German
€0.00*
Feature
German

IT Service Providers: Service Level Agreement

  • LOGFILE Feature

Excerpt from the GMP Compliance Adviser, Chapter 9.G.3. – 9.G.3.3.

8 min. reading time | by Markus Roemer, Siegfried Schmitt, PhD
Published in LOGFILE 33/2021

The written contract on the outsourced activities can take the form of an internal service agreement or an external service agreement. In both cases, it is used to describe.

  • Clear tasks,
  • Clear responsibilities and
  • Clear communication flows.

Services must be precisely defined and agreed. The contract between the contract giver and the contract acceptor must clearly define the tasks of both sides and regulate communication between these two parties. The service level agreement thus minimises misunderstandings and increases work efficiency. Particularly in cases where both parties bear responsibility for a certain aspect of the contract, a clear delimitation must be made. This is also referred to as a delimitation of responsibility contract.

Example:

"The contract giver is responsible for defining the backup routine. The contract acceptor is responsible for performing the backup as specified."

Here, responsibilities are clearly defined instead of simply saying that both parties are responsible for the backup. Since the service agreement or contract is required by legislation, it is also inspectable by the authorities. For this very reason, it is recommended to separate the commercial part from the technical part. It makes sense for the client to provide specifications (also called reference points or user requirements specifications). The importance of making these specifications as detailed and verifiable as possible should not be underestimated.

Despite all precautions, something can go wrong. Therefore, a business continuity plan is necessary whether or not outsourcing is involved.

Obligations of the contract giver

The tasks of the contract giver include responsibility for assessing the competence of the contract acceptor, which should be established in an assessment or audit. The contract giver must ensure that all work is performed in a (GMP) compliant manner. This is often easier said than done. Software developers, for example, have their own quality standards, often simply software coding standards, but far removed from GMP. Whether and when this is acceptable depends entirely on the specific circumstances and must be evaluated through a risk assessment. Documentation, change management, training, and all other regulatory aspects must be reviewed. The contract giver must supply all the necessary information to ensure that tasks can be executed properly by the contract acceptor.

Particular attention should be paid to the availability of data that is outsourced or managed by a service provider. The regulations clearly state that the client is responsible for data integrity. This includes availability and access to the data. Since service provider data centers are often spread around the globe, local legal restrictions, such as the EU-US Agreement on Personal Data Protection (www.privacyshield.gov), must be taken into account.

Obligations of the contract acceptor

The contract acceptor should possess suitable premises and the necessary equipment. In addition, he/she must have sufficient technical expertise, experience and competent personnel. He/she may not subcontract any work contractually assigned to them to a third party without the prior review and approval of the contract giver. The contract acceptor must also permit audits or inspections by the contract giver and the authorities.

There are often limits to this aspect as well. For example, companies that only marginally supply the regulated life science sector will resist such regulation. Again, the risk must be assessed through a documented analysis. In other words, it is unlikely that a government agency will subject a company like SAP or Oracle to a GMP inspection, even though their software products are often used for GMP critical applications.

The competencies of the client and contractor are not always balanced. If the Capability Maturity Model Integration is applied to outsourcing, the picture is as in Figure 9.G-1.

It is desirable if the client and contractor have similar competencies and thus an understanding of the tasks. This is represented by the diagonal line. As an extreme example, let us take a young pharmaceutical company that is not familiar with computer validation. They are therefore looking for an outside company that can do it. Since they are inexperienced, they simply choose the cheapest offer. If, by chance, this is a company with inexperienced employees, then the skills of the two parties balance each other out, but there is no guarantee that the product will meet expectations, and the customer cannot judge whether the result is good or bad. If, on the other hand, the company chooses a very competent supplier by chance, then the constellation arises that the client becomes dependent on the supplier, i.e. the supplier now dictates what and how much is to be done. Of course, there is also the other extreme, where the customer has much more competence than the supplier. Then it is often the case that the customer trains the supplier (at his own expense).

Conclusion: high competence on both sides is the best solution!

Figure 9.G-1 Competence correlation

Contents of a service level agreement

The following is a typical example of a table of contents for a service level agreement:

  • Service description
  • Validity
  • Provision of services
  • Availability
  • Reaction time
  • Response time
  • Technical details/file formats
  • Scope of the service
  • Obligations of the contract giver
  • Training
  • Documentation requirements
  • Change management
  • Data backup
  • Business continuity planning
  • Inspection and audit
  • Costs and method of payment (preferably as a separate part)
  • Service acceptance, measurands and remediation of deficiencies

Specific requirements of the pharmaceutical industry

Since the pharmaceutical industry is subject to regulations and regular inspections by the authorities, the following points in particular should be taken into account:

  • Training documentation: Date, duration, contents of training, and evaluation of whether participants have understood the contents (EU-GMP Guidelines Part I Basic Requirements for Medicinal Products, chapter 2.10 ff.)
  • Documentation requirements: No pencil used, changes and corrections made in GMP compliant style (cross out the old version legibly and add the new content with initials, date and reason).
  • Change management: No unauthorised changes
  • Backup and Business Continuity Planning: In the event of a product recall, all relevant information must be accessible within the minimum possible time. Some software applications can be so critical that the company itself would like to have access to the source code in certain cases – for example, if the provider of the software discontinues its services. Source code management is done, for example, through an escrow agreement (the source code is deposited with a trusted party).

Do you have any questions or suggestions? Please contact us at: redaktion@gmp-verlag.de

Markus Roemer
Markus Roemer Written on 30 August 2021

You may also be interested in the following articles:

How is a QRM process initiated?
Question of the Week

How is a QRM process initiated?

You can view the answer here:
Read more
FDA: Updated Pre-RFD Guidance for Combination Products
News

FDA: Updated Pre-RFD Guidance for Combination Products

The U.S. FDA has released an updated final guidance on preparing a Pre-Request for Designation (Pre-RFD), replacing the previous 2018 version. The revised document provides new recommendations for interacting with the Office of Combination Products (OCP) and clarifies expectations for Pre-RFD submissions.
Read more
EDQM: 9 Virtual Training Modules on Ph. Eur. and CEPs
News

EDQM: 9 Virtual Training Modules on Ph. Eur. and CEPs

The EDQM has introduced a modular training programme covering chemically defined active substances and medicinal products. It will take place between 1 and 12 December 2025.
Read more
Previous
Next

Related Products

Skip product gallery
GMP Compliance Adviser | Named User Licence | 12M

GMP Compliance Adviser | Named User Licence | 12M

The GMP Compliance Adviser is an online publication that covers all aspects of Good Manufacturing Practice (GMP) in one source.In the GMP Compliance Adviser you’ll find: GMP in Practice This part contains 21 chapters with GMP expert knowledge to base your decisions upon. It provides practical assistance with checklists, templates and SOP examples. It is written by more than 80 authors with hands-on experience directly linked to the industry. The individual chapters describe the different aspects of GMP in clear language. Technical, organizational and procedural aspects are covered.More than 700 checklists, templates and examples of standard operation procedures taken directly out of practice help you in understanding the GMP requirements.GMP RegulationsThese chapters cover the most important GMP regulations from Europe and the United States (CFR and FDA), but also PIC/S, ICH, WHO and many more.  Sample Documents In addition, the GMP Compliance Adviser contains many sample documents and practical examples that you can use.

Ready for dispatch, Delivery time appr. 2-5 workdays (2-3 weeks for christmas goodies)
€1,335.00 net excl. VAT
Details
GMP:KnowHow Pharma Logistics (GDP) | Named User License | 12M

GMP:KnowHow Pharma Logistics (GDP) | Named User License | 12M

Your knowledge base about GDP-compliant handling of your pharmaceutical logistics. It is important that you as a logistics service provider, but also as a client in the pharmaceutical industry, adhere precisely to the regulatory requirements. The GMP:KnowHow knowledge portal guides you through the regulatory jungle of the pharmaceutical and logistical supply chain! The knowledge portal gives you an easy-to-understand overview of all the important topics. Using graphics, you can easily navigate through all the areas covered by the EU GDP Guidelines (2013/C 343/01). You also have the relevant passages of the regulations directly at hand for each topic. This allows you to compare the requirements directly and saves you a lot of time on time-consuming searches and research!One thing is certain: the knowledge portal answers your questions about the supply chain of medicinal products, active pharmaceutical ingredients and medical devices. You don't have to be an expert. Yet.You will find answers to your questions in the GMP:KnowHow Pharma Logistics (GDP). Where does GDP begin, where does GMP end? What does GDP-compliant mean? When do I also have to take GMP requirements into account? What permits do I need for certain activities? What requirements do I have to fulfil? What is the current legal basis? How am I covered? What authorizations do I have for my work, e.g. from my employer? Who is responsible — the client or the contractor? And many more What is the difference to the GMP Compliance Adviser? The GMP:KnowHow Pharma Logistics (GDP) is your guideline for Good Distribution Practice. It is a product that is independent of the GMP Compliance Adviser and concentrates on content that is essential for carriers of medicinal products, active pharmaceutical ingredients and medical devices as well as for logistics clients. The focus is on practical knowledge and how to apply it in your daily business. If necessary, the relevant regulations can be called up immediately alongside the practical knowledge, and you can see the relevant paragraphs at a glance. In addition, sample documents are available to help you make immediate progress. AuthorSimone Ferrante – now Director Quality at Fisher Clinical Services – was previously Head of Quality Control and Responsible Person according to GDP (VP) for the entire Grieshaber Group. She is also a long-standing author and GDP expert at GMP-Verlag.

Ready for dispatch, Delivery time appr. 2-5 workdays (2-3 weeks for christmas goodies)
€610.00 net excl. VAT
Details
E-Learning GMP:READY | GMP for Engineers Online Course

E-Learning GMP:READY | GMP for Engineers Online Course

Why are GMP rules important for technicians and engineers? Technicians and engineers play a key role in ensuring compliance with Good Manufacturing Practice (GMP) standards. They are involved in critical activities such as: planning and construction of ventilation systems, maintenance of water treatment plants, calibration of measuring sensors. Therefore, they are jointly responsible for the quality of medicines and must ensure that their work complies with GMP standards.Your advantages: Fast familiarization with GMP topics in approx. 2 hours, time- and location-independent online training, printable personal certificate, 12-month access for initial and follow-up training, automatic updates in case of legal changes, content compliant with Article 7(4) of Directive 2003/94/EC.

Ready for dispatch, Delivery time appr. 2-5 workdays (2-3 weeks for christmas goodies)
€240.00 net excl. VAT
Details
GMP Fundamentals | A Step-by-Step Guide

GMP Fundamentals | A Step-by-Step Guide

This handbook is a practical and easy to read guideline, giving you a quick and comprehensive overview of the complex world of Good Manufacturing Practice (GMP) without the need of previously acquired knowledge. Some topics are: GMP: Purpose and basic pharmaceutical terms Laws, licenses and inspections Personnel: Responsibility and hygiene Standard Operating Procedures (SOP) and documentation Design of rooms and facilities Processing and packaging Quality control and market release Suppliers, storage and logistics (Good Distribution Practice = GDP) Alphabetical index and abbreviations Using practical examples and comparisons to every-day life will help to easy understand GMP regulations.GMP Fundamentals is a helpful guide which facilitates the entry into the GMP world and teaches the necessary basics.

Ready for dispatch, delivery immediately after receipt of payment
€44.90 net excl. VAT
Details
This website uses cookies to ensure the best experience possible. More information...