SaaS, GxP and The Cloud

 

 

In the Life Sciences, the call to the cloud was initially resisted.  Like most technology adoption in this industry, it took a while, but I think it’s safe to say the cloud had arrived. Thankfully in an industry that thrives on a good acronym, we have some new ones to learn:

  • IaaS (Infrastructure as a Service),
  • SaaS (Software as a Service) and
  • PaaS (Platform as a Service) being the most prevalent as far as service delivery options go.

For the purposes of today’s blog, let’s focus on SaaS.

SaaS providers have figured out how to deliver just about every regulatory application you can think of directly to your doorstep using the power of ‘THE CLOUD’. What is not immediately obvious, though should keep you up at least one night until your curiosity has been satisfactory settled, is where ‘THE CLOUD’ they speak of actually is and equally important, who is managing it.

SaaS providers, like the CD printing software companies of old (hint – many of them are the same companies), are in business to make money, and a really great way to bump up the margin is to charge for the delivery of the software. In other words, you are paying for them to have it hosted somewhere. The location of where it’s hosted and what IT controls and qualification strategy surround it, are critical to ensuring that the SaaS provider’s application is subject to a robust and sustainable software development Lifecycle (SDLC).

I could fill ten blogs with stories of regulated companies who have found themselves suffering from downtime of a critical application that would have been avoided, or at least mitigated, had they properly assessed the nature of the SaaS provider’s infrastructure. Delivering an application from a cloud – any cloud – is not that hard; qualifying, managing, and maintaining the compliant state of the infrastructure layer is, and it is generally alien to providers whose primary  purpose in life is software delivery.

If you’ve been in IT more than 15 minutes (if not, congrats on the new job – reading this is a good use of your first 15 minutes) you know that software people and infrastructure people have wildly different tastes, infrastructure people like big LED-lighted datacenters and overclocking processors, whereas software people like long walks after rainstorms and locally sourced kale. You need them both, but they aren’t the same.

It’s anecdotal certainly, but I came across one chap whose ‘regulated application’ was not hosted by the SaaS provider, but rather mirrored between two clouds in two separate datacenters run by different providers with different SLA’s. Beyond that, the SaaS provider had a compliance services company sitting in the middle burning incense and trying to keep the whole thing blessed. One supplier was in essence five, an unnecessary and exponential exposure that was not initially disclosed and only discovered when something went wrong.

When selecting a SaaS provider, make sure that the infrastructure management aspects of their service delivery are extremely transparent, get to the bottom of where their data is hosted, what they have done to build and manage it, and how many companies they are relying on to keep it all going.

Today, GCS supports a host of SaaS clients by delivering fully managed GxP qualified and compliant infrastructure services. We take the fear out of compliant hosting by offering an industry leading quality system, a dedicated regulatory team, and full support for your qualification and auditing efforts.