Cloud services are designed to constantly introduce new and release changes to existing services, so that businesses can leverage these innovations and remain competitive in today’s fast paced digital economy. However, the continuous delivery of service updates thrives a challenge to follow the classic validation and qualification approach.
Although responsibilities are shared between the Cloud Service Provider(s) and the regulated company, GxP’s core principles remain the same: A regulated company using any software that runs on any Cloud Service Model must validate the software for its intended use to provide continuous evidence that the validated state of the GxP application is being maintained, even if those changes are handled outside of the regulated companies’ direct system operation and change management processes.
Therefore, the compliance perspective must change: Examining every change of the Cloud Provider is practically impossible in the Cloud Era considering the velocity of changes. Instead you need to ensure that the intended use is met constantly.
In order to integrate the core characteristics and challenges of Cloud Environments in Computer System Validation (CSV), we developed the Continuous Compliance Platform (CCP) – a GAMP®5-based adaptive Test-Framework specifically designed for the Life Sciences to conduct testing in regular intervals in an automated and thus easily repeatable manner. It is also used within our SaaS-Operations to support Quality Assurance of the UDI Platform.
Our Continuous Compliance Platform supports both, Continuous Verification (CV) for applications running on SAP Cloud Platform as well as Continuous Qualification (CQ) to provide evidence that leveraged SAP Cloud Platform services always meet their intended use despite of underlying changes by SAP.
We compiled a whitepaper that describes in detail how our software solutions can be operated as GxP-compliant applications on the SAP Cloud Platform. The whitepaper is available on request.
Define user and functional requirements in a human readable way.
Determine possible risks for each requirement to derive the needed test depth.
Reuse and directly link the defined requirements to executable tests.
Execute automated tests at predefined time intervals.
Automatic creation and distribution of verification reports containing summary information, detailed step-by-step descriptions as well as requirement traceability and documented evidence for each performed test step.
Monitoring and alerting in case of deviations from the expected test outcome.
Access to third-party systems for Application Lifecycle Management (ALM) or any other system used in the validation process to link requirements and test reports.
The Continuous Compliance Platform will be generally available soon. Contact us to attend in the pilot phase!