On Wednesday the 28th of September Odyssey VC hosted the third part of our 4-part 2022 webinar series “Possibilities and Practicalities of Cloud Adoption in Life Sciences”.
Part 3, titled “The importance of QMS & ISMS in governing and controlling regulatory compliance of cloud technology”, was practical guide to choosing right-fit technologies that will meet compliance demands. In this webinar we discussed the expectations of regulated companies towards cloud technology vendors and how to satisfy compliance obligations. We will gain insights from real-world examples of successfully implemented solutions and the challenges encountered, as well as advising on some dos and don’ts, throughout two presentations and a Panel Discussion.
The webinar featured presentations from CEO & Co-founder Oisín Curran and Head of Business Solutions and Co-founder Fionnán Friel as well as contributions from Head of Customer Satisfaction Tom McKittrick and Quality Assurance & Compliance Lead Magdalena Vilaró, hosted and facilitated by Product Manager Pauline O’ Riordan.
Many fresh insights were shared during the session. Whether you were in attendance or not (you can receive videos of the entire event as well as news about Part 4 and the rest of the series by registering here), here are four key takeaways from the webinar.
Market forces and macro drivers are all pointing towards digital tools.
In CEO & Co-founder Oisín Curran’s presentation, “Cloud adoption: Getting it right for Life Sciences”, he took us through the macro drivers and regulatory considerations around adopting cloud for highly regulated businesses. He pointed to push and pull factors driving the adoption of next generation digital tools, factors such as the shifting of power to the consumer, the transformation of industry structure, and, of course, regulatory uncertainty (elaborated on in Fionnán’s presentation).
He looked at some key projections – $370b to be spent on public cloud by 2023 was significant, but the main stat Oisín pointed to was that 95% of digital workloads will be cloud-first by this year, 2022. “Every conversation we go into around digital solutions – whether that be pure automation in the manufacturing space, or whether it’s more business-focused in the R&D and clinical trials space – everybody’s first position is ‘we’re looking for a cloud deployment model,’” said Oisín.
“What that’s driving is the underlying software vendors have to adapt to that, but it also means that the traditional on-prem deployment models for software are slowly being eroded. It may be the case that, in the very near future, you won’t be able to purchase software in that traditional way, even if that’s your preferable model.”
CSA guidelines have arrived to spearhead a new approach to validation.
Head of Business Solutions & Co-founder Fionnán Friel’s presentation was all about “Cloud solutions: what the regulatory bodies are saying” as Fionnán took us through two main guidances; GAMP 5 2nd Edition, and the long-awaited and recently released CSA (or Computer Software Assurance) draft guidance (submitted for comment on the 13th of September).
He describes CSA as “a risk-based approach for establishing and maintaining confidence that software is fit for its intended use, as well as ensuring that software is maintained in a validated state and performs as intended in compliance with regulatory requirements.” It is primarily intended to reduce excessive documentation generated by the tried-and-true Computer Systems Validation (CSV) method and focus on critical thinking to ensure compliance in a patient-centric and ultimately cost-reducing way.
The new guidance “introduces a distinction between systems used as part of production and quality systems”, as well as a new focus on high process risks, whether it be risk to quality processes or manufacturing processes.
To access Fionnán’s highly informative presentation on CSA and GAMP guidelines and how they apply to cloud solutions, click here to register for the webinar series.
As a SaaS company providing for Life Sciences, you have to be aware of the compliance overhead.
Oisín describes collaborating with Life Sciences as “a clear competitive advantage for SaaS vendors,” and emphasised that while there is evidence of increasingly more demand for SaaS solutions, SaaS companies must be prepared for the compliance overhead that comes as a result of tailoring their solutions towards Life Sciences customers.
He advised SaaS companies to implement a controlled and demonstrable Software Development Lifecycle (SDLC) “because that’s the basis on which you can demonstrate how it’s controlled and maintained. And that comes under your organisation’s quality controls; it shouldn’t be an afterthought.”
He also stressed that not all IaaS is made equal, and that many Life Science companies will require private, qualified cloud with clear evidence of change management. “Make sure you’re auditable, that your business processes [and] quality systems are transparent and easy to follow. It’ll make it easier for your customer to buy off you.”
One way to ensure success in the Life Science industry; put an effective QMS in place.
How critical is it to have a documented Quality Management System (QMS) when working with Life Science customers?
For the Panel Discussion segment, Oisín and Fionnán were joined by Odyssey VC Head of Customer Satisfaction Tom McKittrick and Odyssey VC Quality Assurance & Compliance Lead Magdalena Vilaró to weigh in on some key questions. They fielded questions from attendees from both SaaS and Life Science companies concerning multi-tenancy, third party governance certifications, and the question of how critical it is to have a documented QMS when working with customers in the Life Science industry.
“When you’re used to delivering traditional on-prem software, in terms of deployment, a lot of responsibility lay with your customer. When you move to SaaS, you need to consider the architecture of your application,” said Oisín, adding that “you need to be able to stand over data segregation and data integrity.”
“Assessing the SaaS provider’s QMS is a key part of the regulated company’s software selection process,” said Magda. “They would look for evidence that the SaaS company has governance and supporting procedures and records to ensure that that software that’s being developed, implemented and maintained for the Life Science company complies with regulatory requirements.”
Part 3 of “Possibilities & Practicalities of Cloud Adoption in Life Sciences” took place on the 28th of September 2022. To register for free and access the video recordings of the event, click here.