Reducing the Burden of Computer System Validation

®2014 Veeva Systems – Company Confidential veeva.com | 2

Today’s Session

Understand how we help you to

become validated and to stay

validated through our product

approach, documentation and

services that simplify and

accelerate the validation process

Learn how Veeva develops Vault

to maximize quality and reduce

your validation burden.

Learn how to optimize your

approach to validating Vault.

Bryan Ennis

Director, R&D

Customer

Success

Building a Foundation Ready for Validation

®2014 Veeva Systems – Company Confidential veeva.com | 4

As a Cloud-based System

You don’t worry about infrastructure, deployments, or complex

customizations

We are constantly innovating and improving Vault. We release

every four months and 100% of our customers are on the

latest version

We take on an additional burden to ease validation

We communicate what’s coming in advance

We update and create validation artifacts every release

We ship most new features “off” to ensure testing and training are

minimally affected

We handle IQ/OQ

We assist with preparing scripts and producing documentation

®2014 Veeva Systems – Company Confidential veeva.com | 5

Our Testing Approach

Jul ‘14 Aug ‘14 Sep ‘14 Oct ‘14 Nov ‘15

GA V10V9.5.3V9.5.1 V9.5.2 V9.5.4 V10 Pre Release

Every 6 Hours Automated API (7,500 test cases) and UI (1,600 test cases) integration runs

Every DayAutomated API (200 test cases) and UI (150 test cases) smoke test in Dev, QA, and Prod

Single threaded performance test run to ensure no performance degradation

Every Week Automated API (20,000 test cases) and UI (40,000 test cases) testing runs

Every Feature Functional testing (initially manual, then automated to avoid regressions)

Group testing

Every Fast Train

Release

Performance tests on dedicated server with 150,000 documents

Security/penetration testing

Disaster recovery testing

Internationalization (I18N) and localization (L10N) testing

Every Slow Train

Release

Upgrade testing

Validation testing

Full regression testing (functional and automation)

Pre-release production environment

®2014 Veeva Systems – Company Confidential veeva.com | 6

Our Approach to Validation

Vault developed to assure compliance with all applicable

industry standards, regulations, and guidance

Development, documentation, and release processes

tailored to validation requirements

Customers leverage our executed validation

documentation for “product validation”

We test all features and functions

We assist customers producing documentation for

“configuration validation”

You just focus on intended use

®2014 Veeva Systems – Company Confidential veeva.com | 7

Becoming ValidatedYour responsibilities

Define and frame business requirements, and risk/impact in the

context of your solution

Your risk and impact assessment during implementation determines what

additional validation is needed

Validation/Verification

PQ or UAT recommended to confirm system configuration is in conformance with

your standards and processes

Demonstration that the application, as configured, meets business process requirements (i.e., intended use codified in customer procedures) should be documented in customer validation deliverables

Include security profiles, workflows, document taxonomies, and pick lists/metadata

®2014 Veeva Systems – Company Confidential veeva.com | 8

Vault Validation Lifecycle

We help our customers become validated and

stay validated

Because Vault is multitenant cloud, we share the validation

burden as part of your subscription service

Risk

Assessment

Product and

Configuration

Validation

Compliance Built-In

Implement

Risk

Assessment

Change

Control

Compliance Assured

Upgrade

Risk

Assessment

Configuration

Validation

Compliance Validated

Configure

®2014 Veeva Systems – Company Confidential veeva.com | 9

Veeva provides a comprehensive package of validation

accelerators that will substantially reduce your validation effort

Validation Acceleration

Managing Releases

®2014 Veeva Systems – Company Confidential veeva.com | 11

How Customers Stay Validated

Your assessment of risk and impact determines the level of

validation testing for each release

Low risk changes can be qualified with change control

High risk/impact changes should be tested in accordance with your

assessment of risk

®2014 Veeva Systems – Company Confidential veeva.com | 12

Recommended Validation Approach

Limit scope to new features that are automatically enabled

Reduces effort to prepare for new release

Use pre-release Vault to prepare change controls and develop/execute any

UAT/PQ regression test scripts

Turn-on features that require enablement and / or configuration

AFTER the release

Allows adoption of new features anytime without release deadline

Avoids re-configuration in sandbox Vault(s) when Pre-Release Vault is retired

Leverage Veeva managed services (where applicable)

®2014 Veeva Systems – Company Confidential veeva.com | 13

WK-0WK-1WK-2WK-4 WK-3WK-5WK-6WK-7WK-8

Vault Release Schedule

Customer Validation Planning and Scripting

Validation ExecutionCSV Planning and Scripting Validation Summary Report

Plan Go-LiveTest

PQ/UAT Execution

Veeva Validation Activities

Customer Validation Activities

CSM Deep Dive MeetingsCSM Planning Meetings

Release Impact

Assessment

Customer Notification

Preview

Webinar

Validation

Project Plan

Approved

Customer Pre-Release

Environments

Compliance Vault:

Validation Documents

(including IOQ

Protocol, test cases,

BRD, Trace, Release

Notes, etc.)

Production Go-

Live Release Memo

Validation

Summary

Report

®2014 Veeva Systems – Company Confidential veeva.com | 14

Release Artifacts

Release

Impact

Assessment

Release

Resource

Page

VeevaDocs

Vault

Pre-Release

Vaults

®2014 Veeva Systems – Company Confidential veeva.com | 15

Impact Assessment

®2014 Veeva Systems – Company Confidential veeva.com | 16

Release Resources

®2014 Veeva Systems – Company Confidential veeva.com | 17

VeevaDocs

®2014 Veeva Systems – Company Confidential veeva.com | 18

Pre-Release Environment

We make a copy of your production vaults and upgrade them

weeks before GA

Configuration only, no documents

Try out your upgraded Vault BEFORE the upgrade date

Domain Admins and Vault Owners created automatically;

customer adds other users as necessary

Environment is recycled between releases, so nothing critical

should be stored there

Optimizing Your Methodology

®2014 Veeva Systems – Company Confidential veeva.com | 20

Setup for Success

Develop a Validation approach that minimizes your workload

while maximizing quality

Align existing or create new CSV and Change Control SOPs

Look beyond Veeva at how you qualify and manage

cloud vendors

Optimize you activities and resources as you learn

®2014 Veeva Systems – Company Confidential veeva.com | 21

Best Practices

A single Validation Plan can be used to govern all

Vault implementations

Plan how you will manage upgrades from the beginning

Clearly understand and articulate your responsibilities

vs. Veeva’s

Getting Ready for the Future

®2014 Veeva Systems – Company Confidential veeva.com | 23

Regulating the Cloud

The Life Sciences INDUSTRY is moving into the cloud

FDA has proposed guidance entitled “GXP Consideration for

Outsourced IT (Cloud Computing) Systems in Medical Product

Manufacturing and Clinical Study Environments”

EMA will not be far behind

®2014 Veeva Systems – Company Confidential veeva.com | 24

Perspectives on Agency Guidance

Cloud providers, like sponsors, expected to comply with

technical and regulatory requirements

The sponsor is ultimately responsible for data security and

integrity and meet the regulatory requirements

Careful risk assessment and mitigations

Robust Quality/Service level agreements are primary

starting point for inspection

Questions

®2014 Veeva Systems – Company Confidential veeva.com | 26

Complete the session survey with the Veeva app

Thank you

Search “Veeva” in app store

Password: rdsummit

Thank YouBryan Ennis

Bryan.Ennis@veeva.com