ARCC’s qualified Hosting is an Audit Ready Compliant Cloud Infrastructure for the Life Science Industry that takes complexity, cost and risk out of obtaining, deploying and managing a qualified and validated cloud solution that supports regulatory requirements.
FDA 21 CFR Part 11 Qualified Hosting ARCC- Audit Ready Compliant Cloud for Life Science Applications ARCC’s qualified Hosting is an Audit Ready Compliant Cloud Infrastructure for the Life Science Industry that takes complexity, cost and risk out of obtaining, deploying and managing a qualified and validated cloud solution that supports regulatory requirements.
ARCC qualified hosting enables both customers and partners to host and have managed Electronic Document Management System (EDMS), electronic Common Technical Documents (eCTD), LiMS, QMS software and FDA gateway applications in a private regulated cloud environment.
ARCC’s FDA 21 CFR Part 11 Qualified Infrastructure provides customers and their software partners immediate time to market advantage combined with data integrity, privacy, security and regulatory compliance. ARCC’S qualified hosting supports customers’ development, test, and live production environments.
ARCC has a predefined IQ library that can be tailored to customer specific applications to ensure regulatory compliance.
ARCC’S qualified hosting enables customers to host multiple applications in a qualified environment and collaborate and work with other vendors to create comprehensive team solutions and competitive advantages in Life Science areas:
- Audit Support
- Seamless integration with customer’s existing qualified or non-qualified environment
ARCC ’s Audit Ready Compliant Cloud Suite
A suite of Qualified and Validated solutions that provide Life Science companies an FDA 21 CFR Part 11 qualified environment that includes:
- Qualified Hosting of validated applications to “CREATE” your data.
- Qualified Disaster Recovery – a validated Disaster Recovery solution to “PROTECT” your data.
- Qualified Long Term Archiving – a validated long-term archiving to “RETAIN” your data.
Requirements and Risk
FDA Approach to Specific Part 11 Requirements
The Agency intends to exercise enforcement discretion regarding specific Part 11 requirements for:
- Audit Trail
- Legacy Systems
- Copied of Records
- Record Retention
FDA.GOV statistics on 483 letters.
In the event the FDA inspectors request information during an approved retention period, they will hold the company accountable for producing those records and if those records cannot be produced then the companies will be issued with a 483 letter.
Good System Practice for Life Science
Safe and Secure – Messages, documents & intellectual properties are stored in a safe & secure environment. (SSAE16 collocation facility)
Back Up & Restore – Files, documents, & messages are backed up daily.
Scalable – We grow with your company.
Regulatory Compliant Qualified Infrastructure – Meets
regulatory requirements for qualification while providing ascalable platform to host multiple applications for FDA 21 CFR Part 11 compliance validation.
Flexible – Ability to host multiple applications in the same environment.
Audit Support – We ensure your compliance and ensure the audit is passed with ease.
Security Policy and Procedure Samples
- CS-POL-020 Master Security Plan
- SE-POL-001 Network Logging
- SE-POL-002 Intrusion Detection
- SE-POL-003 Web Services Security
- SE-POL-004 Security Risk Acceptance
- SE-POL-005 Network Log Review
- SE-POL-007 Privileged Accounts
- SE-POL-008 Cisco Network Device Compliance Policy
- SE-POL-011 Firewall Security Policy
- SE-SOP-014 Network Intrusion Detection System (IDS)
- SE-SOP-015 Microsoft Server Vulnerability Assessment
Network Security Fabric … FDA 21 CFR Part 11
ARCC’s “Network Security Fabric” protects clients’ regulated environments and provides greater flexibility, mitigation capability and reporting throughout the lifecycle.
Continuous Visibility – Passive Vulnerability Scanning and Log Correlation Engines built into ARCC’s security fabric discern possible threats to customers’ computing security and provide the context necessary to make informed decisions on application protection.
Site Isolation – By leveraging the micro-segmentation ARCC provides logical isolation between individual clients, client studies, and DEV/TST/PRD environments. The basis of this isolation will rely on metadata attached to each workload for classification purposes. (i.e. VM tags)
- Study Separation
- Dev Test and Production
- Separation Client Separation
Network Anomaly Detection – ARCC “Analytics Insights” are used for risk mitigation by providing anomaly and heuristics based threat detection for all workloads hosted within ARCC.
- Risk Mitigation
Secure Protocol Enforcement – By leveraging ARCC’s policy engine, insecure protocols will be blocked within a client’s internal and external network traffic.
- Guaranteed PHI Encryption
Network Compliance Reporting (Optional) – The ARCC “Analytics Reporting Engine” provides custom network affinity reports on a per-client basis. Reports will run on a scheduled interval and automatically upload the results (file format TBD) to a dedicated repository for each client.
- Audit Readiness
ARCC Data Centers for Life Science powered by HOSTING
With SOC audited and PCI compliant data centers in Dallas, Denver, Irvine, Louisville, Newark and San Francisco, HOSTING delivers geographically diverse solutions with unmatched support:
Multiple Datacenters – SOC 2 & 3 Audited, 24-inch raised floor, organized overhead cable management, Fire Detection, Fire Suppression, incorporates Hosting’s Green Design Standards
Data Center Power – N+1 Redundant UPS Power and multiple power feeds, Automatic transfer switches and 14megawatts of building power capacity
Customer Power – 120V & 208V single and three phase circuits available in 20a, 30a or 60a redundant power via divergent power panels and PDUs
Configuration & Support – Multiple cabinet and cage configurations, private cage space available, cabinets are lockable, fire rated, perforated and/or venteddoors for sufficient airflow
Cooling – N+1 HVAC redundant Cooling system, Trane and Liebert Cooling systems, Temperature maintained at 74 degrees F, Humidity maintained at 40%
Bandwidth – Redundancy and automatic failover ensures continual connectivity, Redundant network carriers: Century Link, XO, Time Warner Telecom, Fully meshed routing and switching architecture, Multiple points of entry and diverse paths, 100 Mbps standard network connectivity to cabinets and cages
Security – Seven levels of physical security including keycard access, biometrics, man-trap and on-site security personnel, video monitoring via strategically located interior and exterior cameras providing 90days of video retention for critical areas, 24 x 7 x 365 customer access, Fully staffed, 24 x 7 x 365 NOC and remote hands assistance