Artwork management in the pharmaceutical industry is a critical process that requires accuracy and precision to ensure compliance with regulatory requirements and avoid errors in the packaging design that make it to the market and risk a product recall. The artwork management process is sometimes underestimated as it pertains to a non-core activity for brands and manufacturers of medicines and medical devices. However, it can be a critical aspect when facing an audit and even more when such audit is triggered by a product recall.
Multi-tenant SaaS solutions are becoming more popular with pharmaceutical companies, despite the traditional on-site installations, as they offer lower pricing points and less on-boarding hassle (lower financial costs and faster implementation). One key component that is still not fully understood is the fact that validation of on-site custom made solutions differs significantly from the validation approach required for multi-tenant SaaS applications.
The first key component is the Validation Master Plan (VMP) which outlines the validation process. Here we will discuss five key components that must be included in a VMP document for the validation of a multi-tenant SaaS Artwork Management System.
- Scope and Objectives – This section needs to clearly define the scope and objectives of the validation process. Let’s dive in. The scope should outline the functionalities of the multi-tenant SaaS solution that will be validated, including any third-party integrations. It is important to define the scope with care and discuss which components need to be included. One aspect that is often overlooked when validation a SaaS application is that in many cases, there will be external services (typically micro services) and infrastructure. These, as long as they only play a servicing role, can be left out of the scope since they are controlled by a third party. The objectives should detail the specific outcomes that the validation process aims to achieve, such as ensuring compliance with regulatory requirements or minimizing the risk of errors or data loss.
- Validation Strategy and Acceptance Criteria – The validation strategy should specify the validation approach, including the type of validation to be performed, such as installation qualification, operational qualification, and performance qualification. It is a good idea to include specifically which aspects of the solution will be relevant for the validation. The acceptance criteria should detail the testing methodology, including the type of testing to be performed, such as functional testing, user acceptance testing, and performance testing.
- Roles and Responsibilities – This section should clearly outline the roles of the validation team, project manager, system administrator, and any other key stakeholders involved in the validation process. It should also detail the responsibilities of each team member, including their participation in the validation activities and their expected deliverables.
- Testing Documentation – The documentation section should detail the testing documentation that will be used and delivered during the validation process. This section should include a list of all required testing documents, including test plans, test scripts, and test cases. It can also outline the testing schedule and the expected timeline for completing each testing activity.
- Change Control – The final component of a VMP document should detail the procedures for making changes to the multi-tenant SaaS solution after the validation process is complete. It should include a list of change control forms (or other methods for documenting the required changes), detailing the requirements for documenting changes, and the process for reviewing and approving changes.
The VMP document is an essential tool that will guide you through the validation process.There is however not a single way to create it. Depending on your scope and criteria, the contents of the document can change dramatically. One critical aspect is choosing carefully which components of the application you are going to validate. For applications that rely on external infrastructure or services, specially when managed by third parties, it might prove difficult to get all the components required to validate those services. Our advice is to focus on your application and ensure that all third party infrastrucure and services are only services and do not represent a core data processing unit of your set of features.
If you get the VMP right, the rest of the validation will be much more approachable than having to come back to the VMP to make changes. Spend your time wisely, get the VMP right and your validation will be a breeze.
Want to know more key differences between a traditional VMP and a VMP for a SaaS solution, let us know!