ISO TS 23535:2022 pdf download.Health informatics — Requirements for customer-oriented health cloud service agreements
4 Cloud computing in health and healthcare
4.1 Cloud computing in hospital
Cloud computing has been adopted in many domains. Hospital IT experts are seeking cloud services that correspond with characteristics of hospital operation. Health cloud providers should deliver services that match the demands particular to the health/healthcare industry. Hospital IT systems perform complex functions that protect patient safety and provide timely data required by healthcare practitioners. Because such systems normally operate non-stop, system stability is a critical factor. Due to the integration of various devices and hospital information systems, system sustainability is important. Healthcare service is disrupted in the event of a system breakdown. It is thus important to have stable systems as they have a direct impact on all connected equipment and devices.
4.2 Gap between
CSC’s expectation and CSP’s solution An important factor to consider is predictability and preciseness of the services provided by the cloud service provider. There is likely to be a gap between the expectations of a hospital as a cloud service customer and the solution offered by a cloud service provider. First, the gap can originate from the difficulty in specifying detailed requirements/characteristics from the customer to the cloud service provider or operator. Second, it can also come from the highly abstract characteristics of cloud computing, which makes it difficult to translate into functional units. And third, the range of responsibilities to be defined when implementing health cloud services can easily be unclear due to the lack of common criteria between cloud service customers and providers.
These factors make it difficult to construct and put in action the measures in the event of accidents (incident recovery scenario). A list of agreements, as detailed as possible, is required to eliminate the ambiguity of the range of responsibilities. Fourth, services provided by multiple providers are not easy to compare or evaluate one against another while applying the same criteria. Fifth, it is difficult to ascertain all the facts of those services available in the real-world environment. Sixth, service contacts are not time-bound; service termination and renewal with new service details can happen over time, creating complex problems such as data security and migration. Overall, the key to successful implementation of health cloud services lies in the establishment of clear criteria between hospitals and cloud service providers (Figure 1).
A CSA defines basic common agreement requirements from the customer’s perspective. Conceptual- level agreements are specified in detail to enhance understanding of service functions. General criteria of health cloud services are presented so that the customer can use the CSA in comparing and evaluating services from various providers. A detailed description of the CSA is expected to clarify the range of duties and responsibilities of the provider and the customer. The CSA is applicable to various cloud service models, such as SaaS. This document specifies general requirements, regardless of the service models in view. An example factors in a CSA to be considered are shown in Figure 2.
5 CSA for health and healthcare
5.1 Roles and responsibilities
5.1.1 Cloud service customer
5.1.1.1 General
Service customers are parties that are in a business relationship for the purpose of using the cloud.They are cloud service users, cloud service administrators, and cloud service business managers.
5.1.1.2 Cloud service user
A cloud service user engages in various activities that include the services provided by the cloud service provider. The user credentials are authenticated by the cloud service provider and the user is granted access to the cloud service.
5.1.1.3 Cloud service administrator
A cloud service administrator is responsible for overseeing the operation of the customer’s use of the cloud services and all operational processes associated with the customer’s existing ICT systems. To ensure effective administration of the services, the cloud service administrator can engage in the following, but not limited to, activities:
a) Trial execution of the service: the cloud service provider’s service may be used as a trial to check its suitability for the business needs of the customer. The trial is initiated with mutual agreement and understanding between the cloud service provider and the customer.
1) The cloud service administrator may collect user credentials to the cloud service provider for trial services.
2) The service is tested to see if it fits the business requirements.ISO TS 23535 pdf download.ISO TS 23535 pdf download