With the advent of internet technologies and the fast growing popularity in cloud computing, it won’t be long before most regulated organisations adopt cloud computing and use it as the de-facto standard across their day to day activities.

With the multitude of cloud applications coming online almost every month now, what questions do you need to ask in order to discover if these applications can be used in a regulated environment.

We’ve put a list together of the top 25 questions that need to be asked as part of the SLA service level agreement.

Question 1

What level of security both physical and electronic will exist?

Question 2

Will the cloud be public, private or a combo of both?

Question 3

Who has privileged access to data?

Question 4

Where is the location of the data? (Different laws for different countries)

Question 5

How is the data segregated?

Question 6

What are the data recovery procedures?

Question 7

What is the data availability?

Question 8

What happens to the data at service termination?

Question 9

How is patch and bug fix management handled?

Question 10

What are your software configuration procedures?

Question 11

How do you manage change control?

Question 12

Is the cloud/application on a validated server?

Question 13

Does the cloud/application have a full audit trail

Question 14

Does the cloud/application have the functionality to become 21 CFR Part 11 compliant

Question 15

Has the cloud being audited to SAS70 or SSAE16?

Question 16

Will the cloud support existing client business processes?

Question 17

Have workflows been established between client and vendor (cloud)?

Question 18

Will a in-house support team need to be established for configuration and maintenance issues?

Question 19

Access to data/records/archives/back-ups who, when, how?

Question 20

Does the vendor have a robust QMS?

Question 21

Does it have guidance affecting change management and how will this be handled from vendor to client?

Question 22

Hardware maintenance and management who is responsible?

Question 23

Does the solution allow for different environments (e.g Sandbox, Development, QA, Production) ?

Question 24

How are these environments different?

Question 25

How is data maintained across environments?

Answers to these questions may assist in appropriately scoping/defining the level-of-effort for validation. The verification methods and objective evidence will most-likely be quite different from anything anyone has seen to-date.

Software Validation Forum

If you would like to learn more about validating the cloud visit our software validation forum for more great posts.

Contributors

Russel Regan
WGutierrez
Bruce Neagle
Jason Demmi
Bill Becker
Carl Miller MeD

Validating The Cloud – Top 25 Questions You Need To Ask!

Question 1

Question 2

Question 3

Question 4

Question 5

Question 6

Question 7

Question 8

Question 9

Question 10

Question 11

Question 12

Question 13

Question 14

Question 15

Question 16

Question 17

Question 18

Question 19

Question 20

Question 21

Question 22

Question 23

Question 24

Question 25

Software Validation Forum

Contributors

Related Articles

Talk to us

Question 1

Question 2

Question 3

Question 4

Question 5

Question 6

Question 7

Question 8

Question 9

Question 10

Question 11

Question 12

Question 13

Question 14

Question 15

Question 16

Question 17

Question 18

Question 19

Question 20

Question 21

Question 22

Question 23

Question 24

Question 25

Software Validation Forum

Contributors

Related Articles

The Rules of Thumb of Good Documentation Practices

How to Assess Risk for Computer Systems (CSV) [Video]

The 5 Essential Definitions You Must Understand to Successfully Evaluate Risk [Video]

Talk to us