March 13, 2022
As SaaS becomes increasingly popular and companies are relying more and more on SaaS platforms, managing risk has become essential. Most SaaS apps today use one of the common cloud platforms such as Sharepoint, AWS, Salesforce, or others. These platforms provide the infrastructure and data centers, while apps are built on top of these platforms to answer specific business needs.
The benefit of SaaS solutions is lower cost of ownership, reliability and flexibility. However, implementing and updating SaaS solutions of any kind can still take a long time, especially when there is a need to validate the application or solution.
The risks involved in moving to SaaS
Moving to SaaS based applications brought new risks with it, specifically when relating to the validation process.
The unknown impact of SaaS updates
There are two dimensions involved when looking at the impact of SaaS updates: awareness and knowledge. Companies rely on their applications team to review and identify the potential impact of these updates. As modern SaaS platforms usually provide a vast amount of functionalities, one must be highly familiar with the platform in order to identify the impact.
In some cases, we see knowledge gaps which make the impact assessment process very difficult and not effective. In other cases, not all organizations are aware of the impact, which can lead to potential issues and unknown risks.
The common SaaS platforms will provide 3-6 updates per year. This means we may have potential unknown risks several times a year and we are fully dependent on the same team to identify these risks.
Relying on humans when validating SaaS applications
We know from recent studies that a significant portion of the errors found in a validation process are due to human errors.
Human errors can relate to a few items:
Knowledge & skills - Not all teams have the necessary knowledge of the SaaS solution, especially if they were not part of the deployment team. The knowledge gaps may lead to different types of errors such as functional or documentation errors.
It is also common to find different deliverables when different individuals are writing or executing tests. Inconsistent deliverables make it harder to find your way around the system documents and make it harder for the testers to execute the tests.
Script and test execution errors are the most common human errors. It is safe to say that almost every time a system is manually tested, a script or test execution error will occur.
The technical differences between on-premise and cloud applications
In traditional solutions, you had to have an on premises installation with all the related costs that come with it. The implementation itself, meant building the system from scratch, a long and highly complex process. You would usually create a tailor-made solution and you would need to validate the entire system.
In a SaaS implementation, the product is available online with no physical installation needed.
Companies usually pick an off-the shelf product that allows them to reuse industry best practices. In certain cases, adjustments will be necessary, creating the need for validation.
While SaaS platforms offer a much better solution and allow for a much faster Implementation process, the validation process is still slow and manual and you are and you are losing control in terms of updates and changes.
Existing challenges when validating SaaS applications
Using shared SaaS platforms within the organization
As SaaS technology has developed, many organizations are using shared platforms with different business owners for different processes. Using shared platforms creates a challenge when some of the processes require validation.
Additionally, most SaaS platforms will come with a built-in setup to start with for each one of the processes and with a vast amount of separate processes.
The challenge: being able to separate unused processes from your validation scope and making sure you fully control the built-in functionality.
Frequent push upgrades
While we see many organizations replacing on-premises applications with cloud based applications, a frequent concern is determining system ownership. Many organizations are struggling with taking ownership of the system while allowing the vendor to keep updating the applications via push upgrades.
Before accepting the suggested setup, make sure you compare it to the existing SOPs in your organization and have the vendor in your approved vendor list as you will be highly dependent on their validation package and security best practices.
Why you should consider using automation in your validation cycle
- Automation is key in creating consistency and accuracy - automation and digitalization will help in creating clear and consistent deliverables.
- Save time & money - like in any other field, technology is the future. You can’t go digital and keep your historic manual process. Now’s the time to embrace automation.
- Automation allows you to use experienced personnel for critical thinking, rather than repeatable tasks. Performing the validation activities is still the company’s responsibility. Focus the efforts of your team on the important risks.
- Automation reduces human dependency which is one of the main reasons for errors.
- Automation minimizes recurring tasks in the process and makes it more effective and efficient. This is especially true when implementing an ongoing approach.
Validify Inc. is a Salesforce partner, the vendor of Validify, a Salesforce application that automates the risk analysis and computer system validation (assurance) processes for regulated companies, managing their product related processes on the Salesforce platform. Validify is an automated solution providing risk analysis of any Salesforce org and generating all necessary verification and validation documents based on risk and other predefined, configurable parameters. Validify also provides a real-time status of your org’s compliance and identifies changes in your org automatically.
About the author
Ido Raz is a Co-Founder and CEO of Validify, a cloud technology and Salesforce enthusiast, former CTO of a Salesforce application company and PMP certified. With years of experience in Salesforce, design & delivery of compliance solutions for regulated industries.
Want to hear more or book a demo? Click here