E-mails. Sensitive patient data. Dense droplets of water.

What’s common between them, you ask? At first glance, absolutely nothing.
But let me break it down for you. E-mails are stored in the servers of your e-mail service vendor, which is in turn hosted on the cloud. Patient information, when added to a health app, is stored in the servers of the application developer, which is stored in the cloud. Dense droplets of water are stored in the cloud. Okay maybe not the same cloud, but what about the first two?

With a surge in cloud-based services across global businesses, it’s already a tad late to take notice. Cloud computing offers easy deployment, unlimited scope for scalability, high speed and affordable pricing. Either through e-mail solutions or personal device storage, you might have already marked your footprint on the cloud.
Let’s zoom into the picture and take a long look at healthcare. With regulations laying tough boundaries, migrating to the cloud might seem like a difficult task. This is what we’re trying to break down in the upcoming sections.

What’s common

Current industry practices that follow the waterfall model for SDLC essentially talk about three aspects to qualify for validating a system: the infrastructure (IQ), the system as a whole (OQ), and the system for its intended use (PQ). We adopt a similar approach for validation cloud-based solutions.

What’s different

The structure of a cloud-based product is slightly different from that of an on-premise software. Unlike the latter, these products are hosted on a cloud infrastructure which varies for each use-case. Qualifying this is the most influential aspect of qualifying a service hosted on the cloud. The following sections talk about the key features to look out for in a cloud infrastructure setup.


The most vital concern! Ensuring that sufficient physical and virtual security measures like firewalls, back-up storage, anti-virus software and encryption are in place is necessary for qualification. While doing so, cross-check whether the settings are in tandem with data privacy and security regulations applicable for the particular demography and sector. If the cloud vendor has certifications and audit results that suggest compliance with the above-mentioned regulations, put a big tick-mark for security as these display a high level of data security practices followed by the vendor.

Back-up, storage & retrieval

Suitable data back-up procedures should be documented by the vendor. Additionally, proper storage of data and ease of retrieval must also be achieved.


Ideally, the end-user must ensure that the system deployed in their environment is compliant with applicable regulations and guidelines. However, some vendors ensure GxP compatibility in their solutions. Ensure that you give their white papers a read! This would tell you the extent of validation that is achieved by the system, with which you can gauge the scope of validation that is necessary from your end.

Remember ‘CIA’ – to comply, not to spy. Evaluate whether the vendor exhibits Confidentiality, Integrity and Availability in their processes. In case of third-party services being added on, ensure that appropriate SLAs (Service Level Agreements) are laid down.

The utopian model of validating a system might seem far-fetched, but with certain tools we can get closer to it. Checklists!

We’ve put together a checklist you can use to help in assessing a cloud-based product for your business. If you’d like any assistance on this matter, clicking any of the buttons on this page would get us one step closer to you. If not, download our curated checklist and tick away!

ZifoZifo RnD Solutions