June 20, 2013

Posts Comments

You are here: Home / Archives for SaaS & Cloud Computing

Part I: Next Practices for Selecting an Enterprise Quality Management System

January 31, 2013 by Leave a Comment
John Moroney of AssurX, Inc.

John Moroney, VP, Sales, AssurX, Inc.

Editor’s Note: In this two-part series, you’ll learn the most effective ways to select an Enterprise Quality Management system, why it’s a critical long-term decision, and common pitfalls to avoid.

First, let’s simplify things a bit: Selecting an Enterprise Quality Management system is no different than any other major business purchase decision. Broadly speaking, that means you’ll face similar issues and risks you’ve encountered before.

So, if you’ve already got experience making big purchases, you should begin the process with a relatively high degree of comfort.

Unfortunately, most companies do not make major purchase decisions very often, whether buying an enterprise software system, purchasing or leasing a new facility or committing to a major piece of capital equipment. These decisions have long lasting effects and can be career enhancing or threatening for those involved.

With that in mind, let’s examine some proven ways to improve your selection process.

Having a plan is usually the best approach, but what should the plan include? Experience shows the best have several stages:

  • Defining requirements & project objectives
  • Initial investigation of options
  • Detailed vendor reviews (not just product!)
  • Defined project plan & costs
  • Corporate approval and kickoff

quality circleConsider that this process will likely take several months, so one of the first steps is to set expectations within your organization. Explain to colleagues and superiors that this is like a major remodeling project. It has many steps, will require time and effort, and you only want to do this once, correctly.

Defining requirements & project objectives

It is surprising how few companies spend enough time defining the objectives and success metrics a new EQMs should deliver.

Start with the key business issues you want to address. For example:

  • Is there an inability to understand the root cause of product failures? How big is the problem – quantity, dollar impact, lost customers, etc. Who in the company is affected? What are the KPIs (Key Performance Indicators), and what values would be considered excellent? How difficult is it to collect that information?
  • What is the cost of supplier quality and how can that be reduced or charged back? Who are the best suppliers and the worst? What do they cost the company per year?
  • Is it difficult or impossible to determine how many complaints are received by a customer? What were the reasons for those complaints? How many were resolved and how long did it take? Who would like to have that information, and what is it worth to the company?

Performing this exercise yields three outcomes:

  • What constitutes success for this project?
  • What are the potential financial benefits of the project and agreement on what the project investment should be (the budget)?
  • What product/vendor capabilities are required to support the outcomes?

Although this stage of the project may be done by an individual, the creation of requirements should be based on interviewing all of the key stakeholders including users, managers and executives. A project selection team should also be recruited from these ranks and most often should include IT professionals as well.

Initial investigation of options

With so many options available, how can the team be sure to include the best choices? First, understand what the corporate ERP system vendor can deliver. Often this will be both the least expensive and the easiest to deploy, and at the very least should be evaluated to provide a base line to compare against other best of breed choices.

Some companies have a strict policy that no third party applications will be purchased unless a strong business case for not using the ERP vendor’s modules is first made. In larger companies, other divisions or business units may have already implemented an EQMS. Not only is there much to gain by interviewing those users, there may be corporate edicts or at least preferential pricing and implementation resources already available for deploying that product.

Other choices can be found through web searches, trade shows, etc. but one of the best approaches is to network with industry colleagues. Not only will you benefit from their experience, but to the extent their vendors have a focus upon your industry, best practices will be available to your team. Frequently, customers will have suggestions and possibly preferences for what system to select or at least a short list of what their other suppliers use.

Certainly one criteria at this point is cost, but another is whether to purchase the software or subscribe to a hosted solution. Some vendors offer both forms, but many do not, so part of the initial criteria needs to be settled with the IT organization and corporate policy.

Most companies will want to consider vendors with customer profiles similar to themselves, whether by size, industry, technology, etc. and/or a strong user group. For example, life science, aerospace and automotive companies have specific needs which will narrow the field of suitable vendors. It is important to engage the IT organization because there may be preferences for certain technology platforms such as Oracle versus Microsoft databases or integration to specific ERP systems.

How many vendors should be evaluated? It is difficult for a team to devote time searching for a vendor selection and “fitting in” their normal work; therefore most companies might interview six to ten vendors but whittle that down to three or five vendors for the next phase of detailed vendor reviews

Detailed vendor reviews

Now that your team has created a short list, it makes sense to take a deeper dive. Much of the focus at this stage should be the product functionality, and maybe “look and feel”. It is critical to establish criteria at this stage, as a “pretty” product may not be the best product available for your company. In the software industry a term frequently used is the “whole” product – not just the software. That would include, beside software functionality, elements such as:

  • Support – uptime performance metrics, Level One support issue and response times, what is the support process and what are the metrics?
  • User community – is there one, how active, who participates, is it vendor or customer driven?
  • Industry domain knowledge – does the vendor know your industry and have support staff with experience. Does the vendor know how to work with companies your size and scope?
  • Product reliability – how often do customers have problems, how severe are they?
  • Implementation track record – how often do customers fail to implement? Why? Is there an implementation process?
  • Vision and direction – is the vendor commited to being an EQMS, do they have a product plan and does their product and market strategy align with your company’s plans?
  • Customers – who are they and do they align with your kind of company? Are they highly dependent on the vendor or can they support themselves?
  • Total cost – beyond the initial project, what costs could there be in the future? Additional users, modules and/or changes? Is there a cost for future versions? What cost protections will the vendor provide? What are customer experiences?

Leading vendors understand the elements of the decision process and will be forthcoming with information. Successful sales people, who have participated in dozens if not hundreds of selection cycles, have a deep understanding of your industry’s best practices and the options in the market – usually much better than consultants or program managers who may lead selection projects only a few times per year.

Note: In part two, we’ll look at the most effective ways to “score” vendors, narrow the search process, and define project costs and scope.

 

TwitterFacebookGoogle+LinkedInEmailPrintFriendlyShare
Filed Under: Quality Management, Regulatory, Risk Management, SaaS & Cloud Computing Tagged With: , , , ,

Part 2: Cloud Vendor Selection for Your Life Science Company – Strategies to Ensure Benefits and Mitigate Risk

August 9, 2012 by Leave a Comment

Russ King, Managing Partner, Methodsense

Know your Cloud options

Cloud computing is defined to have several deployment models, each of which provides distinct trade-offs which are migrating applications to a cloud environment.  NIST defines the cloud deployment models as follows:

  • Private cloud: The cloud infrastructure is operated solely for an organization.  It may be managed by the organization or a third party and may exist on premise or off premise.
  • Community cloud: The cloud infrastructure is shared by several organizations and supports a specific community that has shared concerns (e.g.  mission, security requirements, policy, and compliance considerations).  It may be managed by the organizations or a third party and may exist on premise or off premise.
  • Public cloud: The cloud infrastructure is made available to the general public or a large industry group and is owned by an organization selling cloud services.
  • Hybrid cloud:  The cloud infrastructure is a composition of two or more clouds (private, community, or public) that remain unique entities but are bound together by standardized or proprietary technology that enables data and application portability (e g , cloud bursting for load-balancing between clouds).

Choosing the correct deployment can depend on who needs to access the service, budget and security concerns.

Private clouds are the most secure and most expensive. Private clouds allow companies to have isolated sections of a cloud where you can launch resources in a virtual network. You can have complete control over your virtual networking environment and place your backend systems, such as databases or application servers with no Internet access. You can limit access to these servers based on access control, physical hardware, and IP address. A Private Cloud is therefore mostly suited for sensitive data, where the customer is dependent on a certain degree of security. Private Clouds, to an extent, lose the economy of scale compared to a Public Cloud.

Community clouds spread costs over fewer users than a public cloud. This option is more expensive but may offer a higher level of privacy, security and/or policy compliance.

Public clouds are the least expensive deployment. When most people think about cloud computing, they think of a public cloud deployment. All resources are shared but can be secured. If you are comfortable with the level of security of your cloud provider or have budget constraints, public clouds are your best option.

Hybrid clouds are the typical deployment model for most enterprises. In this cloud deployment model, an organization provides and manages some resources in-house and has others provided externally. The main benefit of the hybrid cloud is that it provides the scalability and low costs of a public cloud without exposing mission-critical applications and data to third-parties.

Know your privacy, security and disaster recovery needs

When it comes to comes to privacy, security, and disaster recovery, you need to first determine your requirements and budget. The Cloud provider can provide you tools to help protect your data, but you need to implement those tools. For example, Cloud providers can allow you to limit access to your data based on their physical machine or location; but you need to remove those access rights when machine or location no longer needs access.

 

Your Cloud provider needs policies, processes, and control activities for the delivery of each of their services. The collective control environment encompasses the people, processes, and technology. Your Cloud provider needs well trained staff that has limited physical access to your data and processes that protect your data and technology by keeping prying eyes away from sensitive areas. Accordingly, you should choose a Cloud vendor that maintain proper certifications like SAS 70 (the Statement on Auditing Standards No. 70), ISO/IEC 27001, and FISMA.

You also need to ensure the Cloud provider stores your data in the proper region. The selection of a region within an acceptable geographic jurisdiction to the customer provides a solid foundation to meeting location-dependent privacy and compliance requirements, such as the EU Data Privacy Directive.

You need to have proper disaster recovery controls in place. A traditional approach to disaster recovery involves different levels of off-site duplication of data and infrastructure.  Critical business services are set up and maintained on this infrastructure and tested at regular intervals.  The disaster recovery environment’s location and the source infrastructure should be a significant physical distance apart to ensure that the disaster recovery environment is isolated from faults that could impact the source site. Accordingly, it is important that your Cloud provider has data centers located in different physical locations and are isolated from faults from the other data centers. When dealing with a disaster, it’s very likely that you will have to modify network settings as you are failing over to another site. For the most critical systems you want to choose a Cloud provider that will allow you to automate the changing of the network settings.

Although the Cloud provider is responsible to maintain the infrastructure, it is still your responsibility to test your disaster recovery plan.

Choose a Cloud Vendor who can support your FDA Quality Management System needs

Cloud vendors commonly implement quality measures ranging from verbally shared processes and practices to SOPs and trouble ticket software to highly structured Quality Systems.  However, advertising a level of quality management does not guarantee that the Cloud Vendor will meet your life science quality management expectations.  To meet your compliance obligations, your cloud provider may need to make existing processes and procedures more robust and in a way that is more collaborative than they originally intended. Be aware that many Cloud Vendors consider their services to be proprietary and comprised of trade secrets, which may make collaborating around quality more difficult.

Choose a Cloud Vendor who can support your FDA Vendor Management needs

When selecting your Cloud Vendor, be sure they support your vendor management obligations. Cloud vendors who rightly take pride in their SAS 70 Type II certification, for example, often mistakenly insist that the certification should satisfy all quality and auditing needs. These certifications frequently focus on security issues and may not sufficiently cover life science regulatory concerns. Life science companies face validation requirements and regulatory concerns that go above and beyond SAS 70 certification, such as installation qualifications, change control, audit trails, electronic signatures, and permissions configuration. These requirements should be defined for the cloud environment and services and then implemented in your Service Level Agreements.

Be prepared to massage and coax the understanding of the vendor for cooperation before and during this process. By educating the Cloud Vendor about your requirements, you’ll be much more likely to complete a successful migration to the cloud.

Conclusion: Your Cloud Vendor needs to be a partner who fits into your regulatory and quality framework.

Shifting your technology operation to the cloud can garner many significant benefits including:

  • Improved scalability and cost savings
  • Increased access to and utilization of key business assets
  • Improved controls on security and data access
  • Increased innovation due to collaboration and availability of resources

However, regulatory burdens are not abated by shifting to the cloud, and Cloud Vendors today are by and large unschooled on FDA regulations, which, if not addressed, can create risk.  Life science companies should select a Cloud Vendor with the expectation that many will depend on coaching and assistance in order to meet regulatory requirements.   The Cloud Vendor’s ability to accept and then in a timely fashion respond to your regulatory requirements should, therefore, become a highlighted vendor characteristic in your vendor selection criteria.

Read Part I of this series here.

About the authors:

Russ King is President of Methodsense, a consulting firm that helps clients deliver medical and technological breakthroughs by effectively meeting the requirements needed to bring their products to market.   He can be reached at (919) 313-3962 or rking@methodsense.com.

Jason Rock is Chief Technology Officer of GlobalSubmit, a products and services company that provides transparency in regulated healthcare products. He may be reached at  888-840-9580.

TwitterFacebookGoogle+LinkedInEmailPrintFriendlyShare
Filed Under: FDA Regulated, SaaS & Cloud Computing Tagged With: , , , , ,

Part 1: Cloud Vendor Selection for Your Life Science Company – Benefits and Risks

July 30, 2012 by 1 Comment

Russ King, Managing Partner, Methodsense

Migrating to the Cloud:  What are the Benefits?

According to the National Institute of Standards and Technology, the cloud is “a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.”

Most companies’ IT infrastructure use less than 30% of their capacity. It took years to get the capacity to where it is today, and it takes months to increase capacity. Employing qualified resources to maintain such an infrastructure is difficult and expensive.

Cloud providers utilize about 65% of their capacity and can add capacity quickly. In short, cloud providers benefit from economies of scale, which enables them to lower individual usage costs and centralize infrastructure costs. Companies benefit by only paying for what they consume. Companies can increase or decrease their usage rapidly, and can spend less time managing complex IT resources.

Not only do efficiency improvements reduce costs, the nature of some costs can change from being capital investment in hardware and infrastructure (CapEx) to a pay-as-you go (OpEx) model. Maximizing IT capacity utilization, improving IT flexibility and responsiveness, and minimizing cost are not the only advantages of the cloud.

Collaboration can be one of the most important advantages of cloud computing. Multiple users, from around the world, can collaborate more easily on documents and projects. Because the information is hosted in the cloud, and not on individual computers, business owners can collaborate with external stakeholders in a secure environment with nothing more than an Internet connection and some identity management controls.

Cloud ComputingThe most surprising benefit of the cloud is security. Top cloud providers have the best infrastructure and security technology with the top people maintaining that infrastructure and technology. Speaking before the House of Representatives, Army General Keith Alexander, commander of U.S. Cyber Command and Director of the National Security Agency, said cloud computing provides the best way to secure DOD networks. As Jesse Lipson pointed out in a recent Forbes article: “Most cloud computing companies are like experienced airline pilots. They are well trained, have backup systems and contingency plans in case they encounter an issue, and they have a full staff of professionals regularly checking and maintaining their service. Cloud software companies, knowing the implications of a crash on their business’ bottom line, invest significant resources into ensuring that such a disaster never occurs. Cloud computing companies can invest far more resources in data backup and security than your business can.” Compare this to the levels of protection that your company provides.

 

Selecting a Cloud Vendor:  What are the Risks?

While the cloud can be a compelling option for life science companies, understanding the risks associated with vendor selection is a critical first step. Cloud vendors often view life science companies as attractive clients because of their long term data management needs and the general belief that life science business delivers a premium for services that can quickly boost margins.  But, all too frequently, Cloud Vendors are unprepared for the critical data management needs of life science companies within the context of FDA regulations. The gap, framed by the Cloud Vendor’s strong desire for life science business, the vendor’s frequent lack of knowledge about regulatory requirements, and the perennial pressure on life science companies to control expenses, creates a recipe for short cuts and their associated risks.

The Cloud Vendor holds your most critical assets

The risk associated with a Cloud Vendor choice is directly related to the criticality of the data managed.  At the end of the day, the value of a pharmaceutical, biotech, or medical device company is instantiated in intellectual property.  This includes the information that satisfies the requirements of the FDA, as well as the requirements of potential commercial partners or buyers.  If your intent is to place your critical information in the cloud, then any risk created in your relationship with your Cloud Vendor directly reflects your willingness to potentially compromise your intellectual property and its valuation.

Your FDA regulatory obligations do not change just because you migrate to the cloud

The most frequent risk we see is allowing the priority of regulatory requirements to erode under the misconception that sophisticated data centers and technically savvy Cloud Vendor staff can compensate for, or somehow replace, the intent of FDA requirements to maintain data integrity, authenticity, and non-repudiation.  Migrating critical data to the cloud does not excuse you from regulatory obligations that would otherwise exist if you were hosting the services inside your company.   The same controls you are required to apply to your internally hosted infrastructure must be applied to your external cloud environment, which means partnering with a vendor that is willing and able to support these controls to the degree needed.

Validating computing environments, virtualized services and systems, security controls, and the actual migration to the cloud are required for compliance. Moreover, maintaining a state of compliance must take into consideration the Cloud Vendor’s tools, systems, practices, and procedures, and, most importantly, compensate for gaps between what the Cloud Vendor has in place and your regulatory obligations.  The real risk is realized when either regulators or potential partners have problems with the lack of controls to ensure data integrity and other electronic assurance information values.  Without such controls, you may not be able to sufficiently demonstrate the veracity of your intellectual property claims, which directly impacts the value of your IP and commercialization strategy

A common scenario:  What can to wrong with your Cloud Vendor selection

A Cloud Vendor sells private cloud services to a pharmaceutical company who subsequently performs a vendor audit on the Cloud Vendor.  The audit produces a gap analysis with observations and a commitment from the Cloud Vendor to resolve critical observations against an agreed upon time line.  The pharmaceutical company begins migration to the new cloud by validating the virtualization of their systems and then validating the migration to the cloud.  As the due date for observation remediation approaches, it becomes apparent that the Cloud Vendor cannot, or will not, address the critical observations on time.  The pharmaceutical company must then decide whether they will take on the work and cost of correcting the problems, or choose another vendor, whereby both alternatives threaten the anticipated savings the company thought they would enjoy. Choosing the right vendor from the onset helps mitigate this risk.

In Part 2 of this blog we explore practical strategies and tips to help you choose the right Cloud Vendor so you can avoid risk and enjoy the benefits of Cloud Computing.

About the authors:

Russ King is President of Methodsense, a consulting firm that helps clients deliver medical and technological breakthroughs by effectively meeting the requirements needed to bring their products to market.   He can be reached at (919) 313-3962 or rking@methodsense.com.

Jason Rock is Chief Technology Officer of GlobalSubmit, a products and services company that provides transparency in regulated healthcare products. He may be reached at  888-840-9580.


TwitterFacebookGoogle+LinkedInEmailPrintFriendlyShare
Filed Under: FDA Regulated, Featured, Medical Devices, Pharma/Biotech, SaaS & Cloud Computing Tagged With: , , ,

Part I: How Life Sciences Firms Can Harness The Cloud

May 3, 2012 by 3 Comments

Russ King, President, Methodsense

In the first part of this blog, we’ll examine the advantages life sciences companies can enjoy by better understanding and leveraging Cloud computing.

Advantages of the Cloud for Life Science Companies

Cloud computing and virtualization is an evolving paradigm that is transforming the way we do business. The economy of scale the cloud provides reduces costs and increases operational efficiencies that reap major benefits. This operational shift can be intimidating for Life Science companies; however, there are significant advantages for moving to the cloud.

Some examples include:

  • Maintains compliance across multiple applications more efficiently
  • Scales up and down with ease
  • Provides a platform for collaboration and resource pooling
  • Unifies your infrastructure for end users
  • Increases the control, availability and flexibility of your data center
  • Reduces computing maintenance costs and, depending on the model, can reduce hardware costs

While these advantages are enticing, it’s critical that Life Science companies understand some common misconceptions of the cloud before adopting it as a new technology strategy.

Cloud ComputingA word of advice: The challenges of implementing cloud computing for life science companies have been highlighted by recent publications from IEEE, CIO Magazine and others by observing the absence of accepted standards for the cloud.  Before delving into cloud computing for your Life Science company, be certain you have the proper skills on hand to help you.  Missteps and short cuts in the path to regulatory compliance typically create additional and unnecessary expenses down the road.

Misconception #1: All Cloud Environments are the Same

According to the National Institute of Standards and Technology (NIST), there are actually four types of clouds, and each is intended for different uses.

Private: This infrastructure is for exclusive use by a single organization. It is only used by its owners, making it the most secure environment. It may be owned, managed, and operated by the hosting organization, a third party, or a combination of them, and it may exist on or off premises.

Community: This system is for exclusive use by a specific community of users from organizations that have shared concerns (e.g., mission, security requirements, policy, and compliance considerations). It may be owned, managed, and operated by one or more of the organizations in the community, a third party, or a combination of them, and it may exist on or off premises.

Public or Vendor: This infrastructure is for open use by the general public. They are shared among multiple subscribers. It may be owned, managed, and operated by a business, academic, or government organization, or some combination of them. It exists on the premises of the cloud provider. Because of the nature of public clouds, this architecture may present security, privacy and auditing issues.

Hybrid: This cloud type is a composition of two or more distinct infrastructures (private, community, or public) that remain unique entities, but are connected by standardized or proprietary technology that enables data and application portability (e.g., cloud bursting for load balancing between clouds). Hybrids can be used in the Life Sciences when a combination of regulated and non-regulated information is shared.

As a general rule, a private cloud can be effectively adapted to satisfy the stringent compliance needs of a Life Science company.

Misconception #2: Private Virtual Cloud Configurations are Proprietary to the Data Center

We frequently hear cloud providers talk about proprietary configurations or operational trade secrets.  Without debating the veracity of such claims, it is important to find and work with a vendor who can share, and work with you, when you are evaluating your cloud options. When a provider understands your needs and why your controls are important, we have found most providers are more relaxed about their “trade secrets” in favor of winning your business. Privacy, security and other controls should be collaboratively implemented with your provider so you can remain compliant. Carefully plan the security and privacy aspects of your cloud environment in partnership with your provider before implementing your solution.

Misconception #3: A Data Centers SAS 70 Type II Certification can Replace an Onsite Audit

The proliferation of professional hosting companies, and subsequently the cloud computing services they provide, has created a competitive environment where service quality can be a competitive advantage.  Many hosting companies seek a SAS 70 Type II Certification to demonstrate their quality.

However, the audits performed in pursuit of SAS 70 Type II Certification are paid for by the vendor, constitute a snapshot of the vendor which may not be relevant to the timing of your contract with the vendor, and the audit may not sufficiently cover your Life Science regulatory concerns.  For the criticality of your business, you should sponsor the audit, ensuring you’ve adequately fulfilled your regulatory requirements.  Be prepared, however, to massage and coax the understanding of the vendor for cooperation before and during the audit. In our experience, most cloud providers focus on the acquisition of Life Science clients with little to no understanding of the regulatory environment we operate in.

Misconception #4: A Cloud cannot be Managed as an Autonomous, Independent System

Your cloud environment can be affected by the configuration and set up of other systems. There are other factors within the data center that may influence your operation: a vendor’s performance, upgrades to a vendor’s system and overall testing of general “cloud” components. In essence, your cloud consists of your vendor’s hardware, firewalls, raw data storage, networks and supporting applications. Even though you may use a private cloud, that network is still dependent upon the vendor’s underlying systems.

You must understand the total environment of your provider to ensure your cloud is secure and will remain secure if they make changes to it. The best way to proactively implement your cloud solution for long-term success is to perform a thorough risk assessment at the onset of your transition. A proper risk assessment will lead to identifying the controls that will secure your network regardless of your vendor’s behind-the-scene activities.

Misconception #5: The Data Centers Procedures are Enough

While many data centers take the initiative to implement quality systems, SOPs and other quality measures, that doesn’t guarantee they will meet your quality management system expectations. Your cloud provider may need to make existing processes and procedures more robust and in a way that is more collaborative than they originally intended.  This kind of flexibility should be incorporated into your vendor selection criteria.

In Part Two of this blog, we’ll examine a few more important Cloud misconceptions, and offer some final thoughts on how life sciences companies can benefit fully from it.

Russ King is President of MethodSense, Inc.

 

TwitterFacebookGoogle+LinkedInEmailPrintFriendlyShare
Filed Under: FDA Regulated, Medical Devices, Pharma/Biotech, Quality Management, Regulatory, SaaS & Cloud Computing Tagged With: , , ,

Cloud Computing Can Benefit FERC, NERC Regulated Entities

July 15, 2010 by 1 Comment
James Holler, Founder, Abidance Consulting

James Holler, Founder, Abidance Consulting

Cloud computing represents a major change in how you store information and run applications. Instead of hosting applications and data on an individual server, everything is hosted in the “cloud”—a collection of computers and servers accessed via the Internet.

This type of Web-based computing frees you from the autocracy of single-server computing and opens up new avenues for group collaboration. But as attractive as all that sounds, cloud computing isn’t for everyone. This blog will take an honest look at the pro’s and con’s of this type of solution and how the average end user can benefit from cloud computing.

Reduced Software Costs – Instead of purchasing expensive software applications, you can get most of what you need for a pittance compared to the $200k+ you will spend buying Documentum or SharePoint. Yes, SharePoint is virtually free…but the programming and maintenance isn’t. This alone may be justification for switching to cloud applications.

Improved Document Format Compatibility – You don’t have to worry about the documents you create on your machine being compatible with other users’ applications or operating systems. In a typical environment where Word 2007 documents can’t be opened on a computer running Word 2003, all documents created by Web-based applications can be read by any other user accessing that application. There are no format incompatibilities when everyone is sharing documents and applications in the cloud.

Unlimited Storage Capacity – Cloud computing offers almost limitless storage. Your computer’s current 200 gigabyte hard drive is peanuts compared to the millions of terabytes available in the cloud. Whatever you need to store, you can.

Increased Data Reliability & Security – Unlike server or desktop computing, in which a hard disk crash can destroy all your valuable data, a computer crashing in the cloud won’t affect the storage of your data. That also means that if your computer or server crashes, all your data is still out there in the cloud, still accessible – there is no “wait time” for a recovery tape to be loaded. Many cloud providers offer military grade encryption…far more secure than anything your organization could hope to provide.

Anywhere, Anytime Access – The ultimate advantage to cloud computing is that you’re no longer dependent on a single computer or network. Change computers, and your existing data and documents follow you through the cloud. Move to a portable device, and your applications and documents are still available. There’s no need to buy a special version of a program for a particular device, or to save your document in a device-specific format. Your docs and their apps are the same no matter what computer or other device you’re using…that goes for Apple computers as well.

Now…just to be fair and not to sound too biased towards cloud computing, there are some pitfalls.
However, I do believe that after you have seen the advantages and disadvantages, you to will decide that cloud computing is still the best way to go. OK…here are some of the pitfalls.

Requires Internet Connection – Cloud computing is impossible if you can’t connect to the Internet. Since you use the Internet to connect to both your applications and documents, if you don’t have an Internet connection you can’t access anything, even your own documents.

May Be Slower – Even on a fast connection, cloud-based applications can sometimes be slower than accessing a similar program on your desktop or server. The one solution to this issue is to “check out” the document. When a user is done working on the document, they can “check in” the document.

So, who are the users that are best suited for cloud computing? Given the pros and cons of cloud computing, I think that the following types of users benefit most from switching to cloud-based solutions and applications:

Collaborators – If you collaborate with other people on group projects, you’re an ideal candidate for cloud computing. The ability to share and edit documents in real time between multiple users is one of the primary benefits of Web-based applications; it makes collaborating easy.

Users With A Need For Total Security – Cloud computing, when properly configured, is one of the most secure environments known today. Many outsourced cloud solutions provide a total package that includes not only all the storage space you will ever need, but also security that would make the Pentagon jealous for and a maintenance program that is worry free. You will save large amounts of money, time and resources by not having to lay out big bucks for the latest versions of Documentum or maintenance programs for SharePoint – both of which have very limited security…if any at all.

Users With Regulatory Compliance Needs – When you are required to comply with NERC, FERC, CFATS or other compliance measurements, there are many areas that you must address. You could hire a high-priced consulting firm with almost no industry experience or pile more work on your already thinly stretched internal resources and purchase a fleet of new servers and desktops, or you could utilize lower-cost cloud computing instead. The other main advantage for those who have to adhere to compliance requirements is that the cloud acts as your back-up site for Disaster Recovery. Abandon that outdated technology and use a less-demanding, low maintenance, fully secured and hosted cloud instead. In the old days (in computer speak, that is last year), the only solution to increased needs was to purchase more powerful hardware and hire overpriced consultants that didn’t know your industry.

Bottom-line: With cloud computing, the solution is in the cloud—which saves you resources, time and money.

James Holler is founder of Abidance Consulting.

TwitterFacebookGoogle+LinkedInEmailPrintFriendlyShare
Filed Under: Electric Reliability, James Holler, Regulatory, SaaS & Cloud Computing Tagged With: , ,

No News is Big News: SaaS is Configurable!

April 22, 2010 by 1 Comment

cloudcomputing1“There’s nothing to see here folks, move along. Nothing to see here.”

That’s what police usually say when a crowd gathers to watch something new, unusual or just plain interesting.

Reminds me of an article I recently ran across declaring that Software as a Service (SaaS) technology was indeed configurable.  The jist of it was that NetSuite CEO Zach Nelson was attempting to shatter some of the common misperceptions about SaaS during his keynote address at a company’s partner conference in San Francisco last week.

The WebCPA article covering Zach’s speech went on, “Addressing claims that most SaaS solutions are not customizable, Nelson claimed that there are currently 6,600 users utilizing NetSuite’s enterprise resource planning functions, the majority of which are customizable features.”

Extra! Extra! Read all about it: SaaS is configurable, says Zach.  And we’ve blogged about this before, too.

But is this news to anyone?

Apparently it is in some circles. So why has SaaS gotten a bad rap as inflexible?

Blame it on the early days of SaaS, when some providers offered more rigid, “pigeon-holed” solutions, says AssurX Operations Manager Karl Kleinkauf, who’s been in this business nearly twenty years. “In the old days there was something of a ‘take it or leave it’ attitude,” Karl adds.

But that’s all changed in recent years, Karl notes. For starters, the technology has improved and ample bandwidth is more widely available today. Both factors help make SaaS more configurable. But consumer demand also helped make it happen, Karl notes.

In fact, as his own customers get more adept using SaaS for regulatory compliance, they often see other uses for it. “I’ve helped many use our SaaS system for document control and customer complaint handling after they’ve gotten comfortable with it on the compliance side,” Karl says.

So let’s recap: SaaS is flexible, multi-faceted and configurable.

Remember, you didn’t read it here first.

TwitterFacebookGoogle+LinkedInEmailPrintFriendlyShare
Filed Under: Quality Management, SaaS & Cloud Computing Tagged With: , , ,

Angiotech Leverages SaaS Model for Global Complaint Handling System to Standardize and Improve Efficiency

July 21, 2009 by Leave a Comment

AngiotechThe concept of implementing SaaS is moving ahead quickly, especially in the medical device arena. Perhaps that shouldn’t be surprising; most industry experts say that device firms tend to be a bit more innovative when it comes to embracing new technologies.

That may be why Angiotech made the decision to go with AssurX’s OnDemand (SaaS) model as opposed to on-premise implementation for their global complaint handling system. Angiotech is a global specialty pharmaceutical and medical device company that discovers, develops, and markets innovative technologies and medical products primarily for local diseases or for complications associated with medical device implants, surgical interventions and acute injury.

AssurX’s CATSWeb system is already rolled out across four facilities – three in the US and one in Puerto Rico – with Europe expected by the end of 2009.

Larry Murphy, Senior Manager, Corporate Quality, was part of the team that made the decision to go with the SaaS model because they needed to get up and running quicker.

“We got the blessing of the IT group after they reviewed the AssurX system and were able to get answers quickly about the level of security and support,” Murphy said. “As far as the users are concerned, they really like having everything centralized, including the reporting capabilities. We have significantly improved our efficiency and productivity,” added Murphy.

Prior to implementing an automated complaint handling system, various divisions of Angiotech were using either paper-based systems or homegrown Access database applications. Now the company-wide system using CATSWeb allows them to process complaints in a more structured and standardized manner that provides a much higher level of quality of information as well as the ability to track progress using metrics and dashboards.

Future plans include expansion of the current process and perhaps implementing electronic medical device reporting (eMDR) somewhere down the line.

TwitterFacebookGoogle+LinkedInEmailPrintFriendlyShare
Filed Under: Company News, FDA Regulated, Medical Devices, Pharma/Biotech, SaaS & Cloud Computing, Success Stories, Tamar June Tagged With: , , , ,

Why AssurX OnDemand Has Maintained 100% Uptime Two Years Running

May 19, 2009 by Leave a Comment

100% UptimeHow does one achieve five 9′s (99.999%) uptime or better in today’s crazy IT world?  Easy.  Have backups for your backups and have at least two of everything.

Okay, so maybe it’s easier said than done and perhaps that is an egregious oversimplification. The bottom line, however, is basically that’s how AssurX has achieved not five 9′s but a perfect 100% uptime for CATSWeb OnDemand systems for two years running.

We have multiple redundancies in all our critical infrastructure systems: at least two of everything.  We have everything from multiple pipes to the Internet to multiple fire suppression systems.  There are multiples of all server types; web servers, application servers, database servers, backup servers. There are multiples of all components of the servers; multiple drives in RAID arrays, multiple network cards, multiple power supplies, multiple CPUs.   There are redundant monitoring systems, monitoring internally and externally the availability of CATSWeb and we are notified immediately when something is wrong.  Fortunately (knock on wood), we’ve yet to experience this scenario outside of testing.

Our data center is the same way.  There are redundant heating and cooling systems, redundant fire suppression systems, redundant UPS systems, redundant generators and everything is in “hot standby” mode, meaning if one fails, the other takes over without missing a beat.   The network employs at least three major telecom providers for separate and redundant backbones to the Internet.

To someone unfamiliar with the true meaning of “mission critical”, all this sounds like overkill. Doesn’t having two (or more) of everything make life more difficult?  Simple answer is, yes, life is more complicated with two of everything.  There are the requirements of extra space, extra maintenance, extra power consumption, extra time for install/management/decommission of software packages and extra man hours spent working on all these redundant systems.  Does it make financial sense?  Absolutely!  Just the same as one has homeowner’s insurance, car insurance, health insurance or life insurance, what redundancy means to an IT department is data and connectivity insurance.  For hosted systems like CATSWeb OnDemand, it means happy customers who always get to their data, day or night.  For IT guys like me it means peaceful, easy sleep and less hair loss.

At the end of the day, the simple fact is that AssurX has achieved something truly difficult in the IT world; 100% uptime, two years running.  This is something major players, like Yahoo, eBay, Google, Amazon and many others cannot claim.  We are proud of our commitment to hosting CATSWeb for our customers and will continue to implement new and better ways to achieve and maintain the best possible uptime numbers and availability as we forge ahead.

TwitterFacebookGoogle+LinkedInEmailPrintFriendlyShare
Filed Under: Company News, Karl Kleinkauf, Quality Management, SaaS & Cloud Computing, Success Stories Tagged With: , , ,

Who Says You Can’t Integrate Systems in Software as a Service (SaaS) Environment?

April 16, 2009 by 1 Comment

cloudcomputing1The idea of software as a service is not new and in fact AssurX has offered its CATSWeb enterprise quality and compliance system in a hosted environment for over 10 years.  However, there has always been a certain resistance in business for utilizing this software model.  The reasons have varied from security issues to wanting to have control over the platforms to a perception that the data just needs to be in-house.  For several years, though, businesses have been looking to reduce their overall costs, including those involved with IT.  As a result SaaS has much more appeal as it can significantly help to reduce the overall cost of ownership.

One of the chief issues that have confounded IT, though, is system integration.  No system is the be-all-to-end-all.  ERP systems will generally handle most of the basic functions of a business, however there are aspects like complaint management, auditing, CAPA, etc., that are not fully covered by these systems – hence the need for multiple applications and the need to integrate.

The next argument from many is that if our systems are all hosted we cannot integrate them.  That is not necessarily true.  Systems that have Web service capabilities are fully capable of being integrated regardless of their location.  This was recently proven by a very successful hosted NetSuite to CATSWeb integration.  The requirement was to allow customer service to enter their initial customer complaint as a Support Case in NetSuite (which the customer runs as a SaaS) and have a corresponding transaction triggered in CATSWeb (which is also running as SaaS) where the actual complaint processing occurs.  This was all accomplished by using a simple call from NetSuite to the CATSWeb web service.  CATSWeb creates the record and sends a success or error message back to NetSuite, which then either stores the newly created CATSWeb Record ID in the Support Case for reference purposes or sends an email to an individual in the case of an error message.  Additionally, because CATSWeb returns the Record ID created to NetSuite, any further changes to the NetSuite Support Case can be sent to CATSWeb, which will update the record accordingly.

So is system integration of SaaS applications possible?  Absolutely. And depending the capabilities of the systems involved it can be relatively easy to accomplish.  CATSWeb offers a fully functional Web services API, which will allow any external system to integrate with it.  The location of the external system does not matter.  The bottom line is that Software as a Service is a viable business model which can greatly reduce IT costs and the idea that just because your applications are hosted at offsite locations is no reason why they cannot be effectively integrated.

TwitterFacebookGoogle+LinkedInEmailPrintFriendlyShare
Filed Under: Eric Cooper, Featured, SaaS & Cloud Computing Tagged With: , , , , ,

How Secure is Your Data in a SaaS Environment?

April 15, 2009 by 1 Comment

security1In the IT world, there is ever that security pendulum that either seems to move toward ease of use or toward restrictive control.  Users typically tend towards the “ease of use” end of the spectrum because who wants to remember yet another password?  And who wants to install complicated VPN software or jump through extra authentication hoops? Conversely, IT folks (like me) tend to believe in restrictive control, in complicated passwords as possible, extra authentication hoops and logging everything that happens over an established connection.

With the advent of SaaS (Software as a Service), security becomes all the more critical in terms of both the user of the service and the administrator of the environment providing that service.  The beautiful thing about SaaS offerings like CATSWeb is that they are completely web based through HTML.  This makes life much easier for all parties.  From the user side, CATSWeb requires no special VPN software, nothing downloaded to the client computer and no local certificate store to verify a user’s identity  only  a web address and a password.  From the IT standpoint, all machines involved in providing CATSWeb SaaS are completely locked down to two ports of traffic; an IT dream come true.  Users will either be coming into a hosted CATSWeb environment via HTTP (port 80) or HTTPS (port 443). For securing a server to the world, only having to deal with two ports is about as simple a scenario as exists in the IT industry.

Because CATSWeb traffic is only on two ports, our servers are locked down completely, with those two ports being monitored constantly through the firewall, protected by live scanning anti-virus solutions and safeguarded by managed IDS (Intrusion Detection) systems.  Add to that all web traffic is logged from start to finish and you’ve got as bulletproof a server system as can be found.  And then we get to CATSWeb itself.

Within CATSWeb, AssurX has included additional security tools to ensure that your data is safe.  First, each customer company has their own unique, individual database not shared by anyone else. If a customer chooses to require SSL for accessing their CATSWeb database, this ensures that all traffic to and from that database is encrypted.  System access is automatically logged for easy review, including the IP address from where the traffic originated.

The rest we leave up to users.   I guess that’s where CATSWeb SaaS becomes a two-pendulum system. The “server security pendulum” we’ve chosen to swing as far toward restrictive control as possible.  The “user access pendulum” we leave to the users of CATSWeb.  An administrator in a CATSWeb system can set their own requirements for passwords for their users, establish their own session parameters such as session length and inactivity timeouts and much, much more.  This will allow any given SaaS CATSWeb system to have security anywhere along the user access pendulum, from easy to restrictive, based on what your requirements are.

TwitterFacebookGoogle+LinkedInEmailPrintFriendlyShare
Filed Under: Featured, Karl Kleinkauf, Risk Management, SaaS & Cloud Computing, Security Tagged With: , , , , , ,
«Older Posts