Machiavel et Guicciardini : guerre et politique au prisme des guerres ...
TT03: An Update from the PhUSE Working Group on Cloud … · 2016. 10. 24. · Our working group...
Transcript of TT03: An Update from the PhUSE Working Group on Cloud … · 2016. 10. 24. · Our working group...
![Page 1: TT03: An Update from the PhUSE Working Group on Cloud … · 2016. 10. 24. · Our working group – History and Highlights • Formed in 2013 via PRISME to PhUSE • Operating within](https://reader035.fdocuments.us/reader035/viewer/2022071512/61326728dfd10f4dd73a6d3e/html5/thumbnails/1.jpg)
October 2016
TT03: An Update from the PhUSE Working Group on Cloud Adoption in the Regulated Life Science Industry Presentation at PhUSE Annual Conference, Barcelona
![Page 2: TT03: An Update from the PhUSE Working Group on Cloud … · 2016. 10. 24. · Our working group – History and Highlights • Formed in 2013 via PRISME to PhUSE • Operating within](https://reader035.fdocuments.us/reader035/viewer/2022071512/61326728dfd10f4dd73a6d3e/html5/thumbnails/2.jpg)
Agenda • Our Working Group • Key aspects of the Framework • Recommendations • Q&A
2ThePhUSEFrameworkfortheAdop6onofCloudTechnologyintheRegulatedLifeSciencesIndustry
![Page 3: TT03: An Update from the PhUSE Working Group on Cloud … · 2016. 10. 24. · Our working group – History and Highlights • Formed in 2013 via PRISME to PhUSE • Operating within](https://reader035.fdocuments.us/reader035/viewer/2022071512/61326728dfd10f4dd73a6d3e/html5/thumbnails/3.jpg)
Our working group – History and Highlights • Formed in 2013 via PRISME to PhUSE • Operating within the PhUSE/FDA Computational Sciences
Symposium’s Emerging Trends/Technologies Stream • 2013/2014: Team formation, brainstorming, case-studies ->
framework concept; engagement with FDA • Q1-2014: Test concept; CSS in MD • 2014/2015: Team consolidation, framework content refinement • Q4-2015: New “published” framework1; engagement with EMA • >2015: More iterative refinement. Alignment with NIST2 and ISO3
1. https://s3-us-west-2.amazonaws.com/phuse/public/PhUSE+Cloud+Doc+13-Nov-2015.pdf 2. http://www.iso.org/iso/catalogue_detail?csnumber=60544 and http://www.iso.org/iso/catalogue_detail?csnumber=60545 3. http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-145.pdf
3ThePhUSEFrameworkfortheAdop6onofCloudTechnologyintheRegulatedLifeSciencesIndustry
![Page 4: TT03: An Update from the PhUSE Working Group on Cloud … · 2016. 10. 24. · Our working group – History and Highlights • Formed in 2013 via PRISME to PhUSE • Operating within](https://reader035.fdocuments.us/reader035/viewer/2022071512/61326728dfd10f4dd73a6d3e/html5/thumbnails/4.jpg)
Issues (?) identified • NOT technology • Evolution of approaches, terminology,
understanding, jargon; What the heck is [a] cloud? • Conservatism • A perception of diversified controls, roles and
responsibilities – client, supplier, sub-suppliers à more complex “IT supply chains”
• Absence of standards [applicable for GxP] • SIMT apps • QMS fitness for purpose • Brings long-standing issues to the fore…privacy, legacy
architectures, [truly] internationalized solutions
Park these thoughts…….
4ThePhUSEFrameworkfortheAdop6onofCloudTechnologyintheRegulatedLifeSciencesIndustry
![Page 5: TT03: An Update from the PhUSE Working Group on Cloud … · 2016. 10. 24. · Our working group – History and Highlights • Formed in 2013 via PRISME to PhUSE • Operating within](https://reader035.fdocuments.us/reader035/viewer/2022071512/61326728dfd10f4dd73a6d3e/html5/thumbnails/5.jpg)
Potential Benefits of Cloud
5ThePhUSEFrameworkfortheAdop6onofCloudTechnologyintheRegulatedLifeSciencesIndustry
To“IT” To“Business”
Scalability Scalability
On-demandusage-> Consump6on-basedmodel-fixedcostreduc6on
DistributedfaulttoleranceReal-6memaintenance
Highavailability
Focusonbusinessandapps–nottech Invisible,commodi6zedlowertechstack
Commodi6zedlowertechinfrastructure Focusonbusinessandapps–nottech
Speed(ofdeployment) Agility
![Page 6: TT03: An Update from the PhUSE Working Group on Cloud … · 2016. 10. 24. · Our working group – History and Highlights • Formed in 2013 via PRISME to PhUSE • Operating within](https://reader035.fdocuments.us/reader035/viewer/2022071512/61326728dfd10f4dd73a6d3e/html5/thumbnails/6.jpg)
Background – Technology Evolution WHY
2000-2010 2010-20201990-20001980-1990
WHE
RE
Dedicated OnPrem Hosted/Portals Apps
WHO
Specialists KeyContributors
AllEmployees Everyone
MAINFR
AMEER
A
CLIENT/SERV
ERERA
INTERN
ETERA
CLOUDER
A
Need Speed Convenience Produc6vity
ComputerizedSystemsUsedinClinicalInves7ga7ons21CFRpart11
Annex11GeneralPrinciplesofSoBwareValida7on;FinalGuidanceforIndustryandFDAStaff
CGMPApplicabilityToHardwareandSoBware
ElectronicSourceDatainClinicalInves7ga7ons
Virtualiza6on
6ThePhUSEFrameworkfortheAdop6onofCloudTechnologyintheRegulatedLifeSciencesIndustry
![Page 7: TT03: An Update from the PhUSE Working Group on Cloud … · 2016. 10. 24. · Our working group – History and Highlights • Formed in 2013 via PRISME to PhUSE • Operating within](https://reader035.fdocuments.us/reader035/viewer/2022071512/61326728dfd10f4dd73a6d3e/html5/thumbnails/7.jpg)
Framework Tenets • Living framework document – wiki-like • Technology has – and will – change rapidly; Life
Science companies changing too; synergy! • Bake in flexibility and technology-neutrality to
processes – get things right at policy level • Leverage NIST1 and ISO/IEC 177882 and 177893 –
no need to reinvent • Embrace cloud to stay/become innovative in use of
technology – but, “stay in control” as per predicate rules
1 http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-145.pdf 2 http://www.iso.org/iso/catalogue_detail?csnumber=60544 3 http://www.iso.org/iso/catalogue_detail?csnumber=60545
7ThePhUSEFrameworkfortheAdop6onofCloudTechnologyintheRegulatedLifeSciencesIndustry
![Page 8: TT03: An Update from the PhUSE Working Group on Cloud … · 2016. 10. 24. · Our working group – History and Highlights • Formed in 2013 via PRISME to PhUSE • Operating within](https://reader035.fdocuments.us/reader035/viewer/2022071512/61326728dfd10f4dd73a6d3e/html5/thumbnails/8.jpg)
Stylized EDC/CTMS (etc) Cloud setup
8
SaaS–WebApps
Facili6es
NetworksCompute&DataStorage
Hypervisor-V
OS’s
Solu6onStack
Mul6ple,connected,resilient
SaaS/PaaS–configurablerecipesPaaS–standardized/programmable
IaaS–standardized/programmableIaaS–commodi6zedIaaS–commodi6zed
Internet
“Users”
Variousappsofvariousarchitecture SaaS&PaaS
IaaSG1
G4/5
G1/5
G4/5
G1/3G1
G1
8ThePhUSEFrameworkfortheAdop6onofCloudTechnologyintheRegulatedLifeSciencesIndustry
![Page 9: TT03: An Update from the PhUSE Working Group on Cloud … · 2016. 10. 24. · Our working group – History and Highlights • Formed in 2013 via PRISME to PhUSE • Operating within](https://reader035.fdocuments.us/reader035/viewer/2022071512/61326728dfd10f4dd73a6d3e/html5/thumbnails/9.jpg)
4 Key Roles (q.v. ISO 17788/ISO 17789 ) • Cloud Service Customer: In the context of GxP, these are generally the
organizations or entities that purchase/use the cloud services to support their GxP-regulated activities. They are generally billed for the cloud services they consume, and depending on the services requested (IaaS, PaaS, SaaS), their activities, use cases and GxP requirements may vary.
• Cloud Service Provider: Organizations or entities responsible for providing cloud services to customers. The activities that the cloud providers perform will vary depending on their particular service offerings and can include building, deploying, operating and maintaining the cloud apps, infrastructure and associated service layers.
• Cloud Service Broker: These are the organizations or entities that manage the configuration, delivery and use of cloud services on behalf of the cloud customer. For example, cloud managers may perform infrastructure change control activities on the infrastructure built using general purpose, commercial cloud services.
• Cloud Auditor: A cloud auditor is a party that is qualified to conduct assessments of the cloud provider and the cloud infrastructure underlying the IaaS, PaaS, SaaS services. The auditor may be an independent third party such as a third party assessment organization (3PAO) or can also be a member of the consumer, provider or manager organization.
9ThePhUSEFrameworkfortheAdop6onofCloudTechnologyintheRegulatedLifeSciencesIndustry
![Page 10: TT03: An Update from the PhUSE Working Group on Cloud … · 2016. 10. 24. · Our working group – History and Highlights • Formed in 2013 via PRISME to PhUSE • Operating within](https://reader035.fdocuments.us/reader035/viewer/2022071512/61326728dfd10f4dd73a6d3e/html5/thumbnails/10.jpg)
Cloud “Supply Chains” – Example 1
CloudServiceCustomer CloudServiceProvider(PaaS/SaaS)
CloudServiceProvider(IaaS)CloudServiceBroker
CloudServiceAuditor
CloudServiceProvider(IaaS)
CloudServiceProvider(PaaS/SaaS)
CloudServiceBroker
CloudServiceAuditor
10ThePhUSEFrameworkfortheAdop6onofCloudTechnologyintheRegulatedLifeSciencesIndustry
![Page 11: TT03: An Update from the PhUSE Working Group on Cloud … · 2016. 10. 24. · Our working group – History and Highlights • Formed in 2013 via PRISME to PhUSE • Operating within](https://reader035.fdocuments.us/reader035/viewer/2022071512/61326728dfd10f4dd73a6d3e/html5/thumbnails/11.jpg)
Cloud “Supply Chains” – Example 2
CloudServiceCustomer CloudServiceProvider(PaaS/SaaS)
CloudServiceProvider(IaaS)CloudServiceBroker
CloudServiceAuditor
CloudServiceProvider(IaaS)
CloudServiceProvider(PaaS/SaaS)
CloudServiceBroker
CloudServiceAuditor
11ThePhUSEFrameworkfortheAdop6onofCloudTechnologyintheRegulatedLifeSciencesIndustry
![Page 12: TT03: An Update from the PhUSE Working Group on Cloud … · 2016. 10. 24. · Our working group – History and Highlights • Formed in 2013 via PRISME to PhUSE • Operating within](https://reader035.fdocuments.us/reader035/viewer/2022071512/61326728dfd10f4dd73a6d3e/html5/thumbnails/12.jpg)
Cloud “Supply Chains” – Example 3
CloudServiceCustomer
CloudServiceProvider(PaaS/SaaS)
CloudServiceProvider(IaaS)CloudServiceBroker
CloudServiceAuditor
CloudServiceProvider(IaaS)
CloudServiceProvider(PaaS/SaaS)
CloudServiceBroker
CloudServiceAuditor
12ThePhUSEFrameworkfortheAdop6onofCloudTechnologyintheRegulatedLifeSciencesIndustry
![Page 13: TT03: An Update from the PhUSE Working Group on Cloud … · 2016. 10. 24. · Our working group – History and Highlights • Formed in 2013 via PRISME to PhUSE • Operating within](https://reader035.fdocuments.us/reader035/viewer/2022071512/61326728dfd10f4dd73a6d3e/html5/thumbnails/13.jpg)
Recommendations! • Understand Cloud; it can be complex! • Understand options and limitations • Understand own processes – and be open to
change to optimize and manage risks • Examine your QS and understand its limitations –
and what may need to change – Adequacy/appropriateness of policies and procedures – Qualification/validation – Supplier management
• Embrace automation – In the management of the tech stacks – Within the “QA functions”
13ThePhUSEFrameworkfortheAdop6onofCloudTechnologyintheRegulatedLifeSciencesIndustry
![Page 14: TT03: An Update from the PhUSE Working Group on Cloud … · 2016. 10. 24. · Our working group – History and Highlights • Formed in 2013 via PRISME to PhUSE • Operating within](https://reader035.fdocuments.us/reader035/viewer/2022071512/61326728dfd10f4dd73a6d3e/html5/thumbnails/14.jpg)
Many thanks for your attendance and engagement
14ThePhUSEFrameworkfortheAdop6onofCloudTechnologyintheRegulatedLifeSciencesIndustry