What has anyone done with qualification of cloud computing? We can audit the vendor and treat cloud computing as “software as a service”. What more rigorous steps has anyone done?
Thanks in advance.
This is a different way of visualising and describing network systems, and I would say at this stage if you present this to the regulators you will be breaking new ground and have all the attendant problems that that will raise.
What are the standards? What is Testable? What is Validatable? How is it to be Validated? Who owns what and where? Physical security? Program security?
When you are dealing with regulations and regulators it pays to be conservative. It is in your own best interests to keep things as standard and none contentious as possible.
Alex Kennedy
Hi,
My company is doing a global roll-out of new apps with a view to entire cloud operation. Personally, I take the view that a ‘cloud’ PC is no different to a locally networked PC. The questions Alex raises around security are interesting but this should be covered within the supplier audit.
Monkey
[quote=Validation Monkey]Hi,
My company is doing a global roll-out of new apps with a view to entire cloud operation. Personally, I take the view that a ‘cloud’ PC is no different to a locally networked PC. The questions Alex raises around security are interesting but this should be covered within the supplier audit.
Monkey[/quote]
I absolutely agree. Treat a virtual machine exactly as if it were a regular machine - no difference.
Cloud-based applications are essentially retirement benefits, to anyone other devices that you usually have access through an Internet browser. Joint enterprises are using e-mail and CRM applications. For example, you can use Microsoft BPOS instead running your own on-site Lotus Notes environment or sales force instead of using CRM software and hardware installation. Cloud is not a panacea but it is important that you do your homework to do before on any cloud-based software.
I agree a thorough supplier audit and assessment, and a strong detailed service level agreement should be able to capture everything you would want or need from a SaaS supplier.
We put together a set of cloud qualification guidelines in partnership with Microsoft that will allow you to formulate a strategy around the use of your cloud environment against FDA regulations. You can download the whitepapers here: