Cloud Based Document Management Pilot at the FDA
By Todd Simpson, CIO, FDA
Cloud based document management (DM) systems hold a great deal of potential for increased functionality and substantial cost savings. Agencies have undergone a paradigm shift in the last decade and are now relying heavily on electronic documents and integrated workflows that route electronic documents through their approval process instead of hard copy and inter office mail routing. This business process shift has been data center and storage space intensive as these business process improvements have been implemented more widely across the government. Organizations are looking at having to procure 100s of TBs of disk space to store these electronic documents or records in their data centers. This storage increase requires additional resources at the data centers such as, storage hardware, rack space for the hardware, backup systems to preserve the data, additional cooling to offset the new hardware, electricity or power to run all that new hardware and of course support to maintain it. Continuity of operations (COOP) requires Agencies to not only cover the initial storage space to hold the documents but duplicate storage space to hold hot backups of that data in a COOP site. Cloud based DM systems would eliminate the need for that duplicate storage at the COOP sites and minimize data center storage loads.
At the FDA, we conducted exhaustive market research and internal technical evaluations to select the DM product which we believe will best support our mission as a federal agency. We are currently working on a prototype to evaluate an enterprise document management solution in the cloud. We are designing an enterprise content collaboration platform that allows users to securely share files and collaborate with both internal and external users. The platform will allow FDA to implement the necessary security controls for data loss prevention and regulatory compliance. Also, the enterprise platform has been carefully designed to be flexible for future custom integrations with other cloud providers and on-premise platforms. The Chief Technology Officer’s (CTO) office is conducting an expanded series of proof of concept tests to validate this solution. The initial wave will include select FDA staff within its Information Technology office to determine the necessary infrastructure configurations.
Agencies have undergone a paradigm shift in the last decade and are now relying heavily on electronic documents and integrated workflows
Depending on the outcomes we envision a follow on wave where FDA Center participants will be added to further test the use-cases and business scenarios. During the course of the pilot, the project team will be soliciting and closely monitoring the feedback received throughout the testing period. The feedback obtained will be used to measure the platform against predefined success criterion. Furthermore, the project team will be looking to identify any additional use cases. The current use-cases that we will be examining include:
The DM system will enable FDA users to collaborate with both internal and external users while ensuring that all collaborators are using the right version of a given file. The platform also has built in version control functionality to track changes and preserve older versions of documents and files. Feedback within the collaboration project can be captured in the context of the workload being shared, and alerts and notifications can be configured to keep collaborators informed of progress and changes.
The DM system will allow users to set up secure workspaces for file sharing. Multi-level security features will allow data owners and system admin to apply access rights and permissions by user profile. The security tools available within the DM system will provide mechanisms to monitor access and usage of content.
The DM system will provide light weight REST API’s that can be used for external integration with the product. While the pilot will not include any integration that requires custom development, it is intended that during the pilot the DM system will be integrated with applications like the Microsoft Office Suite and SharePoint.
The DM system will support mobile applications so documents can be accessed from any approved mobile device. Security controls will prevent data leaks if the device is lost or stolen. We will be examining how this DM system will integrate with the current Choose Your Own Device (CYOD) initiatives and Mobile Device Management (MDM) strategies at FDA.
After all waves are complete, we will evaluate the results of the pilot and adjust our approach for the DM solution with the intent to provide cloud based content management as a service offering. A limiting factor is the Federal Risk and Authorization Management Program (FedRAMP) medium certification which some cloud DM providers hold. This limits the types of data Federal organizations can store in the public cloud. Documents and data that include trade secrets, personally identifiable information (PII) data, national security information, etc. will have to wait until public cloud systems are authorized for FedRAMP high. Once cloud systems are certified FedRAMP High, we’ll be in a better position to take advantage of public cloud based solutions.