Clinical Trials in the Cloud: A New Paradigm?

Similar documents
Cloud Computing. What is Cloud Computing?

Pharma CloudAdoption. and Qualification Trends

Security Issues in Cloud Computing

Cloud Computing; What is it, How long has it been here, and Where is it going?

Securing and Auditing Cloud Computing. Jason Alexander Chief Information Security Officer

Secure Cloud Computing through IT Auditing

Essential Characteristics of Cloud Computing: On-Demand Self-Service Rapid Elasticity Location Independence Resource Pooling Measured Service

Cloud Computing in a Regulated Environment

Services Providers. Ivan Soto

The Cloud Computing Revolution: Beyond the Hype

Using Cloud-Based Technologies in Clinical Trials by Niki Kutac, Director, Product Management

Validation of a Cloud-Based ERP system, in practice. Regulatory Affairs Conference Raleigh. 8Th September 2014

See Appendix A for the complete definition which includes the five essential characteristics, three service models, and four deployment models.

BUSINESS MANAGEMENT SUPPORT

Regulated Applications in the Cloud

Managing Cloud Computing Risk

Cloud Computing Guide & Handbook. SAI USA Madhav Panwar

CONSIDERATIONS BEFORE MOVING TO THE CLOUD

OWASP Chapter Meeting June Presented by: Brayton Rider, SecureState Chief Architect

Fundamental Concepts and Models

Deploying Public, Private, and Hybrid Storage Clouds. Marty Stogsdill, Oracle

Why Private Cloud? Nenad BUNCIC VPSI 29-JUNE-2015 EPFL, SI-EXHEB

East African Information Conference th August, 2013, Kampala, Uganda. Security and Privacy: Can we trust the cloud?

Perspectives on Moving to the Cloud Paradigm and the Need for Standards. Peter Mell, Tim Grance NIST, Information Technology Laboratory

Addressing Cloud Computing Security Considerations

Validating Cloud. June 2012 Merry Danley

Security & Trust in the Cloud

The Cloud is Not Enough Why Hybrid Infrastructure is Shaping the Future of Cloud Computing

Cloud Services Overview

A COALFIRE PERSPECTIVE. Moving to the Cloud. NCHELP Spring Convention Panel May 2012

Accelerate Your Enterprise Private Cloud Initiative

Cloud Computing: Risks and Auditing

What Is The Cloud And How Can Your Agency Use It. Tom Konop Mark Piontek Cathleen Christensen

Architectural Implications of Cloud Computing

Architecting the Cloud

Outline. What is cloud computing? History Cloud service models Cloud deployment forms Advantages/disadvantages

HIPAA in the Cloud. How to Effectively Collaborate with Cloud Providers

Cloud Computing. Bringing the Cloud into Focus

Information Technology: This Year s Hot Issue - Cloud Computing

Cloud Computing: What needs to Be Validated and Qualified. Ivan Soto

Strategic Compliance & Securing the Cloud. Annalea Sharack-Ilg, CISSP, AMBCI Technical Director of Information Security

CLOUD COMPUTING OVERVIEW

What Cloud computing means in real life

INTRODUCTION TO CLOUD COMPUTING CEN483 PARALLEL AND DISTRIBUTED SYSTEMS

Client Security Risk Assessment Questionnaire

Leveraging the Private Cloud for Competitive Advantage

CLOUD COMPUTING. A Primer

SMS. Cloud Computing. Systems Management Specialists. Grupo SMS option 3 for sales

Commercial Software Licensing

Cloud Computing demystified! ISACA-IIA Joint Meeting Dec 9, 2014 By: Juman Doleh-Alomary Office of Internal Audit

IBM Cognos TM1 on Cloud Solution scalability with rapid time to value

Orchestrating the New Paradigm Cloud Assurance

WORKDAY CONCEPT: EMPLOYEE SELF SERVICE

Healthcare Enterprise View of Cloud What is Cloud Additional Needs Cloud Models Cloud Economics 101 Stack Decision Framework

Software-as-a-Service: Managing Key Concerns and Considerations

WHITE PAPER. IT in the Cloud: Using VMware vcloud for Reliable, Flexible, Shared IT Resources

IT Risk and Security Cloud Computing Mike Thomas Erie Insurance May 2011

The Cloud in Regulatory Affairs - Validation, Risk Management and Chances -

Cloud Computing Trends, Examples & What s Ahead

Big Data & Its Bigger Possibilities In The Cloud

How Cloud Computing is Changing the Face of IT. Ketul Parekh HCSS

EXIN Cloud Computing Foundation

Cloud Computing Overview

BMC s Security Strategy for ITSM in the SaaS Environment

CHAPTER 8 CLOUD COMPUTING

Emerging Tax Issues Surrounding Cloud Computing Transactions By S. Matthew McNeilly, CPA

Daren Kinser Auditor, UCSD Jennifer McDonald Auditor, UCSD

Technology & Business Overview of Cloud Computing

How To Understand Cloud Computing

What is Cloud-Based Security? Cloud-based Security = Security Management + Cloud Computing.

INTRODUCING CLOUD POWER

Seeing Though the Clouds

Quattra s Cloud Vision & Framework Value

IBM Cloud Security Draft for Discussion September 12, IBM Corporation

Third Party Cloud Services Its Adoption in the New Age

Private vs. Public Cloud Solutions

GETTING THE MOST FROM THE CLOUD. A White Paper presented by

Cloud & Security. Dr Debabrata Nayak Debu.nayak@huawei.com

Cloud Computing Security Issues

Transcription:

Marc Desgrousilliers CTO at Clinovo Clinical Trials in the Cloud: A New Paradigm? Marc Desgrousilliers CTO at Clinovo

What is a Cloud? (1 of 3) "Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. Source: http://www.nist.gov/itl/cloud/

What is a Cloud? (2 of 3) Mandated by the US Government under the Federal Cloud Computing Strategy in Feb-2011 Defined by the NIST A Cloud must exhibit 5 characteristics: On-demand self service Ubiquitous network access Resource pooling Elasticity Measured services (SLA)

What is a Cloud? (3 of 3)

Example of Clouds Around Us Consumer Enterprise

Types of Clouds (1 of 2) Public Private Hybrid Community Private/Community Clouds Public Clouds

Types of Clouds (2 of 2) Public Private Community Hosted by Service Provider Sponsor/CRO -or- Service Provider Tenancy Multi-tenancy Available to the public Sponsor/CRO -or- Service Provider Single tenancy Multi-tenancy Available to members of community Infrastructure Shared Dedicated to single tenant Network access Internet VPN -or- LAN Can store clinical data? L J Dedicated to community VPN J

Cloud Service Layers (1 of 2) Infrastructure-as-a-Service Fully outsourced hardware infrastructure Rent a server billed per hour or minute Give your full control for changes, data protection, etc. Platform-as-a-Service Provides a platform to develop cloud-based applications Provider controls changes to the environment and data protection Not recommended for Clinical Trials Software-as-a-Service Provides a consumable application running in the cloud Software vendor must demonstrate adherence to 21 CFR Part II and evidence of validation

Cloud Services Layers (2 of 2) Infrastructure as a Service Platform as a Service Software as a Service Self Service OK OK OK Reduced Cost Ubiquitous Access Automated System On-demand Scalability Expensive for large deployment OK OK OK Caution with mobile platforms Caution with auto updates OK OK OK OK OK OK Can Store Clinical Data? K L J

Clearing up the Cloudiness Infrastructure-as-a-Service OK to use for clinical trial in both Private and Community Clouds. For large deployments, make sure to model cost vs. onsite Software-as-a-Service OK to use for Clinical Trials in both Private and Community Clouds. SaaS on Public Cloud is not recommended for Clinical Trials data, but if considered, in-depth vendor audit is required. Cost Infrastructure as a Service Private Cloud K Software as a Service J Community Cloud Infrastructure as a Service K Software as a Service J Can Store Clinical Data? J J J J

Regulatory Considerations All 21 CFR Part 11 rules apply regardless if system is cloud-based, hosted or on-site Data security & privacy Data protection Hosting facility controls Change management Validation Your organization (not the Service Provider) is ultimately responsible to ensure the GxP system is validated, compliant and performs as intended on the Cloud.

Regulatory Recommendations (1 of 3) Step 1: Evaluate vendor capabilities Does vendor have existing customers running GxP applications? Does vendor s staff have all necessary qualification and training? Does vendor have a validated instance/template for their hosted application? Can the vendor show proof of validation documentation? Does the vendor provide 24x7 application support?

Regulatory Recommendations (2 of 3) Step 2: Evaluate data security Where exactly will the data be stored and processed? Does vendor have sufficient physical and electronic security? Is the data communication encrypted over the network? Are passwords encrypted when stored? Does vendor use a 3 rd party data center? If so, can they also be audited? Does data center have recent SSAE 16 or SAS-70 audit reports? Does vendor have a data backup procedure and a credible disaster recovery plan in place? In case of breach of contract, will the data still be available? How are other tenants and applications isolated from each other? Who owns and has access to your data?

Regulatory Recommendations (3 of 3) Step 3: Conduct an onsite audit to verify the answers you received from the pre-qualified vendor Any Service Provider who refuses to be audited or can t properly answer these questions should be disqualified

Examples of Clouds for Clinical Trials

eclinical Forecast for the Next Few Years Definitely cloudy with chances of changing winds! J

Questions? Thank You! Marc Desgrousilliers CTO Clinovo marc.desgrousilliers@clinovo.com