September 2022
On September 13, 2022 the FDA released a draft guidance, "๐๐จ๐ฆ๐ฉ๐ฎ๐ญ๐๐ซ ๐๐ฒ๐ฌ๐ญ๐๐ฆ ๐๐ฌ๐ฌ๐ฎ๐ซ๐๐ง๐๐ ๐๐จ๐ซ ๐๐ซ๐จ๐๐ฎ๐๐ญ๐ข๐จ๐ง ๐๐ง๐ ๐๐ฎ๐๐ฅ๐ข๐ญ๐ฒ ๐๐ฒ๐ฌ๐ญ๐๐ฆ ๐๐จ๐๐ญ๐ฐ๐๐ซ๐". It is evident from the initial reaction following the release that this guidance has been awaited by the industry for years.ย
Title 21 CFR Part 11, originally released in 1997, is an FDA regulation on how regulated companies should manage their electronic records and electronic signatures, so they are considered credible, trustworthy, compliant and can replace paper-based systems. Six years later, in 2003, the FDA released its guidance aimed to elaborate on the then current thinking regarding the scope and application of 21 CFR Part 11. Up to this day, these two documents are still being followed strictly by Computer Software Validation (CSV) practitioners in regulated companies.
Many things have changed in the 25 years since the original code was released. At the time, most IT systems were custom built bespoke systems, whereas these days most regulated companies choose an off-the-shelf, configurable solution, that they can easily adapt to their needs, while minimizing validation costs and implementation time. Furthermore, cloud technology was not available and was embraced by regulated companies only in recent years.
Over the years it has become apparent that the current CSV methodology does the job, but poses quite a few challenges. It produces massive amounts of documents and tests, while ignoring the fact that certain areas are riskier than others and that testing should focus on those high risk items. It tests everything. This takes a great amount of time and resources and being a manual process, it is error prone and may require few iterations, often due to documentation and script errors, not actual software failure. Not to mention the costs, which can easily get to 30-50% of the overall project costs.
Traditional CSV is perceived as a burden that companies do to tick the box and successfully pass audits, not necessarily improve the quality of deliverables and check that systems work as intended. Companies tend to perform it only when they must, actually delaying new projects and adoption of new technologies. In the era of cloud computing, where updates are usually pushed by software, apps and cloud vendors on a regular basis a few times a year, customers donโt always get to decide which updates they would like to embrace. Some companies consciously decide to be at risk and do not perform an impact assessment of every release.
With this kind of feedback, one cannot wonder, does CSV really support innovation and drive better product safety and quality?
โ
Traditional CSV is perceived as a burden that companies do to check the box and successfully pass audits, not necessarily improve the quality of deliverables. Companies tend to perform it only when they must, actually delaying new projects and adoption of new technologies. In the era of cloud computing, where updates are usually pushed by software and app vendors on a regular basis, customers donโt always get to decide which updates they would like to embrace. Some companies consciously decide to be at risk and do not perform an impact assessment of every release.
With this kind of feedback, one cannot wonder, does CSV really support innovation and drive better product safety and quality?
โ
How can companies progress to computer software assurance?
Reviewing the draft guidance that was released last week, the main items discussed are โrisk-based approach' and keeping systems in a 'validated state'. The guide also provides examples and clarifications on how to classify your system and what steps should be taken when using commercial off-the-shelf (COTS) applications. In the coming weeks the public can comment on the draft guidance before the final release will be issued by the FDA.
ย
Validify is an approved Salesforce partner with a unique application designed to streamline risk assessment, validation and assurance activities for regulated companies operating on top of the Salesforce platform. Validify is CSA ready, so companies may choose to work according to the new draft guidance using a risk-based approach or according to the traditional CSV model.
Leveraging Validify comes with all the advantages of using a modern tool. Validify automates most of the agonizing validation activities that used to be manual till now. This saves time & money while producing consistent quality deliverables time and again.
Using Validifyโs automated tool eliminates any deliberation on when to start a validation cycle, simply because every run literally takes minutes and identifies what configuration changes were introduced and what activities should be further done as a result, taking organizations one step closer to continuous validation. Whether itโs a Salesforce update, an internal process built on top of Salesforce or an application from a third-party vendor installed on top of Salesforce, we can analyze and validate it.
Why should you contact us today for a free, no strings attached trial?
Validify does not require any IT infrastructure apart from your existing Salesforce Org, we offer a full SAAS model. The application can be installed in 10 minutes from Salesforceโs AppExchange. No services required and all included training and support is done remotely.
The application will analyze your Salesforce org within 10 minutes and immediately identify potential risks and mitigations. Upon approval, a set of validation documents will be created and ready for your review. All documents can be edited online, and the application will save any edits for the next run, so no need to amend it again.
Advance to the next level of computer software validation, install Validify today!
โ
About Validify
Validify Inc. is a Salesforce partner, the vendor of Validify, a Salesforce application that automates the risk analysis and computer system validation (assurance) processes for regulated companies, managing their product related processes on the Salesforce platform. Validify is an automated solution providing risk analysis of any Salesforce org and generating all necessary verification and validation documents based on risk and other predefined, configurable parameters. Validify also provides a real-time status of your orgโs compliance and identifies changes in your org automatically.
About the author
Gal Barnea is a Co-Founder of Validify. With over 15 years of industry experience managing global accounts, leading international deployment teams, analyzing, designing and validating IT Quality systems for regulated companies such as life science, food & beverage and cosmetics, Gal is heading customer success at Validify. Gal holds a masterโs degree in business administration, specializing in IT systems and is PMP certified.
โ
Want to hear more or book a demo? Click here
โ