IT-Infrastructure Qualification

Qualification of the IT infrastructure according to EU GMP Guide Annex 11 and GAMP Good Practice Guide

The IT infrastructure of a company is usually very complex, as it has grown over many years. The result is high operating and maintenance costs and a considerable operational risk. Integrative approaches are needed here which link processes, applications and IT infrastructure to one another and to make their interaction manageable.

New legal requirements for computerized systems require a qualification for the IT infrastructure. The mandatory system of rules, the EU GMP Guide Annex 11, has been effective since mid-2011. The GAMP Good Practice Guide interprets the legal requirements. As there is no similarly harmonized and recognized standard as in the typical CSV, the scope of quality assurance measures, and thus the level of qualification, is still very different from company to company.

For pharmaceutical companies which rely on IT infrastructure services (e.g. backup, access control) for GxP relevant applications, it is imperative to get GxP risks demonstrably under control. Inspectors are therefore increasingly interested in this qualification.

The GxP-relevant IT infrastructure elements are determined and qualified based on a risk analysis. An appropriate integrated qualification strategy can prevent duplication in departments that access shared IT services, and thus provide consistent, qualified IT platforms. Here, the integration of the activities in a company-wide quality assurance system is also important.