AWS for Industries

Executive Conversations: FDA’s Case for Quality initiative enables technological innovations for life sciences organizations

Cisco Vicenty, Case for Quality program manager at the U.S. Food and Drug Administration (FDA), joins Senthil Gurumoorthi, security assurance lead for Healthcare & Life Sciences at AWS, in a conversation about the FDA’s recently released guidance for its Case for Quality initiative. The two discuss what has changed in the guidance, what it means for life sciences and medical device organizations, and how it will affect the adoption of cloud technology from a regulatory standpoint.

Senthil Gurumoorthi: It’s great to speak with you today, Cisco. To get us started, can you tell us a little about your responsibilities at the FDA?

Cisco Vicenty: I oversee our Case for Quality initiatives at the FDA, and that involves things like our voluntary improvement program, as well as our advanced manufacturing efforts and the work that we’re doing with Computer Software Assurance (CSA) guidance—which is a big component of the Case for Quality initiative.

SG: What are some of the key points that make up the new CSA guidance? What do life sciences organizations need to know?

CV: At a top level, the new CSA guidance is trying to bridge the gap between technology and compliance for life sciences companies, with a simplified, more effective, more effective, less-costly approach to validation, so that they can take advantage of technologies that weren’t available 20 years ago—like cloud computing, mobile apps, validation management software.

There are three big takeaways.

The first is that there’s nothing in this guidance that hasn’t been said already—there are no new regulations.

The second is our clarification of what we mean by risk, and the idea of implementing a risk-based approach. We began working on this because we found life sciences organizations were slow in adopting new technologies and capabilities. And, a prime reason for this was their concerns around regulatory requirements and computer system validations. With this initiative, we want to make it easier for organizations to be compliant, while empowering them to make technology more pervasive.
The third is how the agency is changing its approach around record-keeping, to adapt to today’s reality. Life sciences organizations will no longer have to go back to creating and maintaining paper documents to show what they’ve done with technology to a regulator. This will free them up to be more efficient in their implementation of new technologies and empower them to adopt systems and data to accelerate their goals—reclaiming the quality-centric mindset that was lost in the industry’s typical approach of gathering documentary evidence for auditors.

The agency is changing its mindset to adapt and adjust to what’s needed, and we hope this frees up organizations to be more efficient and effective with their implementation of technology.

SG: What potential impact do you see this draft guidance having on organizations in the industry? How could it shape the future of life sciences?

CV: While we see great examples of innovations coming from life sciences organizations, much of the industry has been slower to adopt automated solutions, digital capability, and cloud-based technologies, especially when compared to other industries. This, we realized, was largely because of the lack of clarity from policy makers, outdated compliance expectations, and perceived regulatory burden. I am confident that these alternative approaches will flip the paradigm, emphasizing critical thinking, assurance needs, testing and documentation, in that order. It will pave the way for the industry to adapt new technology faster and make it easier for organizations to do more with it, while improving relationships with regulators. In the long run, this approach will make organizations become more efficient, help them bring down overall costs, accelerate innovation, and ultimately deliver better outcomes to patients.

SG: What does it mean for life sciences organizations that are running their workloads in the cloud? What tools and support does the FDA have to help organizations follow this draft guidance?

CV: First off, we want life sciences organizations to understand that we support the adoption of cloud technologies. We want to help them easily verify that they are still in that state of control and compliance from a regulatory standpoint, while being in the cloud. We also want to make it easier for them to leverage the expertise provided by leading cloud providers and the benefits that come with it (like security and agility) to innovate faster.

However, security and compliance is a shared responsibility between cloud providers and industry organizations. While this shared model can help relieve the organization’s operational burden of hosting and managing operating systems and virtualization layers, they still own the responsibility for the system’s intended use and compliance in the cloud. AWS’ shared responsibility model is an example. We recommend organizations take the extra time that they spend in crafting protocols and instead use that time to develop a thorough understanding of what’s being used, how it’s being used, and define the implications. If they do this first, I think they’ll find that the actual amount of testing and validation which needs to happen, whether right from the onset or further down the line, is significantly lower.

We use cloud solutions, powered by AWS, here at the FDA. There is no reason people should add an extra burden on that. The approaches outlined in the latest guidance should help organizations better understand how to best keep that state of control while building in the cloud.

SG: How is the FDA developing the way it engages with industry players around innovation, particularly with cloud technology?

CV: First, we want feedback. We want organizations to bring questions and concerns to us, which anyone can do directly by emailing us at We want to make sure we are more aligned to today’s methodologies and approaches. This is going to take time because we can’t account for all potential scenarios. We also think this guidance will help educate and inform field inspectors on how they interpret risk and how to have those conversations around risk. We’re engaging not just with life sciences and medical device organizations but also with solution providers to learn about what they can do, and will do—that kind of collaboration can help inform policy.

To conclude, we understand that technology and computerized systems have evolved over the past 20 years. Cloud computing has become mainstream, and big data is here. When you also add the fourth industrial revolution, it’s clear that cloud-based technologies will be truly transformative in the coming years. The computer system validation practices that have evolved and are no longer able to keep pace with emerging automation and the latest digital technology solutions. With the new guidance from the FDA, the industry will have a framework to implement a streamlined validation approach based on critical thinking that will support Industry 4.0. Ultimately, this will drive better patient outcomes and a faster time to market.

Cisco VicentyFrancisco (Cisco) Vicenty is Program Manager for the Case for Quality (CfQ), Office of Compliance. This effort is part of the CDRH Surveillance and Biometrics strategic priorities. This strategic priority will improve access and outcomes for patients by engaging industry, payers, providers, and patients to increase focus on the quality and performance of medical devices. Cisco began his career at FDA as a Compliance Officer, Cardiac Rhythm/Electrophysiology Branch, Office of Compliance at CDRH. He then worked as a project manager, FDA’s Case for Quality initiative. Prior to his current role, Cisco was Branch Chief, Respiratory, E/N/T, General Hospital, &Ophthalmic Devices Branch in the Div. of Mfg. and Quality, Office of Compliance. Prior to working with FDA, Cisco Vicenty was a Quality and Reliability Engineer with Micro-Electronics Business Unit at IBM responsible for emerging server technology lines and network systems along with high volume gaming systems from Nintendo, Sony, and Microsoft.

Senthil Gurumoorthi

Senthil Gurumoorthi

Senthil Gurumoorthi is the Global Security Assurance Lead, HCLS – Security & Compliance. He has over 19 years of diverse experience in global biopharmaceutical & healthcare business technologies with leadership expertise in Technology delivery, Risk, Security, Health Authority Inspection, Audit and Quality Management. Experienced speaker, panelist and moderator on HCLS Security, Quality & Compliance topics; passionate to modernize quality & compliance in HCLS industry. Senthil is also a member of the FDA-Industry CSA Team and is a contributing author of the ISPE GAMP GPG Data Integrity by Design. He holds B.E in Electronics & Communication from PSG College of Technology, MS in Electrical Engineering from New Jersey Institute of Technology, and Masters in Business Administration (MBA) from Imperial College London.