Where to start: CSV Program Overview
| Record Type | Document |
|---|---|
| Policy | Computer System Validation Policy ERES Policy |
| Procedure | Computer System Validation Procedure |
| Work Instruction | Validation Testing WI Validation Impact Assessment WI Business System Impact Assessment WI System Periodic Review Work Instruction |
Veeva Systems Inc. provides software-as-a-service (SaaS) to customers in the life sciences. Veeva deploys and maintains software solutions that are designed to meet the strict requirements of the life sciences regulated market (i.e., GxP regulations). Our SaaS applications must be designed, tested, deployed and maintained in accordance with regulatory expectations (i.e., directives, regulations, standards and guidance). While regulatory agencies are clear that it is the ultimate responsibility of the end-user (customer, sponsor) to document that Computerized Systems used in the conduct of GxPs are fit for use, in a SaaS deployment, vendors such as Veeva provide much of the documented evidence necessary to demonstrate that such systems can align with the regulatory context of use. This documentation ranges from design verification, infrastructure qualification, and validation functional testing deliverables.
Index of CSV Deliverables
| CSV Deliverables | Available in ComplianceDocs? | Description of CSV Deliverable |
|---|---|---|
| System Description | Yes | The system description is a concise document that defines the application at a high level and provides flow and/or system diagrams that help illustrate the application boundaries. Application modules are listed and described |
| Business Requirements Definition | Yes | A BRD defines the functions and features of the application from a system and/or user perspective. The document defines “what” the system does (system behaviour and capabilities). |
| Validation Project Plan | Yes | A VPP outlines the approach, method, and scope of a validation effort for a General Release (GR). |
| Validation Impact Analysis | Yes | A detailed impact assessment is conducted for each release at the development ticket level, to evaluate the criticality of the corresponding product enhancement to GxPs, core functionality, and data integrity. |
| Installation / Operation Qualification Protocol | Yes | The IOQ Protocol is a detailed “test plan” that documents, in the form of a “test log,” all of the test scripts (for enhancements and defects) that will be executed for that general release. In addition, the IOQ protocol details the test environment configuration, testing approach and assumptions for that release. |
| IQ Test Scripts | Yes (Audit Only) | An IQ Test Script is a self-contained set of test setup, test instructions, and acceptance criteria to demonstrate that a component (infrastructure) is installed and configured in accordance with specifications. An IQ Test Script may also record preconditions (training, configuration, process controls) that need to be in place in order to initiate functional / OQ testing. |
| OQ Test Scripts | Yes | An OQ Test Script is a self-contained set of test setup, test instructions, and acceptance criteria to demonstrate that a particular test objective has been achieved. An OQ Test Script Test confirms that operability or functionality of a product requirement, and are traced to the requirements. |
| Test Incident | Yes | A TI records observed deviations from test script instructions or criteria vs. system behavior. |
| Infrastructure Specification | No | The Infrastructure Specification lists the critical, production infrastructure hardware and software components, as well as minimum HW/SW requirements (e.g., CPU, Memory) to meet performance and operational expectations. |
| HW / SW Installation Verification | No | The installation verification of instance/network services, and operating system/utility software is performed by Veeva. Instance Provisioning records the critical to quality components, and the hardening process implemented is recorded in a pre-approved template. |
| Requirements Trace Matrix | Yes | The RTM lists all of the requirements defined in the BRD document(s), in order to trace these to corresponding test cases |
| Validation Summary Report | Yes | The VSR summarizes all activities associated with the release, starting with the Validation Project Plan and including results of testing defined in the IOQ Protocol. Test results for each executed scripts as well as any test incident encountered are summarized in the VSR. The VSR is a quality gate for GxP production deployments and attests to the validated state of the release. |
| System Release Memo | Yes | Optional: An SRM may be issued to document the quality review and release-ability of the code to a production environment, when the VSR is not yet complete. |
Relevant Compliance Assessments
Useful Knowledge Articles
Computer Sytsem Compliance Deconstructed
Philosophy Regarding Validation of Business Software