Key Questions to Ask an eClinical SaaS Vendor

We all hear about the benefits of using web-based, Software-as-a-Service (SaaS) applications as an alternative to the traditional software that must be installed on your personal computer or an enterprise server.  SaaS products are typically easier to adopt and less expensive than enterprise software.  But what are the risks of using cloud-based (i.e. SaaS) products, particularly for eClinical applications? 

UPDATE: We have completed looking at the following 5 topics in detail.  Under each topic below, you will find a link to the detailed post for that topic.

Here are 5 key questions to ask any SaaS vendor that will help ensure your eClinical data is available and secure. I’ll be putting together a series of posts on this blog which will examine each question in detail, and give you a few tips on what type of response you should expect from a competent vendor.

  • How are you securing my data?
    Consider the various layers of security involved with a web-based application, such as: physical security at the data center, server “hardening”, user authentication and authorization, etc.
    View the post. 
  • How do you backup my data and what is your disaster recovery plan?
    Consider how frequently your data is backed-up, how long those backups are retained, and the data storage policy.  Consider your vendor’s plan for getting the application and your data back on-line if a natural disaster or regional internet outage shuts down the application.
    View the post. 
  • How do you monitor the health & availability of the web application?
    There are a variety of Internet and system monitors that should be employed by the vendor to proactively ensure that the application is healthy and the website is accessible to users from multiple geographic locations.
    View the post. 
  • What is your change control procedure?
    The SaaS-model allows innovative vendors to frequently deliver updates and enhancements.  It also allows the vendor’s support team to directly access your data.  How does the vendor plan, control and track changes made to the product and your data? 
    View the post. 
  • How do you ensure application scalability and performance?
    If your team or your data doubles in size, will the application scale up with you?  How does the vendor ensure a scalable, high-performance product? 
    View the post. 

With the answers to these questions you will be much better equipped to asses risk, compare vendors, and determine whether the SaaS model is right for your organization.  Keep in mind that no one answer is necessarily correct for your organization.  You will need to determine your tolerance in each area, as you also consider cost and other objectives or requirements.

Coming in Part 2 of this series, a detailed discussion of the data security (the first question above). Check back in the coming weeks or subscribe to our RSS feed to be notified when a new blog post has been published!