GxP:
Requirements and Compliance

Complior is a supplier of infrastructure and IT operations, with a focus on regulatory compliance and IT security

Today, it is a major challenge for organizations within the Life Sciences to find digital solutions in a safe and cost-effective way while meeting regulations, laws and compliance guidelines. To be able to meet the markets’ requirements and digitize to make the business more efficient, delivery capacity and quality, as well as regulatory compliance and security, is of utmost importance. There is a great need for digital and secure services, for data analysis, data storage, conducting research against data and clinical studies.
Regardless of whether it is about pure data processing or digitizing support systems like quality management systems (QMS), organizations are faced with high demands, which makes cost-effective and secure digitization a difficult challenge.

Below is a list of some of the most comprehensive requirements for a secure digital service:

  • Data security, integrity and storage must be of the highest standard
  • Backup and readback
  • Service must be provided in the EU by an EU-registered provider
  • Data must be stored within the EU by an EU-registered supplier
  • Meet the requirements of GCP E6 (r2), FDA 21 CFR Part 11 and EudraLex Volume 4 Appendix 11
  • Data must be encrypted during transport and at rest
  • Possibility of data access and analysis without data leaving the data center
  • Controlled secure user management and access control
  • Log management and traceability control
  • Disaster management

Requirements and compliance in Life Science

Overall, GxP are guidelines and regulations for organizations in Life Sciences and apply to companies working on clinical trials, in food manufacturing, in medicine and/or managing medical data. The purpose of its’ rules is to ensure data integrity, product quality and patient safety. GxP covers various requirements regarding compliance with regulations based on a company’s affiliation and operations within Life Science. This depends on factors including what is produced, the country of production and in which markets the products are sold. It also depends on the type of data that is handled and stored, services offered and more.

Examples of underlying guidelines and regulations based on GxP are:

  • Good Laboratory Practice (GLP)
  • Good Clinical Practice (GCP)
  • Good Manufacturing Practice (GMP)
  • Good Pharmacovigilance Practice (GVP)
Organizations with GxP requirements must evaluate and select their IT service provider based on their ability to meet regulatory compliance and set guidelines. Organizations must have their own routines and processes to include the assessment of a service provider. Complior oversees and assures that all delivered services are handled in accordance with GxP expectations.
Complior always delivers the following checks and procedures:
  • Installation and qualification of solutions and infrastructure components
  • Backup and readback
  • Log management
  • Antivirus management
  • Encryption policy
  • Contingency plan
  • Disaster recovery
  • Managed access control
  • Configuration management
  • Maintenance and support
  • System access
  • Physical security management
  • Training of staff
Security checks:
  • Encryption (rest and transport)
  • Network encryption
  • Intrusion detection
  • Virus control
Qualifications:
Complior has developed a model for delivering a service where we have proven and qualified infrastructure with associated IT operations services, ready to use right from the start while meeting the requirements of GxP. The qualification that is carried out includes all necessary documentation and traceability. A qualification report of completed installation can be provided and included in your validation of the chosen solution. This report will document the results of the completed installation, configuration and applicable verifications.