A risk based approach is widely adopted within the

This preview shows page 48 - 50 out of 90 pages.

A risk-based approach is widely adopted within the life sciences industry and is advocated by regulatory agencies and industry standards for GxP computerized system compliance. The ISPE GAMP 5 framework provides guidance on how to conduct risk assessments to identify potential hazards and prioritize risk mitigation activities. To help build resiliency into a system, customers may perform a failure mode analysis (FMEA) to identify possible failure points in the system. A standard FMEA process consists of the following activities: 1. Identify all critical components in the system. Include external dependencies, such as identity providers, third-party services, and so on. 2. For each component, identify potential failures that could occur. A single component may have more than one failure mode. 3. Rate each failure mode according to its overall risk. Consider these factors: What is the likelihood of the failure? How detectable is the failure?
Microsoft Azure GxP Guidelines December 2017 Page 49 of 90 What is the impact on the application with regard to availability, data loss, and business disruption? 4. For each failure mode, determine how the application will respond and recover. According to the GAMP Good Practice Guide for IT Infrastructure Control and Compliance (Second edition) (Ref. [9]), the following controls may be appropriate to mitigate any identified risks: Testing Redesign, including incorporation of high availability options The deployment of various automatic performance, diagnostic, alarm, and security monitoring tools, which greatly reduces the likelihood of undetected harm Updated or new policies, guidelines, and instructions Extra education or training Supplier assessments and management Contractual agreements (for example, SLAs) Identification of new or updated roles and responsibilities Provision of extra staff, facilities, tools, and office space Provision of an alternate XaaS supplier Data replication, storage redundancy, and mirroring Design reviews Procedures Clustering at the operating system or application level The outcome of the risk assessment should help customers focus the scope of qualification testing. Recommended Deliverable(s): Risk assessment : The risk assessment identifies potential hazards and risks associated with hosting GxP applications in the cloud. The risk assessment also describes mitigation strategies designed to reduce the overall risk level. Additional Resources: Azure - Cloud Security Diagnostic Tool 2016 (available in the Service Trust Platform (STP) under Trust Documents Compliance Guides) Microsoft Cloud - NIST Risk Assessment Checklist (available in the Service Trust Platform (STP) under Trust Documents Compliance Guides) Microsoft Cloud Security for Enterprise Architects 3.2.2.4 Deployment and qualification testing With traditional on-premises installations, the infrastructure procurement and installation process can be laborious and time-consuming, often causing significant project delays if not planned well in advance.

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture