IT Infrastructure and Network Qualification Case Study

Problem Definition

A company, with several facilities across multiple continents, was looking to qualify their network infrastructure. The qualification effort was underway for over six months prior to ValiMation’s involvement, and the project going nowhere fast.  The qualification effort had the following stumbling blocks:

  • The network infrastructure was strewn across multiple facilities, with IT staff in each facility handling their own network realms. 
  • There were no consistent operating methodologies across facilities.
  • There was no standardization of hardware / software components across facilities.
  • Consultants hired for the undertaking of the effort were severely impeded by a constantly morphing network.  This was caused due to new acquisitions, and unclear communication with the IT staff who went about with “business as usual”.
  • Consultants hired were not clear in justifying the reasons for their qualification methodologies, thus creating friction between them and IT personnel.
  • Communication with IT personnel was impeded by the geographic distances between locations.
  • A clear configuration management strategy was not in place.
  • The scope of the qualification effort was growing at an incredible place with no mechanism for reining it in.

ValiMation’s Role

ValiMation was hired to take the lead role in this qualification effort and is still contributing to the success of this project. ValiMation employed a contrarian approach to the problem which is discussed below:

An Accretive Model to the Qualification of a GxP Network Infrastructure

ValiMation proposed a new approach to the qualification of the constantly morphing behemoth that was the client’s network.  The methodology that was proposed and subsequently adopted relies on an accretive model to network qualification. The model follows a start small and scale to required size philosophy. 

Figure 1: ValiMation's Accretive Model

The accretive model involved the following steps:

Build a prototype network

Working with IT personnel from all the various facilities, and employing industry best practices, a small scale prototype network was built simultaneously with establishing the requirements for the network.  Basically, a mini model of the envisioned production network was built that provided all departments / teams with a “compliance playground” to ensure that best practices both, from the perspective of the IT infrastructure experts as well as the qualification experts, existed, and could be tested. 

Qualify the prototype network

Once the requirements were defined and the prototype network was built, it was ready for qualification.  The qualification activities were performed using a service based approach (Refer Section 4.2.2).  At the end of the qualification effort the prototype network was considered to be in a GxP compliant state and ready to “receive” GxP applications and data.

Deploy the Prototype to Production

The prototype network was replicated (to maintain deployment and production environments), some basic qualification performed (to demonstrate consistency between development and production environments) and then deemed the qualified network.

Validate the “deploy to production” process

The process of deploying existing network services to the production network as well as scaling existing services to the production network was validated. This was especially applicable to the deployment of baseline systems (clients as well as servers) that were required to function in a qualified environment. Designing and validating a “deploy to production” process ensured that any network service that would be incorporated into the production environment did not jeopardize the “state of compliance” of the network. Furthermore the automated portion of the deployment need require no further testing to ensure compliance objectives have been met.

Incorporate more GxP systems and maintain state of continued compliance

Once the prototype was deployed to production, the compliance framework established during the qualification was capable of maintaining the network infrastructure in a “state of continued compliance”. This objective was achieved with the use of a change and configuration management strategy coupled with a configuration qualified for scalability, which ensured the production network continued to meet the original design objectives of the network infrastructure. GxP systems were then phased into the network based on specific needs and schedules.

Service Based Approach to Qualifying the Network

Approach

The essence of the service based approach to qualifying a network, is to break the network down into its component services and then launch a focused qualification effort of each service.

The intent of a network infrastructure in a GxP environment is to provide a qualified environment in which GxP applications that are reliant on the network are able to function within a validated compliance framework.  The network infrastructure, due to its dynamic nature and ability to morph, was treated as a set of services that provide a clearly defined interface to GxP applications that require the use of either some or all of these services.

Figure 2: NIS Qualification Model

The network infrastructure was then designed very broadly to meet the following design goals:

  • Scalability
  • Availability
  • Security
  • Manageability
  • Agility
  • Performance

A risk assessment document was developed where each design goal was then prioritized to conform to the spirit of applicable FDA regulations with regard to the validation of computerized systems. Whenever a conflict existed between two or more design goals on some specification, unless unavoidable, the design goal with the highest priority prevailed in the decision making process.   

Services

The services that were considered as part of the qualification are listed below:

  • Network Devices.
  • Server / Client Hardware.
  • Storage and Backup Services.
  • Deployment Services.
  • Networking Services.
  • Firewall Services.
  • Directory Services.
  • File and Print Services.
  • Data Services.
  • Messaging and Collaboration.
  • Web Services.
  • Management Services.

Security and Configuration Management were important considerations for the qualification of each of the services.

ValiMation’s responsibilities included:

  • Project Management of the entire qualification effort.
  • Risk Assessment development – Identifying and mitigating risks associated with the business process, qualification methodology, network design and network usage.
  • Service based document development (Requirements Specifications, Design Specifications, IQ/OQ/PQ development, SOPs, Reports) for each network service. Executions of qualification protocols.
  • Assisting in the establishment of tools / programs and / or processes for:
    • Configuration Management.
    • Network inventory.
    • Deployment Services.
    • Management (and Monitoring) Services.

ValiMation's Impact - Our Unique Value Proposition        

  • Applying our Service Based Accretive Model for Network Qualification.
  • Providing a successful “out- of-the-box” thinking to rein in the project scope.
  • Bridging the gap between the IT personnel and compliance personnel by involving them in the design of the prototype network that meets both their needs, which contributed to the success of the project.
  • Developing a comprehensive risk based approach to the validation effort.
  • Developing processes and procedures that ensured knowledge transfer to the clients’ IT staff, and ongoing compliance of the network infrastructure.
  • We bridged Technology and Compliance.
Case StudyNagesh NamaAccretive Model, IT Infrastructure Qualification, IT Quality Management, Success Story1 Comment