Frequently Asked Questions

Hosting and cloud companies are not governed by the FDA. We contractually tie ourselves to our customers to assist in the regulatory inspection readiness for any activity we perform for our customers. These inspections can be pre-planned or unannounced. For service providers, we perform the same level of preparation for your customers. 

We’ve performed an analysis of our service and infrastructure to the regulations. The audit is available for inspection at any time. An analysis is available for EudraLex Annex 11 as well. 

95% of Validated Cloud’s customers leverage the Validated Cloud Platform as a Service (PaaS). This service manages backups, geographic disaster recovery, anti-virus, anti-malware, anti-ransomware, platform patching, managed perimeter security and much more. See the Validated Cloud Quality Agreement for a full breakdown of roles and responsibilities and the public cloud comparison page: Public Cloud Comparison 

The Quality system we developed is the overarching set of rules, and procedures for our operations. The Quality system is a subset of applicable procedures, built in accordance to 21 CFR and open for audit by our customers. Transparency to our customers was built in since inception. Our Quality system was designed to take the best from our combined quality, technical and operational industry experience and best practices. The result is a defensible, auditable and operationally efficient functional qualified platform. 

We are acutely aware that we host Life Science intellectual property (BioPharmaceutical/Medical Device), patient data for CROs and other types of confidential Life Science data that might attract interest. Our datacenter areas do not have any markings to identify ourselves. There are multiple secured gates to traverse to gain physical access. Logically, there are multiple layers of security we won’t share on this FAQ. Please contact us for more detail.  

The people who created Validated Cloud all came from the BioPharmaceutical or Medical Device industries. All had participated in the building of internal compliant private clouds, Standard Operating Procedures (SOPs), training, design, architecture, Quality and/or Validation. The combined experience of the team enable us to draw on the best designs, operational expertise and functional compliance to create a service designed to appeal to companies large and small. 

We understand that compliance and security are the two areas of our customers highest concern. Validated Cloud provides two types of security constructs to our customers. We provide both FDA Open/Closed types of connections to meet the requirements of our customers. Validated Cloud can be a private extension of your corporate network, a secure island for GxP activities, and/or a public internet network accessible by a defined set of contributors or users. Security of our datacenter environments starts far outside of our first controlled perimeter with Distributed Denial of Service protection (DDoS). Only encrypted connections can traverse into our datacenters. We monitor security continually for the benefit of all. 

The Validated Cloud validation team does provide validation services. When an application is installed in Validated Cloud, that does not make the application validated. There is additional work required to make an application validated. We have validation consultants to help assist in the validation process. Validated Cloud also has core Quality system SOPs customers can use and customize for their needs. Our goal is to get our customers up and going as fast as possible in a fully compliant manner. 

 Applications and processes are validated and require user requirements and some type of acceptance via Performance Qualification (PQ) or User Acceptance Test (UAT). Validated applications and data live on qualified servers, databases and IT infrastructure. Qualification involves Installation and Operational Qualifications. These can be separate or combined documents more commonly known as IQ, OQ or combined as IOQ. Validated Cloud provides a fully qualified IT infrastructure with qualified network, servers, databases and other supporting platforms handed over to our customers for a turn-key compliant environment. 

Having a qualified datacenter creates additional overhead and isn’t required for the type of services we provide. A good example of where a qualified datacenter would be appropriate would be for a closed network manufacturing facility. 

The complexities of redundant power, cooling and implementing advanced security systems are not our specialization. We rely on industry leaders to provide and manage all of the electrical, environmental and physical security into the datacenter. We manage all aspects of security and compliance within our area of the datacenter. We rely on industry experts who manage hundreds of datacenters. All of our locations have redundant internet, power, generators and cooling to keep all services running smoothly for high availability. 

Validated Cloud as a corporation started in 2015. The Validated Cloud service was incubated in a company called MUSA Technology Partners (MUSA). The Validated Cloud service started as an internal MUSA initiative in 2009 and was ready for business (open and ready to pass an audit) in February 2011. Predecessors of MUSA have been in business since 2004 and merged to create MUSA in 2007.

Validated Cloud is privately owned by people who work everyday within the day-to-day operations without any outside investment or influence. The ownership, management team, Quality Department, Validation Department and engineers are dedicated to the pursuit of the best overall customer experience possible.