Many organizations are considering moving some or all of their applications and systems to the "Cloud." This applies to both productivity and mission critical business processes including compliance programs specifically those that support Environment, Health, Safety and Security (EHSS).
When the phrase, "moving to the cloud", is used it can mean different things. Often, it refers to moving existing applications and systems to a cloud provider to host them. The primary motivation and outcome for doing so is cost reduction.
However, moving to the cloud can mean more than simply changing the location of servers. It can also mean using applications built specifically for the cloud and what is known as "Software As A Service" or SAAS. Using these services can change how applications are used, data ownership, and the ability to integrate to existing productivity and mission critical systems. All of these can impact EHSS outcomes.
In general, SAAS offerings are designed to provide a set of capabilities for a single purpose that can be used by many users (subscribers). The offerings will tend to have the following characteristics:
Used for a single purpose - does one thing well (best in class)
Can be used by multiple subscribers (tenants)
Uses a single code base that is continuously updated - no concept of versions
Cannot be customized (i.e. you cannot change the software)
Supports limited integration capabilities - integration is usually with other cloud based services if they exist at all. Integration with on-premise systems are usually not supported.
Offers some configurability - since the software cannot be changed, configuration must be built into the application which is often traded off against new features.
Data storage and partitioning is shared - your data may be stored in the same database as other subscribers, may reside in another country, or could be accessible and used by the service provider.
While traditional enterprise software will tend to have these characteristics:
Used for multiple purposes - can do many things and used in different ways
Often supports customization
Provides extensive configuration capabilities
Provides integration or a framework for third parties to develop integrations with other enterprise solutions
Data is stored locally and usually accessible directly or through published API's
EHSS applications reside somewhere between productivity and mission-critical processes depending on how compliance is viewed. Using this distinction can help understand the impact moving to the cloud has on EHSS systems.
First of all, mission-critical processes and systems will likely remain on premise due to the high levels of customization estimated as 60% of the software solutions deployed today.
Keeping EHSS applications on-premise may be necessary to achieve greater data integration with other compliance and mission-critical systems. However, in many organizations EHSS applications tend to be independent applications and may not have deep integrations with other systems. In these cases, SAAS offerings, which demand a consistent approach, may be seen as a benefit from a regulator point of view.
Moving to the cloud may help provide a standard user experience which could result in: a reduction in training, greater process adoption, and reduced variability in how compliance is followed. These benefits could also be achieved by implementing application suites from a single vendor or through better integration.
Organizations are also looking to transfer some risk to the SAAS provider. However, regulations may limit how much of the safety risk can be transferred to third parties. Moving to the cloud will have implications for compliance data specifically related to data residency and ownership. Transferring control of compliance data may expose companies to unacceptable risk.
Moving to the cloud can also serve as a catalyst for improvement and establishing a more effective compliance platform. A process improvement initiative could achieve the same benefits.
There are other factors to consider such as: service level agreements, vendor lock in, hybrid architectures, and so on. Organizations will need to look carefully at how compliance outcomes change as a result of moving to the cloud. The first step, and one that could generate immediate benefits, is to start with improving your existing process first.
Plan-Do-Check-Act Questions:
How will your compliance process outcomes change by moving to the cloud?
What ways do these improve or advance the compliance program?
In what ways could compliance programs be simplified by moving to the cloud?
Are data ownership and residency issues properly addressed?
What steps can you take to better understand and prepare moving your compliance process to the cloud?