November / December 2017

New Guidance Document - ISPE GAMP® Good Practice Guide: IT Infrastructure Control & Compliance


The ISPE GAMP Good Practice Guide: IT Infrastructure Control and Compliance (second edition) is intended to provide comprehensive guidance on meeting regulatory expectations for compliant IT (information technology) infrastructure platforms, both traditional and cloud-based. The increasing prevalence of new technology has presented regulated companies with significant technological advantages as well as a changed compliance model.

ISPE GAMP® Good Practice Guide: IT Infrastructure Control & Compliance

The validated status of GxP* applications that are dependent upon an underlying IT infrastructure can be compromised if the IT infrastructure is not maintained in a demonstrable state of control and regulatory compliance. Data integrity can also be affected by problems related to IT infrastructure, leading to increased risks that can in turn affect product quality or patient safety.

The ISPE GAMP Good Practice Guide: IT Infrastructure Control and Compliance (Second Edition) applies a structured approach, including risk management, to the qualification, management, and control of IT infrastructure platforms supporting GxP-regulated applications. The Guide provides a scalable qualification framework that can be applied to different platform types, across both the physical and virtualized space, in order to determine the extent and scope of qualification efforts. The Guide also provides an overview of industry best practices for the design, qualification, and operation of an IT infrastructure, with emphasis on the qualification requirements of the major components.

The revision expands the scope of the Guide to include guidance on the emergence of cloud and virtualized technologies. Information has been added to reflect significant changes in the technologies that make up IT infrastructure, including:

  • The use of virtualization technologies that allow the sharing, combining, and maximization of resources
  • The use of cloud computing, including cloud-based infrastructure and three cloud-based service models: infrastructure as a service (IaaS), platform as a service (PaaS), and software as a service (SaaS)
  • The delivery of GxP applications “as a service”
  • Outsourcing and the increased use of third-party data centers

For more information, or how to order the updated Guide, visit control-compliance

* One or a combination of GCP (good clinical practice), GMP (good manufacturing practice), GLP (good laboratory practice), or GDP (good distribution practice)—where “x” refers to clinical, manufacturing, laboratory, or distribution; often used for everything of interest for regulatory bodies. Source: ISPE Glossary (