Looking to the Cloud for your Business

July 30, 2015

computer susteIt’s a Friday afternoon. Quarter’s end. Your V.P. of Regulatory Affairs calls your office bellowing something about not being able to process the latest submission data- can’t access the system. Then more calls start coming in from the clinical department, Project Management, even off-site contractors, all complaining about the same thing. “The system is not available, I can’t access anything!”

A quick look and you see the thunderheads for yourself. Your data system has crashed. At this point you don’t know the cause. Could it be a hardware failure? Power? Natural Disaster? Or perhaps the ever-dreaded hack, denial of service (DoD)?

First things first, get the system up and running ASAP.

A Simpler (and More Effective) Way to Recover from a Disaster

Until recently, the only way to ensure a quick (relatively…) recovery was to duplicate all of your systems and implement a complex disaster recovery plan. Both of these require significant investments in equipment, software, and infrastructure, which is why many in the industry are beginning to look to the Cloud. Cloud-based systems have greatly advanced system recovery and business continuity in the face of an outage. Because cloud systems are hosted virtually, there’s no need to worry about the types of disastrous scenarios that disrupt on-premise services. If an Ethernet cable is cut, cloud-based systems are totally unaffected. If Internet service goes down, communication can be re-routed.

Simply put, recovery and continuity become a non-issue.

Cloud? What?

A cloud solution can be a very good architecture to pursue for recovery, and can provide other benefits as well. But what are the concerns?

A simple way to think of the cloud and architecture options:

Cloud Models

The diagram may be an oversimplification, but the image above does a good job of illustrating the three options that a company has to consider when evaluating a cloud- based solution: public, private, or a hybrid approach. Each approach has its advantages and disadvantages, inclusive of validation considerations.

  • With a public cloud, the infrastructure is made available to the general public and is owned and maintained by the organization selling the cloud services.
  • With a private cloud, the infrastructure is operated solely for your organization. It may be managed by your organization or a third party and may exist on or off premises.
  • With a hybrid cloud, your organization provides and manages some resources in-house and has others in the Cloud. One example, your organization may choose to own and support the application and leave the database in the Cloud.

Underneath this, decisions around utilizing a cloud for Infrastructure (IaaS), Platform (PaaS) or Software (SaaS) or all of the above, is another consideration that may add confusion.

The Scary “V” Word

Validation – but what is the impact here? The main things to keep in mind are data (record) integrity, data availability, and data retention. And there is not a whole lot of difference in validation considerations between a traditional in-house validation and a hosted one. As in most cases, the devil is in the details.

Formal agreements (legal contracts) need to be in place to include clear statements of responsibility around the installation (set up) configuration, maintenance, availability, change control and backup/restore. An on-site audit should always be performed to aid in identifying and mitigating risk as well as directing your validation testing approach.

But a validation approach should cover the above items along with a clear and documented understanding of how patches and upgrades are applied along with schedules, and include a detailed exit plan should that need ever arise.

“Fine, should I do it?”

At the end of the day, there are many benefits to adopting a cloud approach. Savings in infrastructure, licensing and support costs are all obvious advantages, as is a much less likely disaster scenario. Secondarily, staying current with platform and application versions becomes easier, assuming your plan is well defined. Devices to access the system/data also become less of a concern and can help pave the way for the fast growing “BYOD” (bring your own device) approach.

But there is no silver bullet – some risks to keep in mind when making the determination to move to the Cloud are things such as vendor outages, limited control and flexibility. For example how and when upgrades and bug fixes get applied. Another consideration is implicit dependency, or “vendor lock-in”. But perhaps the most concerning is data security and privacy, and increased vulnerability to an internet attack. All these variables can be minimized with a well-thought-out master plan/agreement between you and your vendor.

Learn more about ProPharma's Computer Systems Validation services.
Contact us to get in touch with our subject matter experts for a customized CSV presentation. 



Computer System Validation: Resolutions for the New Year

How are you doing with those New Years’ resolutions? Whether or not you’re a resolution maker (or breaker), you can use this time of year to take stock of where things stand, including your validated...

April 9, 2014

GAMP® 5 Basis for Quality System Compliance

Next week I’ll be in San Francisco conducting an ISPE training class on Risk Based Approach to GxP Process Control Systems. Attendees will include employees from a variety of regulated life cycle...

Sign for traffic lanes merging

June 10, 2015

Mergers, Acquisitions and Consolidations: Whose Validation Standards Do I Use?

If you are like the majority of those who have worked in the biotechnology and pharmaceutical industry for at least the last five years, your company has been part of a merger, acquisition or some...