‘To the Cloud or not to the Cloud, that is the question.’
While it’s certainly a familiar question, with apologies to Hamlet, there is a question that tends to come first: “What is the Cloud in the first place?” Have you seen this on-line graphic lately of a young child who is just looking at you with the caption – ‘There is no cloud…’
Can anyone out there offer any “Compliance models” for handling SaaS / PaaS cloud solutions in the pharma world? The company I am working for is implementing a large portion of our key systems in the cloud, and we (QA and Data Governance) are trying to wrap our heads around how to demonstrate control with our vendors.
Key compliance topics seem to be just as they were if the physically on site and within the company:
Change Control Process, Error and problem management, Deviations process (as applicable), etc…
But what are some key concepts particular to Cloud Service? I keep coming back to the up front SLA agreements and demonstrating successful back up and restoration, for the database and application…
Once having established the “What” for control, then we need to figure out the “Who” that is responsible. Is it QA/IT/ or Business Owner meeting with the vendor monthly or just when there are problems?
Any thoughts or tips for other articles are appreciated
Best Regards
Hi @Melton
Here is an article I write sometime ago with some tips:
http://www.askaboutgmp.com/2298-validating-the-cloud-top-25-questions-you-need-to-ask
And another one that maybe useful too: