ARCC’s Qualified and Validated Long Term Archiving solution provides a 21 CFR Part 11 validated archiving system within the Audit Ready Compliant Cloud environment to enable the long-term retention of validated data that customers have created and submitted to the FDA.
ARCC’s validated solution can maintain the integrity of customer data many years after that data was created.
ARCC ’s Audit Ready Compliant Cloud Suite
A suite of Qualified and Validated solutions that provide Life Science companies an FDA 21 CFR Part 11 qualified environment that includes:
- Qualified Hosting of validated applications to “CREATE” your data.
- Qualified Disaster Recovery – a validated Disaster Recovery solution to “PROTECT” your data.
- Qualified Long Term Archiving – a validated long-term archiving to “RETAIN” your data.
ARCC’s Long Term Archiving Solution enables the following:
- Retain, retrieve and manage documents and metadata in different formats
- All actions are logged and the system has full traceability including users, configuration and data
- All metadata and documents can be retraced to their original context
- Migration and export independent of original source application
- Regular integrity checks of electronic documents to ensure compliance
- Rules for automatic deletion after specified number of years based upon retention policy
Requirements and Risk
FDA Approach to Specific Part 11 Requirements
The Agency intends to exercise enforcement discretion regarding specific Part 11 requirements for:
- Audit Trail
- Legacy Systems
- Copied of Records
- Record Retention
FDA.GOV statistics on 483 letters.
In the event the FDA inspectors request information during an approved retention period, they will hold the company accountable for producing those records and if those records cannot be produced then the companies will be issued with a 483 letter.
Long-Term Archiving Challenges in a Regulated Environment:
Digital information related to clinical trials or basic research can get lost as priorities, personnel and systems change.
Many Life Science companies rely on archiving documents to file shares or CDs in order to preserve documents. Often documents cannot be found, opened, or the content cannot be searched within those documents.
Long-Term Archiving Solutions in a Regulated Environment:
The ARCC Long Term Archiving Solution saves documents in PDF/A format and are guaranteed to be readable at least ten (10) years into the future. They are stored in both PDF/A format and their original format to ensure that the original documents are retained while allowing accessibility to the content without jeopardizing the validated nature of the documents themselves.
ARCC combined with Adlib PDF Enterprise integrates with other Workflow and Business Processing Management systems including:
- EMC Documentum
- IBM FileNet
- Microsoft SharePoint
- OpenText ECM Suite
- Dassault ENOVIA
The solution accommodates High-fidelity conversion and document-level publishing with automated rendering of 400+ file types— including Microsoft® Office®, Lotus Notes®, CAD drawings, images, faxes, scans, emails, maps, forms, charts and other types of content—ensuring output exactly matches source content, regardless of original source.
Archived content for long-term access across all devices via automated publishing to PDF or PDF/A which also eliminates reliance on native applications.
ARCC Audit Ready Compliant Cloud
- Validation and ingestion of submission information package(SIP)*
- Creation of archival information package (AIP)*
- Rules and regulations for import and export
- Security Management
- Log analysis
- Management of search views
- Predefined search views
- External link support
- Data-filtered access
- Creation of dissemination information package (DIP)*
- Packaging of DIP
- Delivery of DIP
- File conversion
- Metadata completion
- Metadata transformation
- Data termination
- Display of information in its original context
- Report generation
- Access control at field level
- Transaction managment
- Change protection
- Alarm management
Good System Practice for Life Science
- Safe and Secure – Messages, documents & intellectual properties are stored in a safe & secure environment. (SSAE16 collocation facility)
- Back Up & Restore – Files, documents, & messages are backed up daily.
- Scalable – We grow with your company.
- Regulatory Compliant Qualified Infrastructure – Meets regulatory requirements for qualification while providing ascalable platform to host multiple applications for FDA 21 CFR Part 11 compliance validation.
- Flexible – Ability to host multiple applications in the same environment.
- Audit Support – We ensure your compliance and ensure the audit is passed with ease.
Security Policy and Procedure Samples
- CS-POL-020 Master Security Plan
- SE-POL-001 Network Logging
- SE-POL-002 Intrusion Detection
- SE-POL-003 Web Services Security
- SE-POL-004 Security Risk Acceptance
- SE-POL-005 Network Log Review
- SE-POL-007 Privileged Accounts
- SE-POL-008 Cisco Network Device Compliance Policy
- SE-POL-011 Firewall Security Policy
- SE-SOP-014 Network Intrusion Detection System (IDS)
- SE-SOP-015 Microsoft Server Vulnerability Assessment
Network Security Fabric … FDA 21 CFR Part 11
ARCC’s “Network Security Fabric” protects clients’ regulated environments and provides greater flexibility, mitigation capability and reporting throughout the lifecycle.
Continuous Visibility – Passive Vulnerability Scanning and Log Correlation Engines built into ARCC’s security fabric discern possible threats to customers’ computing security and provide the context necessary to make informed decisions on application protection.
Site Isolation – By leveraging the micro-segmentation ARCC provides logical isolation between individual clients, client studies, and DEV/TST/PRD environments. The basis of this isolation will rely on metadata attached to each workload for classification purposes. (i.e. VM tags)
- Study Separation
- Dev Test and Production
- Separation Client Separation
Network Anomaly Detection – ARCC “Analytics Insights” are used for risk mitigation by providing anomaly and heuristics based threat detection for all workloads hosted within ARCC.
- Risk Mitigation
Secure Protocol Enforcement – By leveraging ARCC’s policy engine, insecure protocols will be blocked within a client’s internal and external network traffic.
- Guaranteed PHI Encryption
Network Compliance Reporting (Optional) – The ARCC “Analytics Reporting Engine” provides custom network affinity reports on a per-client basis. Reports will run on a scheduled interval and automatically upload the results (file format TBD) to a dedicated repository for each client.
- Audit Readiness
ARCC Data Centers for Life Science powered by HOSTING
With SOC audited and PCI compliant data centers in Dallas, Denver, Irvine, Louisville, Newark and San Francisco, HOSTING delivers geographically diverse solutions with unmatched support:
Multiple Datacenters – SOC 2 & 3 Audited, 24-inch raised floor, organized overhead cable management, Fire Detection, Fire Suppression, incorporates Hosting’s Green Design Standards
Data Center Power – N+1 Redundant UPS Power and multiple power feeds, Automatic transfer switches and 14megawatts of building power capacity
Customer Power – 120V & 208V single and three phase circuits available in 20a, 30a or 60a redundant power via divergent power panels and PDUs
Configuration & Support – Multiple cabinet and cage configurations, private cage space available, cabinets are lockable, fire rated, perforated and/or venteddoors for sufficient airflow
Cooling – N+1 HVAC redundant Cooling system, Trane and Liebert Cooling systems, Temperature maintained at 74 degrees F, Humidity maintained at 40%
Bandwidth – Redundancy and automatic failover ensures continual connectivity, Redundant network carriers: Century Link, XO, Time Warner Telecom, Fully meshed routing and switching architecture, Multiple points of entry and diverse paths, 100 Mbps standard network connectivity to cabinets and cages
Security – Seven levels of physical security including keycard access, biometrics, man-trap and on-site security personnel, video monitoring via strategically located interior and exterior cameras providing 90days of video retention for critical areas, 24 x 7 x 365 customer access, Fully staffed, 24 x 7 x 365 NOC and remote hands assistance