Are you regulated by the FDA? Hosting companies are not governed by the FDA. To be regulated by the FDA, our responsibilities would have to include the creation and/or the manipulation of validated data. This activity would make us a clinical research organization (CRO) and therefore, our activities would be governed by the FDA. We do not create or manipulate our customer data.

What makes you 21 CFR Part 11 Compliant? We’ve performed an analysis of our activities against the regulations. Not all portions of 21 CFR Part 11 apply to our hosting and support services. Our hosting practice started with a Quality system and all activities since inception have been governed in accordance to our 21 CFR Part 820 Quality system. This gives us full traceability since inception.

Why does the Quality system matter? The Quality system we developed is the overarching set of rules, and procedures for our operations. The Quality system is a subset of applicable procedures, built in accordance to 21 CFR Part 820 and open for audit by our customers. Transparency to our customers was built in since inception. Our Quality system was designed to take the best from our combined quality, technical and operational industry experience and best practices. The result is a defensible, auditable and operationally efficient functional qualified platform.

How do you handle physical and logical security? We are acutely aware that we host Life Science intellectual property (BioPharmaceutical/Medical Device), patient data for CROs and other types of confidential Life Science data that might attract interest. Our datacenter areas do not have any markings to identify ourselves. There are multiple secured gates to traverse to gain physical access. Logically, there are multiple layers of security we won’t share on this FAQ. Please contact us for more detail.

How do you secure customer data? Validated Cloud provides two types of security constructs to our customers. We provide both FDA Open/Closed types of connections to meet the requirements of our customers. Validated Cloud can be a private extension of your corporate network, and/or a public internet network accessible by a defined set of contributors or users. Security of our datacenter environments starts far outside of our first controlled perimeter with Distributed Denial of Service protection (DDoS). Only encrypted connections can traverse into our datacenters. We monitor security continually for the benefit of all.

What is the domain expertise of the people who work on Validated Cloud? The people who created Validated Cloud all came from the BioPharmaceutical or Medical Device industries. All had participated in the building of internal compliant private clouds, Standard Operating Procedures (SOPs), training, design, architecture, Quality and/or Validation. The combined experience of the team enable us to draw on the best designs, operational expertise and functional compliance to create a service designed to appeal to companies large and small.

Does Validated Cloud provide validation services? The Validated Cloud validation team does provide validation services. When an application is installed in Validated Cloud, that does not make the application validated. There is additional work required to make an application validated. We have validation consultants to help assist in the validation process.

Can you explain Qualification vs. Validation Applications and data are validated and require user requirements and some type of acceptance via Production Qualification (PQ) or User Acceptance Test (UAT). Validated applications and data live on qualified servers, databases and IT infrastructure. Qualification involves Installation and Operational Qualifications. These can be separate or combined documents more commonly known as IQ, OQ or combined as IOQ. Validated Cloud provides a fully qualified IT infrastructure with qualified network, servers, databases, Citrix and other supporting platforms handed over to our customers for a turn-key compliant environment.

Is your datacenter validated? Having a validated datacenter creates additional overhead and isn’t required for the type of services we provide. A good example of where a validated datacenter would be appropriate would be for a closed network manufacturing facility.

Do you own your datacenter? The complexities of redundant power, cooling and implementing advanced security systems are not our specialization. We rely on industry leaders to provide and manage all of the electrical, environmental and physical security into the datacenter. We manage all aspects of security and compliance within our area of the datacenter. We rely on industry experts who manage hundreds of datacenters. All of our locations have redundant internet, power, generators and cooling to keep all services running smoothly for high availability.

How long have you been in business? Validated Cloud service started as an internal initiative in 2009 and was ready for business in February 2011. MUSA has been in business since 2007 as MUSA and since 2004 prior to the merger that created MUSA.

What is your ownership structure? MUSA (including the Validated Cloud service) is privately owned by people who work everyday within the day-to-day operations without any outside investment or influence. The ownership, management team, Quality Department, Validation Department and engineers are dedicated to the pursuit of the best overall experience possible.