github/oneuptime
1
1
Fork 0
mirror of https://github.com/OneUptime/oneuptime.git synced 2026-04-06 00:32:12 +02:00
Code Issues 193 Packages Projects Releases Wiki Activity
Files
release
oneuptime/Home/Views/gxp-cloud.ejs

85 lines
4.0 KiB
Plaintext
Raw Permalink Blame History

<header id="pagmt">
<h1>GxP Cloud Compliance</h1>
<p>Cloud Infrastructure Qualification for Regulated Environments</p>
</header>
<section>
<h3>Introduction</h3>
<p>GxP Cloud Compliance addresses the regulatory requirements for using cloud-based services in GxP-regulated
environments. As regulatory agencies including the FDA, EMA, and MHRA have issued guidance on the use of cloud
computing in regulated industries, organisations must ensure that their cloud service providers maintain
appropriate controls to support GxP compliance.
</p>
<h3>OneUptime's GxP Cloud Qualification</h3>
<p>OneUptime provides a comprehensive GxP Cloud Qualification Package that enables regulated customers to qualify
our cloud-hosted platform for use in GxP environments. Our cloud infrastructure and operational practices are
designed to meet the expectations of global regulatory agencies for cloud-based GxP systems.</p>
<h3>Infrastructure Qualification</h3>
<p>OneUptime's cloud infrastructure qualification covers:</p>
<ul>
<li><strong>Infrastructure Qualification (IQ):</strong> Documentation verifying that our cloud infrastructure
is correctly provisioned, configured, and meets defined specifications.</li>
<li><strong>Operational Qualification (OQ):</strong> Evidence that our cloud environment operates correctly
under normal and stress conditions.</li>
<li><strong>Performance Qualification (PQ):</strong> Demonstrated consistent performance of the cloud platform
under production workloads.</li>
</ul>
<h3>Key Compliance Controls</h3>
<ul>
<li><strong>Data Sovereignty:</strong> Clear documentation of data storage locations with options for regional
data residency to meet local regulatory requirements.</li>
<li><strong>Data Segregation:</strong> Logical separation of customer data ensuring no cross-contamination
between tenants.</li>
<li><strong>Encryption:</strong> Data encrypted at rest (AES-256) and in transit (TLS 1.2+) across all
cloud services.</li>
<li><strong>Backup and Recovery:</strong> Automated backup procedures with documented recovery time objectives
(RTO) and recovery point objectives (RPO).</li>
<li><strong>Change Management:</strong> Controlled deployment processes with documented change records,
impact assessments, and rollback capabilities.</li>
<li><strong>Monitoring and Alerting:</strong> Continuous infrastructure monitoring with automated alerting
for security events and performance anomalies.</li>
<li><strong>Access Controls:</strong> Strict access management for cloud infrastructure with multi-factor
authentication and privileged access management.</li>
</ul>
<h3>Shared Responsibility Model</h3>
<p>OneUptime provides clear documentation of the shared responsibility model, defining:</p>
<ul>
<li>Responsibilities managed by OneUptime (platform security, infrastructure, patching, backups)</li>
<li>Responsibilities managed by the customer (user access, configuration, data classification)</li>
<li>Shared responsibilities (incident response, compliance monitoring)</li>
</ul>
<h3>Regulatory Alignment</h3>
<p>OneUptime's GxP Cloud Compliance aligns with guidance from:</p>
<ul>
<li>FDA — Use of cloud computing in GxP-regulated environments</li>
<li>EMA — Cloud computing guidance for regulated entities</li>
<li>MHRA — Data integrity and cloud computing expectations</li>
<li>PIC/S — Good practices for computerised systems in regulated environments</li>
</ul>
<h3>Request Qualification Package</h3>
<p>For the GxP Cloud Qualification Package or to discuss how OneUptime's cloud infrastructure meets your regulated
environment requirements, please contact us at
<a href="mailto:compliance@oneuptime.com">compliance@oneuptime.com</a>.</p>
</section>
Reference in New Issue View Git Blame Copy Permalink