GxP is an acronym that refers to the regulations and guidelines applicable to life sciences organizations that make food and medical products such as drugs, medical devices, and medical software applications. The overall intent of GxP requirements is to ensure that food and medical products are safe for consumers and to ensure the integrity of data used to make product-related safety decisions.
The term GxP encompasses a broad range of compliance-related activities such as Good Laboratory Practices (GLP), Good Clinical Practices (GCP), Good Manufacturing Practices (GMP), and others, each of which has product-specific requirements that life sciences organizations must implement based on the 1) type of products they make and 2) country in which their products are sold. When life sciences organizations use computerized systems to perform certain GxP activities, they must ensure that the computerized GxP system is developed, validated, and operated appropriately for the intended use of the system.
Is AWS GxP compatible?
Yes. For a comprehensive approach to using the AWS Cloud for GxP systems, see the whitepaper GxP Systems on AWS. This whitepaper was developed based on experience with and feedback from AWS pharmaceutical and medical device customers, as well as software partners, who are currently using AWS services in their validated GxP systems.
Has anyone used AWS services in GxP systems?
Yes, numerous AWS customers have successfully developed, validated, and operated all or part of their GxP system using AWS services. AWS regularly works with GxP customers and their auditors in planning for, developing, validating, operating, and auditing GxP systems that use AWS services as a component. Because of confidentiality agreements, we do not disclose specific company details and use cases of GxP systems in AWS.
What is 21 CFR Part 11?
In the United States (US), GxP regulations are enforced by the US Food and Drug Administration (FDA) and are contained in Title 21 of the Code of Federal Regulations (21 CFR). Within 21 CFR, Part 11 contains the requirements for computer systems that create, modify, maintain, archive, retrieve, or distribute electronic records and electronic signatures in support of GxP-regulated activities (and in the EU, EudraLex - Volume 4 - Good Manufacturing Practice (GMP) guidelines – Annex 11 Computerised Systems). Part 11 was created to permit the adoption of new information technologies by FDA-regulated life sciences organizations, while simultaneously providing a framework to ensure that the electronic GxP data is trustworthy and reliable.
There is no GxP certification for a commercial cloud provider such as AWS. AWS offers commercial off-the-shelf (COTS) IT services according to IT quality and security standards such as ISO 27001, ISO 27017, ISO 27018, ISO 9001, NIST 800-53 and many others. GxP-regulated life sciences organizations are responsible for purchasing and using AWS services to develop and operate their GxP systems, and to verify their own GxP compliance.