1 / 22

Regulatory, Compliance and Legal Winds of Cloud Computing

Regulatory, Compliance and Legal Winds of Cloud Computing. Paul Laskin plaskin@cirrhus9.com. Cloud Computing is utility based hosted infrastructure that changes the management of infrastructure

hoge
Download Presentation

Regulatory, Compliance and Legal Winds of Cloud Computing

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Regulatory, Compliance and Legal Winds of Cloud Computing Paul Laskin plaskin@cirrhus9.com

  2. Cloud Computing is utility based hosted infrastructure that changes the management of infrastructure Regulatory, Compliance and Legal structures present opportunities and challenges to fully utilizing the Cloud

  3. cloud com•put•ing |kloud kəmˈpyoōti ng | SaaS Amazon Web Services 3Tera Google App Engine EngineYard Salesforce.com Liquid Planner Infrastructure as a Service Servers, Storage, Network Platform as a Service Development and Delivery Software as a Service Subscription Software noun Scalable compute services offered via a Utility Model : Cloud Computing allows your IT based business process to rapidly scale with business needs. PaaS IaaS

  4. Cloud Scalability Cost Speed Features Scalability

  5. Customer Regulatory Compliance Privacy Legal Scalability

  6. Regulatory Compliance Validation Scalability

  7. Compliance com•pli•ance |kəmˈplʌɪəns| noun The action or fact of complying with a wish or command : Compliance to GIP as it relates to Cloud Computing increases the probability of successfully passing an audit. Internal Industry Government HIPPA 21 CFR Part 11 PCI

  8. Validation val•i•da•tion |valɪdeɪtdeɪʃ(ə)n| noun check or prove the validity or accuracy of: Contrary to popular belief, cloud based systems can be validated. Validation is built on industry and company interpretation of regulatory requirements Best Practices designed to assure confidence in IT Systems

  9. Validation Challenges within IaaS or Open vs Closed System Validation Master Plan may require visual inspection of environment as a way of accessing control over the system. Closed system - an environment in which system access is controlled by persons who are responsible for the content of electronic records on said system. Open - an environment in which system access is not controlled by persons who are responsible for the content of electronic records that are on the system.

  10. IaaS a Closed System By having proper controls in place, IaaS can be validated even though the physical environment may not be available. Access to content of electronic records can be controlled. Using Good Informatics Practices (GIP) Encryption Auditing VPN Monitoring Training

  11. security|siˈkyoŏritē| Best Practices Such As ‘GIP’ from LSIT Firewall VPN IP Masking Encryption Certification Physical Accounts Backup All vendors make an attempt at providing a secure environment. As the customer, our responsibility is understanding these tools and using them properly. Cloud does not eliminate the need for Good Informatics Practices (GIP)

  12. Amazon Web Services Security|AWS siˈkyoŏritē| IaaS providers security is frequently more complete then most businesses own internal processes.

  13. IaaS plus QMI™ Qualified Machine Image (QMI™) - provides OS and Application Images built with Validation in mind Machine Image built following Installation and Operation Qualification Documentation Reproducible Documented Change Control Trained Personnel Monitored

  14. PaaS and SaaS Platform and Software as a Service can also meet Pharmaceutical requirements Service Provider Software Development Application Performance

  15. Can SAS 70 Type II Replace On-Site Vendor Audit? Assess the internal controls of a service organization CLOUD Trusted Hiring Policies Disaster Recovery Business Continuity Security - Physical and Logical Backup / Recovery Provisioning

  16. Legal International Law Resources available Globally 3Tera Applogic

  17. Privacy Laws US, Canada, EU ... Patriot Act Personal Information Protection and Electronic Data Act (PEPIDA) Privacy Act EU Data Protection Directive (Directive 95/46/EC)

  18. Privacy Laws Asia-Pac - A spectrum of privacy www.caslon.com.au/privacyguide6.htm

  19. Legal Wrap Where your data lives and where it goes determines who has access Country & Regional Laws / Regulations on Privacy will impact the Type and Movement of your Data Critical to determine if local laws place your company at risk

  20. Summary Pharmaceutical can go beyond Test / Development and use Cloud Computing to augment production environments CLOUD Master Validation Plan Trusted IQ OQ PQ updates QMI™ to reduce time to validation LSIT - GIP Location and Law 3rd Party Audit - SAS 70 Type II Training What Is LSIT? LSIT is a non-profit, 501(c)(3) organization bringing together several industries to build the first Good Informatics Practices (GIP) Guidance Document to assist IT departments in 5 areas of: compliance, standards, best practices, risk mitigation and return on investment. GIP will be the guidance for improving quality and trust of IT within life sciences and healthcare. www.lsit.org

  21. Q & A Paul Laskin Skype: +1.858.345.2612 plaskin@cirrhus9.com

  22. Security|siˈkyoŏritē| People are fine with handing over their credit card to a cloud vendor. But try and get them to upload a disconnected string of characters that may represents a gene sequence and panic sets in. “We have 3 IP-SEC people. I have a feeling Amazon has a few more then we do. Who is in a better position to protect our data?” - Sr. Director @ A Pharmaceutical Co. Individual Country IP regulations may have an impact on where one places their data. Security is about trust. Trusting that those in charge of your IP care for your property as if it was critical to their survival.

More Related