The Integration of Information Security to FDA and GAMP 5 Validation Processes

The validation process for information systems within the pharmaceutical industry has lagged behind others in the incorporation of information security principles into their life-cycle quality management. This is due to ambiguity within guidance on how information security is to be addressed within their governing processes. With the current validation process covering the entire information systems lifecycle using concepts like separating infrastructure from production systems or applications, these structural problems are magnified. The result is systems and processes that do not include basic principles of information security management, technical security controls or incident response to the system design and risk assessment phases of the validation process. Looking at how other regulated environments have incorporated information security into their quality management processes would be the best approach in solving this problem.