Most monitoring systems rely on software that is installed on a local Server or PC – the monitoring software has typically been tested and validated, it runs, it performs the usual functions that are required for reporting, alarming and general display. But is everyone happy?
As time goes on, some regulations change - there might be some feature requirements that are not part of your software, or the speed of the system cannot keep up with the expansion of monitored locations. IT decides that your validated system needs security patches for it to remain on the company network – your Server needs upgrading to keep up with the additional work loads, your data backups have stopped working (without you knowing), and now the IT security patches have stopped the access to your monitoring software, or worse, stopped the monitoring all together!
These scenarios are typical of looking after a local server, with a 3rd party application or monitoring software – and in the past, was generally accepted as part of business. The amount of time and effort to keep software running, can be exhausting – but losing data, or the ability to have continuous monitoring, is financially not acceptable to the company. Having to involve QA, QC, Facilities and IT just to run one piece of software – is not a viable solution. Then throw into the mix, the 3rd party Vendor that supports the Application remotely, well, there are just too many permutations of ‘what could possibly go wrong?’ So what’s the answer?
Why not think of taking away the Server maintenance, Software support, backup/IT solutions – and hand off to the Cloud? If all the issues you have been dealing with, could be handed off to the Vendor directly – that would save you a great deal of time and effort. So what’s involved? What are the risks?
Most companies are using Cloud based products, or Software as a Service (SaaS) now – Email, Finance, CRM and ERP systems are all Cloud based. But many Pharmaceutical companies are not early adopters – the risks for data loss, or data integrity seem too high. From a perspective of the Quality Department, having the data local – and being easily validated, gives them some comfort. Knowing exactly what the Validation Master Plans covered, having all data sets laid out before them – was the typical way of checking off all the boxes – having a closed, controlled system. Now you’re asking them to give away the Crown Jewels to a 3rd Party, for safe keeping. Why would they do that?!
Well, technologies have changed. Mostly for the better. But responsibilities haven’t – in fact now that the Vendor is taking over your Infrastructure, Platform or Software as a Service. there’s more cooperation needed to ensure that complete Validation is covered by the Vendor, but ultimately responsibility is that of the Client.
Below is the typical responsibilities of Company and Vendor - scenarios of local Validation and Cloud Validation.
But again, this is not the whole picture – after Validation has been completed – it is essential that a Service Level Agreement (SLA) be in place. The SLA is typically an agreement of your Cloud setup, access, up time availability, costs etc. There may be more detailed requirements to cover governance, compliance, storage locations and retention policy. Everything that you need as a Client to ensure that access to your data has been documented and agreed to.
By using a comprehensive SLA you will set clear and transparent expectations – normally these SLA’s are given as a template from the Vendor. By going through a number of rounds, expectations can be set and agreed on. By using measurable goals – SLA’s can be defined in such a way that can adjust ongoing costs. Do you need 99.999% uptime? Does your data need to be retrievable in 5 mins or 5 hours? Do you require De-Clouding options, you may wish to switch Cloud providers and take your data with you? Sure, it’s great to have the best possible SLA, but it can come at an extended cost. Set reasonable expectations that the business can live with, and the Vendor can supply. Clients need to be aware of the upfront negotiations, their level of risk, and willingness to work with a Partner that can take on the groundwork of a SaaS deliverable.
Going to the Cloud has many advantages over a localized system – accessibility of data and support of the Application is just the beginning – later in the series we will discuss Big Data and how it can transform your data into intelligent voices.
Next LabWatch IoT blog we will cover Cloud GxP requirements and security policies.
Copyright: Amphenol Corporation