Applications that control or support business processes are an essential part of a business's success. You have to ensure patient safety, product quality, and data integrity through the validation of these applications.
Like any software, however, these applications depend directly on the underlying IT infrastructure. If the infrastructure is not or only insufficiently maintained, there exists a risk that the systems can or will be compromised or that data will be manipulated. For this reason, infrastructure qualification is part of GxP compliance and is explicitly required from a regulatory perspective (Annex 11).
Increasing complexity, virtualization, outsourcing in the form of infrastructure, platform or software as a service (XaaS), present major challenges to the qualification of the infrastructure. The initial stages of infrastructure qualification can be difficult and raise many questions: