FREQUENTLY ASKED QUESTIONS

Hosting and cloud companies are not governed by the FDA. We contractually tie ourselves to our customers to assist in the regulatory inspection readiness for any activity we perform for our customers. These inspections can be pre-planned or unannounced. For service providers, we perform the same level of preparation for your customers. 

We’ve performed an analysis of our service and infrastructure to the regulations. The audit is available for inspection at any time. An analysis is available for EudraLex Annex 11 as well. 

Public Cloud does nothing to help customers deploy GxP systems with the exception of setting the expectation their infrastructure is GxP compliant (which you can’t audit). Validated Cloud has transparency throughout for full auditability. We deploy fully qualified systems and network and manage these systems throughout their life cycle to international GxP standards. We will assist in any/all audit defense for any activity we perform.  The pricing for the virtual servers is about the same between Public Cloud and Validated Cloud, so why do the work yourselves. 

The Quality system we developed is the overarching set of rules, and procedures for our operations. The Quality system is a subset of applicable procedures, built in accordance to 21 CFRPart 11, MHRA applicable rules, and EudraLex Annex 11 and open for audit by our customers. Transparency to our customers was built in since inception. Our Quality system was designed to take the best from our combined quality, technical and operational industry experience and best practices. The result is a defensible, auditable and operationally efficient functional qualified platform. 

We are acutely aware that we host Life Science intellectual property (BioPharmaceutical/Medical Device), patient data for CROs and other types of confidential Life Science data that might attract interest. Our datacenter areas do not have any markings to identify ourselves. There are multiple secured gates to traverse to gain physical access. Logically, there are multiple layers of security we won’t share on this FAQ.  Our sole focus is the Life Science industry so all of our solutions support all applicable international requirements for regulated systems. Please contact us for more detail.  

The people who created Validated Cloud all came from the BioPharmaceutical or Medical Device industries. All had participated in the building of internal compliant private clouds, Standard Operating Procedures (SOPs), training, design, architecture, Quality and/or Validation. The combined experience of the team enable us to draw on the best designs, operational expertise and functional compliance to create a service designed to appeal to companies large and small. 

We understand that compliance and security are the two areas of our customers highest concern. Validated Cloud provides two types of security constructs to our customers. We provide both FDA Open/Closed types of connections to meet the requirements of our customers. Validated Cloud can be a private extension of your corporate network, a secure island for GxP activities, and/or a public internet network accessible by a defined set of contributors or users. Security of our datacenter environments starts far outside of our first controlled perimeter with Distributed Denial of Service protection (DDoS). Only encrypted connections can traverse into our datacenters. We monitor security continually for the benefit of all. 

The Validated Cloud validation team does provide validation services. When an application is installed in Validated Cloud, that does not make the application, data, and processes validated. There is additional work required to make applications, data, and processes validated. We have  domain-expert validation consultants to help assist in the validation process. Validated Cloud also has core Quality system SOPs customers can use and customize for their needs. Our goal is to get our customers up and going as fast as possible in a fully compliant manner. 

Applications and processes are validated and require user requirements and some type of acceptance via Performance Qualification (PQ) or User Acceptance Test (UAT). Validated applications and data live on qualified servers, databases and IT infrastructure. Qualification involves Installation and Operational Qualifications. These can be separate or combined documents more commonly known as IQ, OQ or combined as IOQ. Validated Cloud provides a fully qualified IT infrastructure with qualified network, servers, databases and other supporting platforms handed over to our customers for a turn-key compliant environment. 

Validated Cloud rents cage space within global datacenters where by our cage space is considered all GxP. We manage and operate all of the computer equipment and platforms. We do not subcontract any of our platform services. We leverage the datacenters for power, cooling and physical security controls – that’s it. The datacenter has no ability to get to our customer data as everything is encrypted in our cages and we manage the encryption keys 

The complexities of redundant power, cooling and implementing advanced security systems are not our specialization. We rely on industry leaders to provide and manage all of the electrical, environmental and physical security into the datacenter. We manage all aspects of security and compliance within our area of the datacenter. We rely on industry experts who manage hundreds of datacenters. All of our locations have redundant internet, power, generators and cooling to keep all services running smoothly for high availability. In 2023, we expanded into the EU via the acquisition of GxP-Cloud, a Netherlands-based company, and opened another datacenter in Dublin, Ireland.

Validated Cloud as a corporation started in 2015. The Validated Cloud service was incubated in a company called MUSA Technology Partners (MUSA). The Validated Cloud service started as an internal MUSA initiative in 2009 and was ready for business (open and ready to pass an audit) in February 2011. Predecessors of MUSA have been in business since 2004 and merged to create MUSA in 2007.

Validated Cloud is privately owned by people who work everyday within the day-to-day operations without any outside investment or influence. The ownership, management team, Quality Department, Validation Department and engineers are dedicated to the pursuit of the best overall customer experience possible.