Advice for laboratories and organizations contemplating using cloud computing, including how to select a suitable cloud supplier for a regulated GxP laboratory — in other words, how to separate the clouds from the clods.
The introductory sentence from A Tale of Two Cities, written in the 19th century, summarizes, from a regulatory compliance perspective, the pros and cons of cloud computing in the 21st century (1):
"It was the best of times, it was the worst of times, it was the age of wisdom, it was the age of foolishness, it was the epoch of belief, it was the epoch of incredulity, it was the season of light, it was the season of darkness, it was the spring of hope, it was the winter of despair."Cloud computing is defined as a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (for example, networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction (2). The definition for the noun clod is as follows: a lump of earth or clay; a stupid person (often used as a general term of abuse) (3). There are many service providers and hosting companies available that have good quality facilities and provide high service availability, but few are suitable for a regulated GxP environment. Many service providers that are certified for various standards think they can provide a service for a regulated pharmaceutical company, but few can deliver.
Therefore, the purpose of this column is to provide advice to laboratories and organizations contemplating using the cloud and to provide advice on how to select a suitable cloud supplier for a regulated GxP laboratory — in other words, how to separate the clouds from the clods.
In an earlier column installment (4), McDowall discussed the principles of cloud computing. Samson has published his views on cloud computing in two recent articles (5,6), in which he looked at cloud computing in regulated GxP environments, beginning with the basic elements of the types of service models that can be used: infrastructure as a service (IaaS), platform as a service (PaaS), and software as a service (SaaS). He then went on to discuss the management aspects of the cloud, regulatory and legal impacts, and approaches to IT infrastructure compliance.
In a recent article, Stokes discussed the following topics regarding cloud computing (7): differences of the cloud compared with traditional in-house IT services, the models of cloud computing, what cloud computing is not, developing a cloud strategy with monitoring, and management of the service providers. One aspect of cloud computing that is an essential part of this strategy is how to get your data back from the cloud if your organization changes its cloud supplier or brings the application back in house (7).
All three authors agree that there are three basic requirements for IT infrastructure operating in a regulated GxP environment that can be located within an organization, outsourced to a third party, or in the cloud (4–7):