In 2015, the U.S. FDA issues new guidance for Mobile Medical Applications. Given the widespread adoption and use of mobile technologies, new guidance was necessary to understand how the FDA looks at these devices and enforces them. While the guidance was prospective in looking at technologies considered to be medical devices, it also pointed out those which were NOT considered to be medical devices including educational tools, training mobile apps, or apps that are intended to provide electronic copies of medical text books and the like. I was happy to learn that my Apple Watch® was in the category of “Mobile apps that provide patients with simple tools to organize and track their health information” and that the FDA intends to exercise enforcement discretion over these devices. (US FDA Mobile Medical Applications – Guidance for Industry and Food and Drug Administration Staff, Page 16)
What drew my attention to mobile apps in a validation context were recent changes in major software vendor technologies. I attended a Microsoft Summit meeting in 2016 and I was facinated with some of the changes that Microsoft has added to their Dynamics 365 platform. Large software vendors such as Microsoft and Oracle have released mobile technologies integrated directly within their platforms. Take a look at the Azure platform in the figure below.
You will notice that Microsoft included a “Microsoft AppSource” store and Azure Internet of Things (IoT) to the solution. Mr. Nadella, CEO of Microsoft, shared his ambitious vision for the Microsoft platform which is to “reinvent productivity and business processes”. He believes that businesses of all sizes will not only use these technologies but will become digital entities able to engage their own customers, empower their own employees, optimize their own operations and transform their own products. As a validation practitioner, I strongly agree with this approach. Software SHOULD empower businesses to deliver value to their clients. What has been so elusive for many software companies is the interoperability of software applications to work together. He spoke of “silos” of information and unlocking data stored within these applications to drive new insights and change the way we work. This was my takeaway from Nadella’s talk. However, it leads us back to MOBILITY.
“There’s an App For That…”
One of the key things to note about today’s enterprise applications is that they can be integrated with Apps. Sometimes Apps are integrated into desktop applications and sometimes they have a mobile companion as well. The Apps in the AppSource store are developed by various partners – not necessarily Microsoft. These Apps can run seamlessly on tablets or other mobile devices. The questions from a validation perspective regarding mobile applications.
- How do you conduct a supplier audit for multiple App vendors?
- How do you control changes to Apps integrated in your applications?
- How do you maintain the validated state with these Apps?
The answer to these questions are sometimes challenging. Supplier audit principles still ensure when you are discussing mobile applications. You still must be careful to select your suppliers carefully. However, it is impractical to audit every supplier in the AppSource store. In the case of Microsoft, these Apps become a part of the overall system thus a part of the Dynamics 365 application itself. Therefore, I would rely on rigorous testing to overcome the deficit in evaluating each and every App provider which may not be possible.
Regarding changes to your Apps, I employ the concept of Continuous Testing. This is a test strategy for cloud based service offerings where by you define your testing intervals at either quarterly or semi-annual for these types of technologies and you conduct frequent testing to help maintain the validated state.
Generally, there are two types of mobile testing: (1) Hardware Testing and (2) Mobile Application Testing. Whether you are using native, mobile web apps or hybrid apps, your strategy should take into account the risk associated with these applications and their impact on critical quality attributes.
VALIDATION AND VERIFICATION OF MOBILE APPLICATIONS
So how does one go about testing (validating) mobile applications in a regulated systems environment. The IQ/OQ/PQ testing paradigm still applies.
INSTALLATION QUALIFICATION (IQ) OF MOBILE DEVICES
The Installation Qualification (IQ) of mobile applications consists of:
- Installation tests– Testing of mobile applications by installing /uninstalling it onto devices.
- Services testing– Testing the services of the application online and offline.
The Operational Qualification (OQ) of mobile applications consists of:
- Usability testing– To ensure that mobile applications are easy to use and deliver a satisfactory user experience to the customers
- Compatibility testing– Testing of the application in different mobiles devices, browsers, screen sizes and operating system versions according in accordance with written user requirement specifications.
- Interface testing– Testing of menu options, buttons, bookmarks, history, settings, and navigation flow of the application.
- Low-level resource testing: Testing of memory usage, auto-deletion of temporary files, local database growing issues.
- Mobile Operations Testing – Testing of backups and recovery plan if a battery goes down, or data loss while upgrading the application from a store.
- Mobile Security Testing– Confirmation tests of mobile applications to confirm the protection of system data.
The Performance Qualification (PQ) of mobile applications consists of:
- Performance testing– Testing the performance of the application by changing the connection from 2G, 3G to WIFI, sharing the documents, battery consumption, and other related tests.
It is important to understand that validating mobile applications is an essential part of validation and should be conducted based on risk and impact to regulatory requirements and GMP. You must always have a process around the acquisition, installation and support of mobile apps. Be aware of the changes that major software players are making and the impact on your systems environments. It is important to understand the impact of these changes on your validated systems environment. With the validation of mobile applications, what is old is new again. WE ARE BACK TO THE FUTURE WITH MOBILE APPLICATION VALIDATION. The principles of validation still endure in this new environment. You must keep up with the latest trends and respond accordingly. Watch this space for more information!