Cloud-based vs. On-site CTMS - Which is Right for Your Organization?

50 %
50 %
Information about Cloud-based vs. On-site CTMS - Which is Right for Your Organization?

Published on March 10, 2014

Author: BioPharmSystems


Cloud-based vs. On-site CTMS: Which is Right for You? June 20, 2013 Parambir Singh Vice President of Clinical Trial Management Solutions BioPharm Systems Special Guest: Sally Sweeney Director of Validation BioPharm Systems

Welcome & Introductions Param Singh Vice President of Clinical Trial Management Solutions BioPharm Systems, Inc. • CTMS practice head since 2007 – Expertise in managing all phases and styles of clinical trials – Leads the team that implements, supports, enhances, and integrates Oracle’s Siebel Clinical solution • Extensive Siebel Clinical implementation experience – 11+ years of experience implementing Siebel Clinical – 30+ implementations and integrations – Spearheaded the creation of ASCEND, an official Oracle Accelerate Solution for Siebel Clinical | (210) 454-5192

Welcome & Introductions Sally Sweeney Director of Validation BioPharm Systems, Inc. • 20+ years of industry experience, spanning science, IT, CTMS, and validation • Validation expert, responsible for BioPharm’s: – Computer system validation (CSV) methodology – System development life cycle (SDLC) methodology – Team that performs all project-related validation activities • Under Sally’s guidance, validation team ensures that BioPharm’s internal and client systems are implemented effectively, in accordance with external regulations and industry best practices | (619) 980-7288

Welcome & Introductions (cont.) CTMS Practice Services Implementations Manage implementations of Siebel Clinical vanilla and BioPharm’s Siebel Clinical accelerator, ASCEND. Integrations Build one- and two-way interfaces between Siebel Clinical and other clinical and non-clinical systems. Training Develop and/or deliver standard and custom training classes and materials, including Siebel iHelp. Process Guidance Provide insight, advice, and solutions to specific clinical trial management issues.

Agenda • Welcome & Introductions • “Cloud” Defined • Industry Trends in Cloud/Hosting • Myths vs. Facts About Cloud/Hosting – Interactive segment with audience participation • Validation Implications of Cloud/Hosted Systems • Evaluating Cloud vs. On-site CTMS • How BioPharm Can Help • Q&A

“Cloud” Defined • Latest IT system delivery model – Also known as “On-Demand” or “SaaS” (Software-as-a-Service) • Internet-based computing – Clusters of servers provide access to software and data from any online computer at any time • Based on the concept that consumers no longer need/want expertise in or physical control over the technology infrastructure that supports them

“Cloud” Defined (cont.) • Related to “hosting,” but “cloud” is more specific • Functions like a utility, such as electricity: – Power grid stores electricity – When demand increases, more sections of the grid are engaged – When demand decreases, fewer sections of the grid are engaged – Only pay for what you use • Cloud is similar: – Electricity = Software and data – Demand = Number of users – Power Grid = Cluster of servers

“Cloud” Defined (cont.) • For clinical applications, true “cloud” is not really feasible – Compliance – Data integrity – Data security / intellectual property • In Life Sciences industry, “cloud” is the equivalent of “hosting” – Dedicated Hosting: You own the software and the servers, but the servers are housed/maintained by a data center – Shared Hosting: You own the software, but the servers are owned, housed, maintained by a data center and can be shared by others by dividing them through “virtualization”

Industry Trends in Cloud/Hosting • Continuing pressure to reduce costs and shorten drug development timelines, exacerbated by: – Several patents expiring between 2011-2014, meaning increased competition from generics – Shrinking drug pipeline, based on a reduction of FDA approvals for New Molecular Entities (NMEs) over the past several years • Life sciences organizations recognizing that their focus needs to be on effective, efficient drug development; all other infrastructure is secondary

Industry Trends in Cloud/Hosting (cont.) • Increasing reliance on IT vendors to provide and maintain the appropriate IT infrastructure to support their needs • Organizations are realizing that cloud/hosting allows them to move away from capital expenditures and instead just pay for what they need when they need it – Significant cost savings in terms of human capital, physical equipment, storage space, and utility costs – Business advantages include standardization and streamlining of operations • However, many organizations are still concerned about security, privacy, data protection and IP management “in the cloud”

Myths vs. Facts About Cloud/Hosting Time to participate! Get your voting fingers ready…

Claim #1 A CTMS can be implemented faster in the cloud than on-site.

Claim #1: Fact! • Pre-qualified data centers – Due-diligence may be reduced to reviewing the hosting vendor’s most recent audit report on the data center • Pre-qualified servers that can be used immediately – No waiting for Procurement to purchase the servers, IT to install them, and Validation to qualify them • Pre-qualified CTMS templates that can be used to clone new environments – Cloning along can save several implementation days – Pre-qualified clone templates can by-pass the need for IQ and/or OQ

Claim #2 A CTMS can be implemented less expensively in the cloud than on-site.

Claim #2: Fact! Sources of cost reductions: • Pre-qualifications of vendors, hardware, and template environments • Reduced need for internal resources • Hosted, pre-configured CTMS “accelerator” option • Shared hosting option • “On-Demand” option

Claim #3 Ongoing costs for cloud/hosted CTMS solutions are higher than for on-site solutions.

Claim #3: Myth! • Many hosting vendors design their hosting fees to include: – Unlimited end-user support – Bug fixes for client-specific configurations – System performance monitoring – Hardware maintenance – Hardware upgrades • When calculating the costs of these services and the resources needed to provide them (people, time, software, expertise), monthly hosting fees can be lower than the equivalent in-house cost

Claim #4 CTMS data stored in the cloud can be accessed at any time.

Claim #4: Fact! • Hosted applications and data are, by design, available through a web browser from any computer connected to the Internet – No need to install software on your machine to access the system • System “up” times vary from vendor to vendor, but some are up over 99% of the time – Hosting vendors schedule system maintenance outside of standard business hours – Unplanned downtime is minimal because hosting vendors are experts in hosting; they know what to do and when to do it to keep systems healthy

Claim #5 CTMS data in cloud/hosted systems is not secure.

Claim #5: Myth! • While it is difficult to secure data per industry standards in a true “cloud” environment, hosted data can be easily secured – Hosted systems can live behind firewalls that require VPN to access – Hosted systems can be securely deployed over the Internet using SSL encryption – Hosted systems can work with an organization’s Active Directory authentication process – Hosted systems can be set up to meet each organization’s data security policies and procedures

Claim #6 Data from other systems cannot be migrated to CTMS solutions in the cloud.

Claim #6: Myth! • Data can be migrated from other systems into a hosted CTMS just like an in-house CTMS – Hosting does not limit data migration methods or sources • CTMS data migration sources can include: – Spreadsheets – Access databases – Homegrown applications – Previously-used CTMS solutions, whether hosted or in-house – Other hosted or in-house systems

Claim #7 CTMS solutions in the cloud cannot be integrated with other systems.

Claim #7: Myth! • Hosted CTMS solutions can be integrated with other systems just like an in-house CTMS – Hosting does not limit integration methods or types of systems • CTMS integrations can include: – EDC or IVR (import subject and subject visit data) – Financial (export payment requests, import processed payment details) – Safety (automatically trigger serious adverse event creation) – EDMS (auto-link CTMS document tracking records to electronic document storage records) – Clinical Data Warehouse (create dashboards and reports based on key metrics and performance indicators) – CRO CTMS solutions

Claim #8 Choosing a hosted CTMS means relying on the vendor for system administration tasks.

Claim #8: Myth! • Varies from vendor to vendor and product to product, but some vendors/solutions still allow organizations to perform administrative functions, such as: – User role creation – User account maintenance – Report template modifications – Dropdown list modifications • Tip: Good CTMS hosting vendors/solutions provide all of the services that require IT expertise while empowering organizations to be in control of system use activities

Claim #9 Systems in the cloud can configured and/or customized.

Claim #9: Fact! • Whether hosted or on-site, a configurable CTMS (not all are configurable) can be configured and/or customized to meet each organization’s needs – Hosting does not limit the ability to configure or customize a CTMS • Tip: As mentioned in #1, some hosting vendors even offer pre-configured CTMS “accelerators,” which reduce the need for custom configurations (but do not prevent the ability to make them)

Claim #10 Hosted CTMS solutions cannot be validated.

Claim #10: Myth! • While true “cloud” is very challenging to validate, opting for a hosted system does not hinder the ability to validate or maintain a validated state • However, there are some additional considerations for hosted systems and additional steps organizations should take to ensure the integrity, security, safety, accessibility, and compliance of hosted applications and data

Validation “in the Cloud” • True cloud technology presents a wide range of risks for Computer System Validation (CSV), regulatory compliance and data security. high low Cloud Computing: You lease the software and the use of unspecified hardware Shared Hosting: You own the software, but the servers that you share with others, are owned and maintained by a hosting provider and housed at a data center Dedicated Hosting: You own the software and the servers that are not shared with others, but the servers are maintained by a hosting provider and housed at a data center

Validating Cloud or Hosted GxP Systems • For 21 CFR Part 11 and Annex 11, the same rules apply for any GxP system (cloud, hosted, or on-site) • Your organization is ultimately responsible for ensuring that each GxP system is validated, compliant, and performs as intended, even when using a vendor who provides validation materials and/or performs validation activities • As such, there are important aspects to consider and steps to take in order to mitigate your risk when selecting a cloud/hosting provider for a GxP system – Any vendors offering cloud or hosting services who refuse to undergo scrutiny should not be considered for hosting GxP systems

Step 1: Assess the Vendor • Ask at least these questions: – Does the vendor have experience in hosting the application of interest? How much experience do they have? Are they able to provide references from current hosted clients? – Does the vendor use a third party data center? If so, what sort of ongoing oversight does the vendor perform to ensure that the third party is reliable? – Does the vendor have a validated or qualified instance of the hosted application? – Does the vendor have validation documentation for the application that can be leveraged?

Step 1: Assess the Vendor (cont.) – Does the vendor have the system and staff resources necessary to handle the anticipated number of users on the hosted system at any given time? – Does the vendor’s staff have the necessary qualifications and training? – Does the vendor offer 24/7 application support? – What would happen under exit or breach-of-contract? Can they guarantee that your data would still be available to you even after such an event?

Step 2: Assess the Data Security • Ask at least these questions: – What measures does the vendor have in place for physical and electronic security? – Where will data storage and processing take place? – Does the data center (whether third party or not) have current and available SSAE 16 or SAS 70 Reports? – Does the vendor have strong backup and recovery plans?

Step 2: Assess the Data Security (cont.) – How are tenant applications isolated from each other? – Will the vendor provide information on the training of privileged administrators and the controls over their access? – Who will own and have access to your data? – Will your system be considered closed or open?

Open Systems If the method of accessing your GxP system is considered “Open,” additional 21 CFR Part 11 regulations apply: 21 CFR Part 11 Sec. 11.30: Controls for open systems: Persons who use open systems to create, modify, maintain, or transmit electronic records shall employ procedures and controls designed to ensure the authenticity, integrity, and, as appropriate, the confidentiality of electronic records from the point of their creation to the point of their receipt. Such procedures and controls shall include those identified in 11.10 (Controls for closed systems), as appropriate, and additional measures such as document encryption and use of appropriate digital signature standards to ensure, as necessary under the circumstances, record authenticity, integrity, and confidentiality. TIP: If using Transport Layer Security or Secure Sockets Layer protocols, additional compliance testing should include capturing evidence of the TLS or SSL certificate

Next Steps • After receiving the questionnaire answers and narrowing down your options, audit the selected vendor(s) and data center(s) to verify the answers they provided – Remember: Your organization is ultimately responsible for your GxP system, regardless of what the vendor claims • As part of your audit, review the data center’s current SSAE 16, SAS 70 reports • Create a strong Service Level Agreement (SLA) with your selected vendor; make sure you and your data are protected!

Evaluating Cloud vs. On-site CTMS • IT: What is the current state of my IT infrastructure? What is my organization’s IT strategy for the future? • Space: Do we have the physical space available for the servers? • Budget: Does my budget allow for hardware purchases and upkeep? • Culture: What is my Clinical Operations team’s tolerance for risk? • Validation: Do we have experienced/knowledgeable validation resources who are available for vendor analysis and audits? • Vendor: Is there a hosting vendor who provides a CTMS that meets our user requirements and whose business practices mitigate perceived and actual risks?

How BioPharm Can Help • Services – System-agnostic analysis workshops – Product demonstrations – Shared and dedicated CTMS hosting – Siebel CTMS application support – CTMS training development and delivery • Products – Siebel Clinical ASCEND, including temporary access to a sandbox environment – Validation suites – Clinical trial management SOP packages


Contact Us • North America Sales Contact: – Rod Roderick – – +1 877 654 0033 • Europe/Middle East/Africa Sales Contact: – Rudolf Coetzee – – +44 (0) 1865 910200 • General Inquiries: –

Add a comment

Related presentations

Presentación que realice en el Evento Nacional de Gobierno Abierto, realizado los ...

In this presentation we will describe our experience developing with a highly dyna...

Presentation to the LITA Forum 7th November 2014 Albuquerque, NM

Un recorrido por los cambios que nos generará el wearabletech en el futuro

Um paralelo entre as novidades & mercado em Wearable Computing e Tecnologias Assis...

Microsoft finally joins the smartwatch and fitness tracker game by introducing the...

Related pages

Cloud-based vs. On-site CTMS: Which is Right for Your ...

On-site CTMS: Which is Right for Your Organization? ... Cloud-based vs. On-site CTMS: Which is Right for Your Organization? Area Life Sciences Specialty
Read more


by Eugene Sefanov More and more sponsors and clinical research organizations (CROs) are moving their clinical applications to the cloud, seeking ...
Read more

Cloud-based vs. On-site CTMS - Which is Right for Your ...

Cloud-based vs. On-site CTMS: Which is Right for You? ... or on-site) • Your organization is ultimately responsible for ensuring that each GxP system is ...
Read more

ascend ctms | Resources: Clinical Trial, Data, Safety, and ...

Tag Archives: ascend ctms CLOUD-BASED VS ON-SITE CTMS: WHICH IS RIGHT FOR YOUR ORGANIZATION. ... cloud ctms, CTMS, on-site ctms, ...
Read more

siebelobserver: BioPharm Host to Moving Siebel to the ...

On-site CTMS: Which is Right for Your Organization?" ... solutions at BioPharm will offer a webinar "Cloud-based vs. On-site CTMS: Which is Right for Your ...
Read more

BioPharm Systems to Host Webinar on Cloud-based Versus On ...

... Webinar: "Cloud-based vs. On-site CTMS: Which is Right ... Trial Management System Implementation Options. ... CTMS: Which is Right for Your Organization?"
Read more

Ctms | LinkedIn

It is best to evaluate what functionalities the software has that will truly be a benefit to your organization ... Cloud-based vs. On-site CTMS - Which is ...
Read more

BioPharm Systems to Host Webinar on Cloud-based vs. On ...

BioPharm Systems to Host Webinar on Cloud-based vs. On-site CTMS Implementation Options. ... On-site CTMS: Which is Right for Your Organization?"
Read more