Cloud Services - A Framework for Adoption in the Regulated Life Sciences Industry Status November 2018.

Slides:

Advertisements

Similar presentations

ISO 9001: Countdown to 2015 Presented by Ellen Diggs Ellen Diggs Consulting February 11, 2015 It’s Not Just for Manufacturing Anymore!

Advertisements

Dr. Julian Lo Consulting Director ITIL v3 Expert

By Collin Smith COBIT Introduction By Collin Smith

TEMPUS ME-TEMPUS-JPHES

ISO 9000 Certification ISO 9001 and ISO

4. Quality Management System (QMS)

4. Quality Management System (QMS)

ISO 9000 Introduction Imran Hussain.

Fundamentals of ISO.

Effectively applying ISO9001:2000 clauses 5 and 8

Quality Management Systems P.Suriya Prakash Final Mech Vcet

1 European Conference on Training Strategies Kieran Cox -NSAI Education & Promotion-

Information Systems Security Computer System Life Cycle Security.

ISO 9000 and Public Awareness and Information Session 22 February 2006 Owen Glave, MBA-TQM.

Software Quality Assurance Lecture 4. Lecture Outline ISO ISO 9000 Series of Standards ISO 9001: 2000 Overview ISO 9001: 2008 ISO 9003: 2004 Overview.

Process Management Auditing Version JP.10.1-UK Oct 03  The High Performance Organisation Ltd.

Introduction to ISO 9001:2000.

Roles and Responsibilities

Copyrights I Global Manager Group | Revision 0.1 Feb 2009 | 1 GMG DEMO OF ISO: ENERGY MANAGEMENT SYSTEM AUDITOR TRAINING PRESENTATION KIT.

ISO 9001:2008 to ISO 9001:2015 Summary of Changes

a guidance to conversion

Paul Hardiman and Rob Brown SMMT IF Planning and organising an audit.

Visit us at E mail: Tele:

It was found in 1946 in Geneva, Switzerland. its main purpose is to promote the development of international standards to facilitate the exchange of goods.

The common structure and ISO 9001:2015 additions

Internal Auditing ISO 9001:2015

Good Practices to Reduce Forced and/or Child Labor in Supply Chains Part 2.

Alex Ezrakhovich Process Approach for an Integrated Management System Change driven.

ISO 9001:2015 Subject: Quality Management System Clause 8 - Operation

Internal Audit Quality Assessment Guide

COBIT. The Control Objectives for Information and related Technology (COBIT) A set of best practices (framework) for information technology (IT) management.

Welcome to the ICT Department Unit 3_5 Security Policies.

ISO 9001: 2015 BUSINESS PROCESS IMPLEMENTATION GENERAL AWARENESS

IMS Implementation Project

Steve Barfoot, President Advantage International Registrar, Inc.

Final Draft International Standard IS0/FDIS 9001

Learn Your Information Security Management System

Integrated Management System and Certification

External Validation of Quality Programs

Prepared by Rand E Winters, Jr. ASR Senior Auditor October 2014

Module 1 IAEA Safety Standards on Management Systems.

GDPR Awareness and Training Workshop

Integrated Management System and Certification

NEEDS & EXPECTATIONS: INTERESTED PARTIES TO ISO & AS9100

Fundamentals of ISO.

Training Course on Integrated Management System for Regulatory Body

Paul Woods Chair, MITIGATION: Ensuring we procure cloud services taking into account of the risks involved Paul Woods Chair, ISNorthEast.

Need for ISO 9000 & other Q Systems Swamynathan.S.M AP/ECE/SNSCT

INTRODUCTION TO ISO 9001:2015 FOR IMPLEMENTATION Varinder Kumar CISA, ISO27001 LA, ISO 9001 LA, ITIL, CEH, MEPGP IT, Certificate course in PII & Privacy.

Quality Management Systems – Requirements

Assessing the Security of the Cloud

HIGHLIGHTING THE KEY CHANGES

Presented By: Daniel J. Brown, CQA

Agenda Review homework Final Exam requirments ISO 9000 Baldridge

Agenda Who are we? 1 Introductions Journey so far 2

QUALITY MANAGEMENT SYSTEM

Transition ISO 9001:2008 to ISO 9001:2015

IAQG 9101:2009 Revision IAQG General Assembly Munich, 15 Oct. 2009

QUALITY MATTERS - OVERVIEW OF ISO QUALITY MANAGEMENT SYSTEM

Introduction to ISO 9000 ISO

GMP Inspection Process

ISO 9000 Dr. S. Thomas Foster, Jr..

ISO 9001:2008 Quality Management Systems

How to conduct Effective Stage-1 Audit

External Validation of Quality Programs

ISO 9001:2008 – Key Changes NOTE: use of this webinar depends on the instructor/speaker using the text in the notes of the slides!! Examples and speaking.

INTOSAI IT AUDIT TRAINING

GSBPM AND ISO AS QUALITY MANAGEMENT SYSTEM TOOLS: AZERBAIJAN EXPERIENCE Yusif Yusifov, Deputy Chairman of the State Statistical Committee of the Republic.

ISO 9001 – 2008 Changes Summary of Changes

Presentation transcript:

Cloud Services - A Framework for Adoption in the Regulated Life Sciences Industry Status November 2018

Background 2013/2014: Team formation, brainstorming, case-studies -> framework concept Three versions of concept paper submitted Version 4 is under revision, including appendices on: Cloud Terminology Cloud Audit Activities Cloud Case Stories Regulatory requirements and Cloud Solutions

4 Key Roles Cloud Service Customer: In the context of GxP, these are generally the organizations or entities that purchase/use the cloud services to support their GxP-regulated activities. Cloud Service Provider: Organizations or entities responsible for providing cloud services to customers. Cloud Service Broker: These are the organizations or entities that manage the configuration, delivery and use of cloud services on behalf of the cloud customer. Cloud Auditor: A cloud auditor is a party that is qualified to conduct assessments of the cloud provider and the cloud infrastructure underlying the IaaS, PaaS, SaaS services.

Key issues right now Availability of data, and data integrity Facilitating compliance with GxP predicate rules in relation to supplier assessment/audits Contract with cloud service provider Inspection readiness

Availability of data, and data integrity Data Loss and Data Breaches. Who's liable for damages from interruptions in service? Malicious Insiders; How can users avoid vendor lock-in and exit if needed? Insure interfaces and API’s Where is the data actually going to be physically located? Change Management. What happens when providers decide to change their service?

Supplier assessment/audits Often a SOC2/ISO 27001 report is provided – but: ISO 9001 is the international standard that specifies requirements for a quality management system (QMS). ISO 27001 specifies a management system that is intended to bring information security under management control and gives specific requirements.

ISO 9001 and 27001 There is a difference between a quality approach and a security approach. The following clauses from ISO 9001:2015 are not covered by ISO27001:2013 or there are no similar clauses in ISO 27001: Quality management principles (Introduction, clause 0.2) Process approach (Introduction, clause 0.3) Customer focus (Leadership, clause 5.1.2) People (Support, clause 7.1.2) Infrastructure (Support, clause 7.1.3) Environment for the operation of processes (Support, clause 7.1.4) Monitoring and measuring resources (Support, clause 7.1.5) Organisational knowledge (Support, clause 7.1.6) Release of products and services (Operation, clause 8.6) Control of nonconforming outputs (Operation, clause 8.7) Even though there is an overlap between the two standards, there is still a need for e.g. defining quality metrics, quality management review etc.

Inspection readiness Quality responsible is the same independent of outsourcing or using cloud solutions. It is expected to have support under inspections if needed. Following to be aware of together with Cloud Service Provider Can documentation be provided, and how. Competency in answering an investigator’s questions Do the regulated company have a set-up to handle long distance support from the Cloud Service Provider How to handle inspection at Cloud Service Provider site? Prepare questions for: Data location Access control Back-up How contracts are monitored.

Next step Framework document in version 4 under final revision. Appendices on: Cloud Terminology – close to be ready for internal review Cloud Audit Activities – under final revision Cloud Case Stories – we might need input Regulatory requirements and Cloud Solutions – close to be ready for internal review