Compliance in the Cloud: SaaS, PaaS, and IaaS

Hello good people of the world! Today’s post is the first in a series on compliant software in the cloud. Cloud software is characterized by running strictly in a web browser; no software is installed on a client’s local hard drive. Cloud software has significant advantages for users and vendors alike, so it is no surprise that it has become the standard for modern personal and business software applications.

It should also not be surprising that cloud software has made it’s way into compliant industries such as medical device, pharmaceutical, and biologic manufacturing, which is the focus of this blog. Vendors and customers alike want the advantages that cloud software bring.

And what are the main advantages? It’s all about distribution. With cloud software, vendors can push new features to users without any downtime or need for manual upgrading, installation, etc. Vendors can monitor software use, responding to bugs much more quickly, and can make improvements based on how users are actually using the software, without any additional overhead for the user.

It has been demonstrated that the data collected through the routine use of cloud software can be immensely valuable, and there’s the added bonus of what insights could be gained when Artificial Intelligence (AI)/Machine Learning (ML) is applied to these big data sets.

Current commercial offerings are often categories into three categories:

  • Software as a Service (SaaS)
  • Platform as a Service (PaaS)
  • Infrastructure as a Service (IaaS)

Going from top to bottom, IaaS is a service offering typically offering server hardware, server virtualization, data storage, and networking. PaaS would offer all that and additionally server operating system(s), middleware (such as load balancing software, malware protection, etc.), and runtime applications such as databases. SaaS would then offer all that and the specific software application to boot.

Examples:

  • IaaS: DigitalOcean, Rackspace, Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform (GCP)
  • PaaS: Heroku, Windows Azure, Google App Engine
  • SaaS: Dropbox, Salesforce, Zoom, Facebook

In medical device, pharmaceutical, and biologic manufacturing companies may use IaaS and/or PaaS to outsource some of their IT needs, and may use SaaS products for such functions as Enterprise Resource Planning (ERP), electronic Document Management (eDMS), Laboratory Information Management (LIMS), etc.

Stay tuned for future blog posts on the subject of compliant cloud computing concerns, including: existing solutions, the validation life-cycle, regulatory documentation expectations, data integrity concerns, 483s, and CSA (Computer Software Assurance).

MWV (Mike Williamson Validation) blog post? Be sure to like, share, and subscribe!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.