Security and GMP SaaS Software

protecting validated CMMS

Protecting your data is a shared responsibility with your CMMS provider.

Use of SaaS based software is the trend in regulated industries as companies realize the great benefits of cost, infrastructure management, and flexibility. Providers can take a significant amount of the load off of users by managing the hardware, software development, implementation, change control, backup systems, etc.

However, there is still a significant amount of responsibility that rests on the users of SaaS-based validated CMMS systems that are beyond the scope of the software provider. The users must have procedures in place to manage the use, security, user management, data integrity, and record management.

GxPReady!  works with our customers and provides guidance that customers can integrate into their implementation to ensure that the system operates reliably, securely, and in compliance with regulatory requirements and the intended use.  This is part of what makes GxPReady! Suite the best value for validated CMMS software.

One of the security issues that is somewhat beyond the control of the provider is the security of computers used to access the validated system. The user should have (as part of their computer system validation master plan) a plan to keep any computers that are used for GMP purposes secure. This goes beyond the initial validation. One key that is sometimes overlooked is updating the anti-virus software and periodically installing updates to the operating system.

One key that is sometimes overlooked is updating the anti-virus software and periodically installing updates to the operating system.

Many of the security incidents that are discussed in the media could have been prevented with simple updates to the operating system and virus protection software.  Some of the things you can do to support the security that the validated CMMS software provider already has in place for you include:

  • Implement a general IT security plan at your plant for all of your computer systems
  • Perform training to ensure that personnel with access to computer systems understand the security issues
  • Educate personnel on the risks of email, media of unknown origin, and control software installation
  • Verify identity of all authorized users and ensure that their access is appropriate for their job functions
  • Use complex passwords
  • Remove unauthorized users as appropriate
  • Perform backups regularly and/or verify that your service provider is creating backups
  • Update operating systems and security systems periodically, especially if critical security updates are released

As a user of GxPReady! Suite, you can rest assured that we have procedures such as these in place and that we will support you in developing internal procedures as necessary to help ensure that your data are safe and sound.  That is part of why we believe we are providing the best validated CMMS software solution for most companies.  

At GxPReady! we strive to provide the best validated SaaS CMMS software solution for most companies. 

GxPReady! Suite has been developed with security requirements in place and is designed for compliance with 21CFR11 in mind.  This is supported by our security and design/change control procedures, system backups and redundancies, and finally, recommendations at time of deployment so that all of our customers are taking appropriate measures to protect their systems which could potentially create risk to their data.