GxP @ AWS
Bertram Dorn – Specialized Solutions ArchitectSecurity/ComplianceAmazon Web Services EMEA
©Amazon.com, Inc. and its affiliates. All rights reserved.
Healthcare and Life Sciences customers are rapidly adopting AWS
Initial usage concentrated in Research, Digital Marketing and core IT
GxP solutions are now incredibly important to our customers
Development and Manufacturing are beginning the adoption curve
AWS’s GxP approach comes directly from our customers and partners
We want to educate, engage and deliver further value to our customers
Business Context of AWS and GxP
The Benefits to Using the AWS Cloud
?Move from operational to
variable costLower variable cost than most companies
can achieveNo need to guess
capacity
Agility, speed & innovation
Remove undifferentiated heavy lifting
Go global in minutes
AWS Service Build
Tennant Isolation Deep Network Security Scaling Crypto Services Detailed Monitoring Access Control
Mandatory Fine Grade MFA Possible
AWS Global Infrastructure
Application Services
Networking
Deployment & Administration
DatabaseStorageCompute
Inherit
Control
Identity Management
Key Management & Storage
Monitoring & Logs
Assessment and reporting
Resource & Usage Auditing
SECURITY & COMPLIANCE
Configuration Compliance
Web application firewall
Access Control
12 Regions
33 Availability Zones
54 Edge Locations
Coming Soon:
5 Regions
11 Availability Zones
AWS Operates Globally, as do our Customers
ENTERPRISE APPS
DEVELOPMENT & OPERATIONSMOBILE SERVICESAPP SERVICESANALYTICS
DataWarehousing
Hadoop/Spark
Streaming Data Collection
Machine Learning
Elastic Search
Virtual Desktops
Sharing & Collaboration
Corporate Email
Backup
Queuing & Notifications
Workflow
Search
Transcoding
One-click App Deployment
Identity
Sync
Single Integrated Console
PushNotifications
DevOps Resource Management
Application Lifecycle Management
Containers
Triggers
Resource Templates
TECHNICAL & BUSINESS SUPPORT
Account Management
Support
Professional Services
Training & Certification
Security & Pricing Reports
Partner Ecosystem
Solutions Architects
MARKETPLACE
Business Apps
Business Intelligence
DatabasesDevOps Tools
NetworkingSecurity Storage
RegionsAvailability Zones
Points of Presence
INFRASTRUCTURE
CORE SERVICES
ComputeVMs, Auto-scaling, & Load Balancing
StorageObject, Blocks, Archival, Import/Export
DatabasesRelational, NoSQL, Caching, Migration
NetworkingVPC, DX, DNS
CDN
Access ControlIdentity Management
Key Management & Storage
Monitoring & Logs
Assessment and reporting
Resource & Usage Auditing
SECURITY & COMPLIANCE
Configuration Compliance
Web application firewall
HYBRIDARCHITECTURE
Data Backups
Integrated App Deployments
DirectConnect
IdentityFederation
IntegratedResource Management
Integrated Networking
API Gateway
IoT
Rules Engine
Device Shadows
Device SDKs
Registry
Device Gateway
Streaming Data Analysis
Business Intelligence
MobileAnalytics
ENTERPRISE APPS
DEVELOPMENT & OPERATIONSMOBILE SERVICESAPP SERVICESANALYTICS
DataWarehousing
Hadoop/Spark
Streaming Data Collection
Machine Learning
Elastic Search
Virtual Desktops
Sharing & Collaboration
Corporate Email
Backup
Queuing & Notifications
Workflow
Search
Transcoding
One-click App Deployment
Identity
Sync
Single Integrated Console
PushNotifications
DevOps Resource Management
Application Lifecycle Management
Containers
Triggers
Resource Templates
TECHNICAL & BUSINESS SUPPORT
Account Management
Support
Professional Services
Training & Certification
Security & Pricing Reports
Partner Ecosystem
Solutions Architects
MARKETPLACE
Business Apps
Business Intelligence
DatabasesDevOps Tools
NetworkingSecurity Storage
RegionsAvailability Zones
Points of Presence
INFRASTRUCTURE
CORE SERVICES
ComputeVMs, Auto-scaling, & Load Balancing
StorageObject, Blocks, Archival, Import/Export
DatabasesRelational, NoSQL, Caching, Migration
NetworkingVPC, DX, DNS
CDN
Access ControlIdentity Management
Key Management & Storage
Monitoring & Logs
Assessment and reporting
Resource & Usage Auditing
SECURITY & COMPLIANCE
Configuration Compliance
Web application firewall
HYBRIDARCHITECTURE
Data Backups
Integrated App Deployments
DirectConnect
IdentityFederation
IntegratedResource Management
Integrated Networking
API Gateway
IoT
Rules Engine
Device Shadows
Device SDKs
Registry
Device Gateway
Streaming Data Analysis
Business Intelligence
MobileAnalytics
ENTERPRISE APPS
DEVELOPMENT & OPERATIONSMOBILE SERVICESAPP SERVICESANALYTICS
DataWarehousing
Hadoop/Spark
Streaming Data Collection
Machine Learning
Elastic Search
Virtual Desktops
Sharing & Collaboration
Corporate Email
Backup
Queuing & Notifications
Workflow
Search
Transcoding
One-click App Deployment
Identity
Sync
Single Integrated Console
PushNotifications
DevOps Resource Management
Application Lifecycle Management
Containers
Triggers
Resource Templates
TECHNICAL & BUSINESS SUPPORT
Account Management
Support
Professional Services
Training & Certification
Security & Pricing Reports
Partner Ecosystem
Solutions Architects
MARKETPLACE
Business Apps
Business Intelligence
DatabasesDevOps Tools
NetworkingSecurity Storage
RegionsAvailability Zones
Points of Presence
INFRASTRUCTURE
CORE SERVICES
ComputeVMs, Auto-scaling, & Load Balancing
StorageObject, Blocks, Archival, Import/Export
DatabasesRelational, NoSQL, Caching, Migration
NetworkingVPC, DX, DNS
CDN
Identity Management
Key Management & Storage
Monitoring & Logs
Assessment and reporting
Resource & Usage Auditing
SECURITY & COMPLIANCE
Configuration Compliance
Web application firewall
HYBRID ARCHITECTURE
Data Backups
Integrated App Deployments
DirectConnect
IdentityFederation
IntegratedResource Management
Integrated Networking
API Gateway
IoT
Rules Engine
Device Shadows
Device SDKs
Registry
Device Gateway
Streaming Data Analysis
Business Intelligence
MobileAnalytics
Access Control
The main AWS Compliance Frameworks of today
Certificates: Programmes:
ISO27000
ISO9001
GxP SDLC and Deployment Scenarios
Develop Validate Operate
COTS App
Virtual
Infrastructure
Custom App
Virtual
Infrastructure
AWS Products AWS Products
Scenario 1 Scenario 2
AWS Account AWS Account
SaaS
Virtual
Infrastructure
AWS Products
Scenario 3
AWS Account
GxP End Users
Pharma,
DeviceAWS ISV PartnerRoles:
User Needs
Application Requirements &
SLA
Server Requirements
Amazon EC2 Instance
Amazon EC2 Product Spec &
SLA
Solution Architecture
Database Requirements
Solution Architecture
Amazon RDS DB Instance
Amazon RDS Product Spec &
SLA
Customer
AWS
Development Starts with Your User Needs
AWS Shared Responsibility Model in GxP
Human
Interface Support
Equipment
Interface Support
Instrument
Interface Support
Application
Data
Software-defined Infrastructure
AWS Account
Amazon IAM Amazon VPC Amazon EC2 Amazon S3 Amazon RDS Other AWS Products
Manual I/O Automated I/O
Step 1 Step 2 Step 3
Customer
AWS
Automated I/O
GxP Process Validation
GxP Software Validation
GxP Infrastructure Qualification
Commercial IT Standards
G o o d L a b o r a t o r y , C l i n i c a l , M a n u f a c t u r i n g P r o c e s s
On-Premises Infrastructure
Products
AWS’s New GxP Compliance Resources
GxP Cloud on AWS FAQ
Considerations for Using AWS Products in GxP Systems
AWS Quality Management System Overview (available to NDA-holders)
Technical Product Documentation
Introduction to Auditing the Use of AWS
Security by Design Program
Cloud Technology
Software-defined infrastructure? Cloud users replace physical IT infrastructure with
virtual IT infrastructure
SDI can be managed like any other software code
Users control their virtual infrastructure and data via web service API, CLI, GUI
Users integrate applications with virtual infrastructure through SDKs and APIs
Users and applications interact with SDI programmatically with .json scripts instead of manually with .doc files
{API}
AWS Cloud Advantages
IT Benefits Trade capital expense for
variable expense
Benefit from massive economies of scale
Stop guessing capacity
Increase speed and agility
Stop spending money on data centers
Go global in minutes
Compliance Benefits Designed for Security & Quality
Constantly Monitored
Highly Automated
Highly Available
Highly Accredited
ISO 9001:2008, ISO 27001:2013ISO 27017:2015, ISO 27018:2014
Cybersecurity of AWS Products
Security Features Built-in
Security Bulletins
Security Guidance
AWS Trusted Advisor
Penetration Testing/Scanning
Vulnerability Reporting
AWS Professional Services
AWS Partner Network
"The financial service industry attracts some of the worst cyber criminals. We work closely with AWS to develop a security model, which we believe enables us to operate more securely in the public cloud than we can in our own data centers."
-Rob Alexander, CIO, Capital One
Data Integrity with AWS Products
API
service
web
API Request
API Response includes a Message Digest, a unique fingerprint for each API request
AWS Product Features for Data IntegrityEnd-to-end authenticated encryption, API message digests, file object hashing, file object integrity monitoring, log file integrity validation, account configuration rules and alarms, fine-grained access controls, VPC flow logs, application deployment and testing tools to enforce application input validations, multi-region redundancy and backup capability, multiple methods of bulk data transfer to and from the AWS cloud…
Supplier Assessments of AWS
Customers with GxP systems have completed their supplier assessments of AWS based on our performance history,
compliance reports, and extensive documentation of our products.
Product Documentation
Product Training Materials
Customer Support
Service Health Dashboard
Security & Compliance Whitepapers
Quality Management System Overview
Supplier Questionnaires & RFIs
ISO Certification
SOC Auditor Reports
FedRAMP Compliant Status
Public Company Reporting (AMZN)
Agreements with AWS
Customer Agreement
Service Terms
Acceptable Use Policy
Customer Support Agreement
Product SLAs
Addendums:o Security
oData Processing
oBusiness Associate
Change notification
Security notification
Your data
Data privacy
Support case SLA
No minimum spend or term
Customer responsibilities
Cloud Solution Validation (CSV)
Hardware Era Cloud EraVirtualization Era
Protocol-driven manual activities
Procedure-driven manual activities
Code-driven automated activities
Application Validation
Software Defined Infrastructure Qualification
Web Service API Qualification
AWS qualifies our products to commercial IT standards like ISO, SOC and NIST,Customers qualify their use of AWS Products to industry-specific standards like GxP, QSR and Part 11.
Operations of GxP Systems
Reduce human access to your production IT environment through deployment automation
Track and monitor 100% of your assets, changes, and configurations
Software-defined infrastructure makes synchronizing environments easy
Feed end user requests back into the development process.
GxP end usersGxP engineers
production
Auditing GxP Systems
An IAM user, Alice, employed the CreateUser action to create a new user account for Bob.
AWS CloudTrail
Resources
https://aws.amazon.com
https://aws.amazon.com/compliance/
https://aws.amazon.com/security/
https://aws.amazon.com/premiumsupport/
http://status.aws.amazon.com/
Thank you!