White Paper Excerpt: Key Questions to Ask an eClinical Provider
We all hear about the benefits of using web-based, Software-as-a-Service (SaaS) applications as an alternative to the traditional software that must be installed on your personal computer or an enterprise server. SaaS products are typically easier to adopt and less expensive (considering both startup and long-term costs) than on-site enterprise software. But what are the risks of using cloud-based (i.e. SaaS) products, particularly for eClinical applications?
This report focuses on the client’s perspective by considering important questions to ask an eClinical provider. Let’s start with 5 questions that cover key areas, and then each area will be examined in detail.
How are you securing my data?
Consider the various layers of security involved with a web-based application, such as: user account and access controls, hack-resistant servers and physical access at the data center.
How do you backup my data and what is your disaster recovery plan?
Consider how frequently your data is backed-up, how long those backups are retained, and the data storage policy. Consider your provider’s plan for getting the application and your data back on-line if a natural disaster or regional internet outage shuts down the application.
How do you monitor the health & availability of the web application?
If there is a problem with the system, the provider should know about it before you do. There are a variety of Internet and system monitors that should be employed by the vendor to proactively ensure that the application is healthy and the website is accessible to users from multiple geographic locations.
How do you ensure application scalability and performance?
If your team or your data doubles in size, will the application scale up with you? How does the vendor ensure a scalable, high-performance product?
How does the provider plan, control and track changes made to the product and your data? The SaaS-model allows innovative vendors to frequently deliver updates and enhancements. It also allows the provider to directly access your data and make system changes at will (for better or worse). Therefore, sound policies and procedures around change control can be critical.
With the answers to these questions you will be much better equipped to asses risk, compare providers, and determine whether the SaaS model is right for your organization. Keep in mind there is no set of “correct” answers that applies to all prospective (or existing) customers. You will need to determine your priorities and tolerance in each area, as you also consider cost and other objectives or requirements.