Compliance in the Cloud: Maintaining Control When Moving to Cloud-Based Hosting: 2-Day In-person Seminar

By: Sean Develin, Director, DevRose Systems Ltd.
Coming soon.. Please contact customer care for new schedule

We need the below information to serve you better

Course Description:

Are you considering moving your data into the cloud, but are worried about compliance issues and loss of control? Would you like to benefit from outsourcing critical IT infrastructure while maintaining confidentiality, integrity, and availability of your data? You are not alone. The good news is that even heavily regulated industries can move into the cloud so long as it is done and maintained in a properly documented and controlled manner.

This cloud compliance seminar will provide an overview of the steps necessary to transition in – and out – of cloud-based hosting while maintaining control over your data. It will cover the concept of “the cloud”, its risks and benefits, and the necessary controls to ensure confidentiality, integrity, and availability of your data. Control frameworks will be assessed, including ISO 27001: 2013, SSAE 16, FDA-compliant quality systems and 21 CFR Part 11. An emphasis will be placed on controls including contracts/Service Level Agreements, usage policies, proper vendor selection, and auditing and inspections.

This seminar is a combination of presentation and workshop designed to leverage the expertise of the instructor and the attendees. Attendees of the seminar will receive a toolkit to assist in cloud vendor management.

Learning Objectives:

Key goals of this course are:

  • To provide an understanding of the risks and benefits of moving regulated operations into the cloud
  • To effectively mitigate risks through vendor selection, contracts, auditing, monitoring and exit strategies
  • To meet/exceed regulatory expectations and to ensure the organization is prepared for inspections
  • The course will focus on the following key aspects of cloud based compliance:
    • Vendor Selection
    • Quality Systems
    • Security
    • Certifications
    • Contracts
    • Auditing
    • Implementation
    • Decommission
  • To discuss key case studies of litigation and enforcement
  • Attendees will be prepared to select and manage a cloud hosting vendor

Who will Benefit:

  • IT Professionals
  • Systems Owners
  • Quality Auditors
  • Compliance Officers
  • QA Professionals
  • Regulatory Affair Personnel
  • Compliance Consultants
  • Risk Managers
  • Chief Security Officers (CSOs)
  • Chief Technology Officers (CTOs)
  • Security and Control Professionals
  • Senior Management

Course Outline

Day One (8:30 AM – 4:30 PM)
Registration Process: 8:30 AM – 9:00 AM
Session Start Time: 9:00 AM
Welcome and Introductions (30 Minutes)
  1. Understanding the Basics (1 Hour)
    1. What is the cloud?
      1. Concepts and Technology
      2. Risks and Benefits
  2. Risk Assessment (1 Hours)
    1. C-I-A
      1. Confidentiality
      2. Integrity
      3. Availability
    2. Risks
      1. Business
      2. Regulatory
  3. Selecting a Vendor (2.5 hours)
    1. Identifying the field
      1. Capabilities
      2. Locations
      3. Certifications and claims
    2. Requirements
      1. Gathering without vendor input
      2. Turning requirements into unweighted questions
    3. Request for Proposal
      1. Format and submission
      2. Evaluating responses
      3. Vendor demos
      4. Final selections
  4. Auditing and the Contract (2.5 hours)
    1. Qualifying Audit
      1. Importance and timing
      2. Logistics
      3. Areas of importance
    2. The Contract
      1. What it should contain
      2. When it should be signed
      3. As a basis for routine surveillance audits
Day Two (8:30 AM – 04:30 PM)

Welcome (15 Minutes)

  1. Control Frameworks (3 Hours)
    1. Quality Systems in general
    2. SSAE 16
    3. ISO security standards, including 27001:2013
    4. 21 CFR Part 11
  2. Implementation and Migration (2 hour)
    1. Qualified infrastructure
    2. Software Validation
    3. User Acceptance Testing and Performance Qualification
  3. Monitoring (30 minutes)
    1. Performance
    2. Change Control
    3. Supplemental audits
    4. Remedies
  4. Decommission and Archive (30 minutes)
    1. Exiting for cause - safeguards
    2. Planned exit
    3. Data Archival
    4. Data scrub
  5. Litigation and Enforcement (30 minutes)
    1. Key cases
    2. Takeaways
  6. Conclusion/Wrap up session (30 minutes)

Meet Your Instructor

Sean Develin
Director, DevRose Systems Ltd.

Sean Develin is the co-founder of DevRose Systems, a UK-based consultancy delivering IT governance and infrastructure and regulatory compliance solutions to companies worldwide. Between 2009 and 2010, he helped launch the MUSA Validated Cloud, one of the first GxP compliant private clouds available to the Life Sciences industry. Mr. Develin’s expertise includes validation, auditing, and vendor management. He is an adjunct faculty member of the Temple University School of Pharmacy and is completing his J.D. at Widener University School of Law.


Raleigh, NC (Venue to be announced shortly)

October 9-10, 2014
Register Online

Register Online

Get the Invitation
Pre-Register yourself and get the official Invite when venue and dates are announced for this seminar.
Call here to register +1-1-888-771-6965 or email at

Group Registrations

Send Your Team for Maximum Benefit Get your team up to speed!

Significant tuition discounts are available for teams of two or more from the same company. You must register at the same time and provide a single payment to take advantage of the discount.

  • 2 Attendees
  • 3 to 6 Attendees
  • 7 to 10 Attendees
  • 10+ Attendees
  • -
  • -
  • -
  • -
  • Get 10% off
  • Get 20% off
  • Get 25% off
  • Get 30% off
Call Toll Free +1-1-888-771-6965 if you have any queries.

Register by Wire Transfer

If you wish to pay by wire transfer: Please call us at
Toll Free +1-1-888-771-6965

Download Registration Form

Yes, I want to attend "Compliance in the Cloud: Maintaining Control When Moving to Cloud-Based Hosting: 2-Day In-person Seminar"
Click here to Download Registration Form
If you are paying by check:
Checks should be payable to MetricStream Inc. (our parent company). and mailed to:
2600 E. Bayshore Road
Palo Alto, CA 94303

Terms & Conditions to register for the Seminar/Conference/Event

Your Registration for the seminar is subject to following terms and conditions. If you need any clarification before registering for this seminar please call us @ +1-888-771-6965 or email us @


Payment is required before 2 days of the date of the conference. We accept American Express, Visa and MasterCard. Make checks payable to MetricStream Inc. ( our parent company)

Cancellations and Substitutions:

Written cancellations through fax or email (from the person who has registered for this conference) received at least 10 calendar days prior to the start date of the event will receive a refund — less a $200 administration fee. No cancellations will be accepted — nor refunds issued — within 10 calendar days from the start date of the event.

On request by email or fax (before the seminar) a credit for the amount paid minus administration fees ($200) will be transferred to any future GRC Seminars event and a credit note will be issued.

Substitutions may be made at any time. No-shows will be charged the full amount.

We discourage onsite registrations, however if you wish to register onsite payment to happen through credit card immediately or check to be submitted onsite. Conference material will be given on the spot if it is available after distributing to other attendees. In case it is not available we will send the material after the conference is over.

In the event GRC Seminars cancels the seminar, GRC Seminars is not responsible for any airfare, hotel, other costs or losses incurred by registrants. Some topics and speakers may be subject to change without notice.

Attendance confirmation and Documents to carry to the seminar venue:

After we receive the payment from the registered attendee an electronic event pass will be sent to the email address associated with the registrant before 5 working days from the seminar date. Please bring the pass to the venue of the event.

Conference photograph / video:

By registering and attending GRC Seminars conference you agree to have your photographs or videos taken at the conference venue and you do not have any objections to use these photos and videos by GRC Seminars for marketing, archiving or any other conference related activities. You agree to release GRC Seminars for any kind of claims arising out of copyright or privacy violations.

Media Partners

If you wish to partner with us for this event please contact us: or call us: +1-888-771-6965.
Media Partner Benefits
  • Logo and company data on the event website.
  • Logo on the conference material distributed during the conference.
  • Media Partner’s brochure distributed along with conference material.
  • Logo on all the mailings before and after the event.
  • 10% discount to media partner's subscribers.
Media Partner to do
  • Banner (min 728x90 or 468x60) on the Media Partner website.
  • Insertion of the event in the event calendar, both printed and/or online.
  • Announcement article of the conference on the Magazine and/or Website.
  • Dedicated email blast to all subscribers of Media Partner.
  • Article on the Magazine and/or Website after the conference.


If you wish to sponsor this event please contact Ben Hobbs: or call us: (650) 620-2941
Coming Soon...