A Risk Based Approach to IT Infrastructure Seminar 2018

 Course "A Risk Based Approach To IT Infrastructure & Cloud Qualification, Compliance & Control" has been pre-approved by RAPS as eligible for up to 12 credits towards a participant's RAC recertification upon full completion. Overview: GxP Regulated companies are dependent on validated GxP computerized applications to conduct their day to day operations. These applications are, in turn, depended upon a qualified infrastructure that can be relied upon to provide control and regulatory compliance. The consequences of the IT Infrastructure being out of compliance can result in the failure of an entire site or geographic region being brought to a standstill while the compliance issue is resolved. It can also result in regulatory citations during a regulatory inspection as both the infrastructure be out of compliance and also cause the computerized applications that are dependent on it to be out of compliance. The impact of such compliance issues on a regulated company can be significant: it can result in recalls of products, warning or untitled letters, import alerts, injunctions, seizures, legal action, etc. These regulatory actions can have significant financial impact to the company. However, and most importantly, data integrity issues can lead to potential patient harm!! Effective IT Infrastructure Qualification on the other hand, confers the following benefits. • Ensures GxP compliance • Reduces duplication of effort • Ensures adherence to standards • Enhances the flow of information throughout an information system • Promotes adaptability and agility necessary for a changeable environment • Ensures interoperability among organizational and external entities • Maintains effective change management policies and practices Although all business activities depend upon the infrastructure, planning and projects to ensure its effective management are typically undervalued to the detriment of the organization. According to IDC, a prominent research firm (cited in an article in DM Review), investments in infrastructure management have the largest single impact on an organization's revenue. Establishment and maintenance of a controlled infrastructure requires that infrastructure needs to be brought into initial compliance with the company’s established standards, through a planned qualification process, based upon domestic and international best practices and standards. The qualification needs to be documented and confirmed by Quality Assurance. Once the IT Infrastructure is qualified, the compliant state needs to be maintained by documented standard processes and quality assurance activities. The effectiveness of maintaining the qualified state needs to be monitored and periodically verified. ________________________________________ The Seminar: This Seminar provide a risk based approach to meeting current regulatory expectations for compliant IT Infrastructure platforms, including the need to identify, qualify and control those aspects impacted by GxP quality and data integrity. It provides current best practices for the design, qualification and operation of an IT Infrastructure with emphasis on the qualification requirements of the major components. It addresses compliance with international GxP regulations and can be used both for the establishment of new platforms and extensions or existing platforms whether or not they are currently in support of GxP applications. Finally, this seminar covers a range of IT Infrastructures, from those found in companies operating in a global setting to isolated or semi-isolated GxP Infrastructures. This Seminar focuses on the horizontal approach to IT Infrastructure Qualification which includes the following benefits: • Higher level of standardization throughout the entire lifecycle • Minimal overlap in documentation • Minimal overlap in qualification • Minimal overlap in audits inspections and assessments The areas addressed by the seminar include: • How does IT Infrastructure Qualification fit into GaMP5 lifecycle • Quality Management for Infrastructure • Risk management for Infrastructure Qualification • Installation & Operational Qualification of Infrastructure Components • Configuration management and change control of infrastructure components and settings in a highly dynamic environment • Involvement of service provider in critical infrastructure processes • Security management in relation to access controls, availability of services and data integrity • Backup, restore and disaster recovery of IT Infrastructure Platform Components Generic Qualification Strategy Hardware and Peripherals Includes all computer equipment, including power supplies, boards, network interface cards, disk storage arrays, printers and other peripherals, etc., needed to execute programs in direct support of applications, and for providing basic IT Infrastructure services. Hardware and peripherals used in the IT Infrastructure are typically GAMP HW category 1. Firmware Firmware is often considered an indivisible part of the hardware component. However, in those instances where firmware is updated independently, it should be managed as software in its own right, and typically, would be GAMP SW category 2. Operating Systems Includes operating systems and communication protocol implementations. Device drivers are usually designed and maintained by hardware suppliers to allow operating variants to effectively interact with their hardware products. Most operating systems and drivers are GAMP SW category 1. Note 1: Configuration of operating systems should be documented. Note 2: Specific operating system features which are important to a GxP application may be validated as part of the application, e.g., the use of operating system user access and privilege functionality where the application software has no such built-in functionality. Data Management Software Includes file storage software, database management systems, web-services, interface, and communications software, etc. Elements of Data Management Software often support more than one application. Most Data Management Software is GAMP SW category 1, because they are part of the operating system environment, and typically, are standardized. Some may be other GAMP SW categories depending on complexity and configurability. Servers Server building blocks or individually configured servers are usually built of standardized components and configured in accordance with specifications. The actual set-up should dictate the chosen qualification strategy. Therefore, most server building blocks are a combination of GAMP HW category 1, and SW categories 1 or 2. Clients Client building blocks or individually configured clients, range from 'thin' to 'thick' clients which may process and store data locally. The actual set-up should dictate the chosen qualification life cycle model. Therefore, most client building blocks are a combination of GAMP HW category 1, and SW categories 1 or 2. Applications Applications implement processes and may consist of everything from an 'off-the-shelf', standardized software package configured with the user defined parameters to a set of programs and parameters designed to meet unique user requirements. Applications are GAMP SW categories 3, 4, or 5. The validation of applications is outside the scope of this Guide. Who will benefit: • VP of IT • Director of IT • Quality Managers • Project Managers (for CSV / IT) • Validation Specialists • Database Administrators • System Administrators • Directors / Senior Directors of Discovery • Directors / Senior Directors of Development • Directors / Senior Directors of Commercialization • Document Managers • Training Managers • Regulators • Vendors • Suppliers • Outsource Service Providers ________________________________________ Industries: • Pharmaceuticals • Biotech • Medical Device • Radiological Health • Blood Products • Companion Animals • Food • Cosmetics • Tobacco • Academia Agenda: Day 1 Schedule ________________________________________ Lecture 1: Introduction and Background • Introductions / Participants’ Understanding / Participants’ Objectives for the Course (Please come prepared to discuss) • Infrastructure Qualification and the GaMP5 Lifecycle • Key Concepts o Platforms to run the business applications (e.g. CDMS, IVRS, LIMS, ERP) o IT Infrastructure processes that facilitate a capable & controlled IT environment o General IT services (e.g. email system, office tools, intranet facilities, file storage) ________________________________________ Lecture 2: Infrastructure Options - Non-Cloud • Infrastructure Services • Platforms • Processes • Personnel ________________________________________ Lecture 3: Infrastructure Options - Cloud • Current Concepts & Challenges in Cloud Computing • Cloud Computing in a GxP Environment: The Promise, the Reality and the Path to Clarity • IaaS Cloud in Regulated LifeSciences companies • A Risk Based Perspective on Leveraging PaaS within a Regulated LifeSciences Company • Using SaaS in a Regulated Environment – A LifeCycle Approach to Risk Management • SaaS in a Regulated Environment – The Impact of Multi-Tenancy and Subcontracting • Determine Regulated Cloud Strategy at Your Company by Answering 5 Key Questions ________________________________________ Lecture 4: Risk Management • Assessment of Risk Components • Implementation of Mitigation and Controls • Change Control to Qualified Components • Periodic Review Day 2 Schedule ________________________________________ Lecture 5: Qualification of Platforms • Overview of Process • IT Infrastructure LifeCycle o Planning phase o Specification & Design phase o Risk Assessment & Qualification test planning phase o Procurement, installation and IQ phase o QA & acceptance phase o Operation & maintenance phase o Retirement (decommissioning / withdrawal phase) • Exercise • Procurement o Supplier Evaluation o Installation & IQ  Verification of Documentation  Environmental Conditions  Servers  Clients  Networks • OQ & Acceptance • Reporting • Handover • Exercise ________________________________________ Lecture 6: Principles & Best Practices for Qualifying Cloud Infrastructure • Understanding Cloud Infrastructure Qualification Principles • What do Regulators Want • How Do You Qualify the Cloud? • Best Practices for Successful Validation • Bonus: o Cybersecurity Assessment o Sample Cloud SOPs for Governance ________________________________________ Lecture 7: Operations • Security Management • Upgrade & Patch Management • Server Management • Performance Monitoring • Client Management • Network Management • Problem Management • Help Desk • Outsourcing & Supplier Management ________________________________________ Lecture 8: Maintaining the Qualified State • Change Management • Configuration Management • Backup, Restore & Archiving • Disaster Recovery of IT Infrastructure ________________________________________ Quiz: Jeopardy!!!! • IT Infrastructure Qualification & Compliance Speaker Angela Bazigos CEO, Touchstone Technologies Silicon Valley Seasoned Executive with 40 years of experience in the Life Sciences & Healthcare Industries. Positions include Chief Compliance Officer http://morflearning.com/angelabazigos/. Experience combines Quality Assurance, Regulatory Compliance, Business Administration, Information Technology, Project Management, Clinical Lab Science, Turnarounds and Business Development. Past employers / clients include Roche, Novartis, Genentech & PriceWaterhouseCoopers. Co-authored & prototyped 21 CFR 11 guidance with FDA. Co-authored Computerized Systems in Clinical Research w/ FDA http://www1.diahome.org/~/media/4FA562336EBD46C58CDC43A8B7773095.ashx Patent on speeding up software compliance https://www.google.com/patents/US8266578. Recently quoted in Wall Street Journal for using training to bring regulatory compliance to the Boardroom http://blogs.wsj.com/riskandcompliance/2015/07/24/using-training-to-bring-compliance-to-boardrooms/ National Trainer for Society of Quality Assurance. Comments / collaborates with FDA on new guidance documents. Former President of Pacific Regional Chapter of Society of Quality Assurance. Stanford's Who's Who for LifeSciences: http://www.stanfordwhoswho.com/Angela.Bazigos.7144112.html#overview. Location: Minnesota, MN Date: May 24th & 25th, 2018 and Time: 9:00 AM to 6:00 PM Venue: Embassy Suites Minneapolis - Airport 7901 34th Avenue South, Bloomington, MN 55425, USA Price: Price: $1,295.00 (Seminar Fee for One Delegate) Register for 5 attendees Price: $3,885.00 $6,475.00 You Save: $2,590.00 (40%)* Register for 10 attendees Price: $7,122.00 $12,950.00 You Save: $5,828.00 (45%)* Register now and save $200. (Early Bird) Until April 10, Early Bird Price: $1,295.00 From April 11 to May 22, Regular Price: $1,495.00 Sponsorship Program benefits for “A Risk Based Approach to IT Infrastructure Seminar 2018 ” seminar For More Information- https://www.globalcompliancepanel.com/control/sponsorship Contact us today! NetZealous LLC DBA GlobalCompliancePanel john.robinson@globalcompliancepanel.com support@globalcompliancepanel.com Toll free: +1-800-447-9407 Phone: +1-510-584-9661 Website: http://www.globalcompliancepanel.com Registration Link - https://www.globalcompliancepanel.com/control/globalseminars/~product_id=901387SEMINAR?SEO Follow us on LinkedIn: https://www.linkedin.com/company/globalcompliancepanel/ Like us our Facebook page: https://www.facebook.com/TrainingsAtGlobalCompliancePanel/ Follow us on Twitter: https://twitter.com/GCPanel