Validated Cloud Solution


By all accounts, “Cloud Computing” lowers the total cost of ownership of IT for companies in industries of any type and of any size.  In marked contrast to other industries, the Pharmaceutical industry has lagged in adopting cloud computing solutions, retaining costly on-premise solutions or implementing hybrid Cloud solutions which deliver only minimal benefit. Data integrity, among other barriers to implementation, remains the major hurdle for the Pharmaceutical Industry in attempting to adopt Cloud technology.

In 2014 the Food and Drug Administration published an article in the FDA Voice praising how leveraging Cloud Computing allowed the Agency to “continue to protect and promote the public health”. In early 2016, the FDA followed-up by publishing “Guidance on Data Integrity”, which, for the first time, clearly categorized a computer system: “Computer or related systems can refer to computer hardware, software, peripheral 142 devices, networks, cloud infrastructure, operators, and associated documents (e.g., 143 user manuals and standard operating procedures)”.

About the same time the FDA was publishing its “Guidance on Data Integrity”, the Internal society for Pharmaceutical Engineering (ISPE) formed a new GAMP (Good Automation Manufacturing Practices) Special Interest Group with the intent to provide guidance on the usage of Cloud technologies in the regulated (GxP) environments and to help accelerate the adoption of this technology within the industry.

Implement a Cloud solution

There are 3 main delivery models for Cloud solutions, which can be implemented using virtual online products instead of physical on-site hardware: Infrastructure as a Service (Iaas), Platform as a Service (Paas) or Software as a Service (SaaS). The responsibilities for using any of these delivery models as GxP solutions are comparable to utilizing any traditional on-site IT model and they all apply similarly.

Depending on the used cloud model – Infrastructure as a Service (Iaas), Platform as a Service (Paas) or Software as a Service (SaaS) – the nature of some of these responsibilities, however, might change.


Figure 1- First appeared in “Cloud Computing in a GxP Environment: The Promise, the Reality and the Path to Clarity. By the GAMP Cloud Computing Special Interest Group (SIG). Pharmaceutical Engineering January/February 2014, Vol.34. No.1.” –

The true benefits of Cloud computing are specialization and focus.  Scientific organizations want to focus on science and view IT as necessary to supporting infrastructure.  By contrast, vendors focus and specialize exclusively on IT solutions, spreading the development and support costs across their entire customer base.

From the diagram, it is evident that there is a transfer of effort from the scientific organizations onto vendors as the SaaS Cloud delivery model is more fully implemented.  SaaS describes a delivery model in which the IT effort is almost completely transferred to the solution vendor and describes the most beneficial end-state for scientific organizations.

Under this well-established model, customers who intend to use Cloud products as part of their GxP systems must assess responsibilities covered by Quality Systems, System Development Life Cycle and Regulatory Affairs areas.

Management Responsibility

Involves tasks such as creating and managing user accounts within the system, ensuring access controls are appropriately managed and maintained.


Focuses on ensuring that all personnel interacting with GxP systems have the necessary qualifications, training, and experience to perform their assigned roles effectively and compliantly.


Regular assessments conducted to evaluate the effectiveness of security measures, data integrity controls, and overall compliance with regulatory standards. Audits ensure that systems are operating as intended and that any issues are promptly identified and addressed.

Product Assessment

Ensures that all products and components used within GxP systems meet predefined specifications and quality standards. This assessment is crucial to maintaining the integrity and reliability of data generated by these systems.

Supplier Evaluation

Involves assessing and selecting suppliers, contractors, and consultants based on their ability to meet specific GxP requirements. This process ensures that external partners contribute to maintaining compliance and system integrity.

Supplier Agreement

Establishes clear responsibilities and commitments between organizations and their IT suppliers. This includes obligations to notify about any significant changes to IT products or services that could impact GxP operations.

Records & Logs

Identifying and maintaining necessary records and logs as evidence of GxP compliance throughout their required retention periods. This ensures data integrity and traceability for audits and regulatory inspections.

System Development Life Cycle

Each GxP system must have certain features and a controlled SDLC process for delivering them. The specific features and SDLC controls that apply to each system depend on a variety of factors and are derived from regulations like 21 CFR Parts 11 and 820 in the US, Annex 11 and 93/42/EEC in the EU, and their international equivalents. The overall intent of these regulatory guidelines is to ensure that the GxP system fulfills its intended use and that the data is trustworthy and reliable.


GxP systems need to be developed following documented procedures that ensure the systems meet their specified requirements. Development activities include: planning, coding, building, configuring, testing, and deployment.


GxP applications need to be validated to ensure that software specifications conform to user-needs requirements, and the software infrastructure that the GxP applications runs on needs to be qualified to ensure that it meets the system requirements for the application.


Developing, conducting, controlling and monitoring GxP systems in production operations is important to ensure that they continue to conform to specifications. When end-user issues or system deviations occur, organizations with GxP systems also need to maintain a process for responding, correcting and preventing those issues.

  • Change Control
  • Service Level Agreement (SLA)
  • End User Support
  • Back and recovery
  • Incident Response
  • Corrective and Preventive Action (CAPA)


With the Cloud, organizations of any size can take advantage of solutions that will minimize the total cost of ownership, ensure pharmaceutical data integrity, and remove the need to plan and procure physical devices and IT infrastructure weeks or months in advance.

Cloud Validation is certainly a challenge, however following FDA and GAMP guidance many organizations are demonstrating that it is possible to utilize the Cloud in GxP regulated environment and thus secure the benefits that this innovative technology offers.



Looking for other resources, press releases, articles, or documentation?


Reach out to Schedule a Meeting and get more information about how SciCord can fit into your lab

What Our
Users Say

Don’t take our word for it.
We exceed our client’s demands everyday to make their research and discovery process simpler and more efficient.

This is by far the best value in science software (or anything else in science, really) that we’ve ever experienced. Other solutions in this price range had a fraction of the features, and those with the features cost 3x – 10x more. We’re very happy customers.

Josh Guyer,
Senior Pharmaceutical Scientist

Comments are closed.


8601 Six Forks Road, Suite 400, Raleigh, NC 27615


All product names, logos, brands and trademarks are property of their respective owners. All company, product and service names used in this web site are for identification purposes only.
Use of these names, logos, brands and trademarks does not imply endorsement or direct affiliation with SciCord, LLC.

The information contained herein is on an “as is” basis, without warranties or conditions of any kind, either express or implied, including, without limitation, any warranties or conditions of title, non-infringement, merchantability, or fitness for a particular purpose.
You agree that you will not rely on and are solely responsible for determining the appropriateness of using the information provided on this web site and assume any risks associated with doing so.

Copyright © 2012-current year SciCord LLC All Rights Reserved.