Cybersecurity Expectations for GxP Systems

This course translates FDA cybersecurity expectations for GxP systems into clear, inspection-ready actions, bridging validation, data integrity, and modern IT realities. It equips teams to make defensible security decisions across cloud, SaaS, and device-connected environments without overengineering or missing critical FDA expectations.

WHY YOU SHOULD ATTEND:

Cybersecurity has become inseparable from GxP system compliance, yet many organizations still treat it as a pure IT concern rather than a regulated control impacting product quality, patient safety, and data integrity. Modern cloud platforms, SaaS tools, and network-connected devices only increase this pressure.

Teams often struggle to align cybersecurity controls with CSA, CSV, and SDLC expectations. Gaps appear when security is bolted on after validation, responsibilities are unclear, or supplier controls are assumed rather than verified—issues that surface quickly during FDA inspections.

This webinar provides practical clarity on how cybersecurity fits into regulated GxP systems. It strengthens judgment around risk-based controls, shared responsibility, and inspection readiness, helping teams defend their approach when FDA asks how security supports compliance.

AREAS COVERED:

• Identifying GxP systems that require cybersecurity controls
• FDA expectations for security in CSA/CSV environments
• SDLC & GAMP 5 (Second Edition) security touchpoints
• Data integrity and Part 11 risks linked to cybersecurity
• Access control, audit trails, and role management
• Cloud and SaaS cybersecurity responsibilities
• Operating medical devices in a hospital/clinic network – the challenges
• Supplier cybersecurity evidence and assessments
• How to prepare for FDA cybersecurity questions

WHO SHOULD ATTEND:

• Quality Assurance (QA) Departments
• Compliance Departments
• Regulatory Affairs (RA) Departments
• IT / Information Systems Security Leads
• Digital Transformation and Automation Leaders
• Medical Device Software Engineers
• Senior Management Responsible for Inspection Readiness

Course Director: CAROLYN TROIANO

Carolyn Troiano has more than 30 years of experience in computer system validation in the pharmaceutical, medical device, animal health, tobacco and other FDA-regulated industries. She is currently an independent consultant, advising companies on computer system validation and large-scale IT system implementation projects. During her career, Carolyn worked directly, or on a consulting basis, for many of the larger pharmaceutical companies in the US and Europe. She developed validation programs and strategies back in the mid-1980s, when the first FDA guidebook was published on the subject, and collaborated with FDA and other industry representatives on 21 CFR Part 11, the FDA’s electronic record/electronic signature regulation. Carolyn has participated in industry conferences. She is currently active in the PMI, AITP, and RichTech, and volunteers for the PMI’s Educational Fund as a project management instructor for non-profit organizations.