Continuous Software Validation Critical for Balancing Digital Transformation and Compliance
Contributed Commentary By David Jones
September 16, 2020 The adoption of cloud technology in the life science industry has become increasingly pervasive as firms move forward with digital transformation initiatives aimed at creating operational efficiencies and delivering the next wave of biomedical innovations. As a result, cloud vendors are playing a more important role than ever before, especially for life sciences companies that produce FDA-regulated products.
Cloud solutions must be validated for life sciences companies to use them. However, since cloud vendors are not ultimately accountable for complying with FDA regulations, this places greater responsibility on life sciences firms to ensure their cloud vendors can support software validation processes that must adhere to myriad industry regulatory and compliance requirements.
Validation Approaches and Tool Sets Have to Change in the Cloud Era
From a software validation standpoint, perhaps the biggest challenge companies face is that every time a vendor releases an updated version of their software (which can be anywhere from a few times a year, to every month—or even more frequently than that), it needs to be re-validated. Furthermore, many life science firms conduct validation testing in a manual, time-consuming, and costly manner. The high cost of manual validation is multiplied by the high number of releases per year, up to the point where it becomes impossible to cope with the pace of releases.
According to research from Skyhigh, the average enterprise employs about 1,400 cloud applications, and the average employee uses 36 different cloud services in their daily routine. When one considers the myriad cloud solutions deployed at a modern day life sciences firm, and the unrelenting pace of upgrades that comes with each one of them, the only way to effectively manage the validation side of the equation is to employ a continuous validation approach.
What Does Continuous Validation Look Like?
Companies that use a continuous validation model can provide documented evidence to certify that their cloud solution has not only met pre-established validation acceptance criteria, but that it does so on a “continuous” basis. This modern and more effective approach to validation provides an additional layer of assurance for life sciences companies by providing coverage for patches and updates, increasing data integrity, and reducing compliance risk.
There are seven primary steps involved in continuous software validation:
- Requirements Definition: The first step entails identifying the functional, non-functional, regulatory, performance, security, logging, disaster recovery, and interface requirements. This lays the foundation for the continuous validation framework.
- Risk Assessment: A thorough risk assessment is performed to ensure business continuity and regulatory compliance. All other items noted in the first step (requirements definition) are considered from a potential risk perspective. The output of the risk assessment is then applied to determine which type of testing strategies to utilize, which features to test, which platform combinations to test on, etc.
- Specification Definition: Identifying the configuration specifications is a critical component of the continuous validation process. This includes (but is not limited to) clearly defining the IaaS/PaaS configurations, security controls and provisions, log management, interface requirements, workflows, and other specifications that must be considered during testing.
- Test Automation Scripts: Model-based test automation frameworks are effective for developing various models to validate cloud solutions. Generate randomized test data and utilize combinatorial testing strategies to reduce the number of iterations while increasing test effectiveness.
- Test Model Validation: The test automation model must be validated to ensure that it meets the specified objectives. This validation effort can be minimized by designing the model to generate quality execution reports. A well-designed model execution report will deliver thorough evidence, to the point where it essentially becomes self-validating.
- Test Execution: The model-based test automation approach provides the flexibility to leverage the same model to conduct numerous test types (smoke, regression, greedy path, optimal path, load, performance, etc.). In addition, this framework is better suited to work in environments where frequent updates are the norm. Since cloud solutions are constantly changing, the test automation framework must have the flexibility to adapt and execute in this environment.
- Validation Reporting: When it comes to reporting, removing paper and the manual generation of reports is a must. A robust ALM (Application Lifecycle Management) tool provides the real-time dashboards, KPIs, summary reports, test deviation reports, and other capabilities needed to deliver quality analytics in an automated manner.
Identifying Vendors that Support Continuous Validation
When evaluating cloud vendors that proclaim to support a continuous software validation approach, make sure to ask these questions:
How much experience do they have in supporting continuous software validation?
“This one time, we worked with XYZ to validate our solution in their clinical environment.”
Ensure cloud vendors have worked in several continuous software validation environments. Look for ones that can deliver dedicated documentation, which could be in the form of summaries of continuous qualification implementations for their platforms and continuous validation frameworks for their customers.
How do they qualify their platform or solution and which framework do they use to evaluate it?
“We’ve conducted rigorous testing in several of our internal environments to ensure quality and performance.”
If a cloud vendor has done testing in their own environment, it does not qualify as true validation. To be effective, continuous software validation requires an adaptive framework that is designed to accommodate frequent requirement changes. The reality is that this can only occur if testing takes place in independent environments so that potential automation weak spots can be identified and rectified.
Move on from Manual Validation Madness
In the cloud era, working with vendors who can support a continuous software validation framework is fast becoming a “must have” versus a “nice to have.” This approach enables life sciences firms to benefit from digital transformation initiatives to drive efficiency, quality, and revenue while simultaneously ensuring compliance with industry regulations.
David Jones is an information management professional with more than 20 years’ experience in the emerging technologies space across multiple industries including big data, analytics, cloud and enterprise content management. As VP of Marketing at AODocs, David is responsible for developing the global go-to-market strategy and execution plan for AODocs modern, intelligent Content Services Platform. He can be reached at email@example.com.