GxP Compliance

I'd like information about GxP in the Cloud

GxP Cloud on AWS

GxP is an acronym that refers to the regulations and guidelines applicable to life sciences organizations that make food and medical products such as drugs, medical devices, and medical software applications. The overall intent of GxP requirements is to ensure that food and medical products are safe for consumers and to ensure the integrity of data used to make product-related safety decisions.

The term GxP encompasses a broad range of compliance-related activities such as Good Laboratory Practices (GLP), Good Clinical Practices (GCP), Good Manufacturing Practices (GMP), and others, each of which has product-specific requirements that life sciences organizations must implement based on the 1) type of products they make and 2) country in which their products are sold. When life sciences organizations use computerized systems to perform certain GxP activities, they must ensure that the computerized GxP system is developed, validated, and operated appropriately for the intended use of the system.

Recap - GxP at re:Invent

Adobe Flash Player or a modern browser is required to view videos on this site.

GxP Cloud Compliance Customers

AWS delivers the high availability that is critical to physicians and patients, the scalability to handle sudden surges, and the storage space to enable data mining for research purposes. »

By using AWS, Core Informatics quickly and securely deploys GxP-regulated applications, enabling life sciences customers to trace their products throughout the development cycle and save money. »

Amazon Web Services' demonstrated compliance to standards such as HIPAA, ISO27001, SOC 1/2/3, ISO9001, FedRamp, and FISMA allows DNAnexus to provide a platform that lets its customers pursue clinically compliant projects of enormous scale and scope, confident in the quality and efficiency of analysis and the security and ease of collaboration. »

"By basing the Life Sciences Cloud on AWS, we can provide our customers with global compliance requirements in a GxP environment with the least amount of risk. That is unique in our industry." »

Is AWS GxP Compatible?

AWS published a GxP whitepaper which details a comprehensive approach for using the AWS cloud for GxP systems. This whitepaper provides guidance for using AWS Products in the context of GxP and the content has been developed in conjunction with AWS pharmaceutical and medical device customers, as well as software partners, who are currently using AWS Products in their validated GxP systems. In order to ensure the suitability of the content, AWS took the additional step of engaging Lachman Consultant Services Inc. (Lachman Consultants) to review and contribute to the approach outlined in this whitepaper. Lachman Consultants is one of the most highly respected consulting firms on FDA and international regulatory compliance issues affecting the pharmaceutical and medical device industry today. Lachman Consultants has extensive experience working with companies specifically on matters pertaining to the establishment and development of GxP systems, including GxP guidelines in support of maintaining regulated data in a validated cloud environment. For further information on Lachman Consultants, visit www.lachmanconsultants.com.

AWS also has other security and quality certifications such as ISO 9001, ISO 27001, ISO 27017, and ISO 27018, and is compliant with NIST 800-53 under the FedRAMP compliance program.

Has Anyone Used AWS Products in GxP Systems?

Yes, numerous AWS customers have successfully developed, validated and operated all or part of their GxP system using AWS products. AWS regularly works with GxP customers and their auditors in planning for, developing, validating, operating, and auditing GxP systems that use AWS products as a component. Because of confidentiality agreements, we do not disclose specific company details and use cases of GxP systems in AWS.

What is 21 CFR Part 11?

In the United States (US), GxP regulations are enforced by the FDA and are contained in Title 21 of the Code of Federal Regulations (21 CFR). Within 21 CFR, Part 11 contains the requirements for computer systems that create, modify, maintain, archive, retrieve, or distribute electronic records and electronic signatures in support of GxP-regulated activities. Part 11 was created to permit the adoption of new information technologies by FDA-regulated life sciences organizations, while simultaneously providing a framework to ensure that the electronic GxP data is trustworthy and reliable.

There is no GxP certification for a commercial cloud provider such as AWS. AWS makes commercial-off-the-shelf (COTS) IT infrastructure products according to IT quality and security standards such as ISO 27001, ISO 27017, ISO 27018, ISO 9001, NIST 800-53 and many others. GxP-regulated life sciences organizations are responsible for purchasing and using AWS Products to develop, validate, and operate their GxP systems accordingly.

GxP Compliance Resources

AWS offers a range of materials for customers interested in learning more about how they can leverage AWS Products in GxP systems:

Technical Product Documentation: https://aws.amazon.com/documentation/
Whitepaper: "Considerations for Using AWS Products in GxP Systems"
Whitepaper: "Introduction to Auditing the Use of AWS"
Security by Design: https://aws.amazon.com/compliance/security-by-design/