Good Clinical Practice Guide
Results 1 to 3 of 3

Thread: Software as a service - software updates

  1. #1

    Software as a service - software updates

    Hi Everyone,

    I am currently performing vendor assessments on SaaS (Software as a service) remote EDC system, for use within a early phase CTIMP environment (UK).

    One thing that keeps re - occurring during my assessment is the validation of SaaS systems and the implications on computer systems validation (Changes post system provision from the vendor).

    Discussions with vendors, seems to elude to the fact that the systems can be updated without notification, updates cannot be paused or halted during the duration of a project, also meaning potential for testing mid trial, for updates not pertaining to the actual data of the project.

    Has any one had experience of performing validation testing on updated versions of EDCs during a project ? Has anyone had any issues with updates being performed ?

    Can any provide practice solutions or management/mitigating strategies for managing software updates, and patches for a SaaS ?

    Thanks in advance,

  2. #2
    Forum Member
    Join Date
    Apr 2017
    I've had experience of something similar (for software managing environment monitoring). I ensured that the software service provider gave me enough heads up about any patches and what they were that we could validate the patches ahead of time in the live environment. This was mitigated by that fact that environment monitoring could, in this case, be conducted manually so it wasn't unmitigated if something were to go awry. But, if you have a testing environment that you can test patches before they go live or have enough heads-up to evaluate changes then you are managing the issue. Fostering a good relationship with the vendor is key (although not always possible).

  3. #3
    Forum Member
    Join Date
    May 2017
    A good SaaS vendor should make very clear any changes to their system. There should be advance notice of updates, a description of what they involve, a discussion about risk/impact, and with time to review the changes locally, maybe on a sandbox system. If a vendor is pushing out changes without notice - unless related to very infrequent emergency hot fixes - I would consider this a red flag. I have seen this with a particular EDC vendor though, and in this specific case it demonstrated a bizarre lack of understanding on CSV regulations. Most vendors do a good job of handling changes though. Astillus makes a good point about the importance of relationships here.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts