11 May 3 Requirements to power GP in the Cloud the Compliant Way
In May, Dynamics GP 2016 was released as the most web enabled version of GP yet. This post will cover the 3 main categories of compliance requirements that need to be addressed to power GP in the cloud:
- Physical Requirements
- Human Requirements
- Expertise Requirements
These requirements must be fulfilled in order to power GP in the cloud in highly regulated markets and industries. Scroll down to see these items explored in detail.
If your curious about info on GP 2016’s enhanced cloud performance, check out this article on the GP 2016 Web Client.
Why go cloud with GP Now?
With the new GP HTML5 Web Client released in Dynamics GP 2016 in May, GP has become a more cloud-friendly app. The HTML5 interface allows existing users to power GP in the cloud more easily and allows new customers to quickly launch a flexible management solution with anytime-anywhere access, from any device. While it may be simpler to get GP online…
How simple is it to power GP in the cloud for compliance?
It is true that the new version of GP is more agile than it used to be. However, organizations regulated by SOX, HIPAA (HITECH), FDA and other common regulatory mandates are still responsible for implementing the necessary compliance controls in order to power GP in the cloud.
The simple way to power GP in the cloud for compliance is to go cloud through a provider who delivers full-service hosting for Great Plains software and compliance. With the right provider the necessary compliance controls will already be in place and software licensing is simplified as well.
Whether you choose to deploy GP in the cloud through an experienced cloud partner or not, the following three requirements must be fulfilled in order to power GP in the cloud and protect compliance and governance from risk.
1. Physical Requirements
Data centers that meet the physical security requirements of SSAE 16 audits are the foundation of a compliant cloud for Sarbanes-Oxley (SOX) and other regulatory guidelines. Physical security of a data center is assured through SSAE 16 SOC 1 Type II certification, an audit process that ensures financial data is stored in an audit-ready environment with necessary data security, availability, processing integrity, confidentiality and privacy. Learn more about physical cloud security for SOX cloud compliance.
Other physical requirements such as whether you deploy your solution in a dedicated or multi-tenant server depend on your specific requirements. Dedicated servers offer a higher level of security and flexibility, but both models are capable of supporting compliance for most mid-sized organizations.
While public cloud platforms like Azure offer flexible infrastructure, they are not full-service hosting providers, so public cloud offerings don’t include application-readiness and compliant infrastructure for cloud based GP online.
Don’t miss the compliance video below, “Why should I care about compliance?”
2. Human Requirements
While the physical requirements are an important first step to power GP in the cloud and stay compliant, compliance is also about people and processes. When selecting a cloud provider to power GP in the cloud for your business, it is important to select a Dynamics GP hoster with a high customer retention rating and a reputation for a service-first approach.
When you need audit reports in a timely manner, you need to know that your provider ensures your compliance through a set of documented processes and published policies regarding change management, security and back-up & restore. Further, you need to know that documentation can be produced to verify all compliance protocols are maintained by the cloud provider and working effectively. Learn more about change management for SOX cloud requirements.
3. Expertise Requirements
Accountants + Engineers = a better cloud
To power GP in the cloud you need experts, not only in cloud computing, but you also need experts in Microsoft Dynamics GP with a background in consulting. While many cloud providers can host GP software on their servers, few have the necessary background in Dynamics GP implementations to collaborate effectively with your Dynamics GP partner or your ISV application providers.
That’s not to say that expertise in cloud architecture isn’t critical to compliance. When it comes to protecting your data from hacking, viruses or other threats, you want cloud experts in your corner with a proven ability to provide the necessary logical access security to satisfy any compliance rules that apply to your Dynamics GP system. Learn more about logical access requirements for SOX cloud compliance.
Of course, when you have investors, the enterprise and regulatory agencies to answer to on a regular basis, you need to know that your data is accessible where a when you need it. It’s also important that your provider is accustomed to working with auditors as well as corporate governance officers.
System availability is obviously a critical component to going cloud with GP. Staying compliant means Dynamics GP is always on, so an expertise in cloud architecture with repeatable uptimes above 99.95% is a must. It is also a good idea to be sure your uptime is guaranteed by a financially backed service level agreement and supported by quick responses to any support request.
Why Should I care about compliance if I’m not public?