USDM hosted its first virtual event with an all-star line up of life sciences thought leaders. If you missed our Forward-Thinking GxP Compliance & Process Optimization event, you can watch the replays of the four thought-provoking sessions here.
Session 4 – Extracting Value from Your Cloud Data and Processes
Our expert panel share their insight on innovative GxP use cases, monetizing your cloud data, and next-level GxP cloud compliance thinking, including:
- Business opportunities and use cases for PaaS and IaaS qualification
- GxP process automation tools and best practices
- Making a case for artificial intelligence and machine learning
- Thoughts on how to monetize your data
Francisco Vicenty, Program Manager, Case for Quality, U.S. Food and Drug Administration (FDA)
Andrea McGonigle, General Manager, Healthcare & Life Sciences Partnerships & Strategic Initiatives, Google Cloud
Linda Bowers, Global Head, Life Sciences Industry Solutions, ServiceNow
Vishal Sharma, VP Digital Trust & Transformation, USDM Life Sciences
Dominique Lagrave, Regulatory Operations Strategic Innovation Leader, Accumulus
Todd McKendrick, Head of Accounts, USDM Life Sciences (moderator)
Learn more about this topic in our companion white paper, Google Cloud Platform for Life Sciences and Health Technology.
The structure of the event addressed various stages of cloud compliance maturity. Whether you are getting started, getting better, or getting ahead, this discussion will provide guidance for your cloud transformation journey.
Here are links to the other session replays and companion white papers:
Session 1 video: Your Compliance and Technology Today
Companion white paper: Top 5 Opportunities to Improve Compliance Maturity
Session 2 video: Managing Your Regulated Cloud Technology
Companion white paper: Why You Should Consider Outsourcing Your Cloud Vendor Qualification
Q&A: Extracting Value from Your Cloud Data and Processes
What does informal testing mean?
USDM Life Sciences has developed a Test Automation Framework that allows you to capture individual requirements with GxP applicability and risk classifications. Each requirement goes through review and approval before design specification and test script development.
After the software build is complete, automated test scripts can be executed as a draft run (informal test). Once final configurations are complete and feedback from the informal test run are incorporated, formal testing and validation can be completed with associated artifacts (Test Run Summary, traceability matrix, summary report, etc.). The Test Automation Framework is designed to provide end-to-end traceability and artifacts to meet the most stringent audit requirements.
Cloud and Software-as-a-Service (SaaS) significantly limit what you can document or control as a manufacturer. For instance, Veeva will not allow you to download their core computer system validation (CSV) documentation. They don’t do a documented implementation qualification (IQ) for you being installed as a client, they just provide a report.
Veeva does make those documents available in an audit and the outcome of that audit can be leveraged. The key point here is to take credit for work already been done by you and by the vendor.
USDM’s ProcessX was designed and developed to address some of these challenges. Every process and use case developed using ProcessX is supported by automated validation with end-to-end traceability and required artifacts to defend the most stringent audit requirements. This includes IQ, operational qualification (OQ), performance qualification (PQ), and regression testing. The test automation framework can provide the same level of coverage for customer-specific workflows as the core system.
What approach do others have for configuration (no-code) versus customization (code/SDLC)?
ProcessX provides the flexibility to configure workflows based on your business needs rather than retrofitting a commercial off-the-shelf application, and you don’t have to worry about initial validation and continuous compliance. USDM’s test automation framework provides end-to-end traceability with a data-driven approach to testing and validation.
Is it accurate to say that creating a flexible change management program that can handle front-end software changes, hot fixes, and actual lifecycle and specification changes becomes highly critical, and that multiple change-control platforms may be necessary?
Multiple platforms are not necessary. The ProcessX change management solution can handle a variety of change types with different change plans, team assignments, dynamic workflow routing, and execution—all in a single platform.
What is an example of “unscripted testing” and how is it documented?
Unscripted testing is when a business user runs through all or part of a business process using their Standard Operating Procedures (SOPs). It is documented by summarizing what was tested (objectives, not step-by-step); describing any failures, their resolution, and re-test results; writing a conclusion statement for the test; and recording who performed the test and when.
Unscripted testing can include positive and negative testing depending on the level of risk associated with the application.
Change control with SaaS is an issue; the vendor moves forward whether you are ready or not. Even if their testing is adequate, you need to review it in-house prior to use to ensure you have maintained your validated state.
ProcessX offers an alternate model of “pull” rather than automatically pushing vendor releases to all customers. This provides each customer with ample time for impact assessment and regression testing before accepting the changes in a release. USDM’s Test Automation Framework provides end-to-end traceability with all required artifacts to defend against the most stringent audit requirements. ProcessX makes process automation and continuous compliance easy to build, deploy, and maintain without the compliance burden.
How do you convince people that software needs to be tested? Lots of people think that it will just work and testing is a waste of time.
Your people need to understand that testing is not done to prove that software works, but that it works for your intended use. If it is missing functionality or controls that you need, it won’t be a fit for your organization.
To show that software works for your intended use, you must perform a user acceptance test. The computer software assurance (CSA) approach allows you to take credit for testing the vendor has already performed; it does not require that software functionality be re-verified outside of a business process, which is the traditional computer system validation (CSV) approach.
ServiceNow manages many things, but I had a hard time seeing everything I was responsible for. Can my inbox show every workflow that I am responsible for without adding them to my profile?
ProcessX lets you build a dynamic dashboard showing your own tasks, group tasks, and reports, which makes it easy to plan your workload with high visibility. The system sends email notifications for each task assigned to you so you can manage your workload from your inbox.
Can ProcessX be used to automate the workflow associated with requesting user access to a specific system and the various approval and task completion steps that go along with that?
Absolutely. ProcessX offers pre-built workflows for account access requests and workflows can also be customized for your needs.
ServiceNow is great, but how do we use it for GxP since it isn’t qualified or validated? We use our ticket system to document change management and store our documented evidence.
ProcessX provides a platform qualified by USDM built on top of ServiceNow to allow automation and digitization of GxP workflows, then it can be IQed into your instance.
Does ProcessX require installation on top of a validated ServiceNow?
No. All ProcessX related processes and data are stored and governed separately by our application. You can install ProcessX on top of non-validated ServiceNow instance and still be able to carve out space for all GxP processes.