Software validation is an essential, mandatory process for any life sciences company seeking to deploy enterprise software to manage any cGxP process or global predicate rule requirement. The ultimate goal of software validation is to help ensure confidence that systems are installed and functioning according to their intended use and that there is documented evidence to confirm it. Validation requires rigorous procedures to provide governance for the overall process and must be implemented and executed by those who have the requisite training to carry out such procedures. Validation is also governed by regulatory bodies including the U.S. Food and Drug Administration, EU Annex 11, ISPE GAMP 5, IEEE 1012:2016, Pharmaceutical Inspection Convention/Co-Operation Scheme (PIC/S Guidance) and many others which provide regulatory mandates, procedures and best practices to support computer systems validation for today’s regulated systems environments.
In the past, validation has been conducted primarily through manual, paper-based processes. As with any such process, it could be sometimes error-prone, inefficient and sometimes ineffective. Cloud-based computing and the advent of mobile technologies have changed the paradigm of validation yet, the mandate and principles of validation still endure. One must still confirm the installation or provisioning of validated systems to ensure that they are provisioned in a consistent, repeatable manner. One must also confirm the operation of such systems to ensure that each stated requirement is rigorously tested in a manner that will withstand global regulatory scrutiny. And finally, performance testing on validated systems in the cloud is critical to the overall adoption and success of the system. All cloud providers are not created equal, thus performance testing must be conducted with either simulated or live loads to ensure optimal performance under production system environment conditions.
All validation testing must be conducted in the context of a risk assessment for the system. The assessment of risk drives the level of validation due diligence required for any given system A formal risk assessment highlighting controls and mitigation strategies as well as a timetable for periodic assessment is in keeping with ISPE GAMP 5 requirements as well as many global mandates for validation.
The elephant in the room facing many validation engineers is that of cybersecurity. The challenge for validation engineers is how to ensure readiness and protect validated systems against the threat of cybersecurity. Our software validation Partner – OnShore Technology Group – uniquely inspired the term “Cybersecurity Qualification” or “CyQ”. In addition to conducting IQ (installation qualification), OQ (operational qualification), and PQ (performance qualification), OnShore Technology Group recommend a CyQ (Cybersecurity Qualification) to address the ability to identify, protect, detect, respond, and recover from cyber events from validated systems.
To support the rigorous requirements for the validation of BPA Quality & Risk Management software, OnShore has developed a unique service offering known as CloudMaster 365 Validation Accelerator For BPA Solutions. A Validation Accelerator is a service offering consisting of Enterprise Validation Management software coupled with requirements documentation, validation planning document templates, and ready-to-execute validation test scripts for COTS-based functionality to streamline and optimize the validation process saving both time and money. The Enterprise Validation Management software is designed to automate many of the time-consuming, manual and paper-based processes delivering a more agile validation process commensurate with today’s fast changing cloud-technology. Since validation is a process which must be repeated each time software changes, the annual subscription of the Validation Accelerator ensures that your test scripts are kept up-to-date with each major release.