FDA's Trusted Cloud Platform
By Todd Simpson, Chief Information Officer, FDA
Data submission and data sharing at the FDA is as complex as it is unique. Data sharing and collaboration was more of a challenge in the past, but with the advancements in digital technology and transformation towards cloud adaption, FDA has increased its ability to support the critical components of our mission.
The FDA, in conjunction with the Department of Health and Human Services (HHS), had several reasons to expedite the transformation and adaption of leading-edge offerings in the cloud arena. While the need to identify IT innovation and transformation was ramping up, the work of adopting cloud assessments, sponsorship of government FedRAMP, internal agency-wide security assessment, and authorization (SA&A) process was becoming incredibly resource intensive. It also demanded that leadership strategically establish a dedicated team that would not only consider the business requirements and its cloud availability, but also anticipate its system and security needs well in advance. This team would need to ensure that the cloud adaption and transformation process is seamless for the FDA staff as well as compliant with Office of Management and Budget (OMB), Department of Homeland Security (DHS), National Institute of Standards and Technology (NIST), HHS, and FDA requirements.
FDA’s trusted cloud platform offerings have resulted in the implementation of applications enabling a digital transformation for the agency
The FDA embarked on a journey to establish an agency-wide trusted cloud platform. This platform is comprised of a multi-cloud services platform that provides a range of offerings to meet the cloud resource needs of all FDA customers, including staff, and external firms. The goal of this platform is to advance data analytics in order to process fast and efficient quality metrics in direct support of its public health mission.
FDA’s trusted cloud platform is a cloud-based brokerage model complete with a chargeback model, service-level agreements, and security brokerage model. FDA’s trusted cloud platform offerings have resulted in the implementation of applications enabling a digital transformation for the agency.
The FDA began development of this trusted cloud platform in October of 2015 shortly after releasing the agency’s strategic plan for information technology. The strategic plan set milestones for cloud entry at the FDA. Much of the drive came from a need to stabilize and modernize the infrastructure and set the foundation for an aggressive push toward agile development, micro-services implementation, and ultimately, digital transformation. It was very difficult to discuss and plan disaster recovery options or address system interoperability without a pathway into the cloud.
The trusted cloud platform, consisting of a public and private cloud, is built around six cloud service providers (CSP) which offers many combinations of infrastructure as a service (IaaS), Platform as a service (PaaS), and software as a service (SaaS). The trusted cloud platform has resulted in the successful delivery of applications across different offices within the agency.
The Center for Drug Evaluation and Research (CDER) and Event Data Management (EDM) system are few of the newest capabilities that have been offered using the trusted cloud platform. It has further allowed ingesting, validating, storing, publishing, and managing of pharmaceutical industry-submitted data related to drug manufacturing events. The production system currently uses 11 cloud instances. The number of concurrent connections and types of data varies with each event data use case; till date we have received approximately 227 drug shortage submissions, which were historically executed in a manual fashion. Additionally, FDA has deployed an efficient bi-directional communications system enabling FDA to fulfill its medical counter-measures mission of providing emergency use of investigational medical products during any emergent health situations using a backend cloud service. FDA has also worked with HHS to sponsor the first library system FedRAMP application for a recently implemented cloud-based SaaS solution that replaced several stand-alone vendor hosted client/server applications. Lastly, FDA has begun to migrate to email as a service (EaaS) in the cloud. Use cases like these are accelerating our infrastructure stabilization and consolidation efforts.
All of our work on the trusted cloud platform in recent years has helped our agency’s journey towards a digital future for all of our customers— internal and external. We look forward to continuing this journey to ensure our IT activities support our public health mission.