Upload
pistoia-alliance
View
274
Download
0
Embed Size (px)
Citation preview
12 July 2016
The PhUSE Framework for the Adoption of Cloud Technology in the
Regulated Life Sciences IndustryA Pistoia Alliance Debates Webinar
Chaired by Tony Hewer – Medidata Solutions Inc.
© P
isto
ia A
llian
ce
3The PhUSE Framework for the Adoption of Cloud Technology in the Regulated Life Sciences Industry
Tony Hewer Senior Quality & Regulatory Affairs Director, MedidataTony has worked at Medidata – the leading Software-as-a-Service company in Clinical Research for the past 9 years. Previously, Tony held various senior IT-related positions within Pfizer for 10 years in EMEA and APAC. His pre-life-science career included over 20 years in the financial sector, the travel industry and academia.
Chris Whalley, Global Security Assurance, Amazon Web ServicesChris leads the global security assurance program for healthcare and life sciences at AWS. With a background spanning discovery, development, manufacturing and healthcare delivery settings, Chris brings 17 years’ experience delivering high quality risk & compliance solutions for computerized systems.
Daniel Dziadiw, Director, IT Compliance and Risk Management, MerckDaniel has worked at Merck for 15 years, with 28 years total professional Experience, 24 years in the Pharmaceutical Industry. He worked in many areas in Engineering and Information Technology supporting various areas including Manufacturing, Clinical Supplies, Chemical Development, Regulatory Affairs, and IT Compliance.
Anders Vidstrup, Senior IT Quality SME, Quality & Security, NNIT A/S Anders has worked in the Novo Nordisk group for over 15 years; the last 5 year as quality responsible for GXP deliverables to NNIT A/S customers. Before that, he has been responsible for quality for applications as infrastructure both in GMP and GCP areas as well as production facilities. Experienced in handling inspections by authorities.
Bill Telford, Director, ITS Security, R&D, SanofiBill has work at Sanofi for 28 years, the last 10 of which focused on IT Security and enabling the secure/safe use of technology. Bill has a total of 37 years working in Information Technology across Financial, Retail, Manufacturing and Health Care industries.
© P
isto
ia A
llian
ce
4
Agenda
The PhUSE Framework for the Adoption of Cloud Technology in the Regulated Life Sciences Industry
• PhUSE organization - Tony• Our Working Group - Tony• Key aspects of the Framework – Chris, Anders,
Bill, Dan• Q&A - All
Partner logo if required
© P
isto
ia A
llian
ce
Poll Question 1: Had you heard of PhUSE before today?
A. Yes. In fact I am/my company is a memberB. Yes. I know quite a bit about PhUSEC. I have heard of PhUSE but don't know too much about itD. I have never heard of PhUSE
© P
isto
ia A
llian
ce
6
PhUSE – Pharmaceutical UserSoftware Exchange
The PhUSE Framework for the Adoption of Cloud Technology in the Regulated Life Sciences Industry
• Formed in 2004• Today, >6000 member worldwide• Not-for-profit organization• Run by volunteers• Roots: a conference for European Statistical Programmers• Today: a global platform for the discussion of topics
encompassing the work of Data Managers, Biostatisticians, Statistical Programmers and eClinical IT professionals
• Stakeholders with EMA, FDA (+ Computational Sciences Symposium) and PMDA
• Visit phuse.eu
Partner logo if required
© P
isto
ia A
llian
ce
7
Our Working Group
The PhUSE Framework for the Adoption of Cloud Technology in the Regulated Life Sciences Industry
• Formed in 2013 via PRISME to PhUSE• Operating within the PhUSE/FDA Computational Sciences
Symposium’s Emerging Trends/Technologies Stream• 2013/2014: Team formation, brainstorming, case-studies ->
framework concept; engagement with FDA• Q1-2014: Test concept; CSS in MD• 2014/2015: Team consolidation, framework content
refinement• Q4-2015: New “published” framework; engagement with
EMA• >2015: More iterative refinement
Framework link: https://s3-us-west-2.amazonaws.com/phuse/public/PhUSE+Cloud+Doc+13-Nov-2015.pdf
Partner logo if required
© P
isto
ia A
llian
ce
Potential Benefits
• Scalability• On-demand usage - > Fixed cost reduction• Fault tolerance• High availability• Commoditization of computing, storage and
networking• Speed (of deployment)• Measureable
Partner logo if required
8The PhUSE Framework for the Adoption of Cloud Technology in the Regulated Life Sciences Industry
© P
isto
ia A
llian
ce
9
Issues (?) Identified
The PhUSE Framework for the Adoption of Cloud Technology in the Regulated Life Sciences Industry
• NOT technology• Evolution of approaches, terminology, understanding,
jargon• A perception of diversified controls, roles and
responsibilities – client, supplier, sub-suppliers more complex “IT supply chains”
• Absence of standards [applicable for GxP]• SIMT apps• QMS fitness for purpose• Brings long-standing issues to the fore…privacy, legacy
architectures, [truly] internationalized solutions
Park these thoughts…….
Partner logo if required
© P
isto
ia A
llian
ce
Background – Technology Evolution Partner logo if requiredW
HY
2000-2010 2010-20201990-20001980-1990
WHE
RE
Dedicated On Prem Hosted /Portals
Apps
WHO Specialists Key
ContributorsAll
Employees Everyone
MAI
NFR
AME
ERA
CLIE
NT/
SERV
ER E
RA
INTE
RNET
ERA
CLO
UD
ERA
Need Speed Convenience Productivity
Computerized Systems Used in Clinical Investigations21CFRpart11
Annex 11General Principles of Software Validation; Final Guidance for Industry and FDA Staff
CGMP Applicability To Hardware and Software
Electronic Source Data in Clinical Investigations
Virtualization
10The PhUSE Framework for the Adoption of Cloud Technology in the Regulated Life Sciences Industry
© P
isto
ia A
llian
ce
11
Framework Tenets
The PhUSE Framework for the Adoption of Cloud Technology in the Regulated Life Sciences Industry
• Living framework document – wiki-like• Technology has – and will – change rapidly; Life Science
companies changing too; synergy!• Bake in flexibility and technology-neutrality to processes
– get things right at policy level• Leverage NIST1 and ISO/IEC 177882 and 177893 – no
need to reinvent• Embrace cloud to stay/become innovative in use of
technology – but, “stay in control” as per predicate rules
1 http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-145.pdf2 http://www.iso.org/iso/catalogue_detail?csnumber=605443 http://www.iso.org/iso/catalogue_detail?csnumber=60545
Partner logo if required
© P
isto
ia A
llian
ce
Stylized EDC/CTMS (etc) Cloud setup
12
SaaS – Web Apps
Facilities
NetworksCompute & Data Storage
Hypervisor - V
OS’s
Solution Stack
Multiple, connected, resilient
SaaS/PaaS – configurable recipesPaaS – standardized/programmable
IaaS – standardized/programmableIaaS – commoditizedIaaS – commoditized
Internet
“Users”
Various apps of various architecture SaaS&PaaS
IaaSG1
G4/5
G1/5
G4/5
G1/3G1
G1
12The PhUSE Framework for the Adoption of Cloud Technology in the Regulated Life Sciences Industry
© P
isto
ia A
llian
ce
4 Key Roles (q.v. ISO 17788/ISO 17789 )• Cloud Service Customer: In the context of GxP, these are generally the
organizations or entities that purchase/use the cloud services to support their GxP-regulated activities. They are generally billed for the cloud services they consume, and depending on the services requested (IaaS, PaaS, SaaS), their activities, use cases and GxP requirements may vary.
• Cloud Service Provider: Organizations or entities responsible for providing cloud services to customers. The activities that the cloud providers perform will vary depending on their particular service offerings and can include building, deploying, operating and maintaining the cloud apps, infrastructure and associated service layers.
• Cloud Service Broker: These are the organizations or entities that manage the configuration, delivery and use of cloud services on behalf of the cloud customer. For example, cloud managers may perform infrastructure change control activities on the infrastructure built using general purpose, commercial cloud services.
• Cloud Auditor: A cloud auditor is a party that is qualified to conduct assessments of the cloud provider and the cloud infrastructure underlying the IaaS, PaaS, SaaS services. The auditor may be an independent third party such as a third party assessment organization (3PAO) or can also be a member of the consumer, provider or manager organization.
13The PhUSE Framework for the Adoption of Cloud Technology in the Regulated Life Sciences Industry
© P
isto
ia A
llian
ce
Cloud “Supply Chains” – Example 1
Cloud Service Customer Cloud Service Provider (PaaS/SaaS)
Cloud Service Provider (IaaS)Cloud Service Broker
Cloud Service Auditor
Cloud Service Provider (IaaS)
Cloud Service Provider (PaaS/SaaS)
Cloud Service Broker
Cloud Service Auditor
14The PhUSE Framework for the Adoption of Cloud Technology in the Regulated Life Sciences Industry
© P
isto
ia A
llian
ce
Cloud “Supply Chains” – Example 2
Cloud Service Customer Cloud Service Provider (PaaS/SaaS)
Cloud Service Provider (IaaS)Cloud Service Broker
Cloud Service Auditor
Cloud Service Provider (IaaS)
Cloud Service Provider (PaaS/SaaS)
Cloud Service Broker
Cloud Service Auditor
15The PhUSE Framework for the Adoption of Cloud Technology in the Regulated Life Sciences Industry
© P
isto
ia A
llian
ce
Cloud “Supply Chains” – Example 3
Cloud Service Customer
Cloud Service Provider (PaaS/SaaS)
Cloud Service Provider (IaaS)Cloud Service Broker
Cloud Service Auditor
Cloud Service Provider (IaaS)
Cloud Service Provider (PaaS/SaaS)
Cloud Service Broker
Cloud Service Auditor
16The PhUSE Framework for the Adoption of Cloud Technology in the Regulated Life Sciences Industry
© P
isto
ia A
llian
ce
Poll Question 2: Has your organization implemented any cloud-based GxP solutions??A. Yes, on a small scaleB. Yes, it's part of our strategyC. NoD. I don’t know
© P
isto
ia A
llian
ce
Summary
• Benefits of the cloud are driving transformation in scalability, agility, and automation of life sciences operations
• Use of the cloud in regulated systems requires re-thinking QMS practices for scalability, agility, and automation.
• PhUSE’s cloud working group framework provides applied practical guidance for cloud-friendly QMS practices
• Come help us grow the framework!
[email protected] @pistoiaalliance www.pistoiaalliance.org
Many thanks for your attendance and engagement