A Validated System in the Cloud: It’s Not a Myth

Validation means different things depending on whom you talk to, but one thing’s certain: it’s a necessity for a regulated content management system, particularly for the life sciences industry. Content that needs robust audit trails and strict security parameters also needs to be housed in a validated environment. To ensure compliance, traditional content management implementations will go through a rigorous validation process to ensure they are validated.

What’s not always obvious is that a cloud-based content management system can provide the same levels of validation – if not more – provided it’s built in the regulated cloud by those who understand the unique requirements of the life sciences industry. The regulated cloud leverages the latest in Software-as-a-Service (SaaS) technology and incorporates regulatory requirements like Part 11 and GxP into its core, rather than as add-ons after a system is built. This provides life sciences companies with a much more fluid and easy-to-use solution.

A system in the regulated cloud will have undergone a validation process very similar to the traditional V-model that on-premise software goes through. It includes:

• Infrastructure Specification: Details the system landscape and installed software components
• Installation Qualification (IQ): Verifies the components detailed in the infrastructure specification exist and are installed correctly
• Business Requirements Document (BRD): Specifies the requirements for the system
• Operational Qualification (OQ): A set of scripts that describe manual steps to test each of the requirements in the BRD. The scripts will be executed prior to go-live, and any deviations or problems are documented along with resolution steps. Some vendors will provide an extra level of assurance by having a 3rd party compose and execute the OQ
• Traceability Matrix: Maps the requirements in the BRD to the OQ scripts. It ensures there are no requirements left untested
• User Requirements Specification: Gives a high level overview of the requirements for the system. It is generally augmented by a customer with more specific requirements that will be met by configuration of the system
• Validation Report: Summarizes the executed validation process, documents any deviations and their remediation, and acts as a final sign off on the validation of the system.

Altogether, these specifications and reports ensure customers receive a rigorously tested and solidly validated system. Without a validated system, companies risk failing audits, or even having their operations shut down.

Notably, many on-premise vendors require the customer to do all of the validation, pushing an extremely complicated and expensive burden onto the customer. But by leveraging the regulated cloud, SaaS vendors take care of all of the validation steps (including IQ and OQ), leaving customers with just PQ (production qualification). The customer is only responsible for executing the final test to ensure their production environment is configured correctly, thereby saving a tremendous amount of time and resources.

Instead of exhausting in-house resources to take care of the validation process, companies can utilize a SaaS vendor, who has a dedicated team working on validation and can spend more time and resources on the validation process. With a qualified team and a SaaS solution, the validation process can meet the life sciences industry’s requirements, and then some.

Steve Harper is Senior Product Manager for Veeva Vault.