reducing the burden of computer system validation · pdf file®2014 veeva systems...
TRANSCRIPT
®2014 Veeva Systems – Company Confidential veeva.com | 2
Today’s Session
Understand how we help you to
become validated and to stay
validated through our product
approach, documentation and
services that simplify and
accelerate the validation process
Learn how Veeva develops Vault
to maximize quality and reduce
your validation burden.
Learn how to optimize your
approach to validating Vault.
Bryan Ennis
Director, R&D
Customer
Success
®2014 Veeva Systems – Company Confidential veeva.com | 4
As a Cloud-based System
You don’t worry about infrastructure, deployments, or complex
customizations
We are constantly innovating and improving Vault. We release
every four months and 100% of our customers are on the
latest version
We take on an additional burden to ease validation
We communicate what’s coming in advance
We update and create validation artifacts every release
We ship most new features “off” to ensure testing and training are
minimally affected
We handle IQ/OQ
We assist with preparing scripts and producing documentation
®2014 Veeva Systems – Company Confidential veeva.com | 5
Our Testing Approach
Jul ‘14 Aug ‘14 Sep ‘14 Oct ‘14 Nov ‘15
GA V10V9.5.3V9.5.1 V9.5.2 V9.5.4 V10 Pre Release
Every 6 Hours Automated API (7,500 test cases) and UI (1,600 test cases) integration runs
Every DayAutomated API (200 test cases) and UI (150 test cases) smoke test in Dev, QA, and Prod
Single threaded performance test run to ensure no performance degradation
Every Week Automated API (20,000 test cases) and UI (40,000 test cases) testing runs
Every Feature Functional testing (initially manual, then automated to avoid regressions)
Group testing
Every Fast Train
Release
Performance tests on dedicated server with 150,000 documents
Security/penetration testing
Disaster recovery testing
Internationalization (I18N) and localization (L10N) testing
Every Slow Train
Release
Upgrade testing
Validation testing
Full regression testing (functional and automation)
Pre-release production environment
®2014 Veeva Systems – Company Confidential veeva.com | 6
Our Approach to Validation
Vault developed to assure compliance with all applicable
industry standards, regulations, and guidance
Development, documentation, and release processes
tailored to validation requirements
Customers leverage our executed validation
documentation for “product validation”
We test all features and functions
We assist customers producing documentation for
“configuration validation”
You just focus on intended use
®2014 Veeva Systems – Company Confidential veeva.com | 7
Becoming ValidatedYour responsibilities
Define and frame business requirements, and risk/impact in the
context of your solution
Your risk and impact assessment during implementation determines what
additional validation is needed
Validation/Verification
PQ or UAT recommended to confirm system configuration is in conformance with
your standards and processes
Demonstration that the application, as configured, meets business process requirements (i.e., intended use codified in customer procedures) should be documented in customer validation deliverables
Include security profiles, workflows, document taxonomies, and pick lists/metadata
®2014 Veeva Systems – Company Confidential veeva.com | 8
Vault Validation Lifecycle
We help our customers become validated and
stay validated
Because Vault is multitenant cloud, we share the validation
burden as part of your subscription service
Risk
Assessment
Product and
Configuration
Validation
Compliance Built-In
Implement
Risk
Assessment
Change
Control
Compliance Assured
Upgrade
Risk
Assessment
Configuration
Validation
Compliance Validated
Configure
®2014 Veeva Systems – Company Confidential veeva.com | 9
Veeva provides a comprehensive package of validation
accelerators that will substantially reduce your validation effort
Validation Acceleration
®2014 Veeva Systems – Company Confidential veeva.com | 11
How Customers Stay Validated
Your assessment of risk and impact determines the level of
validation testing for each release
Low risk changes can be qualified with change control
High risk/impact changes should be tested in accordance with your
assessment of risk
®2014 Veeva Systems – Company Confidential veeva.com | 12
Recommended Validation Approach
Limit scope to new features that are automatically enabled
Reduces effort to prepare for new release
Use pre-release Vault to prepare change controls and develop/execute any
UAT/PQ regression test scripts
Turn-on features that require enablement and / or configuration
AFTER the release
Allows adoption of new features anytime without release deadline
Avoids re-configuration in sandbox Vault(s) when Pre-Release Vault is retired
Leverage Veeva managed services (where applicable)
®2014 Veeva Systems – Company Confidential veeva.com | 13
WK-0WK-1WK-2WK-4 WK-3WK-5WK-6WK-7WK-8
Vault Release Schedule
Customer Validation Planning and Scripting
Validation ExecutionCSV Planning and Scripting Validation Summary Report
Plan Go-LiveTest
PQ/UAT Execution
Veeva Validation Activities
Customer Validation Activities
CSM Deep Dive MeetingsCSM Planning Meetings
Release Impact
Assessment
Customer Notification
Preview
Webinar
Validation
Project Plan
Approved
Customer Pre-Release
Environments
Compliance Vault:
Validation Documents
(including IOQ
Protocol, test cases,
BRD, Trace, Release
Notes, etc.)
Production Go-
Live Release Memo
Validation
Summary
Report
®2014 Veeva Systems – Company Confidential veeva.com | 14
Release Artifacts
Release
Impact
Assessment
Release
Resource
Page
VeevaDocs
Vault
Pre-Release
Vaults
®2014 Veeva Systems – Company Confidential veeva.com | 18
Pre-Release Environment
We make a copy of your production vaults and upgrade them
weeks before GA
Configuration only, no documents
Try out your upgraded Vault BEFORE the upgrade date
Domain Admins and Vault Owners created automatically;
customer adds other users as necessary
Environment is recycled between releases, so nothing critical
should be stored there
®2014 Veeva Systems – Company Confidential veeva.com | 20
Setup for Success
Develop a Validation approach that minimizes your workload
while maximizing quality
Align existing or create new CSV and Change Control SOPs
Look beyond Veeva at how you qualify and manage
cloud vendors
Optimize you activities and resources as you learn
®2014 Veeva Systems – Company Confidential veeva.com | 21
Best Practices
A single Validation Plan can be used to govern all
Vault implementations
Plan how you will manage upgrades from the beginning
Clearly understand and articulate your responsibilities
vs. Veeva’s
®2014 Veeva Systems – Company Confidential veeva.com | 23
Regulating the Cloud
The Life Sciences INDUSTRY is moving into the cloud
FDA has proposed guidance entitled “GXP Consideration for
Outsourced IT (Cloud Computing) Systems in Medical Product
Manufacturing and Clinical Study Environments”
EMA will not be far behind
®2014 Veeva Systems – Company Confidential veeva.com | 24
Perspectives on Agency Guidance
Cloud providers, like sponsors, expected to comply with
technical and regulatory requirements
The sponsor is ultimately responsible for data security and
integrity and meet the regulatory requirements
Careful risk assessment and mitigations
Robust Quality/Service level agreements are primary
starting point for inspection
®2014 Veeva Systems – Company Confidential veeva.com | 26
Complete the session survey with the Veeva app
Thank you
Search “Veeva” in app store
Password: rdsummit