Salesforce Computer System Validation in 2020 – Why? When? How?

Salesforce Computer System Validation in 2020 – Why? When? How?
January 02, 2020

The Salesforce platform receives updates 3 times a year automatically. Prior to these updates, Salesforce customers may ask for a preview of the next release in order to test and evaluate the impact of the release on the different installed applications. In addition to Salesforce, Salesforce-built applications (created by Salesforce partners) may also be updated from time to time, depending on vendors’ schedule and other considerations.


The Salesforce platform provides a great starting point from an IT and compliance perspectives as it already has some of the built-in functionalities required by regulated companies. However, it does not provide verification or validation documentation as required by the regulators and as expected by regulated companies under 21 CFR part 11 and ISO 13485, for example.


Companies that manage product related processes on their Salesforce platform, being standard or custom processes, are required to assess and, if necessary, validate these processes for every release of Salesforce and/or partner application.

In some cases, a third-party vendor of a Salesforce application may provide the initial validation package of their app or service, but the on-going validation and assessment of each release is ultimately the responsibility of the customer and usually requires additional planning and resources.


To validate the Salesforce platform, customers should first define the rationale and processes which require validation in their environment. The next step would be engaging an internal or external resource who can provide the expected assurance that the process is working as specified.

In the past year the FDA has stated in several occasions it will work intensely to update the current Computer System Validation: “FDA will Streamline Non-Product Computer System Validations: Drive a paradigm shift in applying value-driven and patient-focused approaches to streamline non-product software CSV. Focus on critical thinking and risk-based, agile approaches to validation and What streamlined documentation.[1]

This announcement, hand in hand with the evolving technology, allows companies to automate the validation process and significantly improve their system credibility while reducing workload for verification and validation to hours rather than weeks.

[1] Cisco Vicenty, CDRH Program Manager at FDA, FDA news,Vicenty-Enacting-the-Case-for-Quality.pdf

About Validify

Validify Inc. is a Salesforce partner, the vendor of Validify, a Salesforce application that automates the risk analysis and computer system validation (assurance) processes for regulated companies, managing their product related processes on the Salesforce platform. Validify is an automated solution providing risk analysis of any Salesforce org and generating all necessary verification and validation documents based on risk and other predefined, configurable parameters. Validify also provides a real-time status of your org’s compliance and identifies changes in your org automatically.

About the author

Ido Raz is a Co-Founder and CEO of Validify, a cloud technology and Salesforce enthusiast, former CTO of a Salesforce application company and PMP certified. With years of experience in Salesforce, design & delivery of compliance solutions for regulated industries.

Want to hear more or book a demo? Click here

Are you ready to move to the next generation of software validation?

Tell me more