US: (888) 231-0816

Box Meets Complex Security and Global GxP Validation Requirements

People in a lab

Learn how USDM enabled a GxP compliant cloud content management solution for a global biosciences company with an aggressive submission deadline.

In stage II of their clinical trials, a global biosciences company needed rapid validation of their new Box GxP environment in preparation for a Food and Drug Administration (FDA) submission. They had highly complex security requirements and aggressive timelines. The company was founded in China and has locations in the United States, developing infectious disease treatments (including COVID-19).

The Situation
  • The customer required assistance with configuration and continuous validation of their new Box instance to house regulated GxP data in preparation for an FDA submission.
  • Box, a cloud content management system, would serve as the gateway for secure data exchanges between collaborators and SAS prior to submission.
  • The customer had very limited Computer System Validation (CSV) and GxP regulatory experience.
  • Validation was required for the global platform on a very aggressive timeline that involved stakeholders in China and the U.S. for execution and document review.
  • Data loss prevention, data storage, and computer power needed to be adapted and implemented for their current platform.
  • Security requirements traditionally handled by VPN, SFTP, and VLANs needed to be adapted and implemented.
The Solution
  • USDM performed discrete steps and activities to collectively demonstrate the capability of Box GxP to meet the customer’s business and regulatory requirements and to provide confidence in the design, deployment, and maintenance of the systems.
  • USDM and Box provided technical and regulatory guidance while implementing secure data exchanges to meet the customer’s strict record security standards.
  • USDM developed and performed Installation Qualification (IQ) and Performance Qualification (PQ) testing. Testing included specific validation for a custom workflow for document management using Box Relay.
  • USDM assisted in developing the Administrative Standard Operating Procedure (SOP) to establish change control guidelines.
  • USDM provided Part 11 and Annex 11 assessment forms plus CSV and change control procedures that the customer will leverage in their continuing CSV approach.
  • USDM’s automated testing tool minimized the CSV effort.
  • USDM delivered a validation plan and defensible documentation using the CSV approach that can be used for FDA audits.
  • USDM provided the know-how and CSV resources to complete the implementation and validation, saving the customer from hiring in-house resources and providing training.
  • The customer subscribed to USDM’s Cloud Assurance managed service, so they don’t have to worry about maintaining their validated state.

The Results

  • Achieved defensible global CSV in the highly complex implementation​
  • Box CSV established the basis for future CSV efforts​
  • Minimized in-house hiring costs by outsourcing validation and continuous maintenance to USDM’s knowledgeable team


Resources that might interest you