Ready for all situations: Experience and disaster recovery matters in the cloud – part 3

Cloud services and cloud vendors are not all created equal. That might seem like an obvious statement but it deserves repeating because the wrong type of cloud service might leave you frustrated and could cost you time and resources. It could also leave you vulnerable in the event of an act of God or other potential disasters if your provider isn’t properly prepared.

By Dawn Waite, Manager, Life Sciences in the Cloud

A primary consideration, therefore, should be assessing the experience of your cloud service provider. You need to select someone who is not only cloud-experienced but also has deep domain expertise in the life sciences industry.

A cloud vendor might say they can get you up and running in half an hour, but may not understand what regulatory compliance means and how to achieve that. It’s not just about delivering a compliant and validated environment, but also staying on top of changes to ensure compliance remains intact.

Managing the Fallout from Inexperience

While being able to go to a cloud vendor, buy a number of different environments and have them up and running in hours is very tempting. To achieve that rapid delivery, the cloud vendor is likely to be working in automation mode. As a result, they are not necessarily looking at your compliance requirement as thoroughly as they need to. What that means is they don’t really understand the life sciences industry and its specific challenges, and often validation and qualification won’t be part of that solution.

The knock-on effect of an automated offering is that a solution you thought would be available in hours can take significantly longer than expected as the vendor struggles to understand what the client needs. Worse yet, rather than having a vendor take on the burden of managing the environment, you’re left to ensure everything is as it should be, so the burden once again falls on you – and that dramatically lessens the benefit of turning to the cloud.

That’s not to say that automation is unsuitable, but it should be looked at with compliance in mind. For example, my CSC colleagues and I are investigating automation while ensuring that the qualification and validation requirements remain the top priority. Done the right way with the correct controls in place, therefore, automation can provide value.

PublicHealth7 fast track vaccineWhat you need to look for is a cloud supplier that can describe their processes, how they’ll get you compliant and how they will keep you compliant. Your provider needs to manage the qualification and validation of the environment throughout the agreement. They need to assess whether any changes affect compliance and if so, put steps in place to make sure that validation is kept within the solution. So, for example, if you’re changing your environment , your vendor needs to go through a change-control process, detail what the changes will be and how they will mitigate risk, provide you with a detailed document, and then get sign off from you before such a change can take place.


It Was a Dark and Stormy Night …

Experience is also about how your provider will manage crises. Disaster recovery capabilities are critical for data-rich life sciences companies – not only to protect intellectual property but also to safeguard data that could be subject to the U.S. Health Insurance Portability and Accountability Act (HIPAA).

Another reason why disaster recovery is so important is that it provides assurance that during busy submission periods the system is always available. This is important as life sciences companies must adhere to strict timelines for submissions to regulators, because if these are missed it could have financial implications. For example, if companies miss certain deadlines in Europe they may not be able to submit until the following month, which could delay getting a product to market. Disaster recovery in a cloud environment is – or should be – comprehensive. You have backup, which is literally about backing up the system. That back-up data can be kept in the same center as production or in a secondary data center. What it means is simply that if a machine goes down and the data needs to be reloaded, you go to the backup and reload.

Disaster recovery can go much further than this by replicating your entire system to a secondary data center that is hundreds of miles away. That way if something happens in the location of your production system (e.g., flood, mass electrical storm, etc.) you have the backup needed to ride out the storm. Having a secondary data center somewhere else allows you – in those instances where your servers will be down for a while – to have your users switch to that secondary data center and keep working. It’s the gold standard of disaster recovery.

Most internal disaster recovery capabilities just can’t offer that level of backup simply because the cost would be prohibitive. But with cloud you can spread the cost of having extensive disaster recovery with other clients – that’s the beauty of cloud, you’re paying for a multi-tenant solution that gives you that ability and flexibility.


  1. […] Ready for all situations: Experience and disaster recovery matters in the cloud – part 3 […]


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: