Audit Overview

Where to start: Customer Audit Program Overview

Where to start: Customer Inspection Support Program Overview

In support of our customer’s regulatory requirements regarding suppliers/vendor due diligence (e.g., EU GMP Annex 11), Veeva supports audits and regulatory inspections of its processes and documents.

The scope of the customer audit program covers those products and services that fall under the framework of Veeva’s QMS and ISMS, including:

Products

  • Veeva Vault (i.e., Development Cloud Applications, MedTech, Consumer Products, Commercial content applications)
  • Digital Trials Platform (i.e. MyVeeva, ePRO, eConsent)
  • CRM
  • RTSM

Services

includes those defined in the MSA, namely:

  • Technical Operations (data hosting, disaster recovery, backup)
  • Security
  • Product Support
  • Quality, Regulatory, & Compliance function

The Veeva Quality Manual (QV-00055) clearly delimits the products and services in scope.


Exclusions: The audit program currently does not include:

  • support functions (e.g., finance, legal, marketing, strategy, sales),
  • non-regulated services (e.g., commercial services, training services, business consulting, digital events),
  • products provided under a ‘terms of service’ (e.g. QuickVault, SiteVault, VaultBasics), and
  • non-regulated products (e.g., Align, OpenData, Link, VJitsushoka). In addition, Veeva affiliates such as Crossix provide their own customer audit support for their respective products and services.

Limitations: The audit program is designed to support customer’s regulatory obligations, as such it is not:

1) An opportunity to provide product demos to obtain an orientation and overview of a product feature set. Contact your Account Partner (AP) to schedule demos.

2) An occasion to discuss future product road maps of features not yet scheduled for development. Contact your AP to schedule a roadmap discussion.

3) The venue to review project implementation strategies and approaches to system configurations and custom integrations, or activities defined in SOW and performed in workshops. Contact your Professional Services Project Manager responsible.

4) A review of project deliverables created/provided during services implementations (including validation deliverables and templates) that are maintained (and accessible by customer) in their own Project/PMO Vault. Contact your Professional Services or Managed Services liaison to get access to Project/PMO Vault. See Section 4.5 and Appendix B for GCP exceptions.

5) An occasion to interview staff that may be or may have been assigned to a project. Contact your Professional Services or Managed Services liaison.

Note: Veeva does not summon ad hoc individual operational staff on request during audits.