Issue link: https://read.uberflip.com/i/1182456
Amazon Web Services – Using AWS In GxP Systems January 2016 Page 33 of 34 AWS Products like Amazon Simple Queue Service (SQS) and Amazon Kinesis, as well as the identity and access management tools that enable user- and service-level access controls. Personnel Training: AWS customers develop, maintain, and use the GxP data and systems within their AWS account, which means they can follow their existing policies and procedures for determining whether their staff have the education, training and experience to perform their assigned GxP tasks. AWS offers extensive technical documentation and customer training programs to help customer IT engineering staff achieve their AWS learning goals, and the extensive AWS partner ecosystem includes third-party system integrators and consulting partners with competencies in healthcare and life sciences. System Documentation: Use of appropriate controls over systems documentation can be achieved by customers using their existing controlled document procedures and systems. AWS technical documentation can be referenced using the appropriate URL and any version specific information the customer requires. Additionally, since each customer's virtual infrastructure in AWS is by nature a software-defined infrastructure, customers can version control and archive the complete set of code and templates they use to define the AWS resources in their account (see Qualified Infrastructure). Security Controls: Additional measures such as encryption of data at-rest and in- transit can be implemented by customers using their existing client-side encryption solutions or AWS's extensive line of security products such Amazon Key Management Service (KMS) as well as server-side encryption, transparent data encryption (TDS), and Secure Socket Layer (SSL) features in products like Amazon Simple Storage Service (S3), Amazon Relational Database Service (RDS) and Amazon Elastic Load Balancer (ELB). Amazon Virtual Private Cloud (VPC) is a product that lets customers control their virtual networking environment and create encrypted Hardware Virtual Private Network (VPN) connections between their on- premises datacenter and their Amazon VPC so they can leverage the cloud as an extension of their existing networks. Electronic Signatures: Requirements for electronic signature manifestations, signature/record linking, and electronic signature components and controls are typically satisfied as part of the validated applications that customers use to generate and maintain their GxP data. Customers should evaluate the suitability of their existing electronic signature applications with the virtual network in their AWS account, or they can also address the electronic signature requirements as part of the custom, cloud-native applications they develop themselves. When AWS products are used to address requirements such as password controls, out-of-the-box features like Amazon IAM Password Policies can allow customers to create their own password complexity and aging policies according to their specific requirements. Data Retention: The procedures and policies for each customer's GxP data lifecycle and retention requirements are highly variable depending on the customer's organization and the particular requirements that apply to them. When designing and developing GxP data management solutions in their AWS account, customers should take care to specify their confidentiality, integrity and availability requirements, including any record retention policies for raw data, derived data, and metadata.