Jump to content

Is the use of cloud storage services compliant with the principles of GLP?

Author

Message

  • Graham Small
    20/11/2017 12:43
    Over the last 7 years or so, I've been working extensively with research facilities in Africa, providing support and guidance to them as they develop GLP compliant quality management systems and move towards applying for GLP certification. One of the perennial issues that these facilities face relates to the security of electronic data. Many have poorly developed computing infrastructure and poor internet connectivity. The impact of this is greatest where electronic files are created at remote field sites which need then to be transferred onto the computer systems at the main facility. My question to this forum is: Would the use of a cloud storage solution for the backing up and transfer of electronic data files be compatible with the principles of GLP? Cloud storage service providers such as Amazon Web Services suggest that GxP certified customers make use of their services. Is this correct? If cloud storage solutions by GLP certified facilities is not permitted, can the forum suggest workable alternate solutions?
  • RQA GLP Committee
    29/11/2017 09:11
    Dear Graham, You need to do your due diligence and establish where the data is held, who has access to it and who owns it. You need to do a vendor assessment. There are different levels of security with a cloud, will you have a dedicated server, or a shared server? What control measures are in place? Do you know where the data is? Can you be sure you have not handed over ownership of your data? Find out what you are being offered and have a strong contract in place. Understand how the data is controlled, and have a service level agreement drawn up. The OECD Guidance document 17 also gives helpful information.
Reply to Thread

Share