Cloud ProvidersThe most effective use and correct understanding of the “Cloud” has continually been a significant issue within the pharmaceutical industry. Cloud computing is a source of debate between IT providers, businesses, and regulatory agencies. How can we move past sources of confusion and get the most out of our relationships with cloud providers?

Michael Crowthers, Senior Manager at Deloitte & Touche LLP, and Reggie George, Senior Director of Quality & Compliance at Johnson & Johnson, delved into the answer to this question today during their session: Improving Your Interactions with Cloud Providers at ISPE Annual Meeting.

The session focused on three specific aspects of cloud computing:

  1. Risk-Based Monitoring
  2. Service Level Agreement (SLA) Quality Key Performance Indicators
  3. Effective Quality Agreements/SLAs

Attendees learned how to establish a practical approach to managing the quality controls for a cloud service provider (CSP), and reviewed the elements of an effective quality agreement with cloud vendors. The speakers also reviewed the many common misconceptions surrounding CSPs – for example, “I need to have access to all documentation created by my cloud vendor” and “The CSP must be trained in our processes for us to remain compliant.”

Crowthers and George emphasized the importance of leveraging risk management and establishing a set of key performance indicators to the quality controls included in the SLA. For instance, because changes to the cloud environment are made on an ongoing basis, evaluating the changes can be challenging. To mitigate this issue, possible SLA controls include defining a change communications plan and establishing access to a test environment.