ARCC’s qualified Hosting is an Audit Ready Compliant Cloud Infrastructure for the Life Science Industry that takes complexity, cost and risk out of obtaining, deploying and managing a qualified and validated cloud solution that supports regulatory requirements.

FDA 21 CFR Part 11 Qualified Hosting ARCC- Audit Ready Compliant Cloud for Life Science Applications ARCC’s qualified Hosting is an Audit Ready Compliant Cloud Infrastructure for the Life Science Industry that takes complexity, cost and risk out of obtaining, deploying and managing a qualified and validated cloud solution that supports regulatory requirements.

ARCC qualified hosting enables both customers and partners to host and have managed Electronic Document Management System (EDMS), electronic Common Technical Documents (eCTD), LiMS, QMS software and FDA gateway applications in a private regulated cloud environment.

ARCC’s FDA 21 CFR Part 11 Qualified Infrastructure provides customers and their software partners immediate time to market advantage combined with data integrity, privacy, security and regulatory compliance. ARCC’S qualified hosting supports customers’ development, test, and live production environments.

ARCC has a predefined IQ library that can be tailored to customer specific applications to ensure regulatory compliance.

ARCC’S qualified hosting enables customers to host multiple applications in a qualified environment and collaborate and work with other vendors to create comprehensive team solutions and competitive advantages in Life Science areas:

  • GSP

  • Security

  • Audit Support

  • Seamless integration with customer’s existing qualified or non-qualified environment

ARCC ’s Audit Ready Compliant Cloud Suite

A suite of Qualified and Validated solutions that provide Life Science companies an FDA 21 CFR Part 11 qualified environment that includes:

  • Qualified Hosting of validated applications to “CREATE” your data.

  • Qualified Disaster Recovery – a validated Disaster Recovery solution to “PROTECT” your data.

  • Qualified Long Term Archiving – a validated long-term archiving to “RETAIN” your data.


Requirements and Risk

FDA Approach to Specific Part 11 Requirements

The Agency intends to exercise enforcement discretion regarding specific Part 11 requirements for:

  1. Validation

  2. Audit Trail

  3. Legacy Systems

  4. Copied of Records

  5. Record Retention

FDA.GOV statistics on 483 letters.

In the event the FDA inspectors request information during an approved retention period, they will hold the company accountable for producing those records and if those records cannot be produced then the companies will be issued with a 483 letter.


Good System Practice for Life Science

Safe and Secure – Messages, documents & intellectual properties are stored in a safe & secure environment. (SSAE16 collocation facility)

Back Up & Restore – Files, documents, & messages are backed up daily.

Scalable – We grow with your company.

Regulatory Compliant Qualified Infrastructure – Meets

regulatory requirements for qualification while providing ascalable platform to host multiple applications for FDA 21 CFR Part 11 compliance validation.

Flexible – Ability to host multiple applications in the same environment.

Audit Support – We ensure your compliance and ensure the audit is passed with ease.

Security Policy and Procedure Samples

  • CS-POL-020 Master Security Plan

  • SE-POL-001 Network Logging

  • SE-POL-002 Intrusion Detection

  • SE-POL-003 Web Services Security

  • SE-POL-004 Security Risk Acceptance

  • SE-POL-005 Network Log Review

  • SE-POL-007 Privileged Accounts

  • SE-POL-008 Cisco Network Device Compliance Policy

  • SE-POL-011 Firewall Security Policy

  • SE-SOP-014 Network Intrusion Detection System (IDS)

  • SE-SOP-015 Microsoft Server Vulnerability Assessment

Network Security Fabric … FDA 21 CFR Part 11

ARCC’s “Network Security Fabric” protects clients’ regulated environments and provides greater flexibility, mitigation capability and reporting throughout the lifecycle.

Continuous Visibility – Passive Vulnerability Scanning and Log Correlation Engines built into ARCC’s security fabric discern possible threats to customers’ computing security and provide the context necessary to make informed decisions on application protection.

Site Isolation – By leveraging the micro-segmentation ARCC provides logical isolation between individual clients, client studies, and DEV/TST/PRD environments. The basis of this isolation will rely on metadata attached to each workload for classification purposes. (i.e. VM tags)

  • Study Separation

  • Dev Test and Production

  • Separation Client Separation

Network Anomaly Detection – ARCC “Analytics Insights” are used for risk mitigation by providing anomaly and heuristics based threat detection for all workloads hosted within ARCC.

  • Risk Mitigation

Secure Protocol Enforcement – By leveraging ARCC’s policy engine, insecure protocols will be blocked within a client’s internal and external network traffic.

  • Guaranteed PHI Encryption

Network Compliance Reporting (Optional) – The ARCC “Analytics Reporting Engine” provides custom network affinity reports on a per-client basis. Reports will run on a scheduled interval and automatically upload the results (file format TBD) to a dedicated repository for each client.

  • Audit Readiness

ARCC Data Centers for Life Science powered by SunGard and HOSTING

With SOC audited and PCI compliant data centers in Dallas, Denver, Irvine, Louisville, Newark and San Francisco, HOSTING delivers geographically diverse solutions with unmatched support:

Multiple Datacenters – SOC 2 & 3 Audited, 24-inch raised floor, organized overhead cable management, Fire Detection, Fire Suppression, incorporates Hosting’s Green Design Standards

Data Center Power – N+1 Redundant UPS Power and multiple power feeds, Automatic transfer switches and 14megawatts of building power capacity

Customer Power – 120V & 208V single and three phase circuits available in 20a, 30a or 60a redundant power via divergent power panels and PDUs

Configuration & Support – Multiple cabinet and cage configurations, private cage space available, cabinets are lockable, fire rated, perforated and/or venteddoors for sufficient airflow

Cooling – N+1 HVAC redundant Cooling system, Trane and Liebert Cooling systems, Temperature maintained at 74 degrees F, Humidity maintained at 40%

Bandwidth – Redundancy and automatic failover ensures continual connectivity, Redundant network carriers: Century Link, XO, Time Warner Telecom, Fully meshed routing and switching architecture, Multiple points of entry and diverse paths, 100 Mbps standard network connectivity to cabinets and cages

Security – Seven levels of physical security including keycard access, biometrics, man-trap and on-site security personnel, video monitoring via strategically located interior and exterior cameras providing 90days of video retention for critical areas, 24 x 7 x 365 customer access, Fully staffed, 24 x 7 x 365 NOC and remote hands assistance