Life Sciences Compliance in the Cloud
Industries that are developing or manufacturing drugs and medical devices are using AWS to build and run computer systems supporting their Good Laboratory, Clinical, and Manufacturing Practices (GxP). Building GxP systems using AWS allows you to improve the control you have over your IT environment, gives you enhanced testing and traceability, and helps you respond to audits. AWS gives you access to a variety of services that are in use around the world by regulated industries and their partners, and AWS has a whitepaper, developed with contributions from international compliance consulting firm Lachman Consultants, on building validated systems in the cloud.
AWS & Data Privacy
AWS takes data privacy very seriously, and maintaining customer trust is an ongoing commitment. Customers always manage access to their services and content. We do not access or use customer content for any purpose without the customer’s consent. Customers choose the region(s) in which their customer content will be stored. We will not move or replicate customer content outside of the customer’s chosen region(s) without the customer’s consent.
Understanding how to build healthcare applications on AWS means understanding the shared responsibility model. In the AWS Cloud, security is shared between AWS and the customer, meaning that certain elements of security - such as physical security of the underlying infrastructure - are now the responsibility of AWS. Customers are still responsible for other aspects of security, such as the security measures used to protect your applications - which is no different than if your application was running in a traditional data center.
AWS & GxP Compliance
You can use AWS to build applications that supporting their Good Laboratory, Clinical, and Manufacturing Practices (GxP). If you plan to run applications that support GxP compliance, it is recommended that you do your due diligence, and consult AWS or your internal compliance department before implementing.
Additional Resources for Building GxP Applications on AWS
- Whitepaper: "Considerations for Using AWS Products in GxP Systems"
- Whitepaper: "Introduction to Auditing the Use of AWS"
- Whitepaper: "GxP in the AWS Cloud"
- Security by Design
- Technical Product Documentation
Consistent and Controllable Infrastructure
By leveraging the AWS Cloud to enable your GxP environment, you can create templates that allow you to use your infrastructure throughout your organization with a high degree of consistency. AWS also gives you deep control over who can affect elements of your infrastructure software and when, where, and how they do it.
Repeatedly Test Your Environment
When you build validated applications using AWS, you are using infrastructure software products instead of physical hardware. This means you can repeatedly test and monitor your environment for compliance, rather than rely on manual, point-in-time activities you might be using for services built with on-premises infrastructure.
When you deploy AWS’ software infrastructure, you can also use AWS tools to automatically log a wide range of activities in your environment, including how the infrastructure is deployed and how the infrastructure is accessed and configured. This improves traceability in your environment, making it easier to support audit requests.