Recently we presented you with information pertaining to data security and what Kaye is doing to keep your data safe. Continuing with this same topic area, there is another principle dealing with data when it comes to our Cloud-based systems. In this post, we are discussing GxP Compliance.
GxP is an abbreviation for “Good Practice”, with the “x” in the middle standing for the field to which it is being applied. For example, for the pharmaceutical industry the abbreviation would be GLP, standing for Good Laboratory Practice. The basic purpose of any GxP guideline is to ensure that the product that you are offering, in our case with our product of LabWatch we are dealing with data, is safe and meets its intended use. This means that within a GxP guideline there is quite a bit of referencing to a quality system. A quality system needs to be established, implemented, documented, and maintained for any GxP guide to be functional and stay up to date.
The central aspect of good practice guidelines are good documentation practices. Good documentation practices are expected to operate under the ALCOA principle. We recently covered the ALCOA principle in more depth when we discussed data integrity. You can visit that blog post by visiting it here.
We often reference 21 CFR Part 11 compliance when it comes to many of our products. This compliance involves electronic data being logged to a specific user by requiring the user to log in to access and store their data. By completing these steps, you lay the foundation for your traceability when it comes to your audits, which is another key point of GxP compliance. Your data must be able to be traced from start to finish, who interacted with it, and why.
For our specific area with LabWatch, we are dealing with a system that has most of its features in the Cloud. What are these features and what makes up “the Cloud”? LabWatch follows all required sections of 21 CFR Part 11, specifically for closed systems and data integrity. So how does a Cloud based system conform to a Closed system? Each LabWatch system is connects the local data transmission through a localized VPN tunnel, using secured transmission. All data is collected locally and transferred via an Edge connection. This data is checked for integrity before it is ever stored – where has the data originated from and is it with specified limits before acceptance.
Interactions with the LabWatch Cloud are all driven through Single Sign On (SSO) – and use your companies’ IT policies for entry. Once in the Cloud Application – all functions that have the ability to change or modify functional parameters, require re-authentication of password(s), or PIN codes to ensure only correct personnel are performing these functions.
But how do we deal with Change Control of the Cloud Application? - As it is normal to require either feature changes or security upgrades based on the ongoing threats to all software-based systems. This is a Quality mindset change that comes with using Cloud Applications.
All LabWatch clients use the same version of the Cloud Application – and when an update is required, Customers receive notification that a new version will be pushed to the Cloud on a specific day. (Typically, a running banner will also inform clients of the date of new release) Normally, customers will have a 4-month opportunity to review the upcoming updates and prepare accordingly. With this in mind, customers receive validation documents pertaining to the new version – with the ability to either accept the document set or run the same test scripts on a Staging Cloud server with the upcoming release version.
At the date of switch over, the Application is seamlessly updated without any break in data or communication – the Audit trail records the data/time of upgrade and having the Help section reveal all the updated changes pertaining to the new version. The Help section has both line item updates and, if required, animated views of any feature or function changes. Also note, that all versions are backed up using automated processes within the Cloud infrastructure – and can be instantly retrieved and re-deployed in the event of any catastrophic failures.
For over 60 years, Kaye has proven itself to be able to uphold and drive regulatory standards that have ensured safe practices within Validation and Product Monitoring. By taking on the GxP and Data Integrity demands into the Cloud – innovation by Kaye is just another step forward allowing the Customer to drive compliance.
Copyright: Amphenol Corporation