Staying Safe in the Cloud: Legal and Regulatory Issues

Janet Sanders

Janet Sanders

Attorney, Business Analyst and Certified, Project Management Professional (PMP) with extensive experience in all aspects of requirements analysis, project management and the systems development life cycle responsible for providing consulting services in the Pharmaceutical/Life Sciences environment.

The benefits of cloud computing stem from a simple idea: Providing an IT infrastructure for a group of users in different locations that allows them to share resources, software and information via the “cloud” that supports them.

Cloud computing is particularly inviting to the research and document-intensive life sciences industry, which relies on speed to market, internal and external collaboration, predictability and efficiency to manage costs and foster growth.

But while cloud computing offers some compelling advantages, a move to the cloud also comes with some caveats. The very nature of the cloud can pose risks to an enterprise; it is critical that these be avoided with careful planning and implementation.

The Challenge 

In a public cloud, IT activities or functions are provided as a service over the Internet. ThisCloud Computing open environment, where shared resources can pose potential security and confidentiality problems, is at odds with the highly regulated life sciences industry, where regulatory compliance requires that a company’s computerized system is qualified and controlled.  The good news is that leading service providers are developing secure cloud solutions to minimize risks associated with uptime requirements, disaster recovery and protection of sensitive data. For greater security, cloud-based workspaces offer life sciences customers a number of different levels of services, including private cloud offerings where IT capabilities are provided as a service over an intranet and protected behind a firewall.

In a nutshell, it is imperative that cloud solutions are adequately secure and meet privacy and compliance requirements. Be aware that using the cloud for tasks such as managing and archiving clinical trial data does not excuse you from regulatory obligations that would otherwise exist if you hosted the services inside your company. The same controls you are required to apply to your internally hosted infrastructure must be applied to your external cloud environment. Here is where the real challenge comes in. How do you demonstrate control over a system not directly under your company’s management? Fortunately, while the cloud presents some unique challenges, there is nothing about the technology that makes it impossible to validate. As is the case with most issues around life sciences compliance, diligence and planning is the key to success.

The Solution: Plan, Plan, Plan … and Look Before You Leap

To take advantage of the many benefits of cloud computing, begin by taking a risk-based approach. Lay the foundation for demonstrating compliance of your cloud computingSolution environment by understanding three key aspects of the cloud infrastructure:

  • The technology model that is being utilized (software, platform, infrastructure)
  • Security and integrity of the cloud components
  • The boundaries of the cloud with respect to your regulated data

Conclusion

When it comes to implementing a cloud solution, there is no substitute for due diligence. Make sure to engage business and technology teams in discussions about risk management topics, including risk identification, prioritization, measurement, and mitigation. With careful planning you can reap the benefits for your life sciences business “on the ground” while keeping your data safe and secure in the cloud.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>