Search This Blog

Monday, July 19, 2010

Best Practices for Validation of a Software as a Service (SaaS) Customer Relationship Management (CRM) Solution

Part 1: An Introduction to Cloud Computing and SaaS

What is “Cloud Computing”?  Cloud Computing is essentially computing over the internet without the expense and maintenance of an in house data center.  With cloud computing, applications are accessed over the internet and maintained by the third-party hosting the application.  Using a third-party hosted application reduces initial development costs and recurring system maintenance costs.  Since the application is hosted over the internet, data storage issues and maintenance responsibilities also rest on the third party hosting the application.  The customer only pays for the resources utilized, or on a subscription basis, such as the “Software as a Service (SaaS)” model.  Cloud Computing enables large amounts of data to be shared across a large amount of users, since system access is through a web browser and can be accessed from virtually any location.  Security of the system is also centralized, which also places the responsibility of solving security issues on the third party, rather than the customer help desk support.  Keep in mind that there are also risks involved with cloud computing, which include login security, access to audit trails, data recovery and data storage location.  Risk Assessments should be performed to identify all risks and Vendor Audits should be performed to determine if and how the vendor can handle these risks.

The “Software as a Service (SaaS)” model refers to multi-tenant software that is deployed over the internet through a third-party vendor, such as Salesforce.com.  The vendor provides the application license to the customer through a “pay as you go” or a subscription service.  The customer will rent the software platform, rather than owning the software.  With this model, all users from different customer organizations utilize the same instance of the software; therefore, everyone is operating on the same version of the application.  This allows for centralized updates to the system, and also leads to more efficient administration of the system.  Although all users operate on the same version of the software, data is logically separated and some configuration is typically allowed.  In this way, SaaS applications are scalable and configurable to allow the customer to fit the software to their business processes without affecting the common infrastructure.  Due to the centralized nature of the application, the core system can be validated once for use in regulated environments, leading to a validation savings for the end user.  The customer-specific configurations of the system must still be validated for that particular customer, although the validation burden will be much reduced.  

In Part II, we will outline the best practices for the validation of an example SaaS CRM application.

*Gregg will be presenting more information on this subject during an interactive workshop, at IVT’s 16th annual Validation Week on October 26th.  The workshop will be presented along with our colleague, Elise Miner.

QPharma's has a host of solutions that are helping clients stay compliant "in the cloud", including training and practitioner validation web-based solutions.  For more information, contact us at info@qpharmacorp.com,  Subject: "Web Based Solutions".

No comments:

Post a Comment