk-through
  • Typical pin points for cloud providers
  • GxP relevant issues
  • Cloud Computing: Use cases in a GxP environment
  • Risk-based approach
  • Specific responsibilities of the cloud service provider
  • Specific responsibilities of the cloud customer
  • Separation of GxP vs. non GxP
  • Examples
Compliance requirements for the cloud infrastructure
  • Regulatory requirements
  • Qualification of the cloud
  • Validation of the cloud
Inspections and Findings
  • European Framework to conduct inspections
  • Availability, data integrity and confidentiality of data
  • Possibility to perform inspections of CSP
  • State of the art defined by BSI, ENISA and NIST
  • Inspections: experiences and findings
Cloud Computing: Data protection
  • Data protection and privacy – legal requirements
  • Responsibilities of the cloud service provider
  • Responsibilities of the cloud customer
Data classification
  • Responsibility and integration in the IT project management framework
  • Handling, processing, commissioned processing of data
  • Forced disclosure
  • Applicable regulations
  • Examples and lessons learnt
How to validate a cloud process – manage the risks and stay in compliance
  • URS / GxP/functional risk assessment
  • Validation planning and testing
  • Validation report
  • Change control, bug fixes, monitoring
Business continuity management
  • Necessity for Sales/Patients/Annex11?
  • Assessing the Business Continuity Risk
  • Buss. Cont. Plan – BCP
  • Disaster Recovery-MTPD-RTO-RPO
Moving to the cloud: Working out how to do it
  • Requirements from different starting points
  • Mapping your needs to the different options in cloud services
  • Defining a strategy to move to the cloud
  • Learn how cloud service provider business can impact yours
  • Prepare for action: Plan the move
Government agencies and Cloud Computing
  • Objectives and capabilities of government agencies
  • How and where do they hook in
  • Internet surveillance and specific attacks
  • Industry espionage
  • Countermeasures and their limitations
Experiences with outsourcing and cloud computing
  • QA involvement
  • Pain points
Cloud Computing: Pros and cons – includes closing discussion
  • Opportunities and risks of cloud computing
  • Rationale for using cloud services
  • Rationale for not using cloud services
  • Conclusions and recommendations

Workshop: Cloud computing risk assessment

In this workshop the participants will perform a risk assessment for a given cloud strategy. A practical exercise that helps to understand and get on top of the risks involved with cloud computing.

Workshop: Audit of a cloud provider

Audit preparation based on risk based approach
How to interpret audit results
How to manage various CSPs of Saas solutions
Tips and tricks about the audit topics

 GMP Conferences by Topics
 Quality Assurance
 GMP in Biotechnology
 Regulatory Affairs
 GMP in Pharmaceutical Development
 Quality Control
 Storage, Distribution, Transportation
 Sterile / Aseptic Manufacturing
 Computer Validation
 Technical Operations
 GMP for APIs and Excipients
 Medical Devices
 GMP Basic Training Courses