What are the IT and non-IT compliances in the Pharmaceutical industry in India?

The pharmaceutical industry is one of the most regulated industries in India. They have been under the threat of malpractices ranging from harming the brand image to masking safety information and disregarding quality IT standards since their inception. Hence, it has become extremely crucial for them to adopt a myriad of regulations and compliances, not only due to the rapid changes at the global level but also to ensure a healthy supply of quality drugs within India and abroad.

A publication named “The Pharmaceutical industry-the way forward” by IPA in June 2019 noted that “India has faced the highest number of USFDA inspections since 2009 (in 2016, there were 840 FDA inspections in India followed by 593 in China). As per the survey “Analysing the state of Data Integrity Compliance in the Indian pharmaceutical industry” conducted by E&Y in 2015, the Indian pharma industry has been struggling with regulatory compliance.

But what are these “compliances” and how does IT help Pharma industry to adhere to these compliances? There is very limited content out there on the subject and I decided to take this challenge to shortlist the main IT and non-IT compliances followed by Pharma industries in India.

Even after all the research, it’s not been an easy task to conclude on this piece of information. For a matter of fact, I knew that stakeholders from the pharma industry can provide answers to all my questions. I decided to speak to a few of the big players in the Pharma industry to find the solution to this biggest problem statement – “what are the compliances followed by Pharma companies in India”. One among them was the Vice President of systems of one of the largest Pharma companies in Asia and our biggest customer in the Pharma industry.

I was finally out of this conundrum!


The IT environment is very restricted in Pharma companies. Imagine not being able to upgrade the operating system on your own or do patching? If a Pharma company decides to adopt an IT solution, they have to go through a stringent process of testing, analysing the impact and after going through hierarchy of permissions, they can employ an IT solution.

Pharma companies have to adhere to regulated and non-regulated compliances. Regulatory compliance varies between countries, US FDA -(USA), DCGI -(India), ANVISA –(Brazil), EMEA (European Union) etc.

I have shortlisted a few of the main IT and non-IT compliances followed by the largest Pharmaceutical companies in India:

1.  FDA 21 CFR Part 11:

This compliance is essential for those FDA regulated Pharma companies that wish to use electronic quality records and electronic signatures in place of their paper-based and ink-based counterparts to comply with FDA regulations faster and more efficiently.


2.  ISO/IEC 27001

The purpose of this policy, as a requirement of Intellectual Property Rights and TS ISO/IEC 27001 Standard, is to ensure the integrity, confidentiality (protection against unauthorized access), availability and security of the company and customer information as an important asset of the organization, preserve the business continuity in organization, sustain the integrity and reliability of information management system throughout the relationships with all of business partners and customers.

This International Standard has been prepared to provide requirements for establishing, implementing, maintaining and continually improving an information security management system.


3.  ISO 9001

ISO 9001 is the one standard within the ISO 9000 system that defines the requirements for a quality management system and helps businesses and organizations to be more efficient, improve customer satisfaction, and specifically for pharmaceutical manufacturers, to help improve patient safety.


4.  Pharmaceutical Inspection Co-operation Scheme (PIC/S)

PIC/S aims at harmonising inspection procedures worldwide by developing common standards in the field of GMP and by providing training opportunities to inspectors. It also aims at facilitating co-operation and networking between competent authorities, regional and international organizations, thus increasing mutual confidence.


5.  GAMP5

Good Automated Manufacturing Practice denoted as GAMP, are guidelines provided for both users of automated pharmaceutical products and manufacturers of these products. Even though GAMP5 are not regulations and guidelines made up of sets of principles and procedures that aim at ensuring that manufactured pharmaceuticals products meet the required standard of quality, most pharmaceutical companies that intend to achieve automated systems that are fit for intended use have adopted these standards.


6.  SOX

In 2002, the United States Congress passed the Sarbanes-Oxley Act (SOX) to protect shareholders and the general public from accounting errors and fraudulent practices in enterprises, and to improve the accuracy of corporate disclosures. The act sets deadlines for compliance and publishes rules on requirements. Congressman Paul Sarbanes and Michael Oxley drafted the act with the goal of improving corporate governance and accountability, in light of the financial scandals that occurred at Enron, WorldCom, and Tyco, among others.



The Payment Card Industry Data Security Standard (PCI DSS) applies to all entities that store, process, and/or transmit cardholder data. It covers technical and operational system components included in or connected to cardholder data. If you are a merchant who accepts or processes payment cards, you must comply with the PCI DSS.


8.  IT ACT 2000

 Information Technology Act, 2000 provides legal recognition for transactions carried out by means of electronic data interchange and other means of electronic communication, commonly referred to as “electronic commerce”,which involve the use of alternatives to paper-based methods of communication and storage of information, to facilitate electronic filing of documents with the Government agencies.

What exactly does Pharma industry expect from its IT vendors?

Pharma companies have several IT needs which cannot be fulfilled by a single vendor alone. They have to perhaps choose multiple vendors to meet each and every demand of the IT infrastructure.  After my research with a lot of different stakeholders in the industry, I was very clear that Pharma company has 5 key expectations from any IT vendor:

1.      Efficiency

2.      Compliance

3.      Security

4.      Data availability

5.      Data integrity

At the end of my research, I also realized that even though Pharma company is regulated by various guidelines and compliances, adherence to IT compliance is a choice. If you have to move up the ladder of being the best in this competitive world, it becomes a mandate to follow every guideline and compliance.

Get your free Work from Home Security Architecture !


Now the billion-dollar question is – Which is the solution that meets all the expectations of Pharma companies yet helps them adhere to all the regulatory compliances?

There are multiple solutions/vendors in the market. The question is how can we have a workable single IT infrastructure base that helps the Pharma companies to achieve – standardization of apps, OS & machines, have an agile and centrally controlled environment, provides detailed and enhanced visibility. And also meets all the expectations of efficiency, compliance, security, data availability, and integrity.

EnCloudEn is one such solution. With an unmatched record of maintaining efficiency and flexibility through its Virtual Desktop Infrastructure and Hyper-Converged Infrastructure in the datacentre, EnCloudEn is a perfect choice for Pharma companies. EnCloudEn’s VPNless VDI is a work from home solution specially built for Pharma taking into consideration its various regulatory compliances. This solution enables cost-effective work from home transformation with a main focus on security, data availability and data integrity.

Disclaimer: This blog contains references that may lead to external sites that are not part of enclouden.com. EnCloudEn does not control these sites and disclaims all responsibility for the content or accuracy of any external site. Our decision to link to an external site should not be considered an endorsement of any content on such sites. Please send us a note through the comments below if you have specific feedback on the external links in this blog.

Leave a Reply

Your email address will not be published. Required fields are marked *