Can anyone recommend any standards that should be usd in qualifying servers for FDA? I am thinking amongst other things security standards important?
Chandra: the server qualification follows the same requirements as for any piece of hardware (Location, electrical fascilities, Acces) etc). However, it is the IT Department responsibility, normally, to complete this qualification as they are the expert on this body of knolwedge. Most probably the IT department follows internal or Corporate guidance in this process and have adopted COBIT and ITIL good practices (standards) for their governance and management. It is very important to document the server role within the network, access, disaster recovery plans, redundancy, backup restore procedures, access controls etc aside from electrical and environemental controls…
ISPE also publishes a GAMP good practice guide “IT Infrastructure Control and Compliance” that you may find helpful.
http://www.ispe.org/guidancedocs/it_infrastructure_control_and_compliance
The level of security will be dependent on the GxP applications that run on the server. Also have disaster recovery and/or backup procedures in place to minimize downtime. The extent of which is also dependent on the criticality of the GxP applications.
If I understand your question correctly then …You would also like to follow CFR Part 11 Requirements for access control, audit trail, security and training requirement standards.