Cloud services are being increasingly used to provide a cost effective and flexible platform for software. As GxP systems increasingly move onto the cloud agreement is vital for both provider and customer responsibilities to maintain compliance. For example, how does the provider ensure the security of the underlying infrastructure? Does the provider utilize commercially available software products that are developed and tested to IT industry standards? And does the customer perform periodic reviews of their provider configurations and the systems they deploy? With a lack of clarity on questions such as these we open ourselves up to both risk and a lack of consistency across the industry.
In response to this set of uncertainties the BPIT Compliance team have developed and recently published a paper designed to create the clarity through a checklist of critical questions by control area. The group believe that this method will help companies gain all the benefits of hosting GxP systems in the cloud while providing the necessary level of regulatory compliance and assurance.
The paper has focused on infrastructure as a service and is vendor neutral.