To cloud or not to cloud, that is the question facing virtually every pharmaceutical and medical device company around. Cloud applications have many well-known advantages over traditional on-premises applications: reduced time to benefit, lower costs, scalability, integration, faster upgrade cycles, and ease-of-use.
But companies that operate in a GxP environment have unique concerns around data, security, and validation that often prevent them from transitioning to cloud applications. Here, we address those concerns in a brief interview with Sparta Systems’ with Bruce Kratz (CTO) and Jon Ragati (Manager of Global SaaS Delivery).
Q: Can you explain the basics of cloud computing?
BK: On the most basic level, cloud computing refers to using “virtualized servers” distributed over the Internet to store, access and manage data instead of on physical servers inside corporate network infrastructures. The common deployment patterns of cloud computing are single and multi-tenant.
The single-tenant cloud is an architecture in which a single instance of a software solution and supporting infrastructure is “hosted” on servers in the cloud for one customer. In this situation, one company has its own instance of a solution so there is no shared resourcing. The tenant is the only company able to access the software. This is a similar model to on-premise in that it is one singular system with software installed and the company is the only one accessing it. While the customer does benefit from not having to manage the solution directly or worry about the hardware involved, that solution often cannot provide the economies of scale that multi-tenant deployments can provide.
The multi-tenant cloud is an architecture in which a single instance of software serves multiple customers. In the multi-tenant cloud, many customers are sharing computing resources and storage, and running on the same application, but the data of each software instance is protected by definitive access points and security features. Since resources are shared and maintained externally, the cost to each tenant is reduced.
Q: What are some of the major challenges for regulated companies to use a cloud-based quality management software solution?
BK: Cloud-based solutions across the enterprise are rapidly becoming more acceptable. Some reasons include their ability to provide the required level of security that companies need to keep their data safe. For Life sciences IT and quality professionals, mitigating risks and avoiding new ones is top priority. Cloud-computing models are well accepted across many industries with proven security models and high reliability, and it is becoming a viable option for life sciences enterprises.
Another major challenge is validation of QMS systems is still widely misunderstood among life sciences professionals. The data with some of the highest concerns for risk in cloud environments includes records pertaining to quality systems in pharmaceutical and device manufacturing. Company requirements in these industries are extremely tight on computer system validation due to the need to stand up to the rigor of regulators.
Life sciences companies are used to owning the controls that govern their systems, controlling the pace of upgrades, and running extensive validation cycles on those upgrades, which are often many months in length. This is a very different concept in the cloud computing delivery model, which favors frequent releases of new features across all customers at a pace controlled by the software vendor.
Q: What are some of the benefits of Cloud Computing?
BK: Quality Management Systems are able to leverage the successes of other cloud-based application deployments that have transitioned successfully to the cloud. Innovative vendors have taken new approaches towards validation that not only meet the requirements but in many ways, provides a higher quality output. They have removed the burden of managing validation processes across a multi-tenant system and turned it into an asset by taking advantage of automation techniques that streamline the execution process.
Q: What is Automated Validation?
JR: Automated validation takes what is traditionally a one-time event that happens at the end of a major software or process upgrade and turn it into an ongoing, every-day process that ensures a system that is “continuously validated”—always being evaluated against a known set of outputs.
To learn more about validation approaches to cloud-based technology, download the eBook.