As a long-time validation engineer, I often ponder questions such as “what does it mean to achieve software quality and is it sustainable over time?” I ask myself these questions because in today’s systems environments, there are many factors that can impact software quality assurance.
Cyber threats are the elephant in the room. Most validation projects include IQ/OQ/PQ and UAT testing but do not address cyber threats at all. Can you really ensure that your validated environments are safe and secure without considering cybersecurity as part of your overall validation strategy? The International Software Testing Qualifications Board (ISTQB) defines software quality as “…The totality of functionality and features of a software product that bear on its ability to satisfy stated or implied needs…” Another definition is “…the degree of conformance to explicit or implicit requirements and expectations…” Finally, IEEE calls software quality “…The degree to which a system, component, or process meets specified requirements, customer, user needs or expectations…” As shown by the definitions above, software quality is somewhat subjective.
Data integrity is also a critical concern for validated systems. It is also a key imperative for software quality. Data integrity is a hot topic lately and generally refers to the accuracy and consistency of information stored in corporate databases, data warehouses or other such constructs. Data integrity ensures that information is accurate and reliable and in today’s environments, legally defensible. The accuracy and trustworthiness of data within your systems MUST NOT be in question.
Why is data integrity so important? Because companies make decisions routinely bases on information housed within corporate databases.
The lack of data integrity over the lifecycle of a system could cause adulterated product to get to the market, incorrect shipping of controlled materials/substances, and a wide variety of issues affecting the quality, safety and efficacy of a company’s products. Data integrity is not the purview of technology alone. To manage data integrity in the broadest sense requires people, processes and technology.
The ALCOA principle as highlighted in the figure below requires that data be attributable to the individual responsible for recording the data/activity. The “L” in ALCOA means that information must be clear and legible after it is recorded and permanent. The “C” in ALCOA means that the data must be recorded at the time it was generated. The “O” means data must be preserved in a unaltered state. The final “A” in ALCOA means that data must be accurate and reflect the action or observation made. Modifications must be explained if they are not self-explanatory.
No matter what the definition, software quality is all about providing assurance that a system is suitable for its intended use in some way. We confirm this through testing. However, it should be noted that testing alone cannot in and of itself ensure software quality. Testing merely provides a level of assurance or confidence in a software application under specific controlled conditions.
You cannot discuss software quality without a discussion on data integrity. To derive the true meaning of software quality it is important to consider the following key activities:
- Establish SOPs That Provide Governance For Software Quality Assurance and Data Integrity
- Document Everything (if its not documented, it didn’t happen)
- Establish a Rigorous Software Change Management Process
- Attain Level 5 Validation Processes Through Automation
- Enforce Standards For Testing and Documentation
- Identify Track and Manage Software Quality Metrics and KPIs
- Conduct Positive and Negative Software Testing
The first step on your way to software quality and data integrity is to establish and follow procedures that provide governance over the process. You must have procedures that cover everything from validation to data integrity, automation, and everything in between. Secondly, you must document everything you do to ensure software quality and integrity. Third, you must establish a rigorous software change management process that helps track and manage all changes made to a cloud-based or on-premise system and who made the changes and why.
Forth, you must drive your organization to Level 5 validation processes. This is derived from the validation capability maturity model as illustrated in the figure below.
Level 5 validation means your processes are automated and optimized in a way to ensure quality and compliance. Fifth, you must enforce all standards for testing and documentation. This will also require Level 5 automation to achieve your objectives. Sixth, you must identify and track software quality metrics. You cannot achieve what you don’t measure. Peter Drucker often said “… you can’t manage what you can’t measure…” He also said “… what gets measured gets improved…” You must identify and track metrics to ensure you stay on track.
And finally, in all of your validation testing, conduct positive and negative testing against applications. The FDA states in the General Principles of Software Validation; Final Guidance For Industry and FDA Staff issued on Jan 11, 2002, that “… A good test case has a high probability of exposing an error; A successful test is one that finds an error…” This may be somewhat counter-intuitive but I am often stunned at how many validation test scripts are written so that they PASS rather than written to discover an error. A good software test will reveal errors if written correctly. When I interrogate applications, I often am looking to reveal problems that may arise during production.
It has been often said that software quality is no accident. It is the deliberate result of intelligent planning, hard work and rigorous execution.
Software quality is NOT error or bug-free software. It is about software that is of high quality and sufficiently meets the demands and expectations of the end user community. AUTOMATION IS KEY. Automated testing helps easily replicate tests, increases test coverage, reduces errors, improves consistency, and delivers automated traceability enabling more software defects to be discovered and addressed.
The issues surrounding software quality and data integrity are increasing across the globe. Your organization must be ready to deal with the challenges presented by these issues. WILL YOUR ORGANIZATION BE READY ?- Think about it.