Chapter 6

Print ISBN: 978-81-974255-8-5, eBook ISBN: 978-81-974255-6-1

Computerized Systems and Cloud

Computing with the Principles of GLP

Mahalingam Palaniandi a++* and Amalan Stanley V. b#

DOI: https://doi.org/10.9734/bpi/strufp/v4/608
Peer-Review History:
This chapter was reviewed by following the Advanced Open Peer Review policy. This chapter was thoroughly checked to
prevent plagiarism. As per editorial policy, a minimum of two peer-reviewers reviewed the manuscript. After review and
revision of the manuscript, the Book Editor approved the manuscript for final publication. Peer review comments, comments
of the editor(s), etc. are available here: https://peerreviewarchive.com/review-history/608

ABSTRACT

Computers, from personal PCs to the regulatory environment, play a vital role in
communications, data generation, data analysis, and secure storage. They remain
vital in data management, documentation, and scientific data analysis in any GLP-
compliant test facility. Computers and computerized systems are used in various
areas such as Data Acquisition, Data Processing and Analysis, Laboratory
Information Management Systems (LIMS), Backups and Data Security, Reporting
and Documentation, Quality Control and Quality Assurance, and Electronic
Archiving. This chapter explores the intricacies of achieving compliance with Good
Laboratory Practice (GLP) principles when employing computerized systems and
harnessing the potential of cloud computing technologies within laboratory
settings. It also investigates the key challenges laboratories face in maintaining
GLP compliance in the context of computerized systems and cloud technology
adoption. It provides a complete overview of creative solutions and best practices
for effectively addressing these difficulties. The primary aim of this chapter is to
provide laboratory professionals, regulators, and stakeholders with valuable
insights into navigating the complex landscape of GLP compliance in an
increasingly digital and interconnected world.

Keywords: GLP electronic compliance; computerized systems; data integrity;

computer system validations (CSV); risk assessment; safety and
security of GLP data; cloud computing and validation; service level
agreements; E-archives; audit trails and change control.

________________________________________________________________________
a
PG Department of Computer Science and Applications, PERI College of Arts and Science, Chennai –
600048, Tamil Nadu, India.
b
Scientific and Academic Board, International Institute of Biotechnology and Toxicology, Padappai –
601301, Kancheepuram District, Tamil Nadu, India.
++
Associate Professor & Head;
#
Vice Chair;
*Corresponding author: E-mail: drmahacs@gmail.com;
 Science and Technology - Recent Updates and Future Prospects Vol. 4
Computerized Systems and Cloud Computing with the Principles of GLP

1. INTRODUCTION

With the rapid advancement and ubiquitous utility of Information and

Communication Technology (ICT) worldwide, exacerbated by the widespread use
of computers in day-to-day operations, compliance of computerized systems and
cloud computing with the principles of GLP is gaining more attention from domestic
to regulatory environments. The principles of Good Laboratory Practice (GLP) are
essential for ensuring the reliability, integrity, and traceability of scientific data
generated in various laboratory settings. Over the years, the integration of
computers and digital technologies has not just changed but significantly
transformed research and testing within GLP test facilities. Computers have
revolutionized data management practices within GLP test facilities in the digital
age. They enable the efficient collection, storage, and retrieval of vast experimental
data, reducing the risk of data loss and human error. Sophisticated laboratory
information management systems (LIMS) have become indispensable tools for
tracking samples, managing workflows, and ensuring data traceability.

Computers have enhanced the precision and consistency of experiments

conducted in GLP test facilities. Automated instruments and robotics controlled by
computer systems can perform repetitive tasks accurately, reducing the likelihood
of variability in test results. Adhering to GLP standards requires meticulous
documentation and record-keeping. Computers aid in compliance by facilitating
real-time data capture, timestamping, and user authentication. Electronic records
and electronic signatures (ERES) systems help ensure the integrity and
authenticity of laboratory records, making audits and regulatory compliance more
straightforward. Advanced software applications have enabled connecting,
controlling, and analyzing data from various laboratory instruments. This
integration allows researchers to monitor experiments remotely, optimize
processes, and perform complex data analysis in real time, expediting decision-
making and data interpretation.

The use of computers In GLP test facilities has raised concerns about data security
and integrity. Robust cybersecurity measures are essential to protect sensitive
data from breaches and tampering. Encryption, access controls, and regular
system audits are crucial for maintaining data integrity and confidentiality.

Computers have evolved into indispensable tools in GLP test facilities, facilitating
data management, automation, compliance, and precision in laboratory
operations. However, the increasing reliance on digital technology also presents
new challenges, such as cybersecurity and data integrity concerns. The paper
discusses the challenges of protecting data integrity and data security on the one
hand and the scopes currently available to ensure the same, especially by the test
facility management of any GLP-compliant laboratories worldwide, emphasizing
the critical role predominantly entrusted to the test facility management,
addressing the challenges while harnessing the full potential of computerization to
advance GLP practices and research outcomes.

123
 Science and Technology - Recent Updates and Future Prospects Vol. 4
Computerized Systems and Cloud Computing with the Principles of GLP

2. RESPONSIBILITIES

Management remains responsible [1,2] for ensuring that computerized systems

suit their intended purposes. It should adopt computer policies and procedures to
ensure systems are designed, validated, operated, and maintained according to
the GLP Principles. Management should also ensure that these policies and
procedures are understood and followed, and that effective monitoring of such
requirements occurs.". As per good laboratory practice, test facility management
is responsible for Organizational charts, CVs, JDs and SOPs, Quality Assurance
units, Archives [3], Suppliers, Communication, and Computerized systems.

IT personnel and service providers are responsible for vendor management,

procurement, system implementation, custom software development, and
validation. Troubleshooting and Training laboratory personnel on properly using
computerized systems, data entry, and data retrieval is a crucial responsibility of
IT personnel. IT personnel must ensure the integrity and security of electronic data
generated during GLP studies. This includes implementing data backup, access
controls, audit trails, and other measures to prevent data tampering or loss.
Keeping thorough and accurate documentation of system configurations, changes,
maintenance activities, and validation processes is essential to demonstrate
compliance with GLP requirements. IT professionals must implement and maintain
adequate cybersecurity measures to protect sensitive data and prevent unwanted
access.

The study Director [2] is ultimately responsible for conducting the study and
ensuring it complies with GLP regulations, including the primary role of ensuring
the validation of computers and computerized systems while upholding the
uncompromising role of QA at every stage of development, execution, and
management. This includes overseeing computer system-related activities. The
Study Director should be involved in selecting appropriate computer systems for
data capture, analysis, and reporting. The systems chosen should be validated to
ensure they meet regulatory requirements. Ensuring data integrity generated
during the study is a critical responsibility. Collaborate with the Quality Assurance
unit to ensure that computer system validation, maintenance, and audit processes
are performed appropriately.

3. GLP PRINCIPLES ON COMPUTER SYSTEMS

Compliance with the principles of GLP ensures the reliability and integrity of data
generated using computerized systems in laboratory environments [4]. It also
helps maintain the quality of research and testing conducted by regulatory
standards.

3.1 The Life Cycle of Computerized Systems in GLP

The life cycle of computerized systems in a Good Laboratory Practices (GLP) test
facility involves several stages, from system planning and design to retirement
(Fig. 1). These stages ensure that computerized systems used in the facility are

124
 Science and Technology - Recent Updates and Future Prospects Vol. 4
Computerized Systems and Cloud Computing with the Principles of GLP

validated, maintained, and operated in compliance with GLP regulations. The

various stages of a computer system's life cycle include System Planning, Vendor
Selection, System Acquisition, Installation and Configuration, Validations, User
Training, Operational Use, Change Control, Maintenance and Monitoring, Data
Integrity and Security, Retirement or Decommissioning.

Fig. 1. The Life Cycle of Computerized Systems in GLP Test Facility [5]

3.2 Risk Assessment of Computerized Systems

Risk assessment of computerized systems in a Good Laboratory Practices (GLP)
test facility is a critical process that helps identify, evaluate, and mitigate potential
risks associated with using these systems. Risk assessment ensures that
computerized systems are implemented and operated in a manner that maintains
data integrity, accuracy, security, and compliance with GLP regulations [4]. The
following are the phases of risk assessment.
Identify Potential Risks

Risk Assessment Methodology

Risk Evaluation

Risk Mitigation Strategies

Risk Control Implementation

Documentation

Regular Review
and Updates
Fig. 2. Risk Assessment of Computerized Systems

3.3 Safety & Security of Computerized Systems

Ensuring the safety and security of computerized systems is paramount in any
organization, especially in environments like Good Laboratory Practices (GLP) test
facilities where data integrity, accuracy, and regulatory compliance are critical.

125
 Science and Technology - Recent Updates and Future Prospects Vol. 4
Computerized Systems and Cloud Computing with the Principles of GLP

a) Access Control: Implement robust user authentication mechanisms, such as

usernames and passwords or biometric authentication, to ensure that only
authorized personnel may access the system.
b) Data Encryption: Use encryption protocols (such as HTTPS) to secure data
transmitted between users and the system to prevent unauthorized
interception.
c) Firewall: Firewalls are a barrier between a trusted internal network and
untrusted external networks, such as the Internet. They monitor and control
incoming and outgoing network traffic based on predetermined security rules.
In a GLP setting, firewalls help prevent unauthorized access to sensitive data
and systems and protect against external threats such as malware and
hackers attempting to infiltrate the network.
d) Antivirus Software: Antivirus software is designed to detect, prevent, and
remove malicious software, including viruses, worms, Trojans, and other types
of malwares. By regularly scanning computer systems and files, antivirus
software helps identify and mitigate security threats before they can cause
harm. In a GLP environment, antivirus software helps protect against data
breaches, unauthorized access, and potential disruptions to laboratory
operations caused by malware infections.
e) Strong Authentication Processes: Strong authentication processes, such
as multi-factor authentication (MFA) or biometric authentication, add an extra
layer of security beyond traditional username and password credentials. MFA
requires users to provide two or more forms of identification to verify their
identity, such as a password combined with a one-time code sent to their
mobile device. Biometric authentication uses unique biological characteristics,
such as fingerprints or facial recognition to authenticate users. Organizations
can significantly reduce the risk of unauthorized access to sensitive systems
and data by implementing robust authentication processes, even if login
credentials are compromised.
f) System Security: Regularly update and patch operating systems,
applications, and software to address known vulnerabilities. Install firewalls,
intrusion detection systems (IDS), and intrusion prevention systems (IPS) to
monitor and protect against unauthorized access and attacks [6,7].
g) Physical Security: Ensure that physical access to servers and critical
infrastructure is restricted to authorized personnel only.
h) Regular Backups: Perform automated data backups to ensure that data can
be restored in case of accidental data loss, corruption, or system failure.
i) Disaster Recovery: Develop and regularly test a comprehensive disaster
recovery plan to ensure rapid system restoration during a major outage or
disaster.
j) Vendor Security: Vendor security is crucial to ensuring the safety and
integrity of computerized systems in Good Laboratory Practice (GLP)
environments. Conduct thorough due diligence before engaging with vendors
to assess their security practices, protocols, and compliance with industry
standards and regulations. This should include reviewing their security
certifications, audit reports, and past security incidents or breaches. Clearly
define security requirements and expectations in contracts and service level
agreements (SLAs) with vendors. Specify security controls, data protection

126
 Science and Technology - Recent Updates and Future Prospects Vol. 4
Computerized Systems and Cloud Computing with the Principles of GLP

measures, and compliance requirements that vendors must adhere to during

the engagement. Regularly assess and audit vendors' security practices to
ensure compliance and identify potential vulnerabilities or risks. This may
include conducting onsite visits, reviewing security documentation, and
performing penetration testing or vulnerability assessments.
k) Change Management: Implement a change control process to manage
system updates, patches, and modifications, ensuring they are adequately
reviewed and tested before implementation.
l) Policies and Procedures: Establish clear security policies and procedures
that define roles, responsibilities, and guidelines for using and securing
computerized systems.
m) Continuous Improvement: Review and evaluate security measures
frequently, and if new threats and weaknesses arise, adjust them as
appropriate.

4. DOCUMENTS AND STANDARD OPERATING PROCEDURES

GLP is a set of principles that provide a framework for conducting and documenting
laboratory studies to ensure their reliability and integrity. Proper documentation is
essential to demonstrate the validity of your studies, comply with regulations, and
ensure the reproducibility of your results.

4.1 Documents Needed in GLP for Computer Systems

Several documents are needed in a Good Laboratory Practice (GLP) test facility
to ensure computer systems' proper management, validation, and compliance.
These documents help establish procedures, guidelines, and records for
maintaining data integrity, security, and regulatory compliance [8]. The following
are some documents commonly associated with a testing facility that follows GLP
guidelines and uses computers for various tasks.

a) Standard Operating Procedures (SOPs)

b) Computer Systems Validation Protocol
c) Instrument Calibration Records
d) Raw Data and Data Collection Records
e) Data Analysis and Interpretation Reports.
f) Quality Control and Quality Assurance Procedures
g) Audit Trail Documentation
h) Computer System User Manuals
i) Security and Access Control Policies
j) Training Records
k) Incident and Deviation Reports
l) Archiving Procedures
m) Final Study Report
n) Regulatory Compliance Documentation
o) Change Control Documentation
p) Risk Assessment and Management Plan
q) Continuous Improvement Documentation

127
 Science and Technology - Recent Updates and Future Prospects Vol. 4
Computerized Systems and Cloud Computing with the Principles of GLP

r) Backup and Recovery Policy and Plan

s) Recovery Procedures Manual

4.2 Standard Operating Procedures

Standard Operating Procedures (SOPs) related to computerized systems in a

Good Laboratory Practice (GLP) environment are crucial for ensuring the
accuracy, reliability, and integrity of data generated by these systems [9,4].
Computerized systems can include software, hardware, and networks for data
collection, analysis, storage, and reporting.

a) Computer System Validation (CSV)

b) User Access Management
c) Data Backup and Recovery
d) Data Integrity and Security
e) Audit trail Review
f) Software Version Control
g) Electronic Records Management
h) Data Entry and Validation
i) Electronic Signatures
j) IT Security Incident Response
k) Remote Access and Mobile Devices
l) Data Retention and Archiving
m) Training in Computer Systems
n) Vendor and Supplier Management

5. MAINTAINING ELECTRONIC DATA INTEGRITY

Data integrity is a mandatory requirement for regulatory compliance globally. Data

integrity also must comply with good laboratory practices (GLP). The data must be
comprehensive, complete, accurate, and true to ensure the quality of studies.
Complete, consistent, and accurate data must be attributable, legible,
contemporaneously recorded, original or a true copy, and accurate [10]. In recent
years, however, data integrity issues have jeopardized the regulatory compliance
status of organizations [11,12]. Data integrity problems are often created by sloppy
documentation practices or incidents that cause data loss, but regulators tend to
label those situations as fraud. One of the primary tasks that will be essential to
maintaining data integrity is the Computer System Validations (CSV).

5.1 Data Integrity - Computer Systems Validation (CSV)

Computer system validation (CSV) is a documented process in which a system

should meet defined requirements. Computer systems are validated to ensure
accuracy, reliability, consistent intended performance, and the ability to discern
invalid or altered records [13]. Regulatory agencies require the CSV process to
ensure the accuracy and integrity of data in computerized systems and product
safety and effectiveness. CSV should be done when configuring a new system or
updating an already validated system (upgrades, patches, extensions, etc.).

128
 Science and Technology - Recent Updates and Future Prospects Vol. 4
Computerized Systems and Cloud Computing with the Principles of GLP

All computerized systems used for generating, measuring, or assessing data

intended for regulatory submission should be developed, validated, operated, and
maintained in ways compliant with the GLP Principles [5,14,4]. Computerized
systems delivering supporting data (e.g., temperature and humidity) for GLP
studies should also be considered [15]. The following questions may guide the
decision process:

• Will the system produce, process, or maintain data intended for regulatory
submissions?
• Will the system be involved in the environmental control processes (e.g.,
temperature, humidity, light) of test systems, test items, or specimens used in
GLP studies?
• Is the system part of a process that is liable to inspection by GLP monitoring
authorities (e.g., an electronic document management system for SOPs or
training records)?

If the answer to these questions is yes, the GLP-relevant system should be

validated. According to OECD GLP Consensus Document No. 10 [14], there
should be a management policy for validation. It is recommended that this policy
should cover and define all general validation aspects for the entire life cycle of
computerized systems [2]. Table 1 provides the CSV tasks and personnel
responsibilities.

Table 1. CSV Tasks and Responsibility Levels

GLP Study CSV Tasks/Person Responsibility Level

Study Director Validation Director Ultimate responsibility
(SD) (VD)
Study plan Validation plan Approved by SD/VD
Method Test scripts Referenced to or included in the
description plan
Conduct of study Conduct of testing The process is executed according
to the
validation plan and test scripts
Raw data Validation raw data Documented evidence of test
results
Study report Validation report Audited by QA and signed by
SD/VD

The following are the CSV procedures and approaches [1] of computerized
systems in GLP.

a) Planning and Scope Definition

b) Identify the computerized systems that generate, process, or store data
critical to non-clinical study.
c) Determine the validation scope, including the functionalities to be
validated and the associated risks.
d) Vendor Assessment (if applicable)

129
 Science and Technology - Recent Updates and Future Prospects Vol. 4
Computerized Systems and Cloud Computing with the Principles of GLP

e) User Requirements Specification (URS)

f) Installation Qualification (IQ)
g) Operational Qualification (OQ)
h) Performance Qualification (PQ)
i) Create comprehensive validation documentation, including protocols, test
scripts, test results, deviations, and any corrective actions taken.
j) Maintain a validation master plan that outlines the entire validation
process.
k) User Training
l) Change Control and Periodic Review
m) Validation Report
n) Final Approval and Release

5.2 Data Integrity - Audit Trials

An audit trail is a chronological record of events or actions within a computer

system. It captures details such as who acted, what action was taken, when it
occurred, and why it was performed [13,15]. It implemented audit trails in System
Configuration, Event Logging, User Identification, Timestamps, Retention Period,
Internal Audits, Documentation, Training, and Awareness.

5.3 Data Integrity - Backup and Disaster Recovery

Backup and disaster recovery are essential to maintaining data integrity in Good
Laboratory Practices (GLP) environments. These practices protect critical
research data from loss or corruption due to unforeseen events, technological
failures, or natural disasters. The electronic backup strategies should include
Regular Backups, Incremental Backups, Offsite Storage, Redundant Copies, and
Automated Backup Processes.

It is developing a comprehensive disaster recovery plan that outlines procedures

for data recovery in case of various disasters, such as hardware failures, software
corruption, cyberattacks, or natural calamities [16]. Regular testing of Data
Recovery, Backup Restoration, Backup Validation, Personnel Training, and
Backup Monitoring will ensure smooth disaster recovery.

5.4 Data Integrity - E-Archives

E-archives are electronic repositories that securely store and manage GLP studies'
records, data, and documentation [17,18]. The E-archives need to comply with all
the aspects of GLP archives as described in the OECD document No. 15. Other
than assuring the information on the logical and technical integrity support given
by the service provider, it is expected from the TFM to ensure complete control by
the GLP archivist of the Test Facility, which includes access control, inventory for
indexed orderly storage, a record of retrievability, evidence of record integrity and
traceability from raw data to final study report. The importance of E-Archives for
Data Integrity in GLP are Preservation of Records, Traceability and Accountability,

130
 Science and Technology - Recent Updates and Future Prospects Vol. 4
Computerized Systems and Cloud Computing with the Principles of GLP

Regulatory Compliance, Data Recovery, and long-term Accessibility. Key

considerations should be given for implementing e-archives in GLP [18].

a) Data Retention Policies

b) Data Integrity and Security
c) Metadata and Indexing / File Formats and Compatibility
d) Data Validation and Verification
e) Data Migration and Migration Plans
f) Regular Backup and Redundancy / Disaster Recovery
g) Access Controls / User Training

6. CLOUD COMPUTING TECHNOLOGIES IN GLP FACILITIES

Cloud computing refers to delivering computing services, including storage,

processing power, networking, databases, and more, over the Internet rather than
purchasing and maintaining hardware and infrastructure. We all have experienced
cloud computing at some instant; some popular cloud services have used or are
still using our mail services like Dropbox, Gmail, Hotmail, Yahoo, etc. The following
are the primary uses of clouds for various individual and company purposes: File
storage, Big Data Analytics, Data backups and archiving, Disaster Recovery,
Software testing and development, and Infrastructure as a service IaaS) and
Platform as a Service (PaaS) Communication, Social Networking, and Business
Process. The Cloud Computing has five primary characteristics [19,20], which are,

a) On-Demand and Self-Service: Cloud services are available on-demand,

allowing users to provision and manage resources (like computing power,
storage, and applications) without human intervention from the service
provider.
b) Broad Network Access: Cloud services are accessible over the Internet or
private networks, providing accessibility and reaching beyond local
infrastructure.
c) Resource Pooling: Cloud providers use multi-tenant models to serve multiple
customers from a shared pool of computing resources.
d) Rapid Elasticity: Cloud resources can be scaled up or down rapidly to
accommodate changes in workload.
e) Measured Service: Cloud usage is typically metered and billed based on
consumed resources.

6.1 Working of Cloud Computing

Cloud computing architecture consists of two parts: the front end and the back end.
The front-end part is the one that the user uses, and the host manages the back-
end part. Both ends are connected via the internet. Here is a List of Components
of Cloud Computing Architecture (Fig. 3):

a) Client Infrastructure: The client infrastructure component is the part of the

front end that provides a graphic user interface for the user to interact with the
cloud.

131
 Science and Technology - Recent Updates and Future Prospects Vol. 4
Computerized Systems and Cloud Computing with the Principles of GLP

b) Application: An application is any platform, such as an app or software,

offered by a company through which clients access the cloud.
c) Service: A cloud service manages the kind of service a client needs according
to his requirements. There are three types of services in cloud computing
(IaaS, PaaS, and SaaS).
d) Runtime Cloud: The runtime cloud provides the execution and runtime
environment to the virtual machines.
e) Storage: The storage component of cloud computing provides the storage
capacity in the cloud for storing and managing data.

Fig. 3. Cloud Computing Components and Working [21]

6.2 Cloud Computing Deployment Models

Cloud computing offers various deployment models to cater to different

organizational needs and requirements. The four (Fig. 3) primary cloud
deployment models are:

• Public Cloud: In a public cloud deployment, third-party cloud service

providers (CSPs) provide cloud services and resources over the Internet.

132
 Science and Technology - Recent Updates and Future Prospects Vol. 4
Computerized Systems and Cloud Computing with the Principles of GLP

• Private Cloud: In a private cloud deployment, cloud services and resources

are dedicated to a single organization or user.
• Community Cloud: A community cloud is a cloud computing deployment
model designed to be shared by a specific group of organizations or entities
with common interests, requirements, or concerns.
• Hybrid Cloud: A hybrid cloud deployment combines elements of both public
and private clouds, allowing data and applications to be shared between them.

Fig. 4. Cloud Computing Deployment Models [19]

6.3 Cloud Computing Services

Cloud computing offers various service types that cater to different user needs and
requirements. The primary cloud service types are (Fig. 4):

a) Infrastructure as a Service (IaaS): IaaS provides virtualized computing

resources over the Internet, allowing users to rent virtual machines, storage,
and networking infrastructure.
b) Platform as a Service (PaaS): PaaS offers a platform and environment for
developers to build, deploy, and manage applications without dealing with the
underlying infrastructure.
c) Software as a Service (SaaS): SaaS delivers software applications over the
internet, making them accessible to users through web browsers or client
applications.

6.4 Responsibilities of Using Cloud Technologies in GLP

The cloud service provider (CSP) and the test facility management (TFM) are
responsible for ensuring compliance with good laboratory practices (GLP) in a
cloud-based environment. Clear communication and collaboration between parties
are essential to maintain data integrity, security, and regulatory adherence. The

133
 Science and Technology - Recent Updates and Future Prospects Vol. 4
Computerized Systems and Cloud Computing with the Principles of GLP

cloud service provider's responsibilities are Security and Compliance, Data

Protection, Availability and Reliability, Audit Trails and Logging, Certifications and
Compliance Documentation, and Data Portability and Ownership. Test Facility
Management Responsibilities are Vendor Assessment, Data Access and Use
Policies, Risk Assessment, Training and Awareness, Audit and Monitoring,
Contractual Agreements, Disaster Recovery, and Business Continuity.

Fig. 5. Cloud Computing Services [21]

6.5 SLA between Cloud Service Provider & TFM

Prudent management of the involvement of cloud service providers is a vital

responsibility of the TFM and the GLP expectations from the service provider,
ensuring fit for purpose should be well documented in the form of an agreement.
The documentation should begin with the establishment of selection criteria of the
service provider, considering the competence and reliability as well as the quality
systems followed by the service provider.

A Service Level Agreement (SLA) is a formal contract that outlines the terms,
expectations, and responsibilities between a cloud service provider and a
customer (in this case, a test facility management) regarding the provision and use
of cloud services. The framework of SLA may include but is not limited to,

• Scope of Services
• Responsibilities of the Cloud Service Provider
• Responsibilities of the Test Facility Management
• Service Level Objectives (SLOs) and Key Performance Indicators (KPIs)
• Incident Management and Escalation Procedures
• Compliance and Security Requirements

134
 Science and Technology - Recent Updates and Future Prospects Vol. 4
Computerized Systems and Cloud Computing with the Principles of GLP

• Termination and Exit Strategy

• Review and Amendment Process
By clearly defining the responsibilities and commitments of the Cloud Service
Provider and Test Facility Management, this SLA facilitates effective collaboration,
accountability, and transparency in managing and monitoring data, users, and
applications on the cloud.
The list of SLA terms between a cloud service provider and a test facility
management in the context of GLP compliance might include:
• Service Description
• Data Security and Compliance
• Data Ownership and Protection
• Availability and Uptime
• Disaster Recovery and Business Continuity
• Performance Metrics
• Auditing and Compliance Reports
• Data Portability and Vendor Lock-In
• Access and Authorization
• Incident Response and Reporting
• SLA Termination and Remedies
• Support and Customer Service
• Confidentiality and Non-disclosure
• Legal and Regulatory Considerations

6.6 Validation and Inspections in the Cloud-based Services

As a requirement of computerized systems in GLP, the test facility should use
validated systems only, regardless of whether they are SaaS or hosted on
IaaS/PaaS. If the cloud service provider supplies part of the validation
documentation, the test facility should assess its relevance in the validation
process. If validation documentation from the cloud service provider is used, it
should be readably available at the test facility.
GLP inspectors should have the following documentation available to verify the
cloud services: records of the implemented systems, including the rationale for
selecting the systems, the risk assessment on data quality and integrity, and the
description of the implemented systems.

7. BEST PRACTICES FOR USING COMPUTERIZED SYSTEMS IN

GLP
It is imperative to adhere to a set of recommended best practices to ensure
compliance with Good Laboratory Practices (GLP) while utilizing computerized
systems. These practices encompass various system implementation, operation,
maintenance, and validation aspects. By following these guidelines, laboratories
can mitigate risks, enhance data integrity, and streamline regulatory compliance
[22]. The following section outlines key recommended best practices for the
effective utilization of computerized systems within GLP-compliant environments:

135
 Science and Technology - Recent Updates and Future Prospects Vol. 4
Computerized Systems and Cloud Computing with the Principles of GLP

a) System Validation and Qualification: Conduct thorough validation and

qualification activities for all computerized systems to ensure their reliability,
accuracy, and compliance with regulatory requirements. Define and document
validation protocols tailored to the laboratory's needs and processes, including
functional requirements, test cases, and acceptance criteria. Perform periodic
reviews and revalidation to address system changes, upgrades, or
modifications.
b) Data Integrity and Security: Implement robust data integrity controls,
including user access restrictions, audit trails, electronic signatures, and
encryption mechanisms, to safeguard data against unauthorized access,
alteration, or deletion. Regularly audit and monitor system activities to detect
and prevent potential security breaches or data integrity violations. Establish
comprehensive backup and disaster recovery procedures to ensure the
availability and integrity of critical data in the event of system failures or
unforeseen incidents [23].
c) Change Management and Documentation: Establish formal change
management processes to assess, approve, and implement system changes,
including software updates, configuration modifications, and user access
requests. Maintain detailed documentation of system configurations,
configurations, validation records, and change history to facilitate traceability,
auditability, and regulatory compliance. Provide adequate training and support
to users on system usage, procedures, and compliance requirements to
promote adherence to established protocols and standards.
d) Quality Assurance and Auditing: Conduct regular internal audits and
inspections to assess the effectiveness and compliance of computerized
systems with GLP principles, regulatory guidelines, and internal policies.
Implement corrective and preventive actions (CAPAs) to address identified
non-conformities, deficiencies, or deviations promptly and effectively. Review
external audits and assessments by regulatory authorities or third-party
organizations to validate compliance with GLP requirements and industry best
practices.
e) Lifecycle Management and Retirement: Develop a comprehensive lifecycle
management strategy for computerized systems, including planning,
procurement, implementation, operation, maintenance, and retirement
phases. Actively monitor system performance, usability, and obsolescence
risks throughout their lifecycle and take appropriate measures to ensure
continued compliance and functionality. Establish protocols for the secure and
compliant decommissioning or retirement of obsolete or redundant systems,
including data migration, archiving, and disposal procedures.
f) System Selections: Discuss the importance of selecting appropriate
software and hardware that meet GLP requirements. Emphasize the need for
thorough validation procedures to demonstrate system functionality and
suitability for intended use.
g) Data Security and Access Control: Highlight the importance of robust data
security measures, including user access controls, audit trails, and encryption
[24].
h) Electronic Records Management: Discuss best practices for creating,
storing, and archiving electronic records in a GLP-compliant manner. This

136
 Science and Technology - Recent Updates and Future Prospects Vol. 4
Computerized Systems and Cloud Computing with the Principles of GLP

includes considerations for version control, disaster recovery, and long-term

accessibility.
i) Training and User Management: Emphasize the importance of adequately
training laboratory personnel on GLP principles and the specific functionalities
of the computerized systems employed.
j) Documentation: Stress the need for comprehensive documentation of all
aspects of the computerized system lifecycle, including user manuals,
validation reports, and change control records.

By adapting to these recommended best practices, laboratories can effectively

leverage computerized systems to enhance efficiency, accuracy, and compliance
with GLP requirements while mitigating risks to data integrity, security, and
regulatory scrutiny [25].

8. CONCLUSION

Though it is an arduous task to ensure GLP-compliant computers and

computerized systems within a test facility by the management representatives,
they are assured the required and appropriate resources of both humans (including
Study Directors, Quality Assurance Personnel, and technical experts within and
outside the facility) and highly advanced technological tools and software
applications to support the management to fulfill its roles and responsibilities.
Integrating computerized systems and cloud computing technologies within Good
Laboratory Practice (GLP) principles has ushered in a new era of efficiency,
flexibility, and data management capabilities. However, it has also introduced
unique challenges that demand careful consideration and proactive solutions. This
paper delves into the multifaceted landscape of GLP compliance in the context of
computerized systems and the adoption of cloud technology. The paper has
explored the essentials and methods of data security, system validation, data
integrity, and the challenges related to regulatory compliance. It has also
scrutinized the critical importance of risk assessment and mitigation in the ever-
evolving digital laboratory ecosystem.

To address these challenges, a range of solutions and best practices are laid out
that could also mitigate them. These include robust validation processes, stringent
data security measures, well-defined change control procedures, and
comprehensive documentation practices. Furthermore, the significance of
selecting a suitable cloud deployment model—public, private, hybrid, or multi-
cloud—based on the specific organizational needs and regulatory requirements.
Organizations can thus harness the scalability and cost-efficiency of cloud
computing without compromising data integrity by choosing an appropriate model
and associated security measures. Laboratories and organizations must balance
leveraging digital transformation's advantages and upholding scientific data's
integrity and reliability. By implementing the recommended solutions and best
practices outlined in this paper, GLP-compliant test facilities can thrive in the digital
age while staying true to the core principles of scientific excellence and regulatory
compliance. As technology evolves, the commitment to maintaining GLP

137
 Science and Technology - Recent Updates and Future Prospects Vol. 4
Computerized Systems and Cloud Computing with the Principles of GLP

standards will remain paramount, ensuring the credibility and trustworthiness of

research outcomes in the coming years.

ACKNOWLEDGEMENTS

We sincerely thank the International Institute of Biotechnology and Toxicology

(IIBAT) for providing an enriching environment conducive to learning and research.
IIBAT has been invaluable in shaping our understanding of Good Laboratory
Practices (GLP) and its alignment with computerized systems and cloud
computing. Additionally, we would like to thank the PERI College of Arts and
Science management for their continuous support and encouragement. As an
Associate Professor and Head of the PG Department of Computer Science and
Applications at PERI, the institution has provided an excellent platform for
academic pursuits and collaborative endeavors. We are also thankful to all our
colleagues and peers who have contributed to the development of this chapter and
the broader discourse on the intersection of science, technology, and regulatory
compliance.

COMPETING INTERESTS

Authors have declared that no competing interests exist.

REFERENCES

1. Esch PM, Donzé G, Eschbach B, Hassler S, Hutter L, Saxer HP, Timm U,

Zühlke R. Good Laboratory Practice (GLP)– guidelines for validating
computerized systems. The Quality Assurance Journal. 2007;11(3-4):208-
220.
Available:https://doi.org/10.1002/qaj.426.
2. NGCMA Secretariat. Issue number 4: Procedure of NGCMA secretariat:
Document no. GLP-104. Accessed 04 Septermber 2023; 2016.
Available:https://dst.gov.in/sites/default/files/GLP-104.pdf
3. Wang L, Zhang Y. Data integrity and compliance challenges in
computerized systems for GLP laboratories. Journal of Pharmaceutical
Sciences. 2023;19(2):76-89.
4. OECD. Number 17: Advisory document of the Working Group on Good
Laboratory Practice: Application of GLP principles to computerized
systems. Accessed 12 November 2023; 2022.
Available:https://www.OECD.org/officialdocuments/publicdisplaydocument
pdf/?Cote=env/jm/mono(2016)13&doclanguage=en.
5. Regehr M. GLP Computerized Systems – Updates from OECD Guidance.
BASF Corporation. Accessed 04 August 2023; 2016.
Available:https://naicc.org/wp/wp-content/uploads/2015/09/Regehr-GLP-
Computerized-Systems-OECD-v.2016.01.28.pdf
6. Gupta S, Patel R. GLP Compliance in the Cloud: Strategies and Best
Practices. Wiley; 2023.

138
 Science and Technology - Recent Updates and Future Prospects Vol. 4
Computerized Systems and Cloud Computing with the Principles of GLP

7. Jones K, Brown M. Data security and integrity in computerized systems for

GLP Laboratories. Academic Press; 2024
8. Peterson A. Cloud Computing in Good Laboratory Practice: Implementation
and Regulatory Compliance. CRC Press; 2023.
9. Test facility management as per good laboratory practice: Accessed 12
November 2023.
Available:https://medcraveonline.com/MOJT/test-facility-management-as-
per-good-laboratory-practice.html
10. SynControl. (n.d.). What Auditors Consider to be Good Quality Inspection
Records. Accessed: 12; 2023. Available:https://www.syncontrol.com/what-
auditors-consider-to-be-good-quality-inspection-records/
11. UNDP/World Bank/WHO. (n.d.). Handbook–Good Laboratory Practice
(GLP). India. Accessed 04; 2023.
Available:https://apps.who.int/iris/handle/10665/66894.
12. Brown M, Jones K. Security considerations in implementing cloud
computing for GLP compliance. Journal of Quality Assurance in
Laboratories. 2024;12(1):18-30.
13. OECD. Number 22: Advisory document of the Working Party on GLP data
integrity. Accessed 12 November 2023; 2022.
Available:https://one.OECD.org/document/env/cbc/mono(2021)26/en/pdf.
14. OECD. Number 10: GLP consensus document: Applying the principles of
GLP to computerized systems - Environment Monograph No. 116.
Accessed 12 November 2023; 1995.
Available:https://www.OECD-ilibrary.org/environment/the-application-of-
the-principles-of-GLP-to-computerised-systems_9789264078710-
en;jsessionid=xg9XpVeE5Ft55UrBDNWX3hFw9tY9GxTjO-ZFUTh8.ip-10-
240-5-26.
15. OECD.. Number 23: Advisory document of the Working Party on Good
Laboratory Practice on Quality Assurance and GLP. Accessed 12
November 2023; 2022.
Available:https://one.OECD.org/document/env/cbc/mono(2022)20/en/pdf
16. World Health Organization (WHO). (Year). WHO GLP Training Manual
(2nd Ed.). Accessed 15; 2023.
Available:https://proto.ufsc.br/files/2012/03/glp_trainee_green.pdf.
17. OECD. Number 15: Advisory document of the Working Party on GLP -
Establishment and Control of Archives. Accessed 12 November 2023;
2007.
Available:https://one.OECD.org/document/ENV/JM/MONO(2007)10/en/pdf
18. AGIT. Working group on information technology. Good laboratory practice
(GLP); guidelines for archiving electronic raw data in a GLP environment.
Qual Assur J. 2003;7:262–269.
19. OECD. Number 17 – supplementary 1: Advisory document on GLP & cloud
computing. Accessed 12 November 2023; 2023.
Available:https://one.OECD.org/document/ENV/CBC/MONO(2023)27/en/p
df.

139
 Science and Technology - Recent Updates and Future Prospects Vol. 4
Computerized Systems and Cloud Computing with the Principles of GLP

20. Smith J, Johnson A. Integration of cloud computing in GLP laboratories:

Benefits, challenges, and best practices. Journal of Good Laboratory
Practice. 2023;15(2):45-58.
21. Banger NKP, Shetty SJ. A review paper on cloud computing architecture,
types, advantages and disadvantages. International Journal of Advanced
Research in Science, Communication and Technology (IJARSCT).
2022;2(2).
22. Johnson R, Smith P. (Eds.). Handbook of Computerized Systems in GLP
Laboratories. Springer; 2022
23. Patel R, Gupta S. Emerging trends in computerized systems for GLP
compliance. Journal of Regulatory Sciences. 2022;7(3):112-125.
24. Lee C, Kim D. Cloud-based data management solutions for GLP
laboratories. Journal of Laboratory Informatics. 2023;20(4):234-247.
25. Kim D, Lee C. Advanced data management solutions for GLP laboratories:
From cloud computing to blockchain. Elsevier; 2023.

140
 Science and Technology - Recent Updates and Future Prospects Vol. 4
Computerized Systems and Cloud Computing with the Principles of GLP

Biography of author(s)

Mahalingam Palaniandi, M.Sc. Ph.D.

PG Department of Computer Science and Applications, PERI College of Arts and Science, Chennai –
600048, Tamil Nadu, India.

Research and Academic Experience: He has 30 years of experience in industry, academic and research
with the capacity of Systems Programmer, Assistant Director, Associate Professor and Head of the
Department of Computer Science and Applications.

Research Areas: His areas of research mainly include Computer Networks, Network Security, GLP in
Computer Systems, Storage, Cloud Computing, Software Engineering and IoT.

Number of Published papers: He has 15 peer-reviewed research papers, and 3 books in the areas of
Cloud Computing, Fundamentals of Computers and IoT and its Applications.

Special Award: He received an Award under “Academic Leadership” with the Certificate of Achievement
(Sl. No: BE/ISO/23/EL/15161) by Bestow Edutrex International Org., https://bestowedutrex.co.in/ an ISO
9001: 2015 (IAF), NGO with NITI Aayog, MSME, Government of India in recognition of academic
achievements and contributions.

141
 Science and Technology - Recent Updates and Future Prospects Vol. 4
Computerized Systems and Cloud Computing with the Principles of GLP

Amalan Stanley V., M.Sc. Ph.D.

Scientific and Academic Board, International Institute of Biotechnology and Toxicology, Padappai –
601301, Kancheepuram District, Tamil Nadu, India.

Research and Academic Experience: He has 35 years of research experience in the field of
environmental and regulatory toxicology.

Research Areas: His areas of research mainly include preclinical regulatory toxicology, endemic fluorosis,
and removal of fluoride from drinking water, and principles of good laboratory practice.

Number of Published papers: He has 34 peer-reviewed publications, and 2 chapters in books on

regulatory toxicology and herbal drugs.

Special Award: He carried out socially relevant research projects through the dissemination of science
and technological concepts funded by national agencies.
___________________________________________________________________________________
© Copyright (2024): Author(s). The licensee is the publisher (B P International).

Peer-Review History:
This chapter was reviewed by following the Advanced Open Peer Review policy. This chapter was thoroughly checked to
prevent plagiarism. As per editorial policy, a minimum of two peer-reviewers reviewed the manuscript. After review and
revision of the manuscript, the Book Editor approved the manuscript for final publication. Peer review comments, comments
of the editor(s), etc. are available here: https://peerreviewarchive.com/review-history/608

142