SlideShare a Scribd company logo

Qualifying SaaS, IaaS.pptx

Sachin Bhandari
Sachin Bhandari

This is a presentation in IaaS and Paas Quality agreement considerations

Technology
1 of 8
Download to read offline
Qualifying SaaS, IaaS Create a Quality Agreement with Cloud Providers SACHIN BHANDARI HEAD OF CSV, QUALIFICATION AND STANDARDS BOEHRINGER INGELHEIM
The Various Deployment Models & Regulatory Impact • IaaS, PaaS and SaaS models move a significant portion of the GXP data out of companies’ control framework. • It is important to note that the SaaS/IaaS providers are not subject to the same GxP regulations as the regulated company and that ultimate accountability for GxP requirements resides with the regulated company. Image courtesy : PaaS vs IaaS vs SaaS — differences, pros, and cons | Artifakt Blog
GXP perspective to Quality Agreements Infrastructure/ application’s intended use Applicable controls on Data ( IaaS/SaaS) User Accesses ( IaaS/SaaS) Administration Privileges ( IaaS/SaaS) Audit Trails(SaaS) Quality Management System Change Management Release Management Incident Management User Access Management Fitment for purpose of Application/Infra Associated serveries such as BCP/DRP (detailed further) Applicable regulations Measures to ensure data integrity. The quality agreement must not delegate GxP accountabilities to the IaaS/SaaS provider.
Key considerations in Quality agreements for IaaS/SaaS The scope and specifications of the services, including the features, functions, and limitations of the software and infrastructure. The service levels and standards that the provider must adhere to, such as availability, uptime, response time, backup, recovery, and maintenance. The data ownership, access, protection, and retention policies, as well as the data integrity and confidentiality measures that the provider must implement4. The risks and liabilities allocation between the parties, and the remedies and penalties for non- compliance or breach of contract. The communication and escalation procedures, as well as the dispute resolution and termination mechanisms, in case of any issues or conflicts4. These constituents should be defined and documented in a clear and comprehensive manner and reflect the roles and responsibilities of both the provider and the customer. Quality agreements for SaaS and IaaS can help ensure that the quality, reliability, security, and performance of the services meet the expectations and requirements of the customers, especially in regulated industries such as life sciences.
SaaS/Iaas Quality Agreement Constituents Scope of the agreement •Definition of the services provided •Identification of the parties involved •Duration and termination conditions Roles and responsibilities •Responsibilities of the service provider •Responsibilities of the customer Data security and privacy •Data protection measures •Compliance with relevant data protection regulations (e.g., GDPR) •Data breach notification procedures Service levels and performance •Service availability and uptime guarantees •Response and resolution times for support requests •Regular performance monitoring and reporting Backup and disaster recovery •Data backup frequency and retention policies •Disaster recovery plans and procedures •Data restoration timelines Change management •Notification of planned updates and maintenance •Procedures for requesting and implementing changes •Impact assessment and rollback plans Compliance and audits •Adherence to industry standards and certifications (e.g., ISO, SOC) •Rights to audit the SaaS provider's processes and controls •Remediation of identified non-compliance issues Training and support •Provision of user training and documentation •Support channels and hours of availability •Escalation procedures for critical issues Intellectual property and confidentiality •Ownership of customer data and any customizations •Protection of proprietary information and trade secrets •Non-disclosure agreements Liability and indemnification •Limitation of liability clauses •Indemnification for third-party claims related to the SaaS services Governing law and dispute resolution •Applicable laws and jurisdiction •Dispute resolution mechanisms (e.g., mediation, arbitration)
IaaS Vs SaaS Difference in the Quality Agreement- Explained Scope of the agreement IaaS: Primarily focuses on the provision of virtualized computing resources over the internet. SaaS: Covers the delivery of software applications over the internet. Roles and responsibilities IaaS: The provider is responsible for managing the infrastructure, while the customer is responsible for managing the operating systems, middleware, and applications. SaaS: The provider is responsible for managing both the infrastructure and the software applications. Data security and privacy IaaS: The provider is responsible for the security of the infrastructure, while the customer is responsible for the security of their data and applications. SaaS: The provider is responsible for the security of both the infrastructure and the data. Service availability and performance IaaS: The agreement would focus on the availability and performance of the infrastructure resources. SaaS: The agreement would focus on the availability and performance of the software applications. Backup and disaster recovery IaaS: The provider is responsible for the backup and recovery of the infrastructure, while the customer is responsible for the backup and recovery of their data and applications. SaaS: The provider is responsible for the backup and recovery of both the infrastructure and the data. Change management IaaS: Changes typically involve infrastructure updates and upgrades. SaaS: Changes can involve both infrastructure updates and application updates. Support and incident management IaaS: Support is typically for infrastructure-related issues. SaaS: Support covers both infrastructure and application-related issues. Compliance and audits IaaS: Compliance requirements are primarily related to the infrastructure. SaaS: Compliance requirements cover both the infrastructure and the software applications. Intellectual property and confidentiality IaaS: The customer retains ownership of their data and applications. SaaS: The provider may have access to the customer's data, and there may be clauses related to the use of customer data. Liability and indemnification IaaS: Liability is typically limited to the infrastructure services provided. SaaS: Liability can cover both the infrastructure services and the software applications provided.
IaaS Vs SaaS (cont..) SaaS IaaS + Application Performance Support Services IaaS Service Level Agreements (SLAs) Data Protection and Privacy Disaster Recovery and Business Continuity Plans Performance Metrics Roles and Responsibilities Review and Audit Rights Termination Clauses Dispute Resolution Scalability and Flexibility Cost and Pricing Structure
Sachin Bhandari EMAIL : SACHIN.BHANDARI@GMAIL.COM LINKEDIN : Sachin Bhandari | LinkedIn

Recommended

Shared Responsibility Model_Webinar_-_7-19-16
Shared Responsibility Model_Webinar_-_7-19-16Shared Responsibility Model_Webinar_-_7-19-16
Shared Responsibility Model_Webinar_-_7-19-16James Harris PMP
 
Public Cloud Service Agreements: What to Expect and What to Negotiate V2.0
Public Cloud Service Agreements: What to Expect and What to Negotiate V2.0Public Cloud Service Agreements: What to Expect and What to Negotiate V2.0
Public Cloud Service Agreements: What to Expect and What to Negotiate V2.0Cloud Standards Customer Council
 
Architecting SaaS
Architecting SaaSArchitecting SaaS
Architecting SaaSAxEdge Consulting
 
SAS 70 in a Post-Sarbanes, SaaS World: Quest Session 52070
SAS 70 in a Post-Sarbanes, SaaS World: Quest Session 52070SAS 70 in a Post-Sarbanes, SaaS World: Quest Session 52070
SAS 70 in a Post-Sarbanes, SaaS World: Quest Session 52070retheauditors
 
Cloud computing & service level agreements
Cloud computing & service level agreementsCloud computing & service level agreements
Cloud computing & service level agreementsCade Zvavanjanja
 
Concorde Solutions ITAM Review Tools Day
Concorde Solutions ITAM Review Tools Day Concorde Solutions ITAM Review Tools Day
Concorde Solutions ITAM Review Tools Day Martin Thompson
 
Forecast 2014: SaaS Data Exchange
Forecast 2014: SaaS Data ExchangeForecast 2014: SaaS Data Exchange
Forecast 2014: SaaS Data ExchangeOpen Data Center Alliance
 
Transform Your Cloud Validation Strategy from Cloudy to Clear
Transform Your Cloud Validation Strategy from Cloudy to ClearTransform Your Cloud Validation Strategy from Cloudy to Clear
Transform Your Cloud Validation Strategy from Cloudy to ClearTechWell
 

Recommended

Shared Responsibility Model_Webinar_-_7-19-16
Shared Responsibility Model_Webinar_-_7-19-16Shared Responsibility Model_Webinar_-_7-19-16
Shared Responsibility Model_Webinar_-_7-19-16James Harris PMP
 
Public Cloud Service Agreements: What to Expect and What to Negotiate V2.0
Public Cloud Service Agreements: What to Expect and What to Negotiate V2.0Public Cloud Service Agreements: What to Expect and What to Negotiate V2.0
Public Cloud Service Agreements: What to Expect and What to Negotiate V2.0Cloud Standards Customer Council
 
Architecting SaaS
Architecting SaaSArchitecting SaaS
Architecting SaaSAxEdge Consulting
 
SAS 70 in a Post-Sarbanes, SaaS World: Quest Session 52070
SAS 70 in a Post-Sarbanes, SaaS World: Quest Session 52070SAS 70 in a Post-Sarbanes, SaaS World: Quest Session 52070
SAS 70 in a Post-Sarbanes, SaaS World: Quest Session 52070retheauditors
 
Cloud computing & service level agreements
Cloud computing & service level agreementsCloud computing & service level agreements
Cloud computing & service level agreementsCade Zvavanjanja
 
Concorde Solutions ITAM Review Tools Day
Concorde Solutions ITAM Review Tools Day Concorde Solutions ITAM Review Tools Day
Concorde Solutions ITAM Review Tools Day Martin Thompson
 
Forecast 2014: SaaS Data Exchange
Forecast 2014: SaaS Data ExchangeForecast 2014: SaaS Data Exchange
Forecast 2014: SaaS Data ExchangeOpen Data Center Alliance
 
Transform Your Cloud Validation Strategy from Cloudy to Clear
Transform Your Cloud Validation Strategy from Cloudy to ClearTransform Your Cloud Validation Strategy from Cloudy to Clear
Transform Your Cloud Validation Strategy from Cloudy to ClearTechWell
 
360 facility
360 facility360 facility
360 facilityqjopera
 
Lecture5
Lecture5Lecture5
Lecture5josephineusha
 
Cloud's Hidden Impact on IT Shops
Cloud's Hidden Impact on IT ShopsCloud's Hidden Impact on IT Shops
Cloud's Hidden Impact on IT ShopsChristopher Foot
 
Cloud services and it security
Cloud services and it securityCloud services and it security
Cloud services and it securityEast Midlands Cyber Security Forum
 
Lecture31.ppt
Lecture31.pptLecture31.ppt
Lecture31.pptamanyosama21
 
Comprehensive Information on Software as a Service
Comprehensive Information on Software as a ServiceComprehensive Information on Software as a Service
Comprehensive Information on Software as a ServiceHTS Hosting
 
Sia Partners Insights when Considering a SaaS Solution
Sia Partners Insights when Considering a SaaS SolutionSia Partners Insights when Considering a SaaS Solution
Sia Partners Insights when Considering a SaaS SolutionDaniel Connor
 
Navigating the Shifting Tides: Understanding the Evolving Landscape of Cybers...
Navigating the Shifting Tides: Understanding the Evolving Landscape of Cybers...Navigating the Shifting Tides: Understanding the Evolving Landscape of Cybers...
Navigating the Shifting Tides: Understanding the Evolving Landscape of Cybers...LegalFundServices
 
You've Decided to Buy Cloud Services, Now What? (WPS203) - AWS re:Invent 2018
You've Decided to Buy Cloud Services, Now What? (WPS203) - AWS re:Invent 2018You've Decided to Buy Cloud Services, Now What? (WPS203) - AWS re:Invent 2018
You've Decided to Buy Cloud Services, Now What? (WPS203) - AWS re:Invent 2018Amazon Web Services
 
AWS Summit 2013 | Singapore - Service Orchestration – Managing the Cloud Disr...
AWS Summit 2013 | Singapore - Service Orchestration – Managing the Cloud Disr...AWS Summit 2013 | Singapore - Service Orchestration – Managing the Cloud Disr...
AWS Summit 2013 | Singapore - Service Orchestration – Managing the Cloud Disr...Amazon Web Services
 
School of Computer & Information SciencesITS-532 Cloud Com
School of Computer & Information SciencesITS-532 Cloud ComSchool of Computer & Information SciencesITS-532 Cloud Com
School of Computer & Information SciencesITS-532 Cloud ComTaunyaCoffman887
 
The 15 ITIL Steps to DBaaS in the Cloud
The 15 ITIL Steps to DBaaS in the CloudThe 15 ITIL Steps to DBaaS in the Cloud
The 15 ITIL Steps to DBaaS in the CloudJoaquin Marques
 
The System Administrator Role in the Cloud Era: Better Than Ever (ENT212) | A...
The System Administrator Role in the Cloud Era: Better Than Ever (ENT212) | A...The System Administrator Role in the Cloud Era: Better Than Ever (ENT212) | A...
The System Administrator Role in the Cloud Era: Better Than Ever (ENT212) | A...Amazon Web Services
 
Get Started Today with Cloud-Ready Contracts
Get Started Today with Cloud-Ready ContractsGet Started Today with Cloud-Ready Contracts
Get Started Today with Cloud-Ready ContractsAmazon Web Services
 
Week 3 lecture material cc
Week 3 lecture material ccWeek 3 lecture material cc
Week 3 lecture material ccAnkit Gupta
 
Evaluating Cloud Database Offerings
Evaluating Cloud Database OfferingsEvaluating Cloud Database Offerings
Evaluating Cloud Database OfferingsChristopher Foot
 
Understanding saa s
Understanding saa sUnderstanding saa s
Understanding saa sUmesh Kodmur
 
SaaS Application Scalability: Best Practices from Architecture to Cloud Infra...
SaaS Application Scalability: Best Practices from Architecture to Cloud Infra...SaaS Application Scalability: Best Practices from Architecture to Cloud Infra...
SaaS Application Scalability: Best Practices from Architecture to Cloud Infra...riyak40
 
Building and Operating Clouds
Building and Operating CloudsBuilding and Operating Clouds
Building and Operating CloudsBMC Software
 
Finance Technologies: Buy or Rent
Finance Technologies: Buy or RentFinance Technologies: Buy or Rent
Finance Technologies: Buy or RentScottMadden, Inc.
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 

More Related Content

Similar to Qualifying SaaS, IaaS.pptx

360 facility
360 facility360 facility
360 facilityqjopera
 
Cloud's Hidden Impact on IT Shops
Cloud's Hidden Impact on IT ShopsCloud's Hidden Impact on IT Shops
Cloud's Hidden Impact on IT ShopsChristopher Foot
 
Comprehensive Information on Software as a Service
Comprehensive Information on Software as a ServiceComprehensive Information on Software as a Service
Comprehensive Information on Software as a ServiceHTS Hosting
 
Sia Partners Insights when Considering a SaaS Solution
Sia Partners Insights when Considering a SaaS SolutionSia Partners Insights when Considering a SaaS Solution
Sia Partners Insights when Considering a SaaS SolutionDaniel Connor
 
Navigating the Shifting Tides: Understanding the Evolving Landscape of Cybers...
Navigating the Shifting Tides: Understanding the Evolving Landscape of Cybers...Navigating the Shifting Tides: Understanding the Evolving Landscape of Cybers...
Navigating the Shifting Tides: Understanding the Evolving Landscape of Cybers...LegalFundServices
 
You've Decided to Buy Cloud Services, Now What? (WPS203) - AWS re:Invent 2018
You've Decided to Buy Cloud Services, Now What? (WPS203) - AWS re:Invent 2018You've Decided to Buy Cloud Services, Now What? (WPS203) - AWS re:Invent 2018
You've Decided to Buy Cloud Services, Now What? (WPS203) - AWS re:Invent 2018Amazon Web Services
 
AWS Summit 2013 | Singapore - Service Orchestration – Managing the Cloud Disr...
AWS Summit 2013 | Singapore - Service Orchestration – Managing the Cloud Disr...AWS Summit 2013 | Singapore - Service Orchestration – Managing the Cloud Disr...
AWS Summit 2013 | Singapore - Service Orchestration – Managing the Cloud Disr...Amazon Web Services
 
School of Computer & Information SciencesITS-532 Cloud Com
School of Computer & Information SciencesITS-532 Cloud ComSchool of Computer & Information SciencesITS-532 Cloud Com
School of Computer & Information SciencesITS-532 Cloud ComTaunyaCoffman887
 
The 15 ITIL Steps to DBaaS in the Cloud
The 15 ITIL Steps to DBaaS in the CloudThe 15 ITIL Steps to DBaaS in the Cloud
The 15 ITIL Steps to DBaaS in the CloudJoaquin Marques
 
The System Administrator Role in the Cloud Era: Better Than Ever (ENT212) | A...
The System Administrator Role in the Cloud Era: Better Than Ever (ENT212) | A...The System Administrator Role in the Cloud Era: Better Than Ever (ENT212) | A...
The System Administrator Role in the Cloud Era: Better Than Ever (ENT212) | A...Amazon Web Services
 
Get Started Today with Cloud-Ready Contracts
Get Started Today with Cloud-Ready ContractsGet Started Today with Cloud-Ready Contracts
Get Started Today with Cloud-Ready ContractsAmazon Web Services
 
Week 3 lecture material cc
Week 3 lecture material ccWeek 3 lecture material cc
Week 3 lecture material ccAnkit Gupta
 
Evaluating Cloud Database Offerings
Evaluating Cloud Database OfferingsEvaluating Cloud Database Offerings
Evaluating Cloud Database OfferingsChristopher Foot
 
Understanding saa s
Understanding saa sUnderstanding saa s
Understanding saa sUmesh Kodmur
 
SaaS Application Scalability: Best Practices from Architecture to Cloud Infra...
SaaS Application Scalability: Best Practices from Architecture to Cloud Infra...SaaS Application Scalability: Best Practices from Architecture to Cloud Infra...
SaaS Application Scalability: Best Practices from Architecture to Cloud Infra...riyak40
 
Building and Operating Clouds
Building and Operating CloudsBuilding and Operating Clouds
Building and Operating CloudsBMC Software
 
Finance Technologies: Buy or Rent
Finance Technologies: Buy or RentFinance Technologies: Buy or Rent
Finance Technologies: Buy or RentScottMadden, Inc.
 

Similar to Qualifying SaaS, IaaS.pptx (20)

360 facility
360 facility360 facility
360 facility
 
Lecture5
Lecture5Lecture5
Lecture5
 
Cloud's Hidden Impact on IT Shops
Cloud's Hidden Impact on IT ShopsCloud's Hidden Impact on IT Shops
Cloud's Hidden Impact on IT Shops
 
Cloud services and it security
Cloud services and it securityCloud services and it security
Cloud services and it security
 
Lecture31.ppt
Lecture31.pptLecture31.ppt
Lecture31.ppt
 
Comprehensive Information on Software as a Service
Comprehensive Information on Software as a ServiceComprehensive Information on Software as a Service
Comprehensive Information on Software as a Service
 
Sia Partners Insights when Considering a SaaS Solution
Sia Partners Insights when Considering a SaaS SolutionSia Partners Insights when Considering a SaaS Solution
Sia Partners Insights when Considering a SaaS Solution
 
Navigating the Shifting Tides: Understanding the Evolving Landscape of Cybers...
Navigating the Shifting Tides: Understanding the Evolving Landscape of Cybers...Navigating the Shifting Tides: Understanding the Evolving Landscape of Cybers...
Navigating the Shifting Tides: Understanding the Evolving Landscape of Cybers...
 
You've Decided to Buy Cloud Services, Now What? (WPS203) - AWS re:Invent 2018
You've Decided to Buy Cloud Services, Now What? (WPS203) - AWS re:Invent 2018You've Decided to Buy Cloud Services, Now What? (WPS203) - AWS re:Invent 2018
You've Decided to Buy Cloud Services, Now What? (WPS203) - AWS re:Invent 2018
 
AWS Summit 2013 | Singapore - Service Orchestration – Managing the Cloud Disr...
AWS Summit 2013 | Singapore - Service Orchestration – Managing the Cloud Disr...AWS Summit 2013 | Singapore - Service Orchestration – Managing the Cloud Disr...
AWS Summit 2013 | Singapore - Service Orchestration – Managing the Cloud Disr...
 
School of Computer & Information SciencesITS-532 Cloud Com
School of Computer & Information SciencesITS-532 Cloud ComSchool of Computer & Information SciencesITS-532 Cloud Com
School of Computer & Information SciencesITS-532 Cloud Com
 
The 15 ITIL Steps to DBaaS in the Cloud
The 15 ITIL Steps to DBaaS in the CloudThe 15 ITIL Steps to DBaaS in the Cloud
The 15 ITIL Steps to DBaaS in the Cloud
 
The System Administrator Role in the Cloud Era: Better Than Ever (ENT212) | A...
The System Administrator Role in the Cloud Era: Better Than Ever (ENT212) | A...The System Administrator Role in the Cloud Era: Better Than Ever (ENT212) | A...
The System Administrator Role in the Cloud Era: Better Than Ever (ENT212) | A...
 
Get Started Today with Cloud-Ready Contracts
Get Started Today with Cloud-Ready ContractsGet Started Today with Cloud-Ready Contracts
Get Started Today with Cloud-Ready Contracts
 
Week 3 lecture material cc
Week 3 lecture material ccWeek 3 lecture material cc
Week 3 lecture material cc
 
Evaluating Cloud Database Offerings
Evaluating Cloud Database OfferingsEvaluating Cloud Database Offerings
Evaluating Cloud Database Offerings
 
Understanding saa s
Understanding saa sUnderstanding saa s
Understanding saa s
 
SaaS Application Scalability: Best Practices from Architecture to Cloud Infra...
SaaS Application Scalability: Best Practices from Architecture to Cloud Infra...SaaS Application Scalability: Best Practices from Architecture to Cloud Infra...
SaaS Application Scalability: Best Practices from Architecture to Cloud Infra...
 
Building and Operating Clouds
Building and Operating CloudsBuilding and Operating Clouds
Building and Operating Clouds
 
Finance Technologies: Buy or Rent
Finance Technologies: Buy or RentFinance Technologies: Buy or Rent
Finance Technologies: Buy or Rent
 

Recently uploaded

#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Neo4j
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 

Recently uploaded (20)

#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
The transition to renewables in India.pdf
The transition to renewables in India.pdfThe transition to renewables in India.pdf
The transition to renewables in India.pdf
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 

Qualifying SaaS, IaaS.pptx

  • 1. Qualifying SaaS, IaaS Create a Quality Agreement with Cloud Providers SACHIN BHANDARI HEAD OF CSV, QUALIFICATION AND STANDARDS BOEHRINGER INGELHEIM
  • 2. The Various Deployment Models & Regulatory Impact • IaaS, PaaS and SaaS models move a significant portion of the GXP data out of companies’ control framework. • It is important to note that the SaaS/IaaS providers are not subject to the same GxP regulations as the regulated company and that ultimate accountability for GxP requirements resides with the regulated company. Image courtesy : PaaS vs IaaS vs SaaS — differences, pros, and cons | Artifakt Blog
  • 3. GXP perspective to Quality Agreements Infrastructure/ application’s intended use Applicable controls on Data ( IaaS/SaaS) User Accesses ( IaaS/SaaS) Administration Privileges ( IaaS/SaaS) Audit Trails(SaaS) Quality Management System Change Management Release Management Incident Management User Access Management Fitment for purpose of Application/Infra Associated serveries such as BCP/DRP (detailed further) Applicable regulations Measures to ensure data integrity. The quality agreement must not delegate GxP accountabilities to the IaaS/SaaS provider.
  • 4. Key considerations in Quality agreements for IaaS/SaaS The scope and specifications of the services, including the features, functions, and limitations of the software and infrastructure. The service levels and standards that the provider must adhere to, such as availability, uptime, response time, backup, recovery, and maintenance. The data ownership, access, protection, and retention policies, as well as the data integrity and confidentiality measures that the provider must implement4. The risks and liabilities allocation between the parties, and the remedies and penalties for non- compliance or breach of contract. The communication and escalation procedures, as well as the dispute resolution and termination mechanisms, in case of any issues or conflicts4. These constituents should be defined and documented in a clear and comprehensive manner and reflect the roles and responsibilities of both the provider and the customer. Quality agreements for SaaS and IaaS can help ensure that the quality, reliability, security, and performance of the services meet the expectations and requirements of the customers, especially in regulated industries such as life sciences.
  • 5. SaaS/Iaas Quality Agreement Constituents Scope of the agreement •Definition of the services provided •Identification of the parties involved •Duration and termination conditions Roles and responsibilities •Responsibilities of the service provider •Responsibilities of the customer Data security and privacy •Data protection measures •Compliance with relevant data protection regulations (e.g., GDPR) •Data breach notification procedures Service levels and performance •Service availability and uptime guarantees •Response and resolution times for support requests •Regular performance monitoring and reporting Backup and disaster recovery •Data backup frequency and retention policies •Disaster recovery plans and procedures •Data restoration timelines Change management •Notification of planned updates and maintenance •Procedures for requesting and implementing changes •Impact assessment and rollback plans Compliance and audits •Adherence to industry standards and certifications (e.g., ISO, SOC) •Rights to audit the SaaS provider's processes and controls •Remediation of identified non-compliance issues Training and support •Provision of user training and documentation •Support channels and hours of availability •Escalation procedures for critical issues Intellectual property and confidentiality •Ownership of customer data and any customizations •Protection of proprietary information and trade secrets •Non-disclosure agreements Liability and indemnification •Limitation of liability clauses •Indemnification for third-party claims related to the SaaS services Governing law and dispute resolution •Applicable laws and jurisdiction •Dispute resolution mechanisms (e.g., mediation, arbitration)
  • 6. IaaS Vs SaaS Difference in the Quality Agreement- Explained Scope of the agreement IaaS: Primarily focuses on the provision of virtualized computing resources over the internet. SaaS: Covers the delivery of software applications over the internet. Roles and responsibilities IaaS: The provider is responsible for managing the infrastructure, while the customer is responsible for managing the operating systems, middleware, and applications. SaaS: The provider is responsible for managing both the infrastructure and the software applications. Data security and privacy IaaS: The provider is responsible for the security of the infrastructure, while the customer is responsible for the security of their data and applications. SaaS: The provider is responsible for the security of both the infrastructure and the data. Service availability and performance IaaS: The agreement would focus on the availability and performance of the infrastructure resources. SaaS: The agreement would focus on the availability and performance of the software applications. Backup and disaster recovery IaaS: The provider is responsible for the backup and recovery of the infrastructure, while the customer is responsible for the backup and recovery of their data and applications. SaaS: The provider is responsible for the backup and recovery of both the infrastructure and the data. Change management IaaS: Changes typically involve infrastructure updates and upgrades. SaaS: Changes can involve both infrastructure updates and application updates. Support and incident management IaaS: Support is typically for infrastructure-related issues. SaaS: Support covers both infrastructure and application-related issues. Compliance and audits IaaS: Compliance requirements are primarily related to the infrastructure. SaaS: Compliance requirements cover both the infrastructure and the software applications. Intellectual property and confidentiality IaaS: The customer retains ownership of their data and applications. SaaS: The provider may have access to the customer's data, and there may be clauses related to the use of customer data. Liability and indemnification IaaS: Liability is typically limited to the infrastructure services provided. SaaS: Liability can cover both the infrastructure services and the software applications provided.
  • 7. IaaS Vs SaaS (cont..) SaaS IaaS + Application Performance Support Services IaaS Service Level Agreements (SLAs) Data Protection and Privacy Disaster Recovery and Business Continuity Plans Performance Metrics Roles and Responsibilities Review and Audit Rights Termination Clauses Dispute Resolution Scalability and Flexibility Cost and Pricing Structure
  • 8. Sachin Bhandari EMAIL : SACHIN.BHANDARI@GMAIL.COM LINKEDIN : Sachin Bhandari | LinkedIn