Life Sciences Compliance in the Cloud
Enhance your security and compliance posture while automating GxP compliance with AWS.
GxP Systems on AWS
At AWS, security and privacy is the top priority
Gain greater agility, improve security of sensitive and personal health information, and automate GxP compliance with AWS.
GxP regulation includes the underlying international pharmaceutical requirements, such as those set forth in the US FD&C Act (Food, Drug, and Cosmetic Act), US Public Health Service Act (PHS Act), FDA regulations, EU Directives, UK MHRA regulations, Japanese regulations, or other applicable national legislation or regulations under which a company operates. These include but not are not limited to: Good Manufacturing Practice (GMP), Good Clinical Practice (GCP), Good Laboratory Practice (GLP), Good Quality Practice (GQP), Good Pharmacovigilance Practice (GVP), Medical Device Regulations, Prescription Drug Marketing Act (PDMA).
Acquire the most comprehensive compliance controls with AWS, including the ability to encrypt at-scale to comply with local data privacy laws such as PCI DSS, SOC, FedRAMP, NIST, ISO, HIPAA, and HITRUST. AWS supports more security standards and compliance certifications than any other offering, providing life sciences organizations with the tools, services, and visibility to move faster while remaining secure and compliant.
Building GxP systems on AWS allows for improved control over your IT environment, gives enhanced testing and traceability, and helps respond to audits.
Learn more about why leading life sciences organizations like Moderna and Bristol Myers Squibb choose AWS to run their regulated workloads.
AWS & GxP Compliance
With access to purpose-built solutions, technical resources, and a team of GxP experts, AWS makes it easier for life sciences organizations to migrate existing and build new regulated workloads in the cloud. Designed to expedite the migration of regulated workloads, The GxP Compliance on AWS solution helps organizations establish a GxP-alignment environment that reduces costs, improves security, and enhances agility.
How AWS supports GxP compliance:
Automate the GxP compliance process: AWS provides the tools and guidance needed to automate the GxP compliant process so that you can move fast while staying compliant. Learn more
Develop a consistent and controllable infrastructure: By leveraging AWS to enable your GxP environment, you can create templates that allow you to use your infrastructure throughout your organization with a high degree of consistency. AWS also gives you deep control over who can affect elements of your infrastructure software and when, where, and how they do it. See how Merck has set up GxP System Assurance in the AWS Cloud.
Automatic traceability: use AWS tools to automatically log a wide range of activities in your environment, including how the infrastructure is deployed and how the infrastructure is accessed and configured. This improves traceability in your environment, making it easier to support audit requests. Learn more
Additional resources for building GxP applications on AWS:
AWS & Data Privacy
Earning customer trust is the foundation of our business at AWS. We earn this trust by working to meet our customers’ privacy needs and by being transparent in our privacy commitments.
Customers always manage access to their services and content. We do not access or use customer content for any purpose without the customer’s consent. With access to the most extensive global infrastructure, life sciences organizations can choose the region(s) in which their content will be stored. We will not move or replicate customer content outside of the customer’s chosen region(s) without the customer’s consent.

AWS Life Science Compliance Alignments / Frameworks
AWS Compliance Certifications:
Certifications / Attestations:
Laws / Regulations / Privacy:
AWS customers remain responsible for complying with applicable compliance laws and regulations. In some cases, AWS offers functionality (such as security features), enablers, and legal agreements (such as the AWS Data Processing Agreement and Business Associate Addendum) to support customer compliance.
Compliance alignments and frameworks include published security or compliance requirements for a specific purpose, such as a specific industry or function. AWS provides functionality (such as security features) and enablers (including compliance playbooks, mapping documents, and whitepapers) for these types of programs.
It is important to mention the shared responsibility model while discussing regulatory compliance. AWS bring in state of the art technologies, goes through the industry standard certifications and attestations both globally and regionally where possible and align to industry frameworks to help facilitate the compliant implementation of AWS services for healthcare compliance. Under the aegis of shared responsibility model, customers can inherit the compliant controls and capabilities to meet the needs of healthcare compliance in that region.
Frameworks
The information below provides representative certifications, healthcare laws and relevant frameworks.
Key Certifications & Attestations
ISO 9001
ISO 27001, 27017, 27018
SOC 1, 2, 3
PCI DSS Level 1
FedRAMP
Key Alignment & Frameworks
CSA (Cloud Security Alliance)
EU-US Privacy Shield
NIST
BioPhorum IT Controls
GxP
Compliance by Country
United States (Key Regulator: FDA)
US Food and Drug Administration (FDA) established 21CFRPart 11 - regulations on electronic records and electronic signatures. 21CFRPart11 applies to life science industries that fall under Federal Food, Drug, and Cosmetic Act, Public Health Service Act, or any FDA regulation other than Part 11. Collectively those are identified as “Predicate Rules”. In essence, Part 11 applies when the record in question is predicated.
Read more:
Data Integrity and Compliance With Drug CGMP Questions and Answers Guidance for Industry
Part 11, Electronic Records; Electronic Signatures - Scope and Application
Data Integrity & United States FDA:
The regulators around the world continue to look at the data integrity issues/concerns at life science industries. FDA published guidance on data integrity to provide clarity to life science organizations so that the issues/concerns can be proactively addressed.

United Kingdom (Key Regulator: MHRA)

Europe (Key Regulator: EMA) – applies to member states of the European Union
The European Union Annex 11 – applies to all forms of computerized systems used as part of GMP (Good Manufacturing Practice) regulated activities.
Data Integrity & EMA:
Data Integrity continues to be an important topic worldwide. EMA- European Medicines Agency have published a new Manufacturing guidance (GMP) to ensure data integrity that covers the data related to the data generated in the process of testing, manufacturing, packaging, distribution and monitoring of medicines.
Read more:

Featured customer stories
Lyell

DNAnexus

Bristol Myers Squibb

Merck

Get started
Did you find what you were looking for today?
Let us know so we can improve the quality of the content on our pages