Reveal the Unknown-Unknowns - The Risks in SaaS Based Applications

Reveal the Unknown-Unknowns - The Risks in SaaS Based Applications
December 17, 2020

For regulated companies, validating computer software may be  a burden but it is also a necessity. One of the most crucial aspects of software validation is risk analysis and identifying areas that might be impacted by software changes and upgrades.

In SaaS solutions, where applications usually come pre-built as an out-of-the-box solution and one-size-fits-all approach, it becomes impossible for professionals to successfully identify all the risks associated with the software and platform they are implementing.

In this diagram, we want to emphasize the areas where you do not want to find yourself in - the Reactive Zone, where the unknown-unknowns risks are. In this zone, in particular, we are not aware of things that could go wrong and once they do appear - we do not have the knowledge of how to fix them. This is the area where we need to put our best efforts forward, minimizing the risks  as much as possible.

Generally, using SaaS solutions has its advantages:

  • Lower costs of ownership - no infrastructure, maintenance or IT costs
  • Much more reliable - 24/7 up-time
  • Fast & flexible - shorter time to get it implemented

Looking at the differences between a traditional software implementation process and SaaS implementation, we can clearly see the advantages of implementing SaaS solutions. It usually takes less time to implement SaaS as it does not require on-premise installation or having to build the system from scratch.

However, software validation is still  essential for all software implementations. Even if you purchase off-the-shelf software solutions, in most instances,you will still need to make some modifications to align it with your own company’s processes.

Beware! SaaS has also introduced some new risks:
  • SaaS updates = unknown impact. A SaaS vendor may issue several new updates per year, which can expose your platform and/or applications to unknown impact. Even if you do receive advanced notice, or a validation package, you still need to make sure that your customized solution is not impacted in any way. This could happen several times a year and exhaust your validation resources.
  • Dependent on a human factor - many of the mistakes made during the validation process are unfortunately due to human error. The more people involved in the validation process, the less consistent and more error prone it becomes.
  • It's a long and costly process - this is true of any validation process.

Our focus is truly on digital transformation. It’s not only about going paperless, but  about improving the process and automating as much of the process as possible.

Embrace a risk-based approach:

The CSA approach is all about ownership >> analyzing the system and processes. The FDA states they do not want to pursue screenshots and step-by-step testing if we haven’t looked at the system from a quality perspective - meaning don’t just paint by numbers! We need to practice critical thinking and really own our system.
From a risk perspective, don’t blindly trust yourself to know and foresee everything in advance. If possible, have the machine help you and reveal the unknown-unknowns.

Automate & digitize:
  • Reduce human dependency.
  • Minimize recurring tasks.
  • Use your experienced personnel for critical thinking rather than for redundant tasks.
  • Create consistency and accuracy.
  • Save time  and money in the process.

All of this can be done with technical solutions, such as Validify, that can help with your validation activities, making them digital and more automated.

Faster implementation of changes:

When you improve your validation process, you also improve your software changes implementation process. Otherwise, you need to consider every change with its validation effort but when you automate the process, it becomes much easier and gives you the benefit of implementing changes and improving your users’ experience to be faster and more frequent.

Ongoing assurance:
  • Monitor and check your system more frequently.
  • Make sure to-be audit-ready at all times.
  • Don’t wait for the unknown-unknowns to catch you off guard!

It is now clear, how improving and upgrading your validation process, automating the process and  exposing any risks, will only help your transformation of digitized processes and support the implementation of any new changes to be significantly faster.  This will also help you in maintaining systems which work for your users while gaining an “audit ready” approach instead of a one time project task.

About Validify

Validify Inc. is a Salesforce partner, the vendor of Validify, a Salesforce application that automates the risk analysis and computer system validation (assurance) processes for regulated companies, managing their product related processes on the Salesforce platform. Validify is an automated solution providing risk analysis of any Salesforce org and generating all necessary verification and validation documents based on risk and other predefined, configurable parameters. Validify also provides a real-time status of your org’s compliance and identifies changes in your org automatically.

About the author

Ido Raz is a Co-Founder and CEO of Validify, a cloud technology and Salesforce enthusiast, former CTO of a Salesforce application company and PMP certified. With years of experience in Salesforce, design & delivery of compliance solutions for regulated industries.

Want to hear more or book a demo? Click here

Are you ready to move to the next generation of software validation?

Tell me more