4 Things to Know when Moving Quality Management to the Cloud
I recently had a discussion with a colleague about technology and how things have evolved over the past few years, and the topic of the "Cloud" came up. One of the terms he put forth was that of "cloudwash" - an interesting way of saying that everyone states they have a cloud solution, but no one really know what that means. There are all sorts of cloud messages flooding the market - public, private, SaaS, PaaS and more. Many companies have moved to some cloud platform, and Quality Management Software systems are also moving in this direction, but what does it all mean?
First, let's clear up the "cloudiness" of the cloud. Cloud computing is a method of delivering solutions to the market in real-time over the Internet. The "cloud" itself is really a MASSIVE array of computing power - servers and storage - that host virtual environments. An application doesn't "exist" anywhere on this array - they are all coupled together to create a large computing system that these virtual environments pull memory, storage, and data transfer from. They are able to leverage the horsepower they need to deliver solutions over the Internet to the business users that matter. It's a big deal, and it's growing. And for Quality Management, there are massive benefits to moving to a cloud based solution.
1. Flexibility: Most Quality Management Systems (QMS) thrive on the concept of flexibility. Processes change, grow, adapt and increase over time. You may have many people in the organization that need to touch Quality in some fashion. In some cases, Quality is limited to a department; in others, it is enterprise-wide. You want a system that from an application standpoint is flexible, but you also want to ensure that your systems are flexible in order to handle the changing levels of load on the system. Cloud-based infrastructures are inherently flexible in this sense - you can manage loads more quickly, and are not constrained by the confines of an in-house server - when in-house, when the server is overloaded you're out of luck; in the cloud, more memory is simply added.
2. Scalability: Dovetailing on flexibility, the cloud is scalable. In house infrastructures have a limit, even the big ones. Large organizations have tried to scale for years, but when their server rooms rival their warehouses, it is time to think differently. Having the cloud in your back pocket means that if you add 1, 2, or 300 new sites or locations, you are not concerned with building a new warehouse to hold all your data. The data is built into the cloud and scales with your business. Need more horsepower? The Cloud can scale you, in real-time.
3. Cost: Depending on your business, cost is a much more complex equation. Cloud computing is a pay-as-you-go concept, and if you are fairly fixed in your effort, you may not find value. However, if you are low on IT resources, or want to streamline these resources, then cloud computing makes sense. In the Cloud, the servers are maintained, either through managed services, or the vendor that is offering the QMS solution. This reduces the overhead of server maintenance, upkeep, and similar functions that you really can afford not to worry about.
4. Security: When we first started to see cloud computing being offered several years back, security was one of the most prevalent concerns. After all, data is power and putting your data in the hands of others, those not related to your business, is a risky concept. Concerns have waned in the past few years, and more and more companies are looking at this a little differently. However, you want to make sure you understand your cloud security when you start down this path. Especially with Quality and Compliance - process and product information is very critical to the business, and needs to be protected. Consider these items:
- SOC 1 Type II Compliance: This is an operating procedure for service organizations that ensure that they are operating efficiently and have internal controls in place to mitigate any risks within their service. This could include, redundancies and backups, encryptions, firewalls, and uptime. This is important, because you want to make sure that the cloud provider is taking steps to ensure there are no breaches or security risks.
- TrustE Certification: This is a certification that a provider or vendor will need to adhere to to ensure that they are maintaining policies and procedures and that information collected or stored is kept within privacy standards, either by their organization or the market. This is important, especially for a QMS that operates in the cloud, to ensure that any personal information is kept private and secure.
- US/EU SafeHarbor Certification: This is another regulated certification that protects privacy and data. It is predominantly used in conjunction with EU Laws, but also applies to the US. It helps to protect privacy data, and ensures that your data is continually protected.
- ISO 27001 Certification: Ah...an ISO standard - this is the ISO standard for Information Security Management. It ensures that the vendor or provider has processes and procedures in place that protect data, maintain security and operate in a manner that is protecting data and mitigating risk. A vendor that is 27001 certified means they run a "tight ship" when it comes to data protection and security.
There are plenty of other security features and functions, but those are some to help illustrate the point that, with all this protection in mind, security if becoming less and less of a challenge to entering the cloud.
Lastly, I want to illustrate what the different type of cloud computing options are out there - to clear up the cloudwash, so to speak. Many companies will say they are "cloud" simply because it is trendy and they are really just hosting your applications in a server closet somewhere in their offices. This is not cloud, it's important to understand what there is out there:
1. Software as a Service (SaaS): This is a subscription service, whereby you don't actually purchase a QMS; you purchase the rights to use it on a monthly or annual basis. Most often SaaS is hosted in a cloud, to reduce overhead for the vendor and pass the savings on to the customer. It comes in two flavors - Multi-tenant, and dedicated. I've covered this before, so read here for an opinion on that, but multi-tenant means that you are sharing the applications with other customers on a shared, but protected environment. Dedicated means that you have your own slice of the cloud, and your system is not shared - you get your own virtual environment to use as you wish.
2. Private Cloud, or Cloud Hosting: This is not subscription-based, but hosted. You purchase your QMS, and then host it up in a private cloud environment. The benefit is that you are making the investment in a solution, but not in the costs associated with maintaining that solution. This typically works for organizations that want the solution, but can't support it right now from an IT standpoint. They may one day bring it back in-house, but the private cloud helps them to have their QMS and use it without bogging up the IT Server room in their building. Another flavor is the Public Cloud, which is a similar dynamic where you're buying the solution, but it is hosted on a shared cloud infrastructure. Again, you are owning the solution, but are subscribing to use the infrastructure.
3. Additional Cloud-Based Services: Another concept, or add-on to these types of clouds is the managed services. This is typically services that are added in addition of the traditional IT maintenance to cover more application-specific tasks associated with the QMS. This can be remote administration, remotely adding new features for the client, and application-specific tasks that aren't related to keeping the system up and running, but are related to administering the QMS. Companies like this, because in addition to taking the IT administration off their plates, they are also taking the application administration and outsourcing it. This way, all they really need to do is come to work, open their browser and starting operating in the business of Quality - nothing else.
So that's a cloud-crash course, at least for Quality Management. I know I didn't get into the specific processes within Quality Management that lend itself to the cloud, but the graphic below helps to illustrate. Essentially, Document Control, Corrective Action, Employee Training, Audit Management, Reporting and others all have major benefits to being in the cloud:
So, know your forecast when you look to move to the cloud - remove the "cloudiness" and pick the solution that works for you. Do your homework, and you can eliminate much of the overhead around you to simply plug into the system and start automating Quality!