Life science application comes under Life sciences industry.
Life sciences consist of all fields of science that involve the scientific study of living organisms such as human beings, plants, and animals. The study of behaviour of organisms is only included in as much as it involves a clearly biological aspect. Biology and medicine remain main parts of the life sciences, having said that technological advances in molecular biology and biotechnology have directed it to a burgeoning of specializations and new interdisciplinary fields.
R&D process in the life science can be a long and expensive undertaking. The product development process follows basic steps at a very high level as described below:
• Phase 1 – recognition of the particle, initial testing, and toxicology studies
• Phase 2 – more development, formulation, and human testing
• Phase 3 – double blind clinical trials to test efficacy and submission for FDA approval
Life science industry operates under the regulatory guidelines put forward by the Food & Drug Administration (FDA).
Food and Drug Administration is a federal agency in the Department of Health and Human Services. It is established to regulate the release of new foods and health related products.
The IT organizations in life science companies must adhere to the FDA guidelines put forth in the Code for Federal Regulations 21 Part 11 (CFR 21 Part 11). It defines how systems managing electronic records in life science firms must be validated and verified to ensure that the operation of and the information in these systems can be trusted.
Title 21 CFR Part 11 of the Code of Federal Regulations deals with the Food and Drug Administration (FDA) guidelines on electronic records and electronic signatures in the United States. CFR Part 11, as it is called, defines the criteria under which electronic records and signatures are considered to be reliable and equivalent to paper records.
Part 11 requires drug makers, manufacturers, biologics developers, biotech companies, and other FDA-regulated industries to implement controls such as audits, system validations, audit trails, electronic signatures, and documentation for software and systems involved in processing electronic data that are (a) required to be maintained by the FDA predicate rules or (b) used to demonstrate compliance to a predicate rule with some specific exceptions.
The actual Part 11 compliance process for any application includes software, hardware, and operational environment for the system itself. This allows an IT Team to answer the questions.
To prove these things the system validation process has three primary components, the Installation Qualification (IQ), the Operational Qualification (OQ), and Performance Qualification scripts. Organizations manage IT environment separately for the life science applications and with proper controls placed.
CFR does not ask organization on How to do it? but it states What needs to be done.
It all comes to convincing the FDA auditor whether the Cloud environment conforms to the FDA compliance requirements or not.
Cloud computing can improve and speed up process by reducing IT complexity and cost while allowing R&D organizations to focus on the ‘what’ of the R&D process in stead of the ‘how’.
But, how Cloud Computing and FDA can be brought on a same table is the biggest issue because:
Audit / Track of following items are needed.
Ø Hardware serial number
Ø System configuration
Ø Equipment location
Ø Exact versions off all installed software
FDA compliance in Public Cloud is impossible till now because you must be aware about the detailed information on the hardware and software that your system will be running on and even the exact physical location of the resources as well.
In Private Cloud, owner has control over all resources (Hardware, Software) and thus it is still possible.
In a nutshell, public cloud model just does not fit for the current practices for validation in FDA regulated organizations. However private cloud environment could be leveraged to provide life science companies with a short cut to completing overall system validation Public Cloud’s benefit “Economy of Scale” will be out of reach in this case.
A community cloud may be established where several organizations have similar requirements and seek to share infrastructure so as to realize some of the benefits of cloud computing. With the costs spread over less users than a public cloud (but more than a single tenant) this option is more expensive but may offer a higher level of privacy, security and/or policy (FDA) compliance.
Amazon EC2 Dedicated Instances
Dedicated Instances are Amazon EC2 instances launched within your Amazon Virtual Private Cloud (Amazon VPC) that run hardware dedicated to a single customer.
NOTE: hardware dedicated to a single customer
Dedicated Instances let you take full advantage of the benefits of Amazon VPC and the AWS cloud – on-demand elastic provisioning, pay only for what you use, and a private, isolated virtual network, all while ensuring that your Amazon EC2 compute instances will be isolated at the hardware level.
You can easily create a VPC that contains dedicated instances only, providing physical isolation for all Amazon EC2 compute instances launched into that VPC, or you can choose to mix both dedicated instances and non-dedicated instances within the same VPC based on application-specific requirements
To get started using Dedicated Instances within an Amazon VPC, perform the following steps:
- Open and log into the AWS Management Console
- Create an Amazon VPC if you do not already have one on the Amazon VPC tab
- Click on Launch Instance from the EC2 Dashboard
- Select Launch Instances Into Your Virtual Private Cloud
- Modify the instance tenancy from Default to Dedicated in the Request Instances Wizard
- Start using your instance with the knowledge it will not share hardware with instances launched by other customers
Dedicated Instances certainly does help in building a case for FDA compliance and step in a RIGHT direction.