Ten-Step Process for COTS Risk-Based Computer System Validation

SaaS, short for Software as a Service, is a method by which applications are delivered over the Internet. Also called on-demand software, hosted software, or web-based software; SaaS removes the need to install and maintain software, all which can be done with just an Internet connection. SaaS applications can be run on the provider’s servers. Outsourcing is a major aspect of SaaS, because like in all other industries, most SaaS providers outsource their resources to cut costs.

Regulation for SaaS

This being the idea behind SaaS, it is necessary to understand the most essential element of such an activity: regulatory controls on SaaS providers. There are regulations such as 21 CFR Part 11, but these are only for the provider. Very few of these laws apply to the vendor. This being the case, it is entirely up to the regulated company to show compliance with the regulations and prevent issues relating to availability, performance and protection of data. With almost no regulation that will offer safeguards to the user from the vendor; ensuring compliance for both infrastructure qualification and Computer System Validation lies with the provider.

Any failure to show compliance affects the provider, because it is the provider, and not the vendor, that is regulated. It is the regulated provider that has to face FDA inspections on software validation and avoid FDA actions such as Warning Letters and 483’s. This makes it imperative for the regulated companies, software vendors and SaaS/cloud providers to take every step possible to comply with 21 CFR Part 11 and other regulations such as Annex 11. This is the only way to avoid legal and other issues associated with noncompliance.

Learning on SaaS compliance

A two-day seminar from GlobalCompliancePanel, a leading provider of professional trainings for the regulatory industries, will explain these aspects of SaaS compliance. The Director of this seminar is David Nettleton, who is an industry leader, author, and teacher for 21 CFR Part 11, Annex 11, HIPAA, software validation, and Computer System Validation.

10-step risk-based approach to Computer System Validation