Automation of Software Development Life Cycle (SDLC)
FDA’s Center for Devices and Radiological Health (CDRH) intends to publish a new guideline in the Fiscal Year 2021 (FY 2021) [R1]; “Computer Software Assurance (CSA) for Manufacturing, Operations, and Quality System Software”. The emphasis is shifting from a traditional CSV approach to an agile approach by adopting critical thinking and risk-based methodology to establish the optimum level of testing and documentation required whilst ensuring that the system meets its intended use.
Computer System Validation requirements can then be established by adopting an Agile methodology, using Critical Thinking, and a Risk-Based Validation approach methodology–
‘Old wine in new bottle’ [R2].
A true Agile Quality System purely relies on ‘paperless‘ records as deliverables instead of a hybrid of documents and records.
Imagine you have all your software development processes fully automated. The automated system we are speaking about determines the system classification and supports activities including Risk Assessment, Code Review, Technical Review, Unit Testing, Performance Testing and Sanity Checks on automated deployments. It provides traceability for the user requirements to the test documentation whilst maintaining compliance with the business processes and applicable regulations.
The lifecycle of software can be viewed as a series of progressive stages, each of which can be automated to varying levels. The implementation of Automation, AI-powered tools, and Machine Learning are changing the manner in which software is developed within its business process, presenting an immense opportunity for companies to boost performance whilst adding value and remaining compliant. It facilitates streamlining a multitude of processes from resource allocation and management of testing activities whilst delivering value.
It is expected that the role of Quality will shift from a retrospective approach (i.e., review and approval of production in paper or hybrid forms) to a more proactive and strategic role, that adopts critical thinking to make quality decisions to ensure that the system is fit for its intended use. Critical thinking is a systematic, rational, and disciplined process for evaluating information from various perspectives to yield a balanced and well-reasoned answer [R3].
KVALITO provides technical, regulatory and compliance expertise throughout the software development lifecycle process, including Computer Systems Validation (CSV) / Computer Software Assurance (CSA), ‘Agile’ Software Development Life Cycle (SDLC), Data Integrity, Data Migration and Automation services. These services are tailored to meet the needs of each client.
The benefits of automation apply to almost any business process, so KVALITO helps clients unleash productivity, precision, and efficiency across their operations.
In our technologically driven markets, we are being exposed to greater competition and challenges from a business and compliance perspective. Healthcare companies find themselves under increasing pressure to develop their processes to raise productivity and minimise delays with production, operations, maintenance, and R&D as well as software development activities, whilst remaining relevant to business strategy.
Products such as Software as Medical Device (SaMD), Manufacturing and Laboratory systems (e.g., LIMS), EDMS (Electronic Documentation Management Systems) must meet rigorous quality and regulatory standards, lead to positive patient outcomes, and be brought swiftly to market.
Businesses may find themselves outsourcing the development, testing, and maintenance of their applications to multiple suppliers across the globe. This creates recurring bottlenecks and higher risk, accompanied by an added continued challenge to ensure that the systems are fit for their intended use and comply with the applicable regulations.
Whether you are a contract manufacturer, contract laboratory or a pharmaceutical/medical device company, when it comes to custom software development, a thorough understanding of a client’s business and quality requirements are critical.
KVALITO and its software engineering partner also develop algorithms and apply Machine Learning (ML) and Artificial Intelligence (AI) powered tools to provide a detailed analysis of each client’s requirements. Bringing all data into one place means KVALITO can determine the level of risk of the processes and design the necessary level of controls and testing to mitigate the risks.
Equally, centralising data ensures consistency in capturing requirements, allowing the algorithms to learn from the data over time and be developed accordingly.
Reliance on manual/hybrid processes
Historically it was deemed suitable to rely on software development processes that were traditionally manual. A paper-based approach can lead to having an overly complex risk assessment process. Delays in testing by using lengthy test scripts that may incur test script errors can potentially lead to the generation of deviations or defects, which can impact the validation activities and the release of the system.
Paper and electronic record and signature components can co-exist (i.e., a hybrid situation) as long as the predicate rule requirements are met and the content and meaning of those records are preserved. [R4].
Identify the requirements. The key is to focus on the high-level goals you have for automation and determine where it can have the strongest impact. Requirements are organised in an agile manner (known as stories and epics). Each of these will follow a structured path for delivering the required application features whilst demonstrating compliance with company processes and regulations. Collaborative tools such as JIRA and Confluence allow for the efficient management and automation of these requirements.
Automation works optimally in a sound framework founded on quality and traceability principles. It is recommended to evaluate your present-day software development processes for the workforce and your business processes and address any technology gaps.
What KVALITO did
KVALITO has supported client projects as follows:
- Conceptual Design and Prototyping
- KVALITO worked with the clients for the proof of concept firstly and then designed and created an accurate workflow before automating. This translated to increased compliance management for our clients from patient safety, product quality and data integrity perspective.
- Automation of Software Development Life Cycle (SDLC)
- KVALITO designed, developed and deployed paperless SDLC systems and tools (i.e., JIRA/Confluence/X-Ray)
- Established Quality by design and Traceability throughout the client Software Development Lifecycle System. Built-in Business Intelligence into the SDLC process i.e., KPIs.
- Transformed SDLC systems from Waterfall to Agile with necessary changes to the Quality Management System.
- Specified critical to quality requirements to ensure patient safety, product quality and data integrity as well-intended use of the system was met.
- Accountable for CSV deliverables including Compliance / Validation Plans, URS, Risk Assessment, Design and Analysis, Technical Documents (Configuration, Functional and Technical Specifications), Software Development documentation, Testing (Unit, functional, integration), Traceability Matrix, Test Scripts and Validation Reports.
- Automated Testing
- Supported GxP relevant project as “Independent Quality” to support Testing Strategy and Test Planning.
- Supported test execution following different methodologies (i.e., Agile, V-Model) using a risk-based validation approach.
- Lead the delivery of IQs, OQs and
- Supported Deviations management and closure.
- Established CAPA Actions coming for testing failures or non-expected results and followed up on their resolution.
- Continuous Integration/Continuous Deployment (CI/CD)
- Managed projects with a focus on CSA automation where CI/CD was common practice automation where CI/CD was common practice
- Followed DevOps best practice to apply in GxP regulated environments such as:
- Cell & Gene / Personalised Medicine
- Marketing and Commercial
- Technical Operations and Quality Management Systems
- Technical Research and Development
- Supply Chain
- Research and Development
- Quality Support
- Supported GxP relevant projects as “Independent Quality”.
- Ensured compliance with GxP, business and HA regulation, including (FDA 21 CFR Part 11 [R5]/ Eudralex Annex 11 [R6]).
- Supported Remediation during Mergers and Acquisitions for migration of the content of documentation from acquired company to buyer company QMS.
- Supported Multi-site Projects (up to 100 countries, incl. multi-languages).
- Guided and lead project teams based on Critical Quality requirements.
- Adaption of V-model to Agile methodology on GxP projects.
- Automation of production of CSA records (including records for monitoring vulnerabilities and signal detection)
- Implementation and validation of eDMS for SW development, Clinical trials (Documentum).
- Ensured Good Documentation Practice awareness and training during project and transition to operations.
- Authoring and Quality Assurance of Qualification and Validation
- Emerging Technologies
- Implemented and validated Artificial Intelligence and Machine Learning solutions for Business Departments (Portfolio Management, Drug development).
- Lead Qualification (technologies like Data Platforms, AI, ML Semantic Search and Process Automation)
- Implemented and validated the following;
- Automatic Data Verification Tools -For Marketing, Commercial and Regulatory Affairs Business Intelligence and Visualisation.).
- Semantic Search Platform to provide corporate broad search capabilities.
- Big Data visualisation tool for managing the overall business product portfolio (i.e., drug, therapies) of a company during the lifecycle of each product. Migration from several Databases to a single Data Lake. Databases to a single Data Lake.
- Robotic Process Automation (RPA)for moving newly produced software to Production environment. Rule-based automation. Coding review.
- Classification Engine for Adverse Reactions, Product Complaints and Medical Information Request. Multiple languages platform.
- IoT and Blockchain PaaS connected to products, plants, systems, machines, enterprise applications and legacy Databases.
- Implementation of a Bayesian Multilevel Monitoring (BMLM) system based on open-source R Language tool used.tool used.
- Designed the concept for Segregation of regulated data from Marketing and Commercial systems.
- Developed the strategy for the client’s vendor selection processes for Cloud-Based solutions.
- Validation of the selected Cloud provider solution (i.e., Salesforce, Veeva, Amazon, SAP, MindSphere).
People, Processes and Tools
- Agile Coach
- Scrum Master
- Product Owner
- Business Analyst
- Computer Systems Validation Expert
- Data Integrity Expert
- Project Manager
- Quality Manager
- Validation Lead
- Test Manager
- Software Engineer
- Data Scientist
- AI Engineer
- Software Development Life Cycle
- Risk Management
- Data Integrity
- GAMP 5
- GAP Assessments – Manual vs Agile processes
- CSV/CSA Training
Tools and Technologies
KVALITO can help clients automate processes using the latest technology that can be tailored to meet the client needs. This will help to boost productivity, improve quality and enhance business performance across the board.
- MS Azure
- HP ALM
- HP ServiceDesk
- HP Quality Center
- SAP Solution Manager
- Veeva Life Cycle Management
- SAP BI
- IBM Watson
Benefits of an Automated System
- Processes are included on the tool as per design. The system guides you to follow a structured path through the SDLC process.
- Records are produced during the development process, are stored centrally, and can be easily accessed.
- Avoids duplication and discrepancies on different records, as the records are created automatically by the system.
- Compliance with regulations and standards through the system classification that can automatically trigger which records are required.
- Traceability of all records can be assured by design. There is no need to produce separate documentation such as a Traceability Matrix or a Risk Assessment.
- Audit trail is included in the system.
- Capability to electronically sign a record in compliance with FDA 21CFR Part 11.
- Users authentication is verified using MS Active Directory or LDAP.
- Using an agile methodology supports the appropriate allocation of talent and project tracking:
- improved assignment to suitable projects
- avoid under or over/under allocation of resources
- notification of tasks requiring completion
- higher employee accountability for their deliverables and work
- Faster delivery of software products.
- Leaner processes and more effective compliance regarding patient safety, product quality and data integrity to meet the Regulatory Requirements.
- Increased productivity and immediate feedback, as processes are managed in the background by the tool.
- Reduction of manual tasks and decrease the possibility of human errors.
- Full traceability and generation of a single source of CSV/CSA and DI Records and Data.
- Focus on value-adding tasks and reduce the level of deviations.
- Increased precision, speed, and performance to produce large-scale applications on time.
- Higher accuracy and dependability of data brings inherent value to decision-making processes.
- Increased product quality using AI-powered tools (i.e., detecting and correcting errors in code).
- Scrum Master can better allocate precise time, resources and budget to a given deliverable.
- Agile work management system, using an integrated responsibilities matrix concept, allocates tasks based on employee knowledge, level of expertise, and estimated job duration.
Clients / References
- [R1] www.fda.gov/medical-devices/guidance-documents-medical-devices-and-radiation-emitting-products/cdrh-proposed-guidances-fiscal-year-2021-fy-2021
- [R2] KVALITO Article Link: Risk-Based Computerized System Validation (CSV) and Computer Software Assurance (CSA) – Old Wine in a New Bottle? | Kvalito.
- [R3] GAMP Guidance – Records and Data Integrity Guide.
- [R4] FDA Guidance for Industry Part 11, Electronic Records; Electronic Signatures — Scope and Application.
- [R5] FDA 21 CFR Part 11 Electronic Records; Electronic Signature.
- [R6] Eudralex -Volume 4 Good Manufacturing Practice Medicinal Products for Human and Veterinary Use Annex 11: Computerised Systems.