Software validation is the process of ensuring that software systems meet the requirements set forth by regulatory bodies, such as the FDA in the United States. This is particularly important in highly regulated industries, such as the pharmaceutical industry, where software systems are used to manage and analyze critical data that is used to support the development and manufacture of drugs.
The origin of software validation can be traced back to the early days of computer technology in the pharmaceutical industry. In the 1970s, the FDA began to recognize the importance of software validation as a means of ensuring the accuracy and reliability of data generated by computer systems. This led to the development of guidelines and regulations for software validation, specifically in the pharmaceutical industry, such as the FDA’s “Guideline on General Principles of Software Validation” in 2002.
One key document that is created during the software validation process is the Master Validation Plan (MVP). The MVP is a comprehensive document that outlines the overall strategy and approach for validating the software. It includes details such as the scope of the validation, the validation team, and the schedule for validation activities. It is the first and foremost piece to documentation that needs to be created.
Following the MVP, you need to build three key documents: OQ, IQ and PQ.
Operational Qualification (OQ) and Installation Qualification (IQ) are used to ensure that the software system is installed and configured properly, and that it functions as intended in its intended environment.
Performance Qualification (PQ) is a process of testing software systems in order to verify that it performs as intended, and that it meets the acceptance criteria defined in the Qualification Protocol (QP).
As the technology and software development methodologies have evolved since the 70s, the need to adapt the validation model for modern SaaS cloud-based solutions has become increasingly important. With the advent of cloud computing, software systems are no longer installed and run on a single machine, but rather they are accessed through the internet from various devices and locations. This is the so called “single tenant system”, which is a radically different paradigm from the early on-site installations. This has led to the development of new guidelines and regulations for validating cloud-based software systems, such as the FDA’s “Guidance for Industry: Cloud Computing and Mobile Medical Applications” in 2013, although one might argue that those models are still outdated given the speed of the advancement of technology and cloud services.
In conclusion, software validation is a critical process in ensuring the accuracy and reliability of data generated by computer systems in highly regulated environments. However, application of outdated validation methods will only led to frustration and failure.
If you are about to embark on a validation process for a SaaS solution but your QA team has only experience on traditional on-site installations, do not rush. Take your time, read the available literature, get familiar with the tools and infrastructure used by your chosen vendor and if necessary, ask for additional budget to ensure the validation is not only successful, but more importantly, relevant.