Given how common it has become in our everyday lives, you’re probably already familiar with the concept of Software as a Service (SaaS). And if you’ve been following our blog, you’re probably well aware that SaaS has extended its reach into the world of informatics and LIMS – including LabVantage.
The key benefit of SaaS? You get access to software that you don’t need to install or update – and without the need to maintain any IT infrastructure.
There are a lot of good things to say about the SaaS model in general, and about SaaS LIMS in particular. For example, a SaaS LIMS:
- is a cost-effective way to run a state-of-the-art LIMS.
- can save labs from significant downtime.
- runs on most modern devices (i.e., workstations, laptops and mobile devices).
- has fewer security concerns than traditional software.
Like all regulated technologies, LIMS require verification and validation to qualify them for use in life sciences work. This post will cover some of the aspects that an organization purchasing a SaaS LIMS should consider when looking for evidence of these essential qualifications.
Verification vs. Validation
Software compliance can be broken into two steps — verification and validation. Here are definitions as they apply to life sciences software:
- “Software verification provides objective evidence that the design outputs of a particular phase of the software development life cycle meet all of the specified requirements for that phase. Software verification looks for consistency, completeness, and correctness of the software and its supporting documentation, as it is being developed, and provides support for a subsequent conclusion that software is validated.”
- “Software validation is…confirmation by examination and provision of objective evidence that software specifications conform to user needs and intended uses, and that the particular requirements implemented through software can be consistently fulfilled.”
While it is easy to confuse these two concepts, it’s essential to understand how they build upon each other to deliver a validated system. While it may be oversimplifying a bit, it can be helpful to think of verification as an inspection, and validation as a “test run” — or an “I’m going to log into the system and see it perform” kind of activity. The reality is a bit more complicated, but this is a useful analogy if you’re new to distinguishing between these concepts.
FDA validation is further broken down into three phases:
- Installation Qualification (IQ) validates that process equipment and ancillary systems are compliant with appropriate codes and approved design intentions, and that manufacturer’s recommendations are suitably considered.
- Operational qualification (OQ) establishes that process equipment and sub-systems are capable of consistently operating within established limits and tolerances.
- Performance Qualification (PQ) tests the process in simulated real-world scenarios to ensure that it’s effective and reproducible.
Let’s take a look at how these concepts play out in a SaaS LIMS.
Overall Infrastructure Verification
When SaaS LIMS is added to an existing infrastructure, the question is: “Was the original infrastructure installed and maintained in a controlled manner, and can objective evidence be provided to support those activities?” For this reason, certification to quality standards is an important aspect of choosing a SaaS LIMS vendor when computer system validation is required.
Look for vendors that maintain ISO 27001 and 9001 certifications. These regulations require vendors to demonstrate an appropriate quality mindset when maintaining your system. They also require ongoing, third-party certification audits to ensure that these quality practices are both in place and being followed in practice.
Elements of the overall infrastructure for which objective evidence might be submitted to a customer purchasing a validated SaaS LIMS include:
- The networking environment — In a virtualized hosting situation like AWS, this would be the Virtual Private Cloud (VPC). Along with the virtual network, the networking environment consists of the setup and configuration of network gateways to the Internet, a gateway to the vendor’s network for support activities, and more. It also includes the configuration of secure protocols such as HTTPS, encrypted connections between infrastructure components like application servers and databases, the configuration of security groups, firewalls, etc.
- The database — Assuming the SaaS LIMS is being added to an existing database that supports SaaS multi-tenancy, you should look for evidence of controlled installation and control on changes.
- The application servers — It’s not uncommon for SaaS LIMS vendors to add new customers to an existing cluster of application servers. As with database controls, you should look for objective evidence that the SaaS environment was controlled before your LIMS was added.
Customer Infrastructure Verification
Once you have objective evidence verifying the overall infrastructure, you’ll want to look for evidence of control as it pertains to your own SaaS LIMS.
Integrating your SaaS LIMS into your computer network comes with additional security-related concerns. For instance, establishing a virtual private network (VPN) to your organization’s computer network and configuring the security and firewall protections between the SaaS system and your network.
There should be evidence of how your database or account was established. Regardless of whether a SaaS LIMS co-mingles data or maintains separate databases for your data, the establishment of that configuration should follow a repeatable – and documented – process. Similarly, look for evidence of how your LIMS application may have been added to an existing cluster of vendor application servers.
Let’s move on by examining some validation evidence that might be provided for SaaS LIMS.
Validating SaaS LIMS
As we dig into the meaning of validation, it’s important to understand the phrase “conform to user needs and intended uses.” This is typically interpreted to mean that software validation is executed on your system, for your products, and using your devices (instruments, etc.).
But how can the SaaS LIMS vendor help?
One of the essential deliverables that a SaaS LIMS vendor can provide is evidence that the system’s “out of the box” (OOB) functions perform as intended, given standard usage of features that meet the intended use for a general system of its type. In other words, for a Biobanking LIMS, can the vendor provide evidence that typical Biobanking functions can be performed accurately and reliably?
While this evidence won’t replace a PQ or System Acceptance Test (SAT) on your system, products and devices, this evidence can be used with a risk-based approach to reduce the amount of additional testing your PQ or SAT must include.
LabVantage Makes the Process Easy
A validated SaaS LIMS ensures the delivered system is managed and maintained in a controlled fashion. LabVantage SaaS can provide your organization with the necessary verification and validation package to conform to global GxP requirements and guidance. As a SaaS solution, LabVantage ensures that any changes made to the software during feature enhancements, upgrades, and updates are fully documented, tested, and reported to customers.
What are some other unique features of the LabVantage validated SaaS LIMS?
- LabVantage SaaS uses the widely respected global AWS cloud.
- LabVantage SaaS supports the connection of all instruments.
- All parts of the LabVantage software – including the ELN – are 100% browser-based.
- LabVantage is ISO 27001 certified, meeting the internationally recognized best practice framework for an Information Security Management System (ISMS).
Pre-packaged LabVantage LIMS which now offer SaaS validation are LabVantage Pharma, LabVantage Biobanking, and LabVantage COVID-19 LIMS.