Over the last year, it feels like the world has become more spread out and more remote, but we are all finding ways to work closer together while separated. Within labs, work must continue, and one way to ensure remote access with remote support is to move toward laboratory systems in the cloud. Most of the leading chromatography data systems (CDS) now have hosted solutions, making it easier for daily work to continue not only in your labs but also from virtually anywhere—your desk, your porch, or your couch.
A cloud-based CDS often reduces your IT footprint because you don’t need to implement and qualify any server hardware. Most systems work through a browser interface, so your users can access the system from just about anywhere. You can also be assured that you are getting the most current release from the vendor, as they push out releases to all their users on a regular basis. However, moving your CDS to the cloud doesn’t mean that all the responsibility of maintaining compliance and ensuring data integrity falls on the vendor. You are ultimately responsible for the intended use of the system in your labs, and the use of your data, just as you are with a CDS implemented in your environment.
If you are considering moving your CDS to the cloud or are already in the process, make sure you read below, the few key areas to consider when making that transition.
When a CDS is installed locally, you know who has access at any time, where your data are stored, and when an update or fix has been installed and tested. Whereas, if your CDS is hosted, it’s not under your internal control, and therefore it’s essential to understand how your CDS provider has developed their system, how they maintain it, and how they protect your data. We recommend conducting an audit of your CDS vendor to ensure they have at least the following in place, with associated procedures. A documented vendor audit also allows you to provide evidence to an auditor/investigator that you have either reviewed the following items, or have copies of them:
This process can be done via a paper audit where you send an audit checklist for the Vendor’s response. You can also visit the vendor and conduct the audit in person. Or, you can have a trusted third party perform the audit on your behalf. The results of the audit will help you justify the level of risk you take with implementation and validation of the CDS.
A successful audit might mean a smoother implementation and validation of your chromatography data system, as you can leverage vendor documentation and testing to reduce your overall effort. And, if the CDS vendor audit goes poorly, you will able to reevaluate your decision without having made too much of a commitment, and possibly look at another hosted option.
When implementing a cloud-based system, the most important deliverable is the Service Level Agreement (SLA) between you and your provider. The SLA is the contract that sets the expectations between you and your provider based on the level of risk you are willing and prepared to accept. After you have performed your audit, you should use the SLA to address any specific instructions to ensure data integrity and shared accountability. It would be best to consider including the following items (at a minimum) in an SLA.
Your SLA should be considered a living document such that as services change, either as required on your end or by the providers, the agreement should be reassessed and updated accordingly. And when it comes to the validation considerations, it’s essential to understand the level of testing the CDS vendor will do for each release, and what you need to do to close any gaps or prove your intended use isn’t impacted by that new release.
Because a cloud-based solution means data resides in the cloud, it’s essential to know where your data are at all times and who has access. You should know, from the audit process and the resulting SLA, if your provider stores your data in a logical, secure fashion. In other words, are your data being kept separate from your vendor’s other clients, and secured from their other clients? If the vendor uses a third-party cloud provider to host all their data, are you assured that your vendor has processes and procedures in place to audit that third party? If so, how often are they performing that audit?
As a large part of data integrity is knowing the path your data take from capturing/recording to analyzing, reporting, and archiving, it’s essential to understand how access is granted to your data. Does the vendor have an admin account that can access your data? If they are using a third party to host the data, what kind of access does that third party have to your data? Your SLA should include what happens to your data in the event your vendor switches third-party storage vendors (if applicable), if another company purchases them, or if they go out of business. You want to ensure your data is entirely retrievable at any given time and that the vendor cannot retain any copies.
Implementing a cloud-based CDS can be an effective and compliant solution to expanding your virtual laboratory footprint as we continue to learn how to integrate a remote workforce. The potential lower costs in maintenance, continued support, and automatic upgrades to the newest releases, as well as ease of data access from virtually anywhere, are all excellent benefits for any CDS user. However, it’s essential to understand the aforementioned critical aspects of a hosted environment so you can defend your system and data.
If you would like to know more about implementing and validating cloud-based CDS or other laboratory informatics systems, please reach out to CSols and let us help you achieve excellence.