No time to read now?
-> Download the article as a handy pdfList of contents
Truly Risky Vendors
What if Google stopped working?
Martti Ahtola | Jun 27, 2022
What happened?
Back in March, the importXML function in Google Apps Script stopped working. Now you might be thinking something along the lines of “What does that mean? Whatever it is, sounds very minor.” For most of the population that is true, but if you are using Google’s suite of tools like Sheets, Docs and Forms for work and you have automations set up, this is a major thing. importXML function is used to scrape data from a website. Most people have heard about HTML but XML might be a bit stranger term at least when it comes to websites. In simple terms, HTML is used to present data on a website and XML is used to transfer data. In simple web scraping, XML is used to transfer the data from the website to somewhere else, for example a Sheets table. Google Sheets and importXML is one of the easiest ways to start automated web scraping for someone who has not done it before. There are dozens, maybe hundreds, of tutorials and blog posts about the topic. It is a great way to start because it just simply works – except now.What caused it?
After banging my head against the wall for a better part of a workday and running several tests including colleagues and external help, I luckily found a post on Google’s support page where other users had started to complain about the same issue. Some users were saying that they had never seen such a long outage of a Google service and others were already cooking up conspiracy theories about servers in Ukraine. Mainly people were just frustrated, even though Google had acknowledged the issue and had posted updates promising an update to fix the issue in a few days. While originally writing this post, the issues still persisted but I was quite sure that all of the automation would be running normally soon and the issue was fixed within a few days. The situation got me thinking of alternative solutions to Google and process transferability in general.Is DIY better?
Wouldn’t it be better to just develop our own scraping and automation solutions from scratch? If we would do everything ourselves, we wouldn’t need to worry about relying on anyone else to fix the issues, limit the solution to specific scripts or worry about customers who link the name Google to lack of privacy. The thing is, that Google, and the alternatives such as Microsoft and Amazon, provide tools that are super easy to use and are used every day across industries. All of them offer a suite of software that can be used to build products, services, and processes. There is a whole industry of consulting how to use the professional solutions offered by Google, Microsoft and Amazon and there are several companies whose own products are fully built using just these tools from someone else’s toolbox or on top of them. It makes little sense for an individual developer or a start up to build their own version of Google Sheets or start hosting servers in the closet when there is a fully functional solution available for free or for a small additional fee to what they are already paying, ready to be used after spending a few minutes with the subscription. Developing and hosting your own software becomes very expensive and extremely slow, unless you have large staff and big pockets full of money. That means expensive services and products, that are probably worse than the competitors’, because all the money was spent on laying the foundation instead of building new features.How to validate the likes of Google or Microsoft?
If you are a pharmaceutical company or a healthcare service provider, you will eventually run into the term “validation” (or computerized system validation, CSV) in the sense of making sure that some software is okay to use. To be blunt, most people do not know what validation means, they just know that it needs to done. And that is completely fine, because validation is actually one of those things where legislation and guidelines really do not say , considering how much time and effort is spent across the pharmaceutical industry on validation. There are no clear industry standards about what needs to be validated or guidance on the process that needs to be followed. Often irrelevant legislation or guidelines are referred to when a pharmaceutical software is advertised to be “validated”. So how is this related to Google, Amazon Web Services or Microsoft Office or Windows? Well, by a rough estimate, there is only a handful of companies in the pharmaceutical industry that do not use Microsoft Office (Outlook, Word, Excel and so on) to handle their day-to-day business. On the other hand, my wild guess would be that the portion of companies who have done a serious validation on Microsoft Office is also not that close to 100%. What I mean with serious, is going all the way and checking the user requirements, looking at the company background, doing testing against the requirements and setting up plans for risk management and lifecycle for the software. I mean how are you supposed to perform qualification assessment on the world’s biggest companies? The tech support from Microsoft or Amazon is probably not going to answer your qualification assessment questionnaire, even if you ask them nicely and already pay them thousands of dollars annually. Nor are they going to appear on your vendor audits. But you have to have some sort of validation documentation done to be compliant with your quality management system and that is what most companies probably end up doing: just filling up the documentation for the sake of the documentation.The risky vendors
Like any company in the pharmaceutical industry, Tepsivo has performed qualification assessment on Google, Microsoft, and Amazon (and other tech industry giants). And honestly, filling in the documentation was a bit of “ha ha” exercise. Firstly, because of our slightly ignorant attitude that it is a bit pointless to fill in information about companies that are household names and such a huge part of the collective consciousness. Secondly, if you have in your qualification assessment questions about legal issues, security breaches or company employees having ties with government officials, comic elements start creeping in when you start googling information about these companies. (Should you rely on Google when performing qualification assessment on the company? Or can I used Word when I fill in the questionnaire about Microsoft?) It is an understatement to say that all these companies have had legal issues. Industry defining legislations have been implemented just to prevent other companies from copying the illegal activities these companies have performed. All major companies have had security issues because they are main targets (besides government) for hackers. And when you have hundreds of thousands of employees and contractors globally, someone is either closely related to a government official or have left their executive position to pursue a political career. All this should raise the risk score at least a bit.Conclusion
It is unlikely that we will stop using Outlook to answer our customers’ emails. And we are still going to rely on the great Google services for building quick tools and apps and use Amazon Web Services to run our virtual machines. But we are also going to keep performing validation of these systems even if it seems like waste of time and we are going to keep their vendor risk scores high even if it seems unlikely that we’ll get them to answer our due diligence and audit questionnaires.Did you like the article? Share with your network!
…or tell us your opinion.
Follow our newsletter!
Keep up with industry trends and get interesting reads like this one 1x per month into your inbox.…or just get notified through our RSS feed 
Learn more about Tepsivo
We deliver modern PV solutions to fulfill your regulatory needs using less resources. See how we do it >
0 Comments