If your organization spends several weeks or months performing software validation, you’re not alone. Most regulated companies do. But, Erin Wright, MasterControl’s validation product manager, said validation doesn’t have to be as burdensome anymore. The powerful cloud technology, combined with a risk-based approach, is the key to a faster and better validation process.
Like most validation professionals, Wright was schooled in the “traditional” validation approach, which is associated with the lengthy and expensive process despised by all. In a new white paper, she explained that using a cloud solution entails regular system upgrades, which in turn calls for frequent validation.
It’s the frequent upgrade that will actually ease your validation burden over time, according to Wright. “By upgrading on a regular basis and implementing new features as soon as they are released, you will be able to keep your validation requirements and overhead in small, manageable bite-sized portions,” she said.
Wright, who spearheaded the development of MasterControl’s Validation Excellence Tool (VxT), the first automated validation tool for regulated companies, shares the following validation best practices you can adopt if you’re using a cloud-based system.
#1 Assess and accept your software supplier’s documentation and templates.
The U.S. Food and Drug Administration (FDA) recommends the least burdensome approach to software validation. This can mean assessing and accepting supplier validation documentation as part of the client validation package. “We recommend that our clients make use of our extensive testing documentation. Who better to write and test the system requirements than the team that designed the software?” said Wright.
#2 Include your supplier’s usage testing in your validation package.
Wright cautioned against duplicating your supplier’s testing. “We’ve had clients reject our internal functional testing and write their own because of their internal procedures and requirements,” she said. “It’s common for these clients to take our exact functional test scripts and run the same testing we have already performed. This just adds time to the validation effort without adding any value.”
When moving to the cloud environment and automatic upgrades, you need to be able to leverage as much validation documentation as you can so you don’t spend all your time validating the next release.
#3 Follow the best-practice configurations outlined by your supplier.
The extreme flexibility and customizable configuration options of commercial off-the-shelf software is very appealing, but it can also lead to option paralysis and an overly complicated system configuration.
“Following your provider’s best practices for your configuration will ensure that you are using the tried-and-true methodology that is scalable, easy to use, and easy to maintain. Not to mention that this will drastically reduce your implementation time as you aren’t reinventing the wheel for your configuration,” said Wright.
#4 Assess your specific configuration and usage for risk-based validation.
Wright recommended taking a deep dive into your actual configuration to see what aspects of the software you are using and how you are using them. How you use the software impacts the risk more so than the inherent software functionality. This requires familiarity with your software’s best practices and knowledge of the regulations that apply to your company and industry.
#5 Focus on validating your critical business processes (CBPs).
It’s important to remember that not everything is critical, so don’t validate everything. Concentrate on CBPs, which are the essential functions and activities with significant impact on the quality and safety of your products or services. Once you have defined your CBPs, you will be able to focus your risk assessment on those processes.
#6 Follow a risk-based approach in software validation.
Let your risk assessment guide your software validation. You shouldn’t rate everything as “high risk.” “Once you have established what the true risks are to your company, it’s important to perform risk-based validation on the elements of the system that are considered high risk,” said Wright.
If your cloud supplier has performed adequate internal functional and usage testing and your usage is identical to the best-practice configurations, you should be able to leverage the supplier’s internal documentation.
#7 Use a change control methodology for upgrades.
Wright recommended using a change control form to capture the pertinent validation information with every upgrade. By consolidating the documentation for a single approval, you will streamline the approval process, as well as make the overall change control implementation viewable at once.
#8 Upgrade frequently to keep current on latest bug fixes and features.
“Frequent upgrades minimize the validation documentation needed with each release,” said Wright. She described how the VxT further accelerates validation by providing assessment of software feature risks and mitigations. The cloud-based VxT was developed with input from industry experts, including former FDA officials.
The abovementioned best practices are based on either the GAMP Good Practice Guide or the FDA General Principles of Software Validation. With the help of cloud technology, software validation doesn’t have to be as difficult and time intensive anymore. The cumbersome practices of “traditional” validation are not true traditions. They are old habits that can be changed with the right mindset, tools and strategy.
Read the entire white paper: 8 Best Practices for Compliant and Quick Software Validation in the Cloud
Cindy Fazzi writes about the life science industry and other regulated environments for MasterControl. She has worked as a journalist in three countries. Her two decades of experience as a news reporter, writer, and editor includes working for the Associated Press in Ohio and New York City. She has a master’s degree in journalism from Ohio State University.