Moving from a Paper to Paperless validation effort and how to get the most efficient mix of Manual vs. Automated testing.

Similar documents
Sparta Systems TrackWise Digital Solution

Sparta Systems Stratas Solution

ARCHIVE ESSENTIALS: Key Considerations When Moving to Office 365 DISCUSSION PAPER

-archiving. project roadmap CHAPTER 1. archiving Planning, policies and product selection

Accelerate Your Enterprise Private Cloud Initiative

The power management skills gap

A number of optimizations are already in use by the majority of companies in industry, notably:

The Value of Force.com as a GRC Platform

Making the case for SD-WAN

Up and Running Software The Development Process

ARCHIVE ESSENTIALS

Validation of a CMS Software

This Document is licensed to

FROM A RIGID ECOSYSTEM TO A LOGICAL AND FLEXIBLE ENTITY: THE SOFTWARE- DEFINED DATA CENTRE

21ST century enterprise. HCL Technologies Presents. Roadmap for Data Center Transformation

Sparta Systems TrackWise Solution

Automating IT Asset Visualisation

Design. Introduction

BPS Suite and the OCEG Capability Model. Mapping the OCEG Capability Model to the BPS Suite s product capability.

How WhereScape Data Automation Ensures You Are GDPR Compliant

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT

Taming Rave: How to control data collection standards?

Solving the Enterprise Data Dilemma

IT Governance ISO/IEC 27001:2013 ISMS Implementation. Service description. Protect Comply Thrive

[EMPOWERING BUSINESS USERS DATA IS KING]

SOC Reporting / SSAE 18 Update July, 2017

TEST AUTOMATION EFFORT ESTIMATION - Lesson Learnt & Recommendations. Babu Narayanan

WHY BUILDING SECURITY SYSTEMS NEED CONTINUOUS AVAILABILITY

RED HAT ENTERPRISE LINUX. STANDARDIZE & SAVE.

White Paper. How to Write an MSSP RFP

The Future of IT Internal Controls Automation: A Game Changer. January Risk Advisory

Tips for Effective Patch Management. A Wanstor Guide

Virtualization. Q&A with an industry leader. Virtualization is rapidly becoming a fact of life for agency executives,

THINGS YOU NEED TO KNOW ABOUT USER DOCUMENTATION DOCUMENTATION BEST PRACTICES

6 Tips to Help You Improve Configuration Management. by Stuart Rance

NERC CIP VERSION 6 BACKGROUND COMPLIANCE HIGHLIGHTS

SYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security

Strategy. 1. You must do an internal needs analysis before looking at software or creating an ITT

Best Practices for Incident Communications: Simplifying the Mass Notification Process for Government

Guide to IREE Certification

EXIN BCS SIAM Foundation. Sample Exam. Edition

BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE

BIG DATA INDUSTRY PAPER

Clarity on Cyber Security. Media conference 29 May 2018

Isaca EXAM - CISM. Certified Information Security Manager. Buy Full Product.

An Integrated Test Framework to Reduce Embedded Software Lifecycle Costs

EXAM Microsoft Excel 2013 Expert Part 1. Buy Full Product.

CYBERCRIME AS A NEW FORM OF CONTEMPORARY CRIME

Continuous auditing certification

Importance of the Data Management process in setting up the GDPR within a company CREOBIS

Deliver robust products at reduced cost by linking model-driven software testing to quality management.

GET CLOUD EMPOWERED. SEE HOW THE CLOUD CAN TRANSFORM YOUR BUSINESS.

EXAM Microsoft Excel 2010 Expert. Buy Full Product.

The Analysis and Proposed Modifications to ISO/IEC Software Engineering Software Quality Requirements and Evaluation Quality Requirements

CTAL. ISTQB Advanced Level.

Best Practices in Securing a Multicloud World

Security and Architecture SUZANNE GRAHAM

Google Cloud & the General Data Protection Regulation (GDPR)

The Need for a Holistic Automation Solution to Overcome the Pitfalls in Test Automation

UNDAF ACTION PLAN GUIDANCE NOTE. January 2010

Sage Data Security Services Directory

WHO SHOULD ATTEND? ITIL Foundation is suitable for anyone working in IT services requiring more information about the ITIL best practice framework.

First Financial Bank. Highly available, centralized, tiered storage brings simplicity, reliability, and significant cost advantages to operations

Hybrid Cloud for Business Communications

Go Cloud. VMware vcloud Datacenter Services by BIOS

Escaping PCI purgatory.

FOUR INDEPENDENT TOOLS TO MANAGE COMPLEXITY INHERENT TO DEVELOPING STATE OF THE ART SYSTEMS. DEVELOPER SPECIFIER TESTER

Best Practices in Data Governance

Managing Privacy Risk & Compliance in Financial Services. Brett Hamilton Advisory Solutions Consultant ServiceNow

Best practices in IT security co-management

THE AIRLINE GUIDE TO PMA

Question 1: What is a code walk-through, and how is it performed?

How to Write an MSSP RFP. White Paper

How to Deliver Privilege Access Management

FDA 483 The Definitive Guide to Responding to FDA 483 and Warning Letters

Product Range 3SL. Cradle -7

INFS 214: Introduction to Computing

Datacenter Care HEWLETT PACKARD ENTERPRISE. Key drivers of an exceptional NPS score

Content Development Reference. Including resources for publishing content on the Help Server

WHITEPAPER. Database DevOps with the Redgate Deployment Suite for Oracle

VERSION EIGHT PRODUCT PROFILE. Be a better auditor. You have the knowledge. We have the tools.

Part III: Evaluating the Business Value of the Hybrid Cloud

Developing an Electronic Records Preservation Strategy

Information technology Security techniques Guidance on the integrated implementation of ISO/IEC and ISO/IEC

SmarterMail v. Exchange: Admin Comparison

Adobe LiveCycle ES and the data-capture experience

UAccess ANALYTICS Next Steps: Working with Bins, Groups, and Calculated Items: Combining Data Your Way

CYBER RESILIENCE & INCIDENT RESPONSE

Excel Basics: Working with Spreadsheets

2 The IBM Data Governance Unified Process

The Six Principles of BW Data Validation

Enabling efficiency through Data Governance: a phased approach

EXAM - CL CompTIA Cloud Essentials Exam. Buy Full Product.

SAMPLE REPORT. Business Continuity Gap Analysis Report. Prepared for XYZ Business by CSC Business Continuity Services Date: xx/xx/xxxx

INTELLIGENCE DRIVEN GRC FOR SECURITY

THE AVENTIS GUIDE TO OFFICE 365

locuz.com SOC Services

Best Practice for Creation and Maintenance of a SAS Infrastructure

The Benefits of Component Object- Based SCADA and Supervisory System Application Development

Delivering Rich Internet Applications with Ajax4jsf

Transcription:

Moving from a Paper to Paperless validation effort and how to get the most efficient mix of Manual vs. Automated testing. Overview The desire to use tools to increase validation productivity with the consequent reduction in validation cycles is a main driver for using testing tools. The very time consuming nature of validation testing is an all too familiar experience for companies that are under regulatory control. The vast majority of current validation efforts at the point of test execution are currently manual. This does not mean that tools aren t deployed but it is usually in the area of validation systems management rather than the actual test execution itself. This document highlights some of the key considerations when planning to use testing tools for the complete validation lifecycle. Summary The complexity of your processes, corporate IT infrastructure and ability to control the output of any tool will have a huge impact on your final ROI from a test tool. Test tools can be used in the whole lifecycle of Requirements, Capture, Execution (manual or automated testing), Electronic Signatures, Trace Matrices and generation of the documented evidence required when validating computer systems in regulated industries. Even if validation cycles are not significantly reduced the quality, consistency and traceability of validation can be raised to make the transition to using test tools a very worthwhile exercise. Assessment Criteria Test tools for validation can be a huge time saver however it is crucial to understand exactly how easy or difficult this is going to be in your own environment before committing time and money to the effort. Some of the major factors are listed below: 1. Outputs IQ/OQ/PQ scripts need to be created, reviewed, pre-approved, executed and usually post approved as well. All of this must be produced as documented evidence and is often to be in a defined layout that is specific to your company. This is a lot of steps and while it may be unreasonable for one single tool to perform all of these actions as well as the core automation the tasks still need to get done. It is not enough for the tool to be good at creating automated scripts the output both pre and post execution must be detailed and preferably configurable to minimise any post processing efforts. In many validation scenarios the output must be at a step by step level with the ability to initial, include screenshots, etc. This means that the output capabilities of a tool are a huge part of the value equation. It is pointless having a wonderful tool that executes my scripts but only produces a pass/fail status as its output. Trace Matrices are one example of a common requirement for validated systems. Make sure your tool of choice supports this kind of systems validation specific functionality. Output capabilities are one of the weakest areas of most automated tools so is worth examining very carefully what effort it will take to get your documented evidence in the format that you need it to be in. Page 1 of 5

2. Paper vs. Paperless The systems validation industry may still be 90% manual but there is definite interest and movement towards paperless systems (and electronic signatures). Several tool vendors in the systems validation space have some or all of these capabilities. It is vital that regardless of whatever tool vendor you select there is some indication from the vendor of how to get from a totally manual wet-ink paper based system to a paperless one. This is realistically going to be a hybrid manual / automated system so look carefully to see that manual execution is explicitly covered (it often isn t). In an ideal world the output formats for manual or automated procedures would be the same allowing an easy transition between the two depending on the circumstances. It is easy to see a transition from paper to paperless and then building from manual to automated. No one wants to be revolutionary when it comes to getting your documented evidence. It is simply too important to take risks. 3. Requirements Management A management system for requirements is almost a requirement in itself for systems in the systems validation space. The management, traceability and documented evidence of how requirements have been tested are all key areas for life sciences to focus on regardless of whether automated tools are used. The techniques range from controlled documents to requirements management specific tools. It is a big advantage if your toolset understands a requirements driven model and can either manage or interface to an existing system. Generally getting requirements data in/out of a system is a basic necessity. This allows test scripts to be related directly to requirements without having to constantly refer spread sheets, master documents, other tools or manual lookup systems. Traceability matrices are a direct derivative of a requirements led system and any software help to simply and reduce what is often an unpleasant and time consuming task is also a bonus. The ideal scenario is one where any trace matrix output is either the same or very close to the trace matrices that you need to generate at end of project to ensure that everything has been validated successfully. If there is support for interim on the fly assessments to let you easily determine what is still to be done, so much the better. An automated tool that does not support requirements can still be used but remember to allow for the additional time to cross reference scripts and at the very least establish some kind of manual process to do this as scripts are created. 4. Electronic Signatures Electronic signatures are a fundamental requirement if you are going to create a paperless system but do deserve some thought in their own right. Look for tools that either support this functionality natively or have some kind of collaborative arrangement from another signature specialist. The only caveat is to make sure to build in any separate licence costs if the solution is multi-vendor as the additional components invariably are only available on a cost plus basis. If your selected tool does not support this functionality it may be worth asking your supplier for details development Roadmap. 5. Screenshots Page 2 of 5

Screenshots of processes in regulated industries are widely used to provide documented evidence of the validation. There are many formats and varying SOP s for how the documented evidence must appear between companies but the very step by step nature lends itself well to using screenshots as unarguable proof that process was followed. The drawback of this approach in the manual world is the time taken to capture, edit and insert the screenshots at the right time and in the right place in the script. Some tools are very screenshot capable and are able to capture and insert screenshots within standard customer supplied document templates. This kind of functionality oriented towards regulated companies but can make a huge difference in the amount of post processing that is required to get a script into an acceptable format for auditing. The capability to filter outputs dependent on risk or importance is also a benefit but if the screen capture technology is comprehensive enough this may not be a fundamental requirement as if the script execution can be generated easily and without further time penalty it won t hurt to have the full detail in the output. Some tools are also able to export tailored output that allows the script detail to be used in other ways (e.g. how to guides or crib sheets ) which can make validating or using a new system a lot easier for unfamiliar users. 6. Script Editing In the real testing world scripts are written or captured and then editing until they are ready to be considered for approval. Regardless of what toolsets you examine make sure that this editing process is readily understood and easily accomplished. If not, the best tool in the world will rapidly become a hindrance as scripts rarely work first time. Ease of use does have an impact here but that is covered separately in this document. The key factor is that if your scripts are difficult to edit your investment in tools will become shelf-ware very rapidly. Once scripts are edited and ready for execution in a regulated environment that means they require approval. The tools best suited or tailored to regulated environments will provide a mechanism to allow a user to review the script and crucially understand what the script actually does. It is important to ensure that clear documentation standards are followed or the reviewer will not be able to approve scripts with any high degree of confidence of what the script actually does. The script objective or description is not enough to judge on. The reviewer must have some means of determining what the script contents actually do. One final consideration is when scripts should not actually be editable. If a script has been created, reviewed and approved a facility to prevent further changes to that script is desirable. In this way scripts can be exported and distributed to other users without any fear that the original approval will be invalidated by changes. These are all facilities that make testing in regulated environments so much easier. 7. Ability to Automate There are procedural constraints such as the complexity of the process that you are trying to automate to consider. If the process or system is particularly complex, crosses system boundaries and/or is very dynamic in its execution path you might be best to leave this type of process to manual testing. The time taken to create the automated IQ/OQ/PQ script might be so long and run so rarely that it simply is not worth the effort of creation as an automated script. It really would be simpler to document and execute manually. This is often a hard point to get across when considerable sums of money have been invested in Page 3 of 5

automated tools, particularly as the ROI often depends on an artificially high percentage of the total scripts to be automated. Generally automation is easy to do and produces high returns on mostly linear processes. The ability to both run linear scripts repetitively and with varying test data is one of the big advantages of automated testing. Non-linear processes can certainly be automated but in most commercially available tools require low-level technical knowledge (often programming) that is neither cheap nor readily available. 8. Automation Ease of Use This is a hugely important issue in the validation sector and much more so than in the general software testing arena. The vast majority of testing tools currently available use a variety of programming languages as their underlying mechanism to drive automation. These are probably most familiar as the macro languages that you see in Word and Excel. In the general software testing arena a lot of the personnel engaged in the testing process are actually developers assigned to testing or have been specifically recruited because they have prior programming experience. This means that the claims of most tools that they are easy to use are true if the expected user is a programmer. In the validation world the validation tends to be done by subject matter experts who are system knowledgeable and are certainly not programmers. Make sure that your validation team actually understand what it takes to write scripts and don t see the high level abstract view that is often shown in demonstrations. If you need programmers to use your automated testing system make sure you have them available and have the funding to pay for them. If not, make sure you opt for one of the tools that will not require this additional resource. Non-programmers and subject matter experts find programmer tools unusable so your investment will have been wasted. 9. Technical Tool Issues Technical issues are always brought into play when considering automation of any sort and particularly with CSV due to the nature of bespoke software and hardware system. A wise evaluator will make sure that they have a qualified tool that can actually interact or drive your underlying application. This is particularly noticeable in ERP applications like Microsoft AX or SAP where the screen rendering of the main applications makes it very difficult for traditional automated testing tools to operate successfully. It is always worth making sure that the solution or tool of choice actually supports your IT infrastructure and that it does so without the need for expensive interface add-ons or support kits which devalue the financials that you are basing your ROI calculations upon. It is pointless having all the bells and whistles if at the coalface the underlying technology does not support your application. Also check that from a validation perspective you getting outputs that correspond to the requirement for documented evidence. It may not be appropriate for a single solution if your hardware infrastructure is particularly heterogeneous so be prepared to have a healthy mix to ensure coverage of all your company systems. 10. Risk Risk led validation techniques are a key means of managing the validation process where resources are typically short and in high demand. Sensitivity to risk and the ability to Page 4 of 5

categorise scripts based on this risk is important to ensure that resources know what is important and requires the most attention. There are a number of Risk management systems that allow the identification and classification of risk and once assessed, this risk needs to be traceable within the testing tools so that the scope and level of testing can be appropriately scaled to this risk. The functional risk assessment approach may not work for some systems or for companies with a low risk tolerance. Ensure that the selected tool either provides risk assessment internally, can be mapped to your own internal risk assessment strategy or you must allow for the time to do this mapping manually. Bio This white paper was created by Mark Murray of Raltus Software. Mark has over 25 years experience in the software testing industry, including the development of a variety of industry leading testing tools. Mark can be reached at m.murray@raltus.com. Raltus Software helps establish documented evidence which provides a high degree of assurance that a Computer System will fulfil its intended purpose in a regulated environment. For further details on the Raltus toolset see www.raltus.com. Product demos are available at www.raltus.com/demos. Evaluation copies are also available. Page 5 of 5

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback