GAMP Good Practice Guide: IT Infrastructure Control & Compliance 2nd Edition


Member Price
Non-Member Price

Published: August 2017
Pages: 168

The ISPE GAMP® Good Practice Guide: IT Infrastructure Control and Compliance (Second Edition) is intended to provide comprehensive guidance on meeting regulatory expectations for compliant Information Technology (IT) Infrastructure platforms, both traditional and cloud-based. The increasing prevalence of new technology has presented regulated companies with significant technological advantages, as well as a changed compliance model.  

The validated status of GxP applications that are dependent upon an underlying IT Infrastructure can be compromised if the IT Infrastructure is not maintained in a demonstrable state of control and regulatory compliance. Data integrity can also be affected by problems related to IT Infrastructure, leading to increased risks which can in turn affect product quality or patient safety.

The Guide applies a structured approach, including risk management, to the qualification, management, and control of IT Infrastructure platforms supporting GxP regulated applications. The Guide provides a scalable qualification framework which can be applied to different platform types, across both the physical and virtualized space, in order to determine the extent and scope of qualification efforts. The Guide also provides an overview of industry best practices for the design, qualification, and operation of an IT Infrastructure with emphasis on the qualification requirements of the major components.

The revision expands the scope of the Guide to include guidance on the emergence of cloud and virtualized technologies. Information has been added to reflect significant changes in the technologies that make up IT Infrastructure, including:

  • The use of virtualization technologies that allow the sharing, combining, and maximization of resources
  • The use of cloud computing, including cloud-based infrastructure and three cloud based service models: Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS)
  • The delivery of GxP applications “as-a-service”
  • Outsourcing and the increased use of third-party data centers