PLM in the Cloud: Computer System Validation in FDA Regulated Industries

The FDA and Computer System Validation

Computer system validation is mandated by the Quality System regulation (FDA, 21 CFR Part 820) which requires that “when computers or automated data processing systems are used as part of production or the quality system, the manufacturer shall validate computer software for its intended use according to an established protocol.”

Furthermore, computer systems that implement part of a manufacturer’s production processes or quality system are subject to the Electronic Records and Signatures regulation (FDA, 21 CFR Part 11).

The  classical V-Model is typically applied for Software Verification and Validation for enterprise systems:

Applying the V-Model to Cloud Based Service Models

There are three basic service models in the cloud (source: David Chou, http://blogs.msdn.com/b/dachou/):

The V-Model may be applied to systems in the cloud as follows:

While the IQ, OQ responsibilities are shifted to the cloud service provider, as the regulated company you are still accountable for compliant quality systems. As the regulated company, you must verify that the service provider has appropriate controls in place.

Before you select a cloud service provider for your PLM solution:

• Conduct  a supplier audit and perform a risk assessment
• Document risks related to roles and responsibilities, processes controls and technology  used
• Formally document the responsibilities of the cloud service provider

After going live with cloud based solution continue periodic performing periodic audits of the cloud service provider.

Next Steps:

• Contact SPK and Associates to see how we can help your organization with our ALM, PLM, and Engineering Tools Support services.
• Read our White Papers & Case Studies for examples of how SPK leverages technology to advance engineering and business for our clients.