If you’re one of the 2 billion smartphone users on this planet, you’re well aware of the fact that nearly everything you do, from banking to making flight reservations to ordering groceries can be accomplished using this handheld gadget. Over the past decade, countless businesses have gone paperless, shifting their data to the cloud. But in the medical device industry, the move to cloud-based solutions can be scary. Companies continue to house stacks upon stacks of paper documentation for a variety of reasons—concern of data security, compatibility of cloud-based solutions with their own internal systems, and less control over the entire infrastructure. Next week, MedTech Intelligence and Alexandre Alain, life science product manager at Verse Solutions, hope to answer some of the questions that device manufacturers and suppliers may have during a webinar on September 30, “How to Effectively Deploy a Cloud-based Compliance Solution for Regulated Industries.”
“We’re going to look at different solutions and strategies. When customers are working with cloud solutions, some of them believe they can turn the switch on and then we’re done,” says Alain. “There are still a lot of internal tasks that need to be executed to ensure that the solutions are compliant.” Alain shared some of his insights with MTI.
MedTech Intelligence: From the perspective of medical device manufacturers and suppliers, what security risks do they see with cloud-based solutions?
Alexandre Alain: In the medical device industry, there are many benefits to cloud solutions, but there are also challenges. Several risks come to mind:
- Loss of data, stolen data or corrupted data
- Availability of the system
- Risk to the patient, to the product and to a company’s brand
Device companies have many questions on the security side, because it seems like they have less control when using cloud solutions. They feel like they have more control over their infrastructure when it’s inside their firewall. In reality, risk exists on permanent installations as well. A good cloud solution will have the same controls in place that you would have internally for aspects such as record keeping, security, availability of the data, and retention of data.
REGISTER for the Free Webinar: How to Effectively Deploy a Cloud-based Compliance Solution for Regulated Industries | Wednesday, September 30 | 1 pm ET
MTI: What are the top five considerations when assessing cloud-based solutions?
- Understand your need and what comes with the solution. You still have to do your own work and have clear requirements of why you need that system. It’s also important to have an understanding of what the provider and the solution will give you.
- Look carefully at the security. Make sure the availability of data and integrity is there. This is a critical Part 11 requirement. Make sure the provider has measures in place to maintain user access, and data location, maintenance and recovery.
- Look at the supplier quality system. Have an SLA [service level agreement] and quality agreements in place. As a medical device company, we have quality systems, and this is a key element from the cloud solution provider. They need to have a quality system and provide you with a quality agreement or SLA to ensure they have a change control in place, along with backup recovery, disaster recovery, etc.
- Look at internal requirements and IT requirements. Cloud solutions are attractive, but [using them] doesn’t mean you don’t have to do anything more internally. For example, the cloud solution will provide validation documentation, but that doesn’t mean you don’t have to do it internally as well. Make sure you look at what you still need to do internally and that you have the right people in place. It’s the same for IT requirements—you still need internal IT support on your side.
- Have an exit strategy. What if at one point you don’t want to use that provider any more? Make sure there are tools in place so it’s easy to get your data back.
MTI: What are the hurdles to adoption? Are there challenges in securing buy-in for cloud-based platforms?
Alain: If we look at finance, IT or management departments, it’s easy to get their buy-in. They see the costs saving in maintenance and the other benefits. Many large companies are moving to the cloud, and it’s seen as less risky. From that side, I think IT is asking to go there and outsource some of their responsibilities.
Where I see a bigger pushback is on the quality side. I understand—I’m part of quality and I know that environment. For many reasons, it is a challenge, and it is difficult to go there, because we see a risk. But is there anything in life without risk? We have to make the proper decisions, assess the risk, and come up with a mitigation plan to make sure we control that risk. There’s a lot you can do to remove those challenges and risk, but there is a lot more [convincing] there to get into those cloud solutions.
Again, cloud solutions are not a miracle. You still have to assess the information and what the cloud solution provides and do your own work. Make sure you would provide the same documentation as you would for an on-premises installation.