The concept of implementing SaaS is moving ahead quickly, especially in the medical device arena. Perhaps that shouldn’t be surprising; most industry experts say that device firms tend to be a bit more innovative when it comes to embracing new technologies.
That may be why Angiotech made the decision to go with AssurX’s OnDemand (SaaS) model as opposed to on-premise implementation for their global complaint handling system. Angiotech is a global specialty pharmaceutical and medical device company that discovers, develops, and markets innovative technologies and medical products primarily for local diseases or for complications associated with medical device implants, surgical interventions and acute injury.
AssurX’s CATSWeb system is already rolled out across four facilities – three in the US and one in Puerto Rico – with Europe expected by the end of 2009.
Larry Murphy, Senior Manager, Corporate Quality, was part of the team that made the decision to go with the SaaS model because they needed to get up and running quicker.
“We got the blessing of the IT group after they reviewed the AssurX system and were able to get answers quickly about the level of security and support,” Murphy said. “As far as the users are concerned, they really like having everything centralized, including the reporting capabilities. We have significantly improved our efficiency and productivity,” added Murphy.
Prior to implementing an automated complaint handling system, various divisions of Angiotech were using either paper-based systems or homegrown Access database applications. Now the company-wide system using CATSWeb allows them to process complaints in a more structured and standardized manner that provides a much higher level of quality of information as well as the ability to track progress using metrics and dashboards.
Future plans include expansion of the current process and perhaps implementing electronic medical device reporting (eMDR) somewhere down the line.
How does one achieve five 9’s (99.999%) uptime or better in today’s crazy IT world? Easy. Have backups for your backups and have at least two of everything.
Okay, so maybe it’s easier said than done and perhaps that is an egregious oversimplification. The bottom line, however, is basically that’s how AssurX has achieved not five 9’s but a perfect 100% uptime for CATSWeb OnDemand systems for two years running.
We have multiple redundancies in all our critical infrastructure systems: at least two of everything. We have everything from multiple pipes to the Internet to multiple fire suppression systems. There are multiples of all server types; web servers, application servers, database servers, backup servers. There are multiples of all components of the servers; multiple drives in RAID arrays, multiple network cards, multiple power supplies, multiple CPUs. There are redundant monitoring systems, monitoring internally and externally the availability of CATSWeb and we are notified immediately when something is wrong. Fortunately (knock on wood), we’ve yet to experience this scenario outside of testing.
Our data center is the same way. There are redundant heating and cooling systems, redundant fire suppression systems, redundant UPS systems, redundant generators and everything is in “hot standby” mode, meaning if one fails, the other takes over without missing a beat. The network employs at least three major telecom providers for separate and redundant backbones to the Internet.
To someone unfamiliar with the true meaning of “mission critical”, all this sounds like overkill. Doesn’t having two (or more) of everything make life more difficult? Simple answer is, yes, life is more complicated with two of everything. There are the requirements of extra space, extra maintenance, extra power consumption, extra time for install/management/decommission of software packages and extra man hours spent working on all these redundant systems. Does it make financial sense? Absolutely! Just the same as one has homeowner’s insurance, car insurance, health insurance or life insurance, what redundancy means to an IT department is data and connectivity insurance. For hosted systems like CATSWeb OnDemand, it means happy customers who always get to their data, day or night. For IT guys like me it means peaceful, easy sleep and less hair loss.
At the end of the day, the simple fact is that AssurX has achieved something truly difficult in the IT world; 100% uptime, two years running. This is something major players, like Yahoo, eBay, Google, Amazon and many others cannot claim. We are proud of our commitment to hosting CATSWeb for our customers and will continue to implement new and better ways to achieve and maintain the best possible uptime numbers and availability as we forge ahead.
The idea of software as a service is not new and in fact AssurX has offered its CATSWeb enterprise quality and compliance system in a hosted environment for over 10 years. However, there has always been a certain resistance in business for utilizing this software model. The reasons have varied from security issues to wanting to have control over the platforms to a perception that the data just needs to be in-house. For several years, though, businesses have been looking to reduce their overall costs, including those involved with IT. As a result SaaS has much more appeal as it can significantly help to reduce the overall cost of ownership.
One of the chief issues that have confounded IT, though, is system integration. No system is the be-all-to-end-all. ERP systems will generally handle most of the basic functions of a business, however there are aspects like complaint management, auditing, CAPA, etc., that are not fully covered by these systems – hence the need for multiple applications and the need to integrate.
The next argument from many is that if our systems are all hosted we cannot integrate them. That is not necessarily true. Systems that have Web service capabilities are fully capable of being integrated regardless of their location. This was recently proven by a very successful hosted NetSuite to CATSWeb integration. The requirement was to allow customer service to enter their initial customer complaint as a Support Case in NetSuite (which the customer runs as a SaaS) and have a corresponding transaction triggered in CATSWeb (which is also running as SaaS) where the actual complaint processing occurs. This was all accomplished by using a simple call from NetSuite to the CATSWeb web service. CATSWeb creates the record and sends a success or error message back to NetSuite, which then either stores the newly created CATSWeb Record ID in the Support Case for reference purposes or sends an email to an individual in the case of an error message. Additionally, because CATSWeb returns the Record ID created to NetSuite, any further changes to the NetSuite Support Case can be sent to CATSWeb, which will update the record accordingly.
So is system integration of SaaS applications possible? Absolutely. And depending the capabilities of the systems involved it can be relatively easy to accomplish. CATSWeb offers a fully functional Web services API, which will allow any external system to integrate with it. The location of the external system does not matter. The bottom line is that Software as a Service is a viable business model which can greatly reduce IT costs and the idea that just because your applications are hosted at offsite locations is no reason why they cannot be effectively integrated.
In the IT world, there is ever that security pendulum that either seems to move toward ease of use or toward restrictive control. Users typically tend towards the “ease of use” end of the spectrum because who wants to remember yet another password? And who wants to install complicated VPN software or jump through extra authentication hoops? Conversely, IT folks (like me) tend to believe in restrictive control, in complicated passwords as possible, extra authentication hoops and logging everything that happens over an established connection.
With the advent of SaaS (Software as a Service), security becomes all the more critical in terms of both the user of the service and the administrator of the environment providing that service. The beautiful thing about SaaS offerings like CATSWeb is that they are completely web based through HTML. This makes life much easier for all parties. From the user side, CATSWeb requires no special VPN software, nothing downloaded to the client computer and no local certificate store to verify a user’s identity only a web address and a password. From the IT standpoint, all machines involved in providing CATSWeb SaaS are completely locked down to two ports of traffic; an IT dream come true. Users will either be coming into a hosted CATSWeb environment via HTTP (port 80) or HTTPS (port 443). For securing a server to the world, only having to deal with two ports is about as simple a scenario as exists in the IT industry.
Because CATSWeb traffic is only on two ports, our servers are locked down completely, with those two ports being monitored constantly through the firewall, protected by live scanning anti-virus solutions and safeguarded by managed IDS (Intrusion Detection) systems. Add to that all web traffic is logged from start to finish and you’ve got as bulletproof a server system as can be found. And then we get to CATSWeb itself.
Within CATSWeb, AssurX has included additional security tools to ensure that your data is safe. First, each customer company has their own unique, individual database not shared by anyone else. If a customer chooses to require SSL for accessing their CATSWeb database, this ensures that all traffic to and from that database is encrypted. System access is automatically logged for easy review, including the IP address from where the traffic originated.
The rest we leave up to users. I guess that’s where CATSWeb SaaS becomes a two-pendulum system. The “server security pendulum” we’ve chosen to swing as far toward restrictive control as possible. The “user access pendulum” we leave to the users of CATSWeb. An administrator in a CATSWeb system can set their own requirements for passwords for their users, establish their own session parameters such as session length and inactivity timeouts and much, much more. This will allow any given SaaS CATSWeb system to have security anywhere along the user access pendulum, from easy to restrictive, based on what your requirements are.
The Royal Bank of Scotland (RBS Group) is one of the top 10 banking groups in the US and a principal supplier of corporate finance and debt capital markets services, with retail banking franchises stretching from New England to the Midwest.
In 2005, Juel McQueen, Assistant Vice President, Compliance, and her team in quality assurance needed a solution to track all corrective actions, periodic reviews and verification documents. Since resources for IT were already stretched, they decided to pursue a solution that was available as SaaS (Software as a service). After researching numerous vendors, Ms. McQueen and her team selected CATSWeb OnDemand with the blessing of their IT department because it suited their needs for security, functionality and versatility. CATSWeb is hosted at a SAS 70 Type II certified facility.
Prior to CATSWeb, the QA department was using Microsoft Word and Excel and routing files by email to solve their corrective actions and sign off on documents. Some of these attachments ended up being accidentally deleted or overlooked. Now, instead of relying on file attachments in email, all users log into the CATSWeb system, view the tasks and documents assigned to them, and electronically sign off on them in a much more accurate and timely manner.
“AssurX helped me get started on the system with initial training, and now I do the necessary configuration changes myself,” said McQueen.
In addition to providing a centralized system for users, CATSWeb also generates executive reports for test results, findings and corrective actions.
And so it is with Information Technology. No one knows for sure what it was originally called but it seems to have origins defined by its first name…or was its name defined by the origins? In the mid-90’s, when it was more an idea than a practice, we called it simply “hosted software”. Many dismissed it as “future-talk” and speculation, thinking few would actually ever pay to “rent” software over the Internet. But those of us in the industry thought it was brilliant. A “win-win”, if you will. Software companies able to make continuous streams of income and consumer companies able to cut back IT costs and never have to worry about upgrades, hardware and the other nightmares of running a mission critical application.
In the late 90’s, it became known as ASP or “Application Service Provider” and the media had caught wind of something new. To date, this was the most popular term coined and was the most widely used. There were over 20,000 mentions of ASP in the press in the year 2000. When we began offering CATSWeb OnDemand in 2000, we considered it an ASP offering and some of the internal (behind the scenes) components are still branded with the ASP nomenclature. As ourselves users of ASP’s poster child Salesforce, we thought the model had great potential and it helped us tremendously when our IT department was in its adolescence.
Coined shortly after ASP around the early 2000’s, some in the industry heard the term SaaS or “Software as a Service”. By 2003 or so this term began to build popularity and momentum as the new buzzword for hosted software. In 2005 SaaS overtook ASP as the acronym of choice and in 2007 there was a peak of over 10,000 press mentions of SaaS. The industry by-and-large still refers to hosted applications as SaaS. We consider CATSWeb OnDemand a SaaS application and refer to it as such currently.
Now there is a new buzzword on the horizon that is rapidly gaining popularity and serves to define the newest generation of hosted applications: “cloud-computing” or simply “cloud”. Cloud is basically the same business model, the same pros and cons and the same major players, like Salesforce and WebEx among many others. Same old idea, shiny new name. And if history is any indication, we’ll see “cloud” gain in popularity until it peaks and another new term is coined to define this industry niche.
I guess the bottom line in all of this is that AssurX has a strong, time-tested, customer-proven hosted offering in our CATSWeb OnDemand product. And frankly, we don’t care whether it’s referred to as “hosted software”, ASP, SaaS, cloud computing or the next new thing, whatever that may be. We still intend to offer our software for customer use over the Internet for as long as people want to use it that way. We will always strive to better our offerings, our uptime, our security and our reputation in this hosted model and be frontrunners in providing the best features and reliability with the best dollar for dollar value in the industry.
“Hosted software by any other name, would still accomplish the same”.
Three years ago, Oliver Medical, a leading medical packaging provider developing innovative sterile-grade packaging materials headquartered in Grand Rapids, MI, set out to find a solution to their ever-growing paper problem.
Lora Keena, Vice President of QA/RA, understood the importance of operating at the highest possible level of efficiency while not sacrificing safety, so she set out a goal to find an electronic solution to help establish real-time procedures that were easy to understand, train and update anywhere, anytime Oliver Medical personnel needed to do so.
She knew they had to move everything – forms, testing, and all quality systems – from paper to electronic. “Our old way was time consuming and cumbersome…we were faxing hard copies back and forth and it took forever,” Lora recalls.
There were four key requirements for a new electronic system:
- Reasonable price
- 21 CFR Part 11 compliance
- It had to meet their needs for document control
- Fast implementation
“We didn’t have 12 – 18 months implementation time. I didn’t want that kind of delay” said Keena.
Lora and her team narrowed down their search to four vendors and AssurX’s Software as a Service (SaaS) solution quickly rose to the top.
Read the entire story about Oliver Medical.
