Validated Cloud FAQ

Is Validated Cloud regulated by the FDA? Hosting and cloud companies are not governed by the FDA. We contractually tie ourselves to our customers to assist in the regulatory inspection readiness for any activity we perform for our customers. These inspections can be pre-planned or unannounced. For service providers, we perform the same level of preparation for your customers.

What makes Validated Cloud 21 CFR Part 11 Compliant? We’ve performed an analysis of our service and infrastructure to the regulations. The audit is available for inspection at any time. An analysis is available for EudraLex Annex 11 as well.

How does Validated Cloud compare to the public cloud? 95% of Validated Cloud’s customers leverage the Validated Cloud Platform as a Service (PaaS). This service manages backups, geographic disaster recovery, anti-virus, anti-malware, anti-ransomware, platform patching, managed perimeter security and much more. See the Validated Cloud Quality Agreement for a full breakdown of roles and responsibilities and the public cloud comparison page: Public Cloud Comparison

Why does the Quality system matter? The Quality system we developed is the overarching set of rules, and procedures for our operations. The Quality system is a subset of applicable procedures, built in accordance to 21 CFR and open for audit by our customers. Transparency to our customers was built in since inception. Our Quality system was designed to take the best from our combined quality, technical and operational industry experience and best practices. The result is a defensible, auditable and operationally efficient functional qualified platform.

How does Validated Cloud handle physical and logical security? We are acutely aware that we host Life Science intellectual property (BioPharmaceutical/Medical Device), patient data for CROs and other types of confidential Life Science data that might attract interest. Our datacenter areas do not have any markings to identify ourselves. There are multiple secured gates to traverse to gain physical access. Logically, there are multiple layers of security we won’t share on this FAQ. Please contact us for more detail.

How does Validated Cloud secure customer data? We understand that compliance and security are the two areas of our customers highest concern. Validated Cloud provides two types of security constructs to our customers. We provide both FDA Open/Closed types of connections to meet the requirements of our customers. Validated Cloud can be a private extension of your corporate network, a secure island for GxP activities, and/or a public internet network accessible by a defined set of contributors or users. Security of our datacenter environments starts far outside of our first controlled perimeter with Distributed Denial of Service protection (DDoS). Only encrypted connections can traverse into our datacenters. We monitor security continually for the benefit of all.

What is the domain expertise of the people who work on Validated Cloud? The people who created Validated Cloud all came from the BioPharmaceutical or Medical Device industries. All had participated in the building of internal compliant private clouds, Standard Operating Procedures (SOPs), training, design, architecture, Quality and/or Validation. The combined experience of the team enable us to draw on the best designs, operational expertise and functional compliance to create a service designed to appeal to companies large and small.

Does Validated Cloud provide validation services? The Validated Cloud validation team does provide validation services. When an application is installed in Validated Cloud, that does not make the application validated. There is additional work required to make an application validated. We have validation consultants to help assist in the validation process. Validated Cloud also has core Quality system SOPs customers can use and customize for their needs. Our goal is to get our customers up and going as fast as possible in a fully compliant manner.

Can you explain Qualification vs. Validation Applications and processes are validated and require user requirements and some type of acceptance via Performance Qualification (PQ) or User Acceptance Test (UAT). Validated applications and data live on qualified servers, databases and IT infrastructure. Qualification involves Installation and Operational Qualifications. These can be separate or combined documents more commonly known as IQ, OQ or combined as IOQ. Validated Cloud provides a fully qualified IT infrastructure with qualified network, servers, databases and other supporting platforms handed over to our customers for a turn-key compliant environment.

Is your datacenter qualified? Having a qualified datacenter creates additional overhead and isn’t required for the type of services we provide. A good example of where a qualified datacenter would be appropriate would be for a closed network manufacturing facility.

Does Validated Cloud own our datacenters? The complexities of redundant power, cooling and implementing advanced security systems are not our specialization. We rely on industry leaders to provide and manage all of the electrical, environmental and physical security into the datacenter. We manage all aspects of security and compliance within our area of the datacenter. We rely on industry experts who manage hundreds of datacenters. All of our locations have redundant internet, power, generators and cooling to keep all services running smoothly for high availability.

How long have you been in business? Validated Cloud as a corporation started in 2015. The Validated Cloud service was incubated in a company called MUSA Technology Partners (MUSA). The Validated Cloud service started as an internal MUSA initiative in 2009 and was ready for business (open and ready to pass an audit) in February 2011. Predecessors of MUSA have been in business since 2004 and merged to create MUSA in 2007..

What is Validated Cloud’s ownership structure? Validated Cloud is privately owned by people who work everyday within the day-to-day operations without any outside investment or influence. The ownership, management team, Quality Department, Validation Department and engineers are dedicated to the pursuit of the best overall customer experience possible.