An-image-showing-a-medical-device-sales-representative-in-blue-scrubs-using-SaaS-tools.-The-sales-rep-holds-a-tablet-displaying-a-software-interface

Software Validation is a process designed to account for and reduce risk to your customers, so when in doubt, validate. However, SaaS creates gray areas and you may be left with some uncertainty about if you should revalidate. SaaS software, by nature, is updated regularly over time, often responding in real-time to user feedback and releasing updates much more frequently than other, on-premise or installed software products. 

But does this mean you have to revalidate with every update? 

What is software validation, what is the goal? 

Software validation is the process you go through to make sure that the tools you rely on to develop and deliver high quality products and services to your customers work effectively and reliably. You want your business to run smoothly and successfully, so you test your tools to make sure they work. But with SaaS, by traditional standards, you’d be testing a lot of things a lot more often, which is not sustainable, or even possible, for most companies. 

What is clear is that SaaS products require a different validation process than a typical on-prem product due to the regular release cycle. Ultimately, you must comply with your quality system and follow the procedures you have built to ensure your software meets your validation standards. But it is worth considering how you might adjust your practices to address the different risks posed by a SaaS product. 

3 things you should be considering:

  • Revisit your risk analysis periodically throughout the year, instead of on the release schedule once a year or every few years.  Focus on the outcomes and requirements that are critical to your business.
    • Have your requirements changed? Are there new needs that must be addressed?
    • Have changes to the software or your processes resulted in new risks?
    • Build regular checks of your critical requirements into your process so issues will be surfaced as soon as possible through daily use. These will help in making sure there are no issues, even caused by other risks such as human error.  
  • Consider how realities have changed in the business landscape or in your on-the-ground standard operating procedures. Do your users have new needs? Are there new risks introduced in the industry not caused by changes to the software? Maybe you need to adjust your processes to better meet this changing landscape. If so, what retraining should be done? Validating a feature is great, but if users aren’t aware and capable of how to use a feature correctly, or of the impacts to the process then they may not use it effectively. 
  • Build a framework for SaaS products into your quality system to accommodate for the differences in the product and the business realities that come with maintaining an up-to-date validated SaaS product. 

If there are no major changes to requirements or risks, then revalidation is likely not necessary. It can still be a good idea to create documentation to show future auditors that you are regularly reviewing your approved and validated software to ensure all current risks are being accounted for and the critical business functions are still valid. Always follow the codified procedures you have in your quality system and make sure any changes you make to your processes are pursuant to regulatory guidance on software validation.