How to "Validation Enable" the Cloud?
Life science companies are adopting the Cloud (Public, Private, Hybrid) but are constantly faced with the "Validation Challenge": How can I validate the Cloud Stack (IaaS, PaaS, SaaS) to meet the various GxPs?
Cloud is designed to be flexible, scalable, constantly upgrading and remove the onus of managing hardware from the end user. Software Defined Infrastructure is meant to be this way. As expected, our regulations are not "Software Defined" but stuck in the old "hard" ways.
Does this mean that a Cloud App cannot be qualified? Does this mean that all Life science companies have to still buy servers, tag the cables and own the data centers? Absolutely not! They have to change their validation toolset. You will need a validation approach that is "Software Defined" and not "Hard Copy Defined". If any company tries to validate a Cloud App using their rusty, paper based manual processes, they are bound to fail. This is for a very simple reason that Cloud is ever changing and meant to be that way.
We call this "Software Defined Validation" as "Continuous Validation". Now let us define "Continuous Validation".
"Continuous validation is providing documented evidence to certify that a cloud app not only met the pre-established acceptance criteria, but “continuous” to meet thus mitigating the risk of unknown changes."
The infographic below explains continuous validation further.
The infographic below lays out the features of a continuous validation platform.
Continuous validation is not just a "point in time" validation. It is a type of validation which connects various points in time (initial, patch, upgrade validation) with continuous smoke and regression testing. This feature provides the documented evidence that the Cloud App worked well not just at discrete points in time in the past, but continues to function as expected in the present. This mitigates the risk of any change in either the IaaS or PaaS layer that can potentially alter its behavior.
Continuous Validation needs a new toolset that has no paper and no manual testing. Such a toolset consists of a 21 CFR Part 11 compliant, highly sophisticated Application Lifecycle Management (ALM) combined with a robust test automation framework. Of course, a QMS framework to manage this toolset is an absolute must.