Cloud Vendor Evaluation



Similar documents
Las Vegas Datacenter Overview. Product Overview and Data Sheet. Created on 6/18/2014 3:49:00 PM

TENDER NOTICE No. UGVCL/SP/III/608/GPRS Modem Page 1 of 6. TECHNICAL SPECIFICATION OF GPRS based MODEM PART 4

Company Overview. Enterprise Cloud Solutions

ROLE PROFILE. Business Function: Software Operations Managed Cloud Services eg s Head Office, Dunston Business Village, Staffordshire

Hosted SharePoint: Questions every provider should answer

Caretower s SIEM Managed Security Services

Clarity in the Cloud. Defining cloud services and the strategic impact on businesses.

A Global IT Managed Service Provider

Secure, Scalable and Reliable Cloud Analytics from FusionOps

Payment Card Industry Data Security Standard

Logging In: Auditing Cybersecurity in an Unsecure World

Itron Cloud Services Offering

Williamson County Technology Services Technology Project Questionnaire for Vendor (To be filled out withprospective solution provider)

Attachment E. RFP Requirements: Mandatory Requirements: Vendor must respond with Yes or No. A No response will render the vendor nonresponsive.

Managed Hosting is a managed service provided by MN.IT. It is structured to help customers meet:

Pharma CloudAdoption. and Qualification Trends

APPENDIX G ASP/SaaS SECURITY ASSESSMENT CHECKLIST

Client Security Risk Assessment Questionnaire

Services Providers. Ivan Soto

Enterprise Architecture Review Checklist

CounselorMax and ORS Managed Hosting RFP 15-NW-0016

SaaS Security for the Confirmit CustomerSat Software

Ellucian Cloud Services. Joe Street Cloud Services, Sr. Solution Consultant

Lot 1 Service Specification MANAGED SECURITY SERVICES

All your apps & data in the cloud, all in one place.

North American Electric Reliability Corporation (NERC) Cyber Security Standard

Blackboard Collaborate Web Conferencing Hosted Environment Technical Infrastructure and Security

Managed Services. Business Intelligence Solutions

Why SaaS (Software as a Service) and not COTS (Commercial Off The Shelf software)?

CA Cloud Overview Benefits of the Hyper-V Cloud

security in the cloud White Paper Series

END TO END DATA CENTRE SOLUTIONS COMPANY PROFILE

Oracle Maps Cloud Service Enterprise Hosting and Delivery Policies Effective Date: October 1, 2015 Version 1.0

Appendix E to DIR Contract Number DIR-TSO-2736 CLOUD SERVICES CONTENT (ENTERPRISE CLOUD & PRIVATE CLOUD)

Security Controls What Works. Southside Virginia Community College: Security Awareness

RMS. Privacy Policy for RMS Hosting Plus and RMS(one) Guiding Principles

Infrastructure as a Service (IaaS) Dancik International and Peak 10

Requirements Checklist for Choosing a Cloud Backup and Recovery Service Provider

Securing the Service Desk in the Cloud

Optimos Enterprise Helpdesk Automation Solution Case Study

Five keys to a more secure data environment

INNOVATE. MSP Services Overview SVEN RADEMACHER THROUGH MOTIVATION

Managed Service Plans

IT SERVICE MANAGEMENT FAQ

Cloud Assurance: Ensuring Security and Compliance for your IT Environment

BMC s Security Strategy for ITSM in the SaaS Environment

Hosting Services VITA Contract VA AISN (Statewide contract available to any public entity in the Commonwealth)

AdvancedHosting SM Solutions from SunGard Availability Services

CWSI Service Definition for Server Monitoring

DESIGNATED CONTRACT MARKET OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE

Data Security and Privacy Principles for IBM SaaS How IBM Software as a Service is protected by IBM s security-driven culture

Comparing the Cost of Ownership of Physical PCs, VDI, and TetherView Desktops

HIPAA Compliant Infrastructure Services. Real Security Outcomes. Delivered.

Security from a customer s perspective. Halogen s approach to security

Remote Infrastructure Support Services & Managed IT Services

PAAS Public Sector Managed Services

Things You Need to Know About Cloud Backup

Enterprise IT is complex. Today, IT infrastructure spans the physical, the virtual and applications, and crosses public, private and hybrid clouds.

<cloud> Secure Hosting Services

Move your business into the Cloud with one single, easy step.

Kaseya IT Automation Framework

3rd Party Audited Cloud Infrastructure SOC 1, Type II SOC 2, Type II ISO Annual 3rd party application Pen Tests.

The Cloud is Not Enough Why Hybrid Infrastructure is Shaping the Future of Cloud Computing

SWAP EXECUTION FACILITY OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE

SERVICE SCHEDULE INFRASTRUCTURE AND PLATFORM SERVICES

California Department of Technology, Office of Technology Services WINDOWS SERVER GUIDELINE

CHOOSING A RACKSPACE HOSTING PLATFORM

Contact Centers in the Cloud: A Better Way to Source

A three step plan for migrating to Microsoft Exchange 2010

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster

SaaS Service Level Agreement (SLA)

SMS. Cloud Computing. Systems Management Specialists. Grupo SMS option 3 for sales

Cloud Computing: Risks and Auditing

Table of Contents. CSC CloudCompute Service Description Summary CSC 1

Requirements Checklist for Choosing a Cloud Backup and Recovery Service Provider

Cautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work

AN IN-DEPTH VIEW. Cleo Cleo Harmony - An In-Depth View

CONTINUOUS LOG MANAGEMENT & MONITORING

Company Overview WHY EVOLVE IP? DATA CENTERS THE CLOUD SERVICES COMPANY TM. Executive Summary

IBM Cognos TM1 on Cloud Solution scalability with rapid time to value

custom hosting for how you do business

Submitted to: Service Definition Document for Database Management for IT Infrastructure Management

Request for Information (RFI) for Managed Hosting Service

CSC BizCloud VPE Service Offering Summary. CSC i

Managed IT Secure Infrastructure Flexible Offerings Peace of Mind

PCI DSS Reporting WHITEPAPER

THE BLUENOSE SECURITY FRAMEWORK

Transcription:

Cloud Vendor Evaluation Checklist Life Sciences in the Cloud

Cloud Vendor Evaluation Checklist What to evaluate when choosing a cloud vendor in Life Sciences Cloud computing is radically changing business ecosystems and with its increased flexibility and lower costs serving as primary catalysts, more life sciences enterprises than ever are moving to the cloud. For life sciences business and IT leaders, the decision to move to the cloud can never be taken lightly, from costs to compliance, there are a number of important considerations that need to be weighed before a decision is made and once the decision is made you then need to choose the right life sciences vendor. In choosing the right life sciences vendor you need to evaluate the services they provide to mitigate any risks and concerns you have, especially around the strict regulatory requirements life sciences organisations need to adhere too. To assist in your vendor selection, we have correlated the following evaluation checklist that will provide some key questions you need to be asking vendors in your evaluation process and your journey to the cloud. Life Sciences in the Cloud Page 1

Evaluat uation crite iteria ia for Clo loud vendo ndors in comparison to Checklist Questions Cloud Hosting Capabilities Does the cloud vendor provide the following cloud options? - leveraged public cloud - virtual private cloud - private cloud Can the cloud vendor provide Private Cloud available in either vendor data center or client location? Does the cloud vendor offer non-production environments such as development, training, validation and sandbox? Does the cloud vendor's offering provide scalability for growth/changes to the architecture (e.g. network/number of servers)? Does the cloud vendor allow for hosting of 3rd party products (other than pre-requisites of their own software)? Does the cloud vendor offer multiple storage tiers? Are the methods of encryption defined by the cloud vendor? Does the Cloud vendor provide periodic maintenance and is there a pre-defined plan to accommodate the client business? Does the cloud vendor use their own datacenters or do they utilize 3rd party datacenters/providers? Does the cloud vendor offer a global network of data centers in order to be able to choose where your solution is hosted from? Is the cloud vendor able to provide a sample use case? Can the cloud vendor provide the ability to integrate with offpremise EDMS and or SaaS solutions? Disaster Recovery Does the cloud vendor have the ability to provide offsite Disaster Recovery? Does the cloud vendor provide various Disaster Recovery Point and Recovery Time objectives? Does the cloud vendor provide backup options? Does the cloud vendor provide replication based Disaster Recovery options? Does the cloud vendor provide a Disaster Recovery Plan detailing process and procedures for both vendor and client? Does the cloud vendor include an annual Disaster Recovery Test? Does the cloud vendor test both Failover and Failback as part of the test plan? All Available As Standard As Standard As Standard Life Sciences in the Cloud Page 2

Cloud and Application Moniotring Does the cloud vendor provide infrastructure monitoring? - Such as: Switch and port failure redundancy Network and resource utilization monitoring I/O monitoring and alerts Performance reporting agents Server-based monitoring agents Server resource utilization threshold alerts and reporting (CPU, RAM, disk and network utilization) Server maintenance checks OS security and vendor patching Does the cloud vendor provide application monitoring? - Such as: Proactive application monitoring Application URL monitoring and alerts Application functional health checks and alerts Critical services monitoring and alerts Application job failure monitoring Application and vendor patching Does the cloud vendor provide system administration and proactive actions? - such as: Daily system administrator maintenance checks Monthly system administrator maintenance checks and reporting Real time server resource and performance reporting Application log file and job report monitoring and maintenance Monthly server performance reporting Monthly system performance reporting System sizing monitoring Restart process checklists and confidence testing Does the cloud vendor provide direct visibility into system resources via a web-based portal for viewing near real-time performance data, customizable chart views, and exportable performance data? Security & Risk Management Does the vendor provide the appropriate Cyber Security measures? Does the cloud vendor meet data requirements governed by regulatory requirements? Does the cloud vendor utilize enterprise-class firewalls? Does the cloud vendor provide network intrusion detection monitoring and vulnerability scanning? Does the cloud vendor provide antivirus services to protect your critical systems and data? Does the cloud vendor provide managed database monitoring services? Life Sciences in the Cloud Page 3 Available on request

Does the cloud vendor provide managed security services components comprising of the following? Mobile Security Cloud Security Network Security Endpoint Security Application Security Identity and Access Management Does the cloud vendor provide SLA s? Does the cloud vendor provide various infrastructure SLA's to ensure system uptime and stability? Is the cloud vendor able to offer financial penalties against infrastructure SLAs? Are appropriate data backup and recovery processes in place? Does the cloud vendor provide 24x7 incident response time for issues pertaining to security? Does the cloud vendor maintain a secured monitored environment (of both the Physical & logical Security controls) Validation & Compli liance Does the cloud vendor operate an industry recognized Quality System? Does the cloud vendor provide both the necessary validation documentation for system delivery to meet your needs? Does the cloud vendor provide fully validated environments following a validation methodology which meet the necessary regulatory requirements? Can the cloud vendor provide Validation Services? Does the cloud vendor fully understand the key aspects of regulatory compliance? - Which include: Audits GxP Compliance Validation Methodologies Standard Deliverables Change Control Management Regulatory Compliance Expertise Audit readiness Cloud, Product, and Industry Expertise Does the cloud vendor allow for onsite data center audits? Does the cloud vendor allow for validation documentation audits? Does the cloud vendor allow cloud infrastructure control audits? Has the cloud vendor completed audits conducted by an independent 3rd party? Life Sciences in the Cloud Page 4

Client Partnership Does the cloud vendor allow for feedback from its own client base via a customer advisory board? Does the cloud vendor allow for early adopter programs which give the direct ability to influence product direction? Does the cloud vendor provide customer outreach programs? - Including: Regional user group/best practice meetings Product roadmap and discussion meetings Executive exchange seminars Does the cloud vendor allow for input into product direction? - From: Focus groups Direct conversations with product managers Feature enhancement requests Does the cloud vendor provide a dedicated account team to allow for a simplified model with executive oversight? Are the methods used to communicate new features or updates in line with your business needs? Pricing Does the cloud vendor offer fixed payment terms for the duration of the contract? Does the cloud vendor allow you to utilize existing vendor software licenses for vendor products? Does the cloud vendor allow you to utilize existing 3rd party licensing? Does the cloud vendor allow you to choose if you would like upgrades included in your pricing? Does the cloud vendor allow you to choose when you would like to implement upgrades based on your business need? Customer Services & On Going Support Does the cloud vendor have in place a customer service and support structure? Does the cloud vendor provide you with a Dedicated Client Program Director throughout the life of your commitment? Subject to 3 rd Party vendor approval Does the cloud vendor provide you with adequate support coverage to meet your needs (localized support in various countries, hours of operation)? Has clear escalation and communication processes been presented and defined for high risk incidents? Life Sciences in the Cloud Page 5

Does the cloud vendor allow for a single point of contact to handle all support issues? - Which may include: Product support issues Infrastructure incidents Application services requests Can the cloud vendor provide you with application services? - Which cover items such as: Client-specific application issues Client-specific functionality changes/customizations Does the cloud vendor provide you with the necessary infrastructure support for your business? - Which would cover items such as: Operating system software Hardware/software (non-os) Network/VLAns/VPNs/Firewalls Database management systems Does the cloud vendor provide you with seamless access to professional services and internal partner expertise who knows your business? - Such as: Product development architects and engineers Delivery resources (technical and non-technical) Does the cloud vendor provide a single point of contact at the Delivery stage and throughout the life of the agreement? Has clear escalation and communication processes been presented and defined for high risk incidents? Does the cloud vendor provide options for migrating into the cloud? - Which would cover items such as: Databases Flat files Other applications Legacy applications Unstructured data Are processes for change management clearly defined in the agreement? Can you control or are you informed of who can access your data? Does the cloud vendor inform you of their breach notification requirements and processes? Does the cloud vendor provide various levels of training on their application? Does the cloud vendor provide training materials/user manuals/and or guides to you for future reference? Life Sciences in the Cloud Page 6

Governance & Due Diligence Are you able to choose the geographical region where your data will reside? (United States vs Europe) Does the cloud vendor have both SSAE16, ISO 27001, and ISO 20000 certified data centers worldwide? Are electronic records capable of meeting the requirements of application regulations (such as US FDA 21 CFR Part 11)? Can you perform on-site audits? Is the cloud vendor available for on-site audits? Are you able to terminate your contract? Are you informed of any penalties for early termination of the contract? Are you able to extend your contract agreement? Are you informed on what happens to your data upon the termination of contract? Are you informed of what happens to your data upon termination of services? Does the cloud vendor provide formal documentation as part of the agreement to define the processes and procedures when leaving the service i.e. what data can be released and how, what personnel will be required from both vendor and client etc.? Are resolution SLA metrics defined within the agreement? Does the cloud vendor perform due diligence of their 3rd party providers? (if involved in the solution) As Standard - Provisions of Disentangle ment Life Sciences in the Cloud Page 7

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information