By Russ King
It may be boorish but still important to remember that the secondary reason for validating software systems is to comply with 21 CFR Part 11. The primary reason for validating software systems is to become a better life science company by being good stewards of public safety while offering assurances that products are effective. We validate software systems when they contain or manage critical information that is relevant to public safety and product effectiveness. The deliverable created by validation is the assurance that the critical electronic information these systems hold is controlled in a way that ensures confidentiality, integrity, appropriate availability, authenticity and non-repudiation of the information. When life science companies produce satisfactory evidence that electronic information is controlled in a way that uphold these values, then we conclude that the software system satisfactory supports the life science company's claims regarding patient safety and product effectiveness.
The diverse approaches, interpretations and methods for computer system validation is remarkable. When combining diverse interpretations of Part 11 together with the complexity and size of many software solutions, limited corporate resources and skills, and the sheer scope of effort to thoroughly validate a software system not only do validation short cuts become attractive but from the perspective of many life science executives validation short cuts can be necessary.
We all know that the ultimate responsibility for validating software solutions lie with the life science company acquiring and implementing the software. What must be recognized and has generally gone unacknowledged, however, is that the burden of responsibility for software validation placed on the user has often been leveraged by many software vendors to the gross disadvantage of life science companies.
Many software vendors for the sake of self-interest or product margins prohibit client audits, provide no or minimal quality system or validation documentation to clients, and offer little to no post-validation support. Variables contributing to such tactics from software vendors might include their position of power in the market reflected by their market share, a horizontal position in the market where a life science practice is just one among many vertical markets they target, a lack of understanding of the life sciences as a business and the regulations that oversee their activities, and the limited extent to which the software has been architected to efficiently meet the demands of validation.
The critical challenge for life science companies acquiring software is that the risks created by software vendors that cannot be managed when acquiring software systems are risks the life science company must accept once the system is acquired. And such risks may very well have a direct impact on the company's ability to ensure public safety and product effectiveness. For example, the bioinformatics software vendor that does not permit client audits will force the client to accept vendor representations of software quality, which may or may not create a risk for data analysis. The lack of post-validation support from a vendor may leave the life science company in a position of having to explain technically how critical information is managed which if not explained correctly may result in an auditor loosing confidence in the authenticity or nonrepudiation of the information. And the extent to which a software vendor can provide a comprehensive validation package will directly impact the life science company's decision to adequately validate.
But why do life science companies continue to accept such risks? Why not shift more of this responsibility for the management of these risks to the software vendor? Why not expect that software vendors produce transparent and accountable methods for developing their solutions as technology partners who will stand beside you during audits? Why not demand that such solutions be validation ready 'out of the box' with a comprehensive validation package available upon request? The answer is because life science companies do not believe it possible. This belief is mistaken.
Most software vendors today have technology or market commitments that make meeting these kinds of expectations very difficult and costly, if not impossible. There is, however, an emerging new breed of software vendor devoted to life sciences with industry, technology and regulatory expertise that are beginning to make a cost and regulatory difference for life science companies. Their solutions are truly validation ready with exhaustive test protocols and expertise that make validation both practical and cost effective while simultaneously delivering features, functionality and software controls that fit the needs of regulated environments. The goal of software vendors should be to create a new standard in life science software solutions in partnership with clients. They are devoted to the life sciences as a vertical market and have adopted software architectures and development methodologies that ensure the validatability of their solutions. As partners, such vendors open their doors to the client to not only demonstrate the quality of their methods but also demonstrate the validatability of their solutions. And their service commitments to their clients extend well beyond the help desk to consultative support during an audit. The result is a working relationship that directly supports the dramatic reduction of risk when acquiring software solutions and the pursuit and achievement of regulatory compliance.
About EDATA INTEGRITY REPORT
EDATA INTEGRITY REPORT is a premier source of health care industry best practices, case studies, analysis and news. Edata Integrity Report delivers critical yet practical ways for health care, pharmaceutical, medical device, and contract service organizations in the life science industry to navigate a regulated world. Michael Causey, Editor and Publisher, delivers every other week through 20 years of reporting experience in the health care industry implementable industry knowledge from industry experts around the world. Please visit the web site at www.edataintegrityreport.com and sign up for your free issue of Edata Integrity Report.
About InfoStrength
InfoStrength®
