Assuring Data Integrity and Data Privacy Compliance when using Software-as-a-Service (SaaS) in the Life Science Sector

From the Editor-in-Chief:

This paper was part of Dublin Institute of Technology Regulatory Science Team requirements for granting the MSc. degree to Eliane Veiga.  Congratulations, Eliane!  Congratulations also to Dr. Nuala Calnan and Dr. Anne Greene of DIT!


Data integrity (DI) and data privacy (DP) challenges have received increased regulatory attention in recent years. When considering GxP applications, a robust approach to risk-based computerized system lifecycle management requires well-defined processes, use of a qualified infrastructure, validated design and deployment of software, qualified personnel, rigorous change management and version control.  With the increased adoption of cloud-based applications in the life science sector, cloud computing solutions such as Software as a Service (SaaS), offer many advantages including enhanced cost-effectiveness, ease of implementation, and flexible, highly scalable platforms.  However, assuring data integrity and data privacy in the cloud requires a well-informed, proactive approach by the regulated organization in planning and maintaining control of their data once it is hosted on the cloud provider’s site. This paper aims to examine the current regulatory expectations from the prospective of both data integrity and data privacy and proposes that when it comes to cloud computing, the most powerful tool organizations possess to assure data quality and security lies with their third party supplier contracts. 

1. Introduction 

Recent developments in technology and communications have led to a whole range of new cloud computing IT models, which are transforming the way by which global business is transacted. Curiously, SaaS as a business model has been available since the 1960s when it was referred to as a ‘time sharing system’ (Bratten, 2012). However, more recently it has become known as a method of software delivery where a third-party provider hosts an application which enable consumers to work and access their data using a variety of different technologies connected to the internet, from a variety of different locations (Singleton, 2018). SaaS solutions eliminate the need for companies to manage their applications across their own device network and also reduces the burden of managing their growing data volumes in their own data centers. This offers companies an opportunity to eliminate the high-cost of hardware acquisition, maintenance, software licensing, installation and in-house technical support (Rouse, 2018). 

With the transition from traditional paper-based, manual records towards electronic systems, the GxP sector has been facing new and emerging data compliance challenges and has seen a rising number of regulatory actions taken by the international medicines regulators, primarily focused on data integrity. More recently, regulators and governments have become progressively vigilant regarding data security and personal data protection.  With commercial transactions increasingly taking place across the internet the risk of hacking is now ever present.

In Europe, protection of data privacy is now regulated under the General Data Protection Regulation (GDPR), which came into force on the 25th May 2018.  

This content is only available to IVT members.
Get help maintaining your knowledge in Software Design & Validation. Read More!

If you are already a member and you do not have access to this article, upgrade your membership.
Need help? Read our FAQs.

Product Added Successfully

This product has been added to your account and you can access it from your dashboard. As a member, you are entitled to a total of 0 products.

Do you want access to more of our products? Upgrade your membership now!

Your Product count is over the limit

Do you want access to more of our products? Upgrade your membership now!

Product added to cart successfully.

You can continue shopping or proceed to checkout.