Veeva Vault Validation Features Brief

Dramatically reducing the burden of computer system validation

For decades, life sciences companies have faced a common hurdle in their efforts to implement new software applications—validation. The validation process has historically been slow and cumbersome, often taking as long as the implementations themselves. Many companies delay upgrading applications to avoid the validation effort required and now run software that is three or more years out of date. Vendors, in general, have done little to solve this problem – until now.

Veeva Vault was designed for the life sciences industry by experts experienced with GxP regulatory requirements. Based on decades of experience, Veeva designed a multitenant cloud platform and suite of applications that stay up to date and are easy to validate.

Veeva’s validation services reduce the overall time and effort companies spend validating applications. Veeva supports the validation requirements for hundreds of customer Vaults, three times a year. And Vault customers report validation cycle times that take up to 80% less time than their legacy on-premise solutions.

Benefits of Veeva Vault

• Reducing validation time

  Veeva’s validation experts work across product, services, quality, and operations teams to build in-house compliance capabilities that offload the validation burden from clients. Veeva performs and documents all elements of Infrastructure Qualification (IQ) and Operational Qualification (OQ) for each major release. Veeva also provides a sandbox/test environment and user acceptance testing (UAT) scripts that can be leveraged and adapted for Performance Qualification (PQ).

• Controlling validation costs

  To minimize the costs of developing validation documents and test cases, Veeva gives customers access to our complete validation package for each release, including a validation project plan, requirements documents, a test protocol, IQ/OQ, traceability matrices, and a validation summary report.

• Minimizing compliance risk

  Veeva performs a risk assessment of every new or updated feature to help customers evaluate the potential effect on validation efforts. Veeva’s customer success managers help assess the impact and risk associated with each enhancement so customers can make informed decisions regarding change control or validation.

Validating Veeva Vault

Veeva’s qualification, testing, and validation approaches are aligned with industry best practices for computer system validation.

• Software Development

  Agile development practices enable Veeva to respond quickly to regulatory changes or technology trends. Veeva combines agile development with complete, end-to-end documentation and traceability to provide auditability across product management, software development, testing, and release.

• Infrastructure Qualification

  Veeva maintains qualification of all hosting infrastructure. Vault software products are hosted in world-class, secure facilities that are ISO27001 certified with SOC 1 Type II attestation in the US. Veeva maintains 100% redundant hardware and data in geographically separate locations to ensure high availability. Content and data are encrypted, backed up nightly, and kept for a 30-day rolling retention period. Disaster recovery environments are tested monthly.

• Functional Testing

  Veeva works with third-party validation testing experts to develop and execute validation scripts that are updated and re-executed every release. A comprehensive revalidation of all system functionality is performed every two years to ensure that no adverse cumulative impact of incremental releases has occurred.

• Inter-release Validation

  For every major release, any customer-reported issue that requires a patch is assessed for validation impact: frequency, criticality, and GxP impact. Veeva re-executes the appropriate validation scripts for all medium and high risk items. A validation sign-off happens before the patch is released.

Becoming Validated

During implementations, Veeva helps customers establish a focused validation methodology that facilitates the adoption of software upgrades while maintaining quality and addressing risk. As a standard part of practice, Veeva supports customers with planning, managing, testing, and preparing for validation. Veeva regularly hosts customer audits upon request.

Customers work with Veeva professional services to configure Veeva Vault according to their requirements. A user requirements specification is created in accordance with the customers’ validation methodology. User acceptance testing (UAT) or a Performance Qualification (PQ) is planned and conducted to confirm the system configuration (including security profiles, workflows, document taxonomies, and pick lists/fields). This confirms that the application, as configured, meets customer business requirements.

Customers leverage Veeva’s executed validation documentation to reduce implementation time and effort:

Staying Validated

Veeva releases a comprehensive new version of Veeva Vault approximately every four months and regression testing is performed on every release. Prior to each release, Veeva provides a Release Impact Assessment that documents all upcoming features, feature risk, and enablement details. Veeva also provides dedicated pre-release Veeva Vaults — validated sandbox environments where customers can test their current configuration against updated software prior to system release. New features or upgrades that will not impact the validated status of the application can often be accepted under change control with little or no testing required. Generally, features that may impact existing system behavior or have a potential GxP impact are turned off by default and must be turned on or configured by the system administrator. This approach provides for a planned and predictable release of new software.

Veeva’s Customer Success and Managed Services teams proactively engage customers to assist with planning for validation activities and new feature implementation. Each customer’s assessment of risk and impact determines their level of validation testing for that release. Low-risk software changes can be qualified with change control. Medium- and high-risk software changes may need testing based on whether they are turned on or incorporated into business procedures.

The Managed Services team helps customers accurately assess new functionality against their configuration so customers can limit testing and validation to those enhancements that introduce risk. Most customers only assess the auto-on enhancements and capabilities from prior releases that were turned on or configured in the sandbox environment.

This consistent, predictable approach helps customers keep pace with the rapid innovation delivered with multitenant software.

Drive faster time to market with Veeva Development Cloud. Watch the Veeva Development Cloud Intro video.