Maintaining the Validated State of Regulated SaaS Applications: A Case Study in the Montrium Cloud

For life science companies, there are several considerable benefits to using applications to manage operational information. However, a SaaS-based platform also presents unique challenges for both the solution provider and the life sciences company (end users) to maintain their solution in a validated state.

As a software provider delivering our solutions in a SaaS model, we are often asked how we currently manage system change in the cloud. The following article explores the approach Montrium takes when releasing new versions of Montrium Connect to our subscribers and the role we play in helping our clients demonstrate regulatory compliance.

The Situation

Montrium currently offers software solutions for managing regulated content and processes with its Montrium Connect platform. Our customers access these solutions through Montrium’s SaaS platform on Microsoft Azure. Our applications allow users to manage all of their clinical, regulatory and procedural documents and to plan regulatory submissions in the cloud.

Recently, Montrium released the newest version of its Records Management Application which enables users to manage clinical and regulatory documentation with eTMF Connect and RegDocs Connect. This release incorporated powerful new features into the SaaS platform, including the introduction of the eTMF Navigator. While the application’s underlying functionality did not change, these new features impacted how end users navigate through and interact with the system.  

The release of the new version was preceded by a significant development effort, which followed a risk-based approach to system development and testing (in accordance with GAMP®5). Nevertheless, we still needed to address the impact of this release on our SaaS clients who were already using the system. More specifically, how would the new release impact the validated state of the system from an existing client’s perspective?

Our Approach

Following our release of the new version of the application, it is the client’s responsibility to evaluate the system to determine whether the validated state has been maintained as well as to provide documented evidence corroborating this evaluation.

As part of our commitment to our subscriber community, we decided to formally evaluate the level of change and its impact on the validated state of our client's systems. After all, we, as the solution developer and provider, are best positioned to assess the system. The analysis we performed was documented and provided to our clients. Our clients could then leverage this documentation in their evaluation of the system changes associated with the new release.

Montrium determined the impact of the changes incorporated into the new release by considering:

  • The impact on the system’s intended use
  • The impact on system functionality that is subject to regulatory oversight

In practice, this involved comparing the system requirements for the new system release to the requirements specified for the previous release.

The Outcome

By analyzing the system and its requirements, Montrium reached the following conclusions regarding the changes implemented as part of the new release:

  • No impact on the system’s intended use: The updates to the solution focused on improving the user interface and providing increased visibility on the status of documents managed by the system
  • No impact on system functionality that is subject to regulatory oversight
  • Potential impact on internal documentation (for example, procedures and/or work instructions) governing system use.

Using an Internal Change Control Process

Based on these findings, Montrium recommended that its clients use their internal change control process to document the move to the new version of our Records Management Application. Within the system change request, clients could determine the appropriate actions that needed to be taken to allow for the use of the new release of the system and document the rationale for this course of action.

We also recommended that our clients take into account the documented assessment provided by Montrium when evaluating the solution in the change request. Their change request could also be used to evaluate any potential impact of the change on existing system documentation and internal procedures and to document the outcome of this evaluation.

No Need for Additional Validation Testing

The documented assessment provided by Montrium demonstrated that there was no impact on the system’s intended use. Since our assessment confirmed that the initial system validation results were not impacted, our clients were able to save time and reduce costs by avoiding further testing. Clients could nevertheless choose to re-validate the system if they determined that testing was needed to meet internal procedures or to satisfy stakeholders’ needs and expectations. However, this decision would not be directly tied to the new features incorporated into the latest release.

A SaaS Partner with Extensive Validation Experience

Montrium’s expertise extends beyond software development and SaaS product delivery. Our in-house professional services team has extensive experience with the validation of computerized GxP systems used by life science companies. As a result, Montrium is uniquely positioned to provide its clients with products and professional services that meet their business needs and are in line with regulated industry best practices.

The Takeaway

This case study highlights the advantages of leveraging supplier documentation, when possible. When selecting a SaaS solution provider, the solution end users should make sure that their provider is aware of the realities they face with respect to maintaining system compliance. This should be taken into account when selecting a solution provider and evaluated as part of the vendor assessment process.

When a new version of a system is released, it is a good idea to collaborate with the solution provider to ensure that the changes and their impact are properly evaluated. Just remember that life sciences organizations are ultimately responsible for demonstrating that the system’s validated state is maintained. Therefore, it’s important to make sure that any documents leveraged can withstand the scrutiny of auditors and other stakeholders.

About the Author: Chrysa Plagiannos

Office 365 Compliance Toolkits

Recent Posts