A recent study on the topic (in which one of our employees, Mr. Edgar Röder, was involved as a member of the section for cloud computing ISACA) begins with the words:
“Cloud computing has arrived in companies. Most companies have already had their first experiences with it. In addition to euphoria and skepticism, the discussion about the use of IT resources from the Internet is still dominated by a strong sense of uncertainty. The tension is clear: between the opportunities – primarily cost savings – on the one hand and the compliance and privacy concerns on the other hand, people will be looking for ways to benefit from cloud computing without incurring incalculable risks” (Cloud Governance in Germany- situational analysis, July 2015)
What is Cloud Computing?
It includes offers, benefits and billing which are dynamically adapted to the needs of IT services through a network.
There are 5 essential features:
What are the differences from traditional outsourcing?
It is essential to look at the entire supply chain, as many vendors themselves offer their services as a cloud service. The 5 features above offer both optimization and additional risks.
Considering that the traditional IT model for a computerized system is designed somewhat differently from a (valid) cloud computing system, the following topics, with which DHC’s consultants would be happy to assist you, should be considered:
DHC Validation Method “DHC’s Simple Validation Services”
With our Simple Validation Services, DHC provides you with a proven process and risk-based approach based on a constantly updated unique methodology for the pharmaceutical industry and medical devices (“Validation Concept”). Our approach is clearly scalable and thus easily adapted to the respective industry and company requirements.
When implementing the project (“Project Execution”), our experienced consultants work according to the lifecycle model (V-model).
At the beginning of every successful validation is the detailed planning: In the design phase, the technical specifications are drawn up and risk analyses are carried out. In the design review, you determine whether all user requirements have been implemented in the specifications and whether all points were evaluated for GMP risk. After the implementation the test phase begins, followed by the verification and the release if applicable. When the required documentation has been verified, the validation is complete.
Based on our many years of validation and industry experience, we have developed best practices for you, such as SOPs, templates, SAP Business Processes and SAP URS. This gives you a fast and structured project schedule and provides the desired cost effectiveness.
Support tools, such as SAP Solution Manager, provide computerized documentation, change and test management. With the process management tool DHC Vision, we offer a solution for process-oriented validation based on the DHC reference processes.
“Cloud Computing” is currently a hotly debated topic in IT. Around 70 percent of German companies already use cloud services to store their data. According to a recent survey of experts, issues such as information security, compliance, server location and the provider’s trustworthiness are central factors in selecting an appropriate solution and the right provider.
As part of the newly published study by PwC and ISACA, the professional association of IT auditors, IT security managers and IT governance officers, around 300 members of the ISACA Germany Chapter were interviewed on the subject of “Cloud Services”. It focused particularly on topics such as IT governance, security and risk management, information security and the roles of management, IT and policy in the implementation of cloud computing concepts.
The study shows that many providers are still uncertain in matters of control of cloud services and want specific guidelines or requirements here. Companies that have opted to use cloud services usually stay with this solution; few take their data and applications back out of the cloud.
Other interesting, and some surprising, results of the study are available to download for free on the ISACA Expert Committee website:
For more on ISACA Expert Committee, of which Edgar Röder, Senior Consultant of DHC is a member, see: