2-day In-person Seminar

A Risk Based Approach To IT Infrastructure & Cloud Qualification, Compliance & Control

May 24th & 25th, 2018

Time: 9:00 AM to 6:00 PM

Minnesota, MN

Venue: Embassy Suites Minneapolis - Airport

Director : Angela Bazigos

**Please note the registration will be closed 2 days (48 Hours) prior to the date of the seminar.

  Price: $1,495.00
(Seminar Fee for One Delegate)

  Register for 5 attendees   Price: $4,485.00
      $7,475.00 You Save: $2,990.00 (40%)*

  Register for 10 attendees   Price: $8,222.00
      $14,950.00 You Save: $6,728.00 (45%)*
Course "A Risk Based Approach To IT Infrastructure & Cloud Qualification, Compliance & Control" has been pre-approved by RAPS as eligible for up to 12 credits towards a participant's RAC recertification upon full completion.

GxP Regulated companies are dependent on validated GxP computerized applications to conduct their day to day operations. These applications are, in turn, depended upon a qualified infrastructure that can be relied upon to provide control and regulatory compliance.

The consequences of the IT Infrastructure being out of compliance can result in the failure of an entire site or geographic region being brought to a standstill while the compliance issue is resolved. It can also result in regulatory citations during a regulatory inspection as both the infrastructure be out of compliance and also cause the computerized applications that are dependent on it to be out of compliance.

The impact of such compliance issues on a regulated company can be significant: it can result in recalls of products, warning or untitled letters, import alerts, injunctions, seizures, legal action, etc. These regulatory actions can have significant financial impact to the company. However, and most importantly, data integrity issues can lead to potential patient harm!!

Effective IT Infrastructure Qualification on the other hand, confers the following benefits.

  • Ensures GxP compliance
  • Reduces duplication of effort
  • Ensures adherence to standards
  • Enhances the flow of information throughout an information system
  • Promotes adaptability and agility necessary for a changeable environment
  • Ensures interoperability among organizational and external entities
  • Maintains effective change management policies and practices

Although all business activities depend upon the infrastructure, planning and projects to ensure its effective management are typically undervalued to the detriment of the organization. According to IDC, a prominent research firm (cited in an article in DM Review), investments in infrastructure management have the largest single impact on an organization's revenue.

Establishment and maintenance of a controlled infrastructure requires that infrastructure needs to be brought into initial compliance with the company’s established standards, through a planned qualification process, based upon domestic and international best practices and standards. The qualification needs to be documented and confirmed by Quality Assurance. Once the IT Infrastructure is qualified, the compliant state needs to be maintained by documented standard processes and quality assurance activities. The effectiveness of maintaining the qualified state needs to be monitored and periodically verified.

The Seminar:

This Seminar provide a risk based approach to meeting current regulatory expectations for compliant IT Infrastructure platforms, including the need to identify, qualify and control those aspects impacted by GxP quality and data integrity. It provides current best practices for the design, qualification and operation of an IT Infrastructure with emphasis on the qualification requirements of the major components. It addresses compliance with international GxP regulations and can be used both for the establishment of new platforms and extensions or existing platforms whether or not they are currently in support of GxP applications. Finally, this seminar covers a range of IT Infrastructures, from those found in companies operating in a global setting to isolated or semi-isolated GxP Infrastructures.

This Seminar focuses on the horizontal approach to IT Infrastructure Qualification which includes the following benefits:

  • Higher level of standardization throughout the entire lifecycle
  • Minimal overlap in documentation
  • Minimal overlap in qualification
  • Minimal overlap in audits inspections and assessments

The areas addressed by the seminar include:

  • How does IT Infrastructure Qualification fit into GaMP5 lifecycle
  • Quality Management for Infrastructure
  • Risk management for Infrastructure Qualification
  • Installation & Operational Qualification of Infrastructure Components
  • Configuration management and change control of infrastructure components and settings in a highly dynamic environment
  • Involvement of service provider in critical infrastructure processes
  • Security management in relation to access controls, availability of services and data integrity
  • Backup, restore and disaster recovery of IT Infrastructure


This seminar addresses compliance with international GxP regulations and considers:
  1. The establishment of new platforms and extensions to existing ones
  2. Existing platforms already in support of GxP applications
Current GxP requirements related to IT infrastructure platforms have been taken into account including:
  1. Good Manufacturing Practice (GMP)
  2. Good Clinical Practice (GCP)
  3. Good Laboratory Practice (GLP)
  4. Good Distribution Practice (GDP)
The seminar covers a range of IT Infrastructures, both cloud and non-cloud, from those found in companies operating globally to isolated or semi-isolated GxP regulated infrastructures. While the seminar references regulated infrastructures, it may also be useful to managers of IT infrastructures which are not regulated by GxP.

Please note that while not within the scope of this seminars, it is recognized that aspects such as business criticality, health and safety, and environmental requirements also may require specific assessment and control.

The table shows what will be covered

Platform Components Generic Qualification Strategy
Hardware and Peripherals Includes all computer equipment, including power supplies, boards, network interface cards, disk storage arrays, printers and other peripherals, etc., needed to execute programs in direct support of applications, and for providing basic IT Infrastructure services.

Hardware and peripherals used in the IT Infrastructure are typically GAMP HW category 1.

Firmware Firmware is often considered an indivisible part of the hardware component. However, in those instances where firmware is updated independently, it should be managed as software in its own right, and typically, would be GAMP SW category 2.
Operating Systems Includes operating systems and communication protocol implementations. Device drivers are usually designed and maintained by hardware suppliers to allow operating variants to effectively interact with their hardware products.

Most operating systems and drivers are GAMP SW category 1.

Note 1: Configuration of operating systems should be documented.

Note 2: Specific operating system features which are important to a GxP application may be validated as part of the application, e.g., the use of operating system user access and privilege functionality where the application software has no such built-in functionality.

Data Management Software Includes file storage software, database management systems, web-services, interface, and communications software, etc. Elements of Data Management Software often support more than one application.

Most Data Management Software is GAMP SW category 1, because they are part of the operating system environment, and typically, are standardized. Some may be other GAMP SW categories depending on complexity and configurability.

Servers Server building blocks or individually configured servers are usually built of standardized components and configured in accordance with specifications. The actual set-up should dictate the chosen qualification strategy.

Therefore, most server building blocks are a combination of GAMP HW category 1, and SW categories 1 or 2.

Clients Client building blocks or individually configured clients, range from 'thin' to 'thick' clients which may process and store data locally. The actual set-up should dictate the chosen qualification life cycle model.

Therefore, most client building blocks are a combination of GAMP HW category 1, and SW categories 1 or 2.

Applications Applications implement processes and may consist of everything from an 'off-the-shelf', standardized software package configured with the user defined parameters to a set of programs and parameters designed to meet unique user requirements.

Applications are GAMP SW categories 3, 4, or 5. The validation of applications is outside the scope of this Guide.

Who will benefit:

  • VP of IT
  • Director of IT
  • Quality Managers
  • Project Managers (for CSV / IT)
  • Validation Specialists
  • Database Administrators
  • System Administrators
  • Directors / Senior Directors of Discovery
  • Directors / Senior Directors of Development
  • Directors / Senior Directors of Commercialization
  • Document Managers
  • Training Managers
  • Regulators
  • Vendors
  • Suppliers
  • Outsource Service Providers


  • Pharmaceuticals
  • Biotech
  • Medical Device
  • Radiological Health
  • Blood Products
  • Companion Animals
  • Food
  • Cosmetics
  • Tobacco
  • Academia

Day 1 Schedule

Lecture 1:

Introduction and Background

  • Introductions / Participants’ Understanding / Participants’ Objectives for the Course (Please come prepared to discuss)
  • Infrastructure Qualification and the GaMP5 Lifecycle
  • Key Concepts
    • Platforms to run the business applications (e.g. CDMS, IVRS, LIMS, ERP)
    • IT Infrastructure processes that facilitate a capable & controlled IT environment
    • General IT services (e.g. email system, office tools, intranet facilities, file storage)

Lecture 2:

Infrastructure Options - Non-Cloud

  • Infrastructure Services
  • Platforms
  • Processes
  • Personnel

Lecture 3:

Infrastructure Options - Cloud

  • Current Concepts & Challenges in Cloud Computing
  • Cloud Computing in a GxP Environment: The Promise, the Reality and the Path to Clarity
  • IaaS Cloud in Regulated LifeSciences companies
  • A Risk Based Perspective on Leveraging PaaS within a Regulated LifeSciences Company
  • Using SaaS in a Regulated Environment – A LifeCycle Approach to Risk Management
  • SaaS in a Regulated Environment – The Impact of Multi-Tenancy and Subcontracting
  • Determine Regulated Cloud Strategy at Your Company by Answering 5 Key Questions

Lecture 4:

Risk Management

  • Assessment of Risk Components
  • Implementation of Mitigation and Controls
  • Change Control to Qualified Components
  • Periodic Review

Day 2 Schedule

Lecture 5:

Qualification of Platforms

  • Overview of Process
  • IT Infrastructure LifeCycle
    • Planning phase
    • Specification & Design phase
    • Risk Assessment & Qualification test planning phase
    • Procurement, installation and IQ phase
    • QA & acceptance phase
    • Operation & maintenance phase
    • Retirement (decommissioning / withdrawal phase)
  • Exercise
  • Procurement
    • Supplier Evaluation
    • Installation & IQ
      • Verification of Documentation
      • Environmental Conditions
      • Servers
      • Clients
      • Networks
  • OQ & Acceptance
  • Reporting
  • Handover
  • Exercise

Lecture 6:

Principles & Best Practices for Qualifying Cloud Infrastructure

  • Understanding Cloud Infrastructure Qualification Principles
  • What do Regulators Want
  • How Do You Qualify the Cloud?
  • Best Practices for Successful Validation
  • Bonus:
    • Cybersecurity Assessment
    • Sample Cloud SOPs for Governance

Lecture 7:


  • Security Management
  • Upgrade & Patch Management
  • Server Management
  • Performance Monitoring
  • Client Management
  • Network Management
  • Problem Management
  • Help Desk
  • Outsourcing & Supplier Management

Lecture 8:

Maintaining the Qualified State

  • Change Management
  • Configuration Management
  • Backup, Restore & Archiving
  • Disaster Recovery of IT Infrastructure

Quiz: Jeopardy!!!!

  • IT Infrastructure Qualification & Compliance

Want to register by P.O/Check?
We facilitate registration by P.O/Checks!
Complete your registration in just a few easy steps
Please just download, fill out the registration form and send it to us either by email to support@globalcompliancepanel.com or just fax us at 302 288 6884.
Once the form is received, an invoice will be generated and sent back to your fax number.
Following this just send us your purchase order by fax at 302 288 6884
Click here to download Registration form
In case you wish to register by using check
In case you wish to register by using check, please make a check to NetZealous LLC DBA GlobalCompliancePanel.com and mail it to the below address.
NetZealous LLC,
DBA GlobalCompliancePanel,
161 Mission Falls Lane,
Suite 216, Fremont, CA 94539, USA
Phone: 1800 447 9407

Want to register by Wire Transfer?
Please call any of our representatives on 1800 447 9407 to help you completed the transfer.
Group participations
Get fabulous discounts by participating in groups of two or more.
No Attendees Discount
1 2 Attendees 10% off
2 3 to 6 Attendees 20% off
3 7 to 10 Attendees 25% off
4 10+ Attendees 30% off

To avail the above group discounts, all the participants should register by making a single payment

Call our representative TODAY on 1800 447 9407 to have your seats confirmed!

Angela Bazigos

CEO, Touchstone Technologies Silicon Valley

Seasoned Executive with 40 years of experience in the Life Sciences & Healthcare Industries. Positions include Chief Compliance Officer http://morflearning.com/angelabazigos/. Experience combines Quality Assurance, Regulatory Compliance, Business Administration, Information Technology, Project Management, Clinical Lab Science, Turnarounds and Business Development. Past employers / clients include Roche, Novartis, Genentech & PriceWaterhouseCoopers. Co-authored & prototyped 21 CFR 11 guidance with FDA. Co-authored Computerized Systems in Clinical Research w/ FDA http://www1.diahome.org/~/media/4FA562336EBD46C58CDC43A8B7773095.ashx Patent on speeding up software compliance https://www.google.com/patents/US8266578. Recently quoted in Wall Street Journal for using training to bring regulatory compliance to the Boardroom http://blogs.wsj.com/riskandcompliance/2015/07/24/using-training-to-bring-compliance-to-boardrooms/ National Trainer for Society of Quality Assurance. Comments / collaborates with FDA on new guidance documents. Former President of Pacific Regional Chapter of Society of Quality Assurance. Stanford's Who's Who for LifeSciences: http://www.stanfordwhoswho.com/Angela.Bazigos.7144112.html#overview.

Location: Minnesota, MN Hotel: Embassy Suites Minneapolis - Airport   7901 34th Avenue South, Bloomington, MN 55425, USA

Sign Up for Our Newsletter