The validated status of GxP applications that are dependent upon an underlying IT Infrastructure is compromised if that IT Infrastructure is not maintained in a demonstrable state of control and regulatory compliance. The consequences of the IT Infrastructure being out of effective control can be significant. Depending on the nature of a failure, an entire site or geographic region of operations could be brought to a standstill while the problem is resolved.

The GAMP® GPG: IT Infrastructure Control and Compliance provides comprehensive guidance on meeting current regulatory expectations for compliant IT Infrastructure platforms, including the need to identify, qualify, and control those aspects impacted by GxP. The Guide includes the description of a scaleable qualification framework which has been derived from key principles and practices. It describes how this framework can be applied to different platform types in order to determine the extent and scope of qualification efforts.

This Guide covers a range of IT Infrastructures, from those found in companies operating globally to isolated or semi-isolated GxP regulated infrastructures. Key aspects considered include:

• installation and operational qualification of infrastructure components
• configuration management and change control of infrastructure components and settings in a highly dynamic environment
• management of risks to IT Infrastructure
• involvement of service providers in critical infrastructure processes
• security management in relation to access controls, availability of services and data integrity
• backup, restore, and disaster recovery
• archiving

To avoid unnecessary effort, this Guide describes a horizontal, or platform based, approach.

Benefits of this horizontal approach include:

• higher level of standardization throughout the entire life cycle
• minimal overlap in documentation
• minimal overlap in qualification
• minimal overlap in audits, inspections, and assessments

The Guide is intended primarily for regulated life science industries, including pharmaceutical, biological, and medical devices, but also provides valuable information for suppliers of systems, products, or services. This Guide also may prove useful to managers of IT Infrastructures which are not regulated by GxP.

This GAMP® GPG: IT Infrastructure Control and Compliance has been designed so that it may be used in conjunction with guidance provided in GAMP® 4 and other ISPE publications.