Life science industries generally face several challenges in adopting to the technological advances considering the regulatory impacts and tedious processes involved. But with the alluring benefits provided by cloud based solutions and the need to globalize R&D, moving to cloud has become the “New Normal”. Though adoption of cloud might reduce the effort of the R&D personnel in maintaining and administering the services, it does not spare them from their ultimate responsibility to ensure that the applications in cloud are validated and comply with the regulations. Validation of applications is complete only with the qualification of underlying infrastructure.

Wondering how to formulate an approach to qualify cloud infrastructure? Here it is:

Vendor Assessment:

A thorough selection process and ongoing oversight about the following is required to determine the supplier quality and reliability and there by the level of qualification:

  • Their capability to deliver the service as per your requirements
  • The level of compliance with different regulatory requirements and standards to be followed
  • Presence of quality management system and procedural controls to ensure confidentiality, integrity and availability


Determine Qualification Scope and Infrastructure Layer

  • List down all the infrastructure components from the inventory record.
  • Identify those having an impact on regulatory and business operations at your organization and this will serve as the major input to the risk assessment process.
  • Each infrastructure component identified in scope for qualification can be categorized based on the GAMP 5 Categorisation of Hardware and Software and also into subsequent infrastructure layers depending on the function or service they provide. The different layers of infrastructures are seen below – with the checklist
  • The Qualification activities to be performed will differ for each such layer.

Perform Risk Assessment

Most life science industries go with a risk based approach when it comes to qualification and validation activities, considering that a lot of patient safety is involved.

  • So, upon determining the scope, a documented risk assessment must be conducted to analyse the impact on intended use (such that it does not affect patient safety, product quality and data integrity), regulatory compliance and business continuity
  • The likelihood of occurrence and probability to detect must also be considered
  • Qualification activities will be tailored in such a way to minimize those risks


Qualification Deliverables

The qualification deliverables required in general include the following:

  • Risk Assessment Report
  • Qualification Plan
  • Requirement and Design Specification
  • Qualification Protocol
  • Traceability Matrix
  • Qualification Summary Results

Confused about which deliverable is applicable for which infrastructure layer, who should take responsibility for which activities? Don’t worry, we’ve got it covered for you!

Take a quick glance at these helpers-

Deliverables Matrix for Infrastructure Layers* here!

RACI Matrix for Qualification Activities and Deliverables* here!


Plan Qualification Activities and level of qualification

Considering the components in scope, layer to which they belong to, the results of the risk assessment and reliability of the supplier, a qualification plan must be formulated detailing the level of qualification required followed by the creation of qualification deliverables.


Qualify any solution of your choice-

With the help of our comprehensive Cloud Infrastructure Checklist here!

ZifoZifo RnD Solutions