cloud-based vs. on-site ctms - which is right for your organization?
Post on 18-Nov-2014
411 Views
Preview:
DESCRIPTION
TRANSCRIPT
Cloud-based vs. On-site CTMS:
Which is Right for You?
June 20, 2013
Parambir Singh Vice President of
Clinical Trial Management Solutions
BioPharm Systems
Special Guest: Sally Sweeney Director of Validation
BioPharm Systems
Welcome & Introductions
Param Singh Vice President of Clinical Trial Management Solutions BioPharm Systems, Inc.
• CTMS practice head since 2007 – Expertise in managing all phases and styles of clinical trials
– Leads the team that implements, supports, enhances, and integrates Oracle’s Siebel Clinical solution
• Extensive Siebel Clinical implementation experience – 11+ years of experience implementing Siebel Clinical
– 30+ implementations and integrations
– Spearheaded the creation of ASCEND, an official Oracle Accelerate Solution for Siebel Clinical
psingh@biopharm.com | (210) 454-5192
Welcome & Introductions
Sally Sweeney
Director of Validation
BioPharm Systems, Inc.
• 20+ years of industry experience, spanning science, IT, CTMS,
and validation
• Validation expert, responsible for BioPharm’s:
– Computer system validation (CSV) methodology
– System development life cycle (SDLC) methodology
– Team that performs all project-related validation activities
• Under Sally’s guidance, validation team ensures that BioPharm’s
internal and client systems are implemented effectively, in accordance
with external regulations and industry best practices
ssweeney@biopharm.com | (619) 980-7288
Welcome & Introductions (cont.)
CTMS Practice Services
Implementations
Manage implementations of Siebel Clinical vanilla and BioPharm’s Siebel Clinical accelerator, ASCEND.
Integrations Build one- and two-way interfaces between Siebel Clinical and other clinical and non-clinical systems.
Training Develop and/or deliver standard and custom training classes and materials, including Siebel iHelp.
Process Guidance Provide insight, advice, and solutions to specific clinical trial management issues.
Agenda
• Welcome & Introductions
• “Cloud” Defined
• Industry Trends in Cloud/Hosting
• Myths vs. Facts About Cloud/Hosting – Interactive segment with audience
participation
• Validation Implications of Cloud/Hosted Systems
• Evaluating Cloud vs. On-site CTMS
• How BioPharm Can Help
• Q&A
“Cloud” Defined
• Latest IT system delivery model
– Also known as “On-Demand” or “SaaS” (Software-as-a-Service)
• Internet-based computing
– Clusters of servers provide access to software and data from any
online computer at any time
• Based on the concept that consumers no longer need/want
expertise in or physical control over the technology
infrastructure that supports them
“Cloud” Defined (cont.)
• Related to “hosting,” but “cloud” is more specific
• Functions like a utility, such as electricity:
– Power grid stores electricity
– When demand increases, more sections of the grid are engaged
– When demand decreases, fewer sections of the grid are engaged
– Only pay for what you use
• Cloud is similar:
– Electricity = Software and data
– Demand = Number of users
– Power Grid = Cluster of servers
“Cloud” Defined (cont.)
• For clinical applications, true “cloud” is not really feasible
– Compliance
– Data integrity
– Data security / intellectual property
• In Life Sciences industry, “cloud” is the equivalent of
“hosting”
– Dedicated Hosting: You own the software and the servers, but the
servers are housed/maintained by a data center
– Shared Hosting: You own the software, but the servers are owned,
housed, maintained by a data center and can be shared by others
by dividing them through “virtualization”
Industry Trends in Cloud/Hosting
• Continuing pressure to reduce costs and shorten drug
development timelines, exacerbated by:
– Several patents expiring between 2011-2014, meaning increased
competition from generics
– Shrinking drug pipeline, based on a reduction of FDA approvals for
New Molecular Entities (NMEs) over the past several years
• Life sciences organizations recognizing that their focus
needs to be on effective, efficient drug development; all
other infrastructure is secondary
Industry Trends in Cloud/Hosting (cont.)
• Increasing reliance on IT vendors to provide and maintain the appropriate IT infrastructure to support their needs
• Organizations are realizing that cloud/hosting allows them to move away from capital expenditures and instead just pay for what they need when they need it – Significant cost savings in terms of human capital, physical
equipment, storage space, and utility costs
– Business advantages include standardization and streamlining of operations
• However, many organizations are still concerned about security, privacy, data protection and IP management “in the cloud”
Myths vs. Facts About Cloud/Hosting
Time to participate! Get your voting fingers ready…
Claim #1
A CTMS can be implemented faster in the cloud than on-site.
Claim #1: Fact!
• Pre-qualified data centers
– Due-diligence may be reduced to reviewing the hosting vendor’s
most recent audit report on the data center
• Pre-qualified servers that can be used immediately
– No waiting for Procurement to purchase the servers, IT to install
them, and Validation to qualify them
• Pre-qualified CTMS templates that can be used to clone
new environments
– Cloning along can save several implementation days
– Pre-qualified clone templates can by-pass the need for IQ
and/or OQ
Claim #2
A CTMS can be implemented less expensively in the cloud
than on-site.
Claim #2: Fact!
Sources of cost reductions:
• Pre-qualifications of vendors, hardware, and template
environments
• Reduced need for internal resources
• Hosted, pre-configured CTMS “accelerator” option
• Shared hosting option
• “On-Demand” option
Claim #3
Ongoing costs for cloud/hosted CTMS solutions are higher
than for on-site solutions.
Claim #3: Myth!
• Many hosting vendors design their hosting fees to include:
– Unlimited end-user support
– Bug fixes for client-specific configurations
– System performance monitoring
– Hardware maintenance
– Hardware upgrades
• When calculating the costs of these services and the
resources needed to provide them (people, time, software,
expertise), monthly hosting fees can be lower than the
equivalent in-house cost
Claim #4
CTMS data stored in the cloud can be accessed at any time.
Claim #4: Fact!
• Hosted applications and data are, by design, available
through a web browser from any computer connected to
the Internet
– No need to install software on your machine to access the system
• System “up” times vary from vendor to vendor, but some
are up over 99% of the time
– Hosting vendors schedule system maintenance outside of standard
business hours
– Unplanned downtime is minimal because hosting vendors are
experts in hosting; they know what to do and when to do it to keep
systems healthy
Claim #5
CTMS data in cloud/hosted systems is not secure.
Claim #5: Myth!
• While it is difficult to secure data per industry standards in
a true “cloud” environment, hosted data can be easily
secured
– Hosted systems can live behind firewalls that require VPN
to access
– Hosted systems can be securely deployed over the Internet using
SSL encryption
– Hosted systems can work with an organization’s Active Directory
authentication process
– Hosted systems can be set up to meet each organization’s data
security policies and procedures
Claim #6
Data from other systems cannot be migrated to CTMS
solutions in the cloud.
Claim #6: Myth!
• Data can be migrated from other systems into a hosted
CTMS just like an in-house CTMS
– Hosting does not limit data migration methods or sources
• CTMS data migration sources can include:
– Spreadsheets
– Access databases
– Homegrown applications
– Previously-used CTMS solutions, whether hosted or in-house
– Other hosted or in-house systems
Claim #7
CTMS solutions in the cloud cannot be integrated with other
systems.
Claim #7: Myth!
• Hosted CTMS solutions can be integrated with other systems just
like an in-house CTMS
– Hosting does not limit integration methods or types of systems
• CTMS integrations can include:
– EDC or IVR (import subject and subject visit data)
– Financial (export payment requests, import processed payment details)
– Safety (automatically trigger serious adverse event creation)
– EDMS (auto-link CTMS document tracking records to electronic
document storage records)
– Clinical Data Warehouse (create dashboards and reports based on key
metrics and performance indicators)
– CRO CTMS solutions
Claim #8
Choosing a hosted CTMS means relying on the vendor for
system administration tasks.
Claim #8: Myth!
• Varies from vendor to vendor and product to product, but
some vendors/solutions still allow organizations to perform
administrative functions, such as:
– User role creation
– User account maintenance
– Report template modifications
– Dropdown list modifications
• Tip: Good CTMS hosting vendors/solutions provide all of
the services that require IT expertise while empowering
organizations to be in control of system use activities
Claim #9
Systems in the cloud can configured and/or customized.
Claim #9: Fact!
• Whether hosted or on-site, a configurable CTMS (not all
are configurable) can be configured and/or customized to
meet each organization’s needs
– Hosting does not limit the ability to configure or customize a CTMS
• Tip: As mentioned in #1, some hosting vendors even offer
pre-configured CTMS “accelerators,” which reduce the
need for custom configurations (but do not prevent the
ability to make them)
Claim #10
Hosted CTMS solutions cannot be validated.
Claim #10: Myth!
• While true “cloud” is very challenging to validate, opting for
a hosted system does not hinder the ability to validate or
maintain a validated state
• However, there are some additional considerations for
hosted systems and additional steps organizations should
take to ensure the integrity, security, safety, accessibility,
and compliance of hosted applications and data
Validation “in the Cloud”
• True cloud technology presents a wide range of risks
for Computer System Validation (CSV), regulatory
compliance and data security.
high
low
Cloud Computing: You lease the software and
the use of unspecified hardware
Shared Hosting: You own the software, but the
servers that you share with others, are owned
and maintained by a hosting provider and
housed at a data center
Dedicated Hosting: You own the software and
the servers that are not shared with others, but
the servers are maintained by a hosting provider
and housed at a data center
Validating Cloud or Hosted GxP Systems
• For 21 CFR Part 11 and Annex 11, the same rules apply for
any GxP system (cloud, hosted, or on-site)
• Your organization is ultimately responsible for ensuring
that each GxP system is validated, compliant, and performs
as intended, even when using a vendor who provides
validation materials and/or performs validation activities
• As such, there are important aspects to consider and steps
to take in order to mitigate your risk when selecting a
cloud/hosting provider for a GxP system
– Any vendors offering cloud or hosting services who refuse to
undergo scrutiny should not be considered for hosting GxP systems
Step 1: Assess the Vendor
• Ask at least these questions:
– Does the vendor have experience in hosting the application of
interest? How much experience do they have? Are they able to
provide references from current hosted clients?
– Does the vendor use a third party data center? If so, what sort of
ongoing oversight does the vendor perform to ensure that the third
party is reliable?
– Does the vendor have a validated or qualified instance of the
hosted application?
– Does the vendor have validation documentation for the application
that can be leveraged?
Step 1: Assess the Vendor (cont.)
– Does the vendor have the system and staff resources necessary to
handle the anticipated number of users on the hosted system at any
given time?
– Does the vendor’s staff have the necessary qualifications and
training?
– Does the vendor offer 24/7 application support?
– What would happen under exit or breach-of-contract? Can they
guarantee that your data would still be available to you even after
such an event?
Step 2: Assess the Data Security
• Ask at least these questions:
– What measures does the vendor have in place for physical and
electronic security?
– Where will data storage and processing take place?
– Does the data center (whether third party or not) have current and
available SSAE 16 or SAS 70 Reports?
– Does the vendor have strong backup and recovery plans?
Step 2: Assess the Data Security (cont.)
– How are tenant applications isolated from each other?
– Will the vendor provide information on the training of privileged
administrators and the controls over their access?
– Who will own and have access to your data?
– Will your system be considered closed or open?
Open Systems
If the method of accessing your GxP
system is considered “Open,” additional 21
CFR Part 11 regulations apply: 21 CFR Part 11 Sec. 11.30: Controls for open
systems:
Persons who use open systems to create, modify,
maintain, or transmit electronic records shall
employ procedures and controls designed to ensure
the authenticity, integrity, and, as appropriate,
the confidentiality of electronic records from the
point of their creation to the point of their
receipt. Such procedures and controls shall
include those identified in 11.10 (Controls for
closed systems), as appropriate, and additional
measures such as document encryption and use of
appropriate digital signature standards to ensure,
as necessary under the circumstances, record
authenticity, integrity, and confidentiality.
TIP: If using Transport Layer Security or Secure Sockets Layer protocols, additional compliance testing should include capturing evidence of the TLS or SSL certificate
Next Steps
• After receiving the questionnaire answers and narrowing
down your options, audit the selected vendor(s) and data
center(s) to verify the answers they provided
– Remember: Your organization is ultimately responsible for your GxP
system, regardless of what the vendor claims
• As part of your audit, review the data center’s current
SSAE 16, SAS 70 reports
• Create a strong Service Level Agreement (SLA) with your
selected vendor; make sure you and your data are
protected!
Evaluating Cloud vs. On-site CTMS
• IT: What is the current state of my IT infrastructure? What is my
organization’s IT strategy for the future?
• Space: Do we have the physical space available for the servers?
• Budget: Does my budget allow for hardware purchases and
upkeep?
• Culture: What is my Clinical Operations team’s tolerance for risk?
• Validation: Do we have experienced/knowledgeable validation
resources who are available for vendor analysis and audits?
• Vendor: Is there a hosting vendor who provides a CTMS that
meets our user requirements and whose business practices
mitigate perceived and actual risks?
How BioPharm Can Help
• Services
– System-agnostic analysis workshops
– Product demonstrations
– Shared and dedicated CTMS hosting
– Siebel CTMS application support
– CTMS training development and delivery
• Products
– Siebel Clinical ASCEND, including temporary access to a
sandbox environment
– Validation suites
– Clinical trial management SOP packages
Q&A
Contact Us
• North America Sales Contact:
– Rod Roderick
– rroderick@biopharm.com
– +1 877 654 0033
• Europe/Middle East/Africa Sales Contact:
– Rudolf Coetzee
– rcoetzee@biopharm.com
– +44 (0) 1865 910200
• General Inquiries:
– info@biopharm.com
top related