Dr Bob McDowall
R.D. McDowall Ltd.
Referent:innen
Yves Samson
Kereon
Frank Behnisch
Formerly CSL Behring
Note: All times mentioned are CEST.
Zielgruppe
The Event is aimed at managers from the pharmaceutical industry, suppliers and service companies who plan, qualify and operate IT infrastructure in a GxP Environment.
Zielsetzung
- Get an overview of technologies discussed currently in the pharmaceutical environment
- Learn what requirements are placed on the IT infrastructure and its qualification within the scope of GMP regulations
- Principles outlined can be applied to Operation Technology (OT) for production systems
- IT security and cybersecurity has now taken on a central role; here you will learn about the importance of the IT infrastructure in terms of an appropriate IT security concept
- Case studies show you qualification approaches for key IT infrastructure components
- Virtualization is a part of the IT infrastructure; learn strategies for qualifying the virtual machine and the virtualization platform
Background
In today’s pharmaceutical environment, the IT infrastructure is the backbone for the application of a wide range of software solutions. The requirements for IT security are becoming increasingly important. Only a robust IT infrastructure with suitable network topologies and security concepts can guarantee the appropriate security here.
Pharmaceutical regulations contain few or only indirect requirements for the IT infrastructure. The principles of the EU GMP guidelines state “The application should be validated, the IT infrastructure should be qualified”. Here the phrase “should” correspond to a “must”! Further information can be found in the revised version of the GAMP® Good Practice Guide “IT Infrastructure Control and Compliance” published in August 2017.
Pharmaceutical regulations contain few or only indirect requirements for the IT infrastructure. The principles of the EU GMP guidelines state “The application should be validated, the IT infrastructure should be qualified”. Here the phrase “should” correspond to a “must”! Further information can be found in the revised version of the GAMP® Good Practice Guide “IT Infrastructure Control and Compliance” published in August 2017.
Programm
IT/OT Infrastructure Model
- Overall IT/OT infrastructure enterprise model
- GAMP IT infrastructure model
- Applying GAMP software categories
- OT specifics
- Applicable to all options: on premise / data hotel / SaaS IT
Regulatory and Legal Requirements / Agreement for IT/OT Infrastructure
- GxP regulations with focus on Annex 11 and Chapter 7
- Supplier assessment and agreements for IT suppliers: Risk management; Quality and technical agreements and service levels; Governance and Quality oversight; Time synchronisation
- Brief summary of legal requirements: e.g. GDPR, HIPAA, etc.
Effective and efficient Compliance
- Supporting life cycle model
- Specification
- Design
- Verification
Workshop: “How can you ensure IT and QA work together?”
Although there needs to be quality oversight of IT operations and associated records, what is the best way for IT and Quality to collaborate? Suggestions made in the workshop will be discussed with the course attendees.
Content of an Agreement with an IT Service Provider
Annex 11 clause 3 requires that there is a formal agreement between an IT service provider and the business but provides little detail other the document should include clear statements of the responsibilities of the third party. What else is required in an IT agreement?
- Scope of the IT services provided
- Roles and responsibilities of both parties
- Reporting with metrics against defined service Levels
- Escalation pathway
- Is an agreement for an internal IT department the same as a cloud service Provider?
Agile Infrastructure: Introduction to Infrastructure as Code (IaC)
- Definition & scope
- Toys or tool?: 40 years evolution
- Flexibility & Agility: From installation to provisioning
- The costs of Agility: Rigorous planning; Adequate tools; Training; Risks and benefits
Change and Configuration Management
- Regulatory requirements
- Definitions of change control and configuration management
- Outline of a change management process
Security and Cybersecurity for a robust IT/OT Infrastructure
- IT infrastructure security requirements
- Cybersecurity: ransomware and malware
- Sizing / Availability / Reliability
- Basic security rules
- Network topology
- Network segregation
- IT infrastructure monitoring
- Recommendation for data archiving suppor
- PEN testing
Incident and Problem Management
- Definition of incident and problem
- Incident investigation
- Collating incidents into problems and their resolution
- Linking with change control
Qualification Documentation
- QP – Qualification Plan
- TRS – Technical Requirements Specification
- CS – Configuration Specifications
- IQ – Installation Qualification a.k.a. Configuration Testing
Disaster Recovery Planning
- Regulatory requirements for disaster recovery
- For virtual and physical environment
- Disaster recovery or business continuity plans?
- Disaster recovery plan and testing
- Order of application recovery with associated data
- RPO – Recovery Point Objective
- RTO – Recovery Time Objective
Workshop: Disaster Recovery Planning
Business continuity is an Annex 11 requirement. What should a disaster recover plan cover? How detailed should it be? What would be the triggers to activate a plan? How should it be tested? Does it need to be reviewed? If so how frequently? Could the same plan apply equally to an on-premises and cloud computerised system?
Design Review of IT Infrastructure
- Design Review and Risk Management purpose
- Performing Design Review
- What might go wrong?
- Critical review of the IT infrastructure
- Design and monitoring of mitigation measures
Infrastructure as a Platform for Various Applications
- Definition of Platform
- Generic approach
- Standard changes
- Infrastructure lifecycle challenges for applications & GxP
- Specialties in automation – challenge for infrastructure in 24/7 real-time applications
Case Study: Central Backup Management System
- Requirements
- Verification
- Risk assessment
- Configuration specification
- Server / Agent / Operating parameters
- Configuration Testing (IQ)
- Functional Testing (OQ)
- Supporting SOPs
- Operation
Case Study: Firewall Qualification
- Requirements
- Risk assessment
- Configuration specification
- Configuration Testing (IQ)
- Functional Testing (OQ)
- Operation
Weitere Informationen
Radisson Blu Scandinavia Hotel
Amager Boulevard 70
2300 Copenhagen S, Denmark
Phone: +45 3396 50 00
Email guest.copenhagen@radissonblu.com
Amager Boulevard 70
2300 Copenhagen S, Denmark
Phone: +45 3396 50 00
Email guest.copenhagen@radissonblu.com
Accommodation
CONCEPT HEIDELBERG has reserved a limited number of rooms in the conference hotel. You will receive a room reservation form/POG when you have registered for the course. Reservation should be made directly with the hotel. Early reservation is recommended.
CONCEPT HEIDELBERG has reserved a limited number of rooms in the conference hotel. You will receive a room reservation form/POG when you have registered for the course. Reservation should be made directly with the hotel. Early reservation is recommended.
Conference language
The official conference language will be English.
The official conference language will be English.
Fees (per delegate, plus VAT)
ECA Members € 2,290
APIC Members € 2,390
Non-ECA Members € 2,490
EU GMP Inspectorates € 1,245
The conference fee is payable in advance after receipt of invoice and includes conference documentation, Social event and dinner on the first day, lunch on day 1 and day 2, standing lunch on day 3 and all refreshments. VAT is reclaimable.
Social Event
On the evening of the first couse day, you are cordially invited to a social event. This is an excellent opportunity to share your experiences with colleagues from other companies in a relaxed atmosphere.
ECA Members € 2,290
APIC Members € 2,390
Non-ECA Members € 2,490
EU GMP Inspectorates € 1,245
The conference fee is payable in advance after receipt of invoice and includes conference documentation, Social event and dinner on the first day, lunch on day 1 and day 2, standing lunch on day 3 and all refreshments. VAT is reclaimable.
Social Event
On the evening of the first couse day, you are cordially invited to a social event. This is an excellent opportunity to share your experiences with colleagues from other companies in a relaxed atmosphere.
Presentations/Certificate
The presentations for this event will be available for you to download and print before and after the event. Please note that no printed materials will be handed out on site and that there will not be any opportunity to print the presentations on site.
The presentations for this event will be available for you to download and print before and after the event. Please note that no printed materials will be handed out on site and that there will not be any opportunity to print the presentations on site.
Contact
Questions regarding content:
Dr Andreas Mangel, +49 (0) 62 21 84 44 41, mangel@concept-heidelberg.de.
Questions regarding content:
Dr Andreas Mangel, +49 (0) 62 21 84 44 41, mangel@concept-heidelberg.de.
Questions regarding Organisation:
Mr Rouwen Schopka, +49 (0) 62 21 84 44 13, schopka@concept-heidelberg.de
Mr Rouwen Schopka, +49 (0) 62 21 84 44 13, schopka@concept-heidelberg.de
Datum & Uhrzeiten
Wed, 27 May 2026, 09.00 – 17.30 h
Thu, 28 May 2026, 08.30 – 17.30 h
Fri, 29 May 2026, 08.30 – 13.00 h
Thu, 28 May 2026, 08.30 – 17.30 h
Fri, 29 May 2026, 08.30 – 13.00 h
All times mentioned are CEST.
Teilnahmegebühr
| ECA-Member*: | € 2290,- |
| Non ECA Member*: | € 2490,- |
| EU/GMP Inspectorates*: | € 1245,- |
| APIC Member Discount*: | € 2390,- |
Alle Preise zzgl. MwSt. Wichtige Hinweise zur Umsatzsteuer.
* auch unkompliziert per Kreditkarte bezahlbar
Weitere Termine vor Ort
Weitere Termine vor Ort nicht verfügbar
Weitere Termine online
Weitere Termine online nicht verfügbar
This course is part of the GMP Certification Programme "ECA Certified Computer Validation Manager"
Haben Sie noch Fragen?
Wir stehen Ihnen für weitere Auskünfte gerne zur Verfügung.
E-Mail: info@concept-heidelberg.de
Für Lieferanten: Ausstellungs- und Sponsoringmöglichkeiten
Teilnehmerstimmen - das sagen andere über unsere Seminare:
