GxP on AWS



GxP is an acronym that refers to the regulations and guidelines applicable to life sciences organizations that make food and medical products such as drugs, medical devices, and medical software applications. The overall intent of GxP requirements is to ensure that food and medical products are safe for consumers and to ensure the integrity of data used to make product-related safety decisions.

The term GxP encompasses a broad range of compliance-related activities such as Good Laboratory Practices (GLP), Good Clinical Practices (GCP), Good Manufacturing Practices (GMP), and others, each of which has product-specific requirements that life sciences organizations must implement based on the 1) type of products they make and 2) country in which their products are sold. When life sciences organizations use computerized systems to perform certain GxP activities, they must ensure that the computerized GxP system is developed, validated, and operated appropriately for the intended use of the system.

  • Is AWS GxP Compatible?

    AWS published a GxP whitepaper which details a comprehensive approach for using the AWS cloud for GxP systems. This whitepaper provides guidance for using AWS Products in the context of GxP and the content has been developed in conjunction with AWS pharmaceutical and medical device customers, as well as software partners, who are currently using AWS Products in their validated GxP systems. In order to ensure the suitability of the content, AWS took the additional step of engaging Lachman Consultant Services Inc. (Lachman Consultants) to review and contribute to the approach outlined in this whitepaper. Lachman Consultants is one of the most highly respected consulting firms on FDA and international regulatory compliance issues affecting the pharmaceutical and medical device industry today. Lachman Consultants has extensive experience working with companies specifically on matters pertaining to the establishment and development of GxP systems, including GxP guidelines in support of maintaining regulated data in a validated cloud environment. For further information on Lachman Consultants, visit www.lachmanconsultants.com.

    AWS also has other security and quality certifications such as ISO 9001, ISO 27001, ISO 27017, and ISO 27018, and is compliant with NIST 800-53 under the FedRAMP compliance program.

  • Has Anyone Used AWS Products in GxP Systems?

    Yes, numerous AWS customers have successfully developed, validated and operated all or part of their GxP system using AWS products. AWS regularly works with GxP customers and their auditors in planning for, developing, validating, operating, and auditing GxP systems that use AWS products as a component. Because of confidentiality agreements, we do not disclose specific company details and use cases of GxP systems in AWS.

  • What is 21 CFR Part 11?

    In the United States (US), GxP regulations are enforced by the FDA and are contained in Title 21 of the Code of Federal Regulations (21 CFR). Within 21 CFR, Part 11 contains the requirements for computer systems that create, modify, maintain, archive, retrieve, or distribute electronic records and electronic signatures in support of GxP-regulated activities. Part 11 was created to permit the adoption of new information technologies by FDA-regulated life sciences organizations, while simultaneously providing a framework to ensure that the electronic GxP data is trustworthy and reliable.

    There is no GxP certification for a commercial cloud provider such as AWS. AWS makes commercial-off-the-shelf (COTS) IT infrastructure products according to IT quality and security standards such as ISO 27001, ISO 27017, ISO 27018, ISO 9001, NIST 800-53 and many others. GxP-regulated life sciences organizations are responsible for purchasing and using AWS Products to develop, validate, and operate their GxP systems accordingly.

Have Questions? Connect with an AWS Compliance Representative
Exploring compliance roles?
Apply today »
Want AWS Compliance updates?
Follow us on Twitter »