The needs of companies in relation to their IT systems evolve as they grow and their business environment changes. So, how should systems be validated and how often?
What is validation?
Validation is the analysis of whether something is appropriate, relevant and meets the criteria for its use or application in a given situation. It confirms whether its use leads to meeting assumed objectives, in other words whether it is effective.
How to define information systems (IS) validation then?
Validation of an IT system used in a company will constitute confirmation of the suitability and adaptation of that system to:
- Business needs and requirements
- Business processes
- General legal provisions
- Industry requirements and regulations
- Good business practices
- Internal policies and procedures
- Organisational culture
Why and when is it worth validating an IT system?
The IT system validation process concerns its whole life cycle, i.e., it starts at the moment of its conception and design, through its operation, and ends when it is withdrawn from use in an organisation. What is also important, is that the risks associated with the quality of the system are analysed during its entire life cycle.
The phases of an IT system validation project depend on at what point in its lifecycle the project commences. It will also be important whether the system has been developed in-house, purchased directly from the manufacturer, came from its partner channel or is a so-called Commercial-off-the-shelf (COTS) solution. It is significant due to the fact that the validation analysis will cover the system supplier's activities related to:
- its capacity (organisational structure, team, finances);
- the scope of its operations;
- good practices in its organisation;
- its quality management system;
- assessment of subcontractors involved in the production process;
- design and specification;
- the software development process;
- the test processes;
- approval for distribution and use;
- the documentation development and delivery process;
- maintenance and servicing;
- upgrades and withdrawal from use.
The IT system validation project, on the other hand, will consist of the following stages:
- Development of a validation plan
- Computer system quality risk analysis
- Audit of the solution provider, including the above-mentioned points in more detail
- Audit of IT infrastructure
- Development and execution of multi-level tests (based on functional, non-functional and business process requirements)
- Production of test report
- Production of a validation report (with conclusions and recommendations)
- Development of a plan and strategy for maintenance of the validation status
Benefits of IT system validation
The benefits of system validation will be closely related to the objective set at the start of a project.
If the project covered the validation of an IT system, e.g., in a pharmaceutical company, the project completion and implementation of recommendations from the validation report will provide a high degree of assurance of compliance of the system with Good Manufacturing Practices required by the regulation to the Act, and the process, method or computer system will lead in a repeatable way to results which meet specific acceptance criteria. This is a prerequisite for allowing the system to be used in a pharmaceutical company.
If the project concerned validation of the way and quality of implementation, or was conducted in a company already using a computer system for many years, it will obtain recommendations related to decisions to be taken in order to improve quality and adapt the system to the applicable legislation and business needs and requirements. In this case, recommendations may relate to:
- Completion of missing functionalities (extension of a standard or customisation)
- Conclusion of a system maintenance agreement
- Renegotiation of the system maintenance agreement (change of SLA conditions - Service Level Agreement)
- Supplementing and repeating training in system operation
- Implementation of additional solutions, systems
- Organisational, process and procedural changes
- Changes in employment - acquiring employees with appropriate competences
- Change of partner - implementation company
- Re-implementation of the system
- Resignation from the used solution and carrying out the project of selection and implementation of a new system
IT system validation - how can we help?
- We will verify whether the computer system supports adequately the business processes for which it has been implemented
- We will check whether the system is compliant with the company's policy, strategy and organisational culture
- We will validate the compliance of the computer system with the requirements of the regulators, such as: the acts, regulations, permits or approvals to operate, good distribution practices (DPD).
The range of possible computer system validation works:
- Preparation of a plan of the validation project
- Performing a risk analysis of the production process and the computer system quality risk
- Verification and assessment of the solution provider's potential
- For an implemented solution, performing an analysis of the computer system implementation process
- Verification of ICT resources - performing an analysis of IT architecture in terms of its adaptation to the requirements of the computer system and the needs of a company
- Verification and evaluation of the operational functionality and whether the computer system is compatible with the company's business processes by conducting module, functional and integration tests
- Evaluating whether the computer system is compatible with the external and internal organisation environment, organisational culture and the specifics of the industry in which the organisation operates.