The main objective of this post to answer the following questions. I know a picture is worth a thousand words and so I will do this with illustrations.
Can "Validation" and "DevOps" be used in the same sentence (like vCD - Validated Continuous Delivery)?
Is DevOps a viable model for validated apps in GxP Environments?
How can one ensure the "validation fidelity" in a DevOps environment?
First, let us look at some definitions:
DevOps (a clipped compound of "development" and "operations") is a software engineering culture and practice that aims at unifying software development (Dev) and software operation (Ops). The main characteristic of the DevOps movement is to strongly advocate automation and monitoring at all steps of software construction, from integration, testing, releasing to deployment and infrastructure management. DevOps aims at shorter development cycles, increased deployment frequency, and more dependable releases, in close alignment with business objectives. (Source: Wikipedia)
Validated Continuous Delivery (vCD) is a software engineering culture and practice which aims at shorter development and validation cycles, increased deployment frequency of "compliant" releases, in close alignment with business and regulatory objectives. (Source: xLM)
In order to answer the three questions above, I will present a simple working model. This model includes the following steps:
Code Development - Code is developed using an Agile Model and committed to the Repository.
Continuous Integration (CI) - The CI Server builds the release.
Code Deployment - The Build is deployment to the Test Cluster.
Build Validation - The Build is validated by Continuous Validation (CV) and Executed Protocols are posted for QA Review.
QA Review - QA reviews the executed protocol and approves the results.
Summary Report - A Summary Report is automatically generated that captures all the steps in the Pipeline with detailed evidences.
Deployment to Production - This activity can be scheduled and managed by the Deployment Team.
The above steps are illustrated in the following diagram:
The above pipeline was built in AWS CodePipeline and is shown in the figure below:
Code Pipeline - Step 1 - Git Repository
The source code was managed using a Git Repo. The first step in the pipeline was setup to monitor the Repo and would execute when a commit was made.
Code Pipeline - Step 2 - Jenkins Build
The pipeline automatically retrieved the source code package and sent it to the Jenkins Continuous Integration Server. The Jenkins server was setup to build the deployment package and deliver it to the Pipeline.
Code Pipeline - Step 3 - Code Deploy
The Pipeline was setup to automatically deploy the Build to a cluster of three (3) test servers using AWS CodeDeploy
Code Pipeline - Step 4 - Test (Release Validation)
The Pipeline was setup to create a Test (Validation) Session in xLM and this session in turn was setup to launch the xLM Test Automation Model.
The Model would run all the required tests (IQ, OQ, UAT) and generate an Execution Report.
Code Pipeline - Step 5 - QA Approval to Release
The Pipeline was setup to stop execution until the QA reviewed the test results and approved it.
Code Pipeline - Step 6 - Automatic Summary Report Generation
The Pipeline was setup to create a Summary Report Session in xLM and this session in turn was setup to launch the xLM Report Automation Model.
The Model would automatically capture all the evidence required to generate the Pipeline Validation Summary Report.
vCD (Validated Continuous Delivery) is a reality. The DevOps model can be successfully adopted to continuously deliver GxP Apps. The above Six Step Model provides the framework along with the toolset to implement "continuous validation" in the enterprise. Such a model will not only compress deployment timelines but will increase compliance using automation and reduces cost significantly.
The Fine Print - The above presentation of the use case is a simplified version for illustration purposes. This use case does not include other steps like planning, requirements, traceability, etc.. xLM can setup end to end DevOps Framework for your environments (Agile, Hybrid, Waterfall) that includes all the SDLC steps for GxP Apps including IaaS / PaaS Qualifications.