Can GMP Data be in the Cloud?

15.01.2024

LOGFILE Feature

7 min. reading time | by Thomas Peither
Published in LOGFILE 2/2024

The pace of digitalisation is accelerating. And it is presenting us with new opportunities at ever shorter intervals. This means that all GMP professionals need to be informed and make risk-based decisions! This also applies to data storage in the cloud. What are the opportunities and risks? Which cloud and service models exist?
In today’s feature, GMP expert Thomas Peither summarises the key points.

What is cloud computing?

Cloud computing is not a new technology, but a new way of providing resources for data processing.

Cloud computing services range from data storage and processing to software such as email processing. Such services are non-binding and available on demand.

As we are in a time of austerity, many companies are opting for predictable running costs rather than long-term, uncertain investments. With rapid innovation cycles and high costs, this new business model for data processing found fertile ground and is expanding worldwide.

The German Federal Office for Information Security (BSI) defines cloud computing as follows:

"Cloud computing is a model that makes it possible,

on demand,
anytime, anywhere and conveniently via a network
to access a shared pool of configurable computing resources (e.g. networks, servers, storage systems, applications and services),
that can be rapidly provisioned and with minimal management effort or service provider interaction“.

It is useful to initially think of a "cloud" first as a data centre, i.e. a third-party data centre. However, a regulated company has the same responsibility for the compliant operation of computerised systems as it does in its own data centre – only now the infrastructure and data are located elsewhere.

In principle, the control or management of the data is entrusted to the cloud provider, while the responsibility remains with the pharmaceutical manufacturer. From the perspective of a GMP regulated company, this immediately raises questions about

data security,
data availability and
data integrity.

Cloud models

The type of software provision distinguishes between different types of cloud.

Common models are:

Public Cloud
Community Cloud
Private Cloud
Virtual Private Cloud
Hybrid Cloud

Service models

Then there is the type of service model, and this is where things get a bit complicated. Let me just pick out the most common acronyms:

IaaS – Infrastructure as a Service

This is a computer infrastructure that is provided and managed via the Internet. Companies utilise the computing capacities and pay for the use of the computing power.

PaaS – Platform as a Service

Here, the company rents a complete operating system or a development environment. The customer is responsible for the applications running on it.

SaaS – Software as a Service

Finally, the user company is only responsible for the customer-specific data and access. Many people are familiar with this from SAP or accounting programmes. GMP Compliance Adviser is also a SaaS.

You can set favourites in the GMP Compliance Adviser for which we as a publisher are not responsible. Our GMP:READY e-learnings are also included in this category.

As you can see, things were different 10 years ago, and software often even had to be installed on a PC in the company. Today and in the future, we will only access the resources provided. This is also called division of labour – why should a pharmaceutical company be so deeply involved in IT issues when its core competency is drug production?

And of course the GMP Compliance Adviser does not run on a server in our basement, but in a cloud environment. This is not only more secure, but also more stable and less prone to downtime.

The word "more secure" may have raised an eyebrow. That’s OK, because we also wanted to look at the opportunities and risks of using the cloud.

Let's start with the opportunities:

Cloud-based services are used extensively in private areas (social media, online shopping) and are widely used in retail, banking, entertainment, etc.

These are seen as advantages:

Cost savings
Speed
Flexibility
Security

On the other hand, there are disadvantages that can arise in unfavourable cases:

Penalties
Downtime
Loss of sales
Damage to reputation
Loss of customer confidence

The Cloud Security Alliance (CSA) regularly collects, analyses and summarises the potential risks of using the cloud. In 2022, the report "Top Threats to Cloud Computing - Pandemic Eleven" was published.

I encourage you to read this list, as it will give you an idea of the range of issues, from insecure security architectures to hacking to steal data.

However, it is important to remember that when companies decide to keep all applications and data in-house, most of these risks are still present and need to be managed with in-house expertise.

Professional cloud services already cover these risks.

Expertise is always a key factor in the decision to outsource or insource. How much does external or internal expertise cost? The premise of division of labour also applies here.

This article is a shortened and translated excerpt from the 39^th episode of our German GMP & TEA webcast.

Do you have any questions or suggestions? Please contact us at: redaktion@gmp-verlag.de

Thomas Peither Written on 15 January 2024

You may also be interested in the following articles:

24.11.2025

Question of the Week

How is a QRM process initiated?

You can view the answer here:

FDA: Updated Pre-RFD Guidance for Combination Products

The U.S. FDA has released an updated final guidance on preparing a Pre-Request for Designation (Pre-RFD), replacing the previous 2018 version. The revised document provides new recommendations for interacting with the Office of Combination Products (OCP) and clarifies expectations for Pre-RFD submissions.

EDQM: 9 Virtual Training Modules on Ph. Eur. and CEPs

The EDQM has introduced a modular training programme covering chemically defined active substances and medicinal products. It will take place between 1 and 12 December 2025.

Related Products

GMP Compliance Adviser | Named User Licence | 12M

The GMP Compliance Adviser is an online publication that covers all aspects of Good Manufacturing Practice (GMP) in one source.In the GMP Compliance Adviser you’ll find: GMP in Practice This part contains 21 chapters with GMP expert knowledge to base your decisions upon. It provides practical assistance with checklists, templates and SOP examples. It is written by more than 80 authors with hands-on experience directly linked to the industry. The individual chapters describe the different aspects of GMP in clear language. Technical, organizational and procedural aspects are covered.More than 700 checklists, templates and examples of standard operation procedures taken directly out of practice help you in understanding the GMP requirements.GMP RegulationsThese chapters cover the most important GMP regulations from Europe and the United States (CFR and FDA), but also PIC/S, ICH, WHO and many more. Sample Documents In addition, the GMP Compliance Adviser contains many sample documents and practical examples that you can use.

Ready for dispatch, Delivery time appr. 2-5 workdays (2-3 weeks for christmas goodies)

€1,335.00 net excl. VAT

Details

GMP:KnowHow Pharma Logistics (GDP) | Named User License | 12M

Your knowledge base about GDP-compliant handling of your pharmaceutical logistics. It is important that you as a logistics service provider, but also as a client in the pharmaceutical industry, adhere precisely to the regulatory requirements. The GMP:KnowHow knowledge portal guides you through the regulatory jungle of the pharmaceutical and logistical supply chain! The knowledge portal gives you an easy-to-understand overview of all the important topics. Using graphics, you can easily navigate through all the areas covered by the EU GDP Guidelines (2013/C 343/01). You also have the relevant passages of the regulations directly at hand for each topic. This allows you to compare the requirements directly and saves you a lot of time on time-consuming searches and research!One thing is certain: the knowledge portal answers your questions about the supply chain of medicinal products, active pharmaceutical ingredients and medical devices. You don't have to be an expert. Yet.You will find answers to your questions in the GMP:KnowHow Pharma Logistics (GDP). Where does GDP begin, where does GMP end? What does GDP-compliant mean? When do I also have to take GMP requirements into account? What permits do I need for certain activities? What requirements do I have to fulfil? What is the current legal basis? How am I covered? What authorizations do I have for my work, e.g. from my employer? Who is responsible — the client or the contractor? And many more What is the difference to the GMP Compliance Adviser? The GMP:KnowHow Pharma Logistics (GDP) is your guideline for Good Distribution Practice. It is a product that is independent of the GMP Compliance Adviser and concentrates on content that is essential for carriers of medicinal products, active pharmaceutical ingredients and medical devices as well as for logistics clients. The focus is on practical knowledge and how to apply it in your daily business. If necessary, the relevant regulations can be called up immediately alongside the practical knowledge, and you can see the relevant paragraphs at a glance. In addition, sample documents are available to help you make immediate progress. AuthorSimone Ferrante – now Director Quality at Fisher Clinical Services – was previously Head of Quality Control and Responsible Person according to GDP (VP) for the entire Grieshaber Group. She is also a long-standing author and GDP expert at GMP-Verlag.

Ready for dispatch, Delivery time appr. 2-5 workdays (2-3 weeks for christmas goodies)

€610.00 net excl. VAT

Details

E-Learning GMP:READY | GMP for Engineers Online Course

Why are GMP rules important for technicians and engineers? Technicians and engineers play a key role in ensuring compliance with Good Manufacturing Practice (GMP) standards. They are involved in critical activities such as: planning and construction of ventilation systems, maintenance of water treatment plants, calibration of measuring sensors. Therefore, they are jointly responsible for the quality of medicines and must ensure that their work complies with GMP standards.Your advantages: Fast familiarization with GMP topics in approx. 2 hours, time- and location-independent online training, printable personal certificate, 12-month access for initial and follow-up training, automatic updates in case of legal changes, content compliant with Article 7(4) of Directive 2003/94/EC.

Ready for dispatch, Delivery time appr. 2-5 workdays (2-3 weeks for christmas goodies)

€240.00 net excl. VAT

Details

GMP Fundamentals | A Step-by-Step Guide

This handbook is a practical and easy to read guideline, giving you a quick and comprehensive overview of the complex world of Good Manufacturing Practice (GMP) without the need of previously acquired knowledge. Some topics are: GMP: Purpose and basic pharmaceutical terms Laws, licenses and inspections Personnel: Responsibility and hygiene Standard Operating Procedures (SOP) and documentation Design of rooms and facilities Processing and packaging Quality control and market release Suppliers, storage and logistics (Good Distribution Practice = GDP) Alphabetical index and abbreviations Using practical examples and comparisons to every-day life will help to easy understand GMP regulations.GMP Fundamentals is a helpful guide which facilitates the entry into the GMP world and teaches the necessary basics.

Ready for dispatch, delivery immediately after receipt of payment

€44.90 net excl. VAT

Details