Saba Cloud Validated Environment Managed Services (VEMS)

Similar documents
HR Data Visualization and Validation Making Big Data Actionable

Mergers and Acquisitions

Maximize Your Workday HCM Investment

Top Five Metrics for Workforce Analytics

Managing an Organization s Largest Cost: The Workforce

Brochure. Retain Package

Policy Document. Customer Support Policy: Saba Enterprise Cloud

Leadership: The One Skill Needed at All Levels of Your Organization

The SaaS LMS and Total Cost of Ownership in FDA-Regulated Companies

Medical Device Training Program 2015

INTRODUCTION. This book offers a systematic, ten-step approach, from the decision to validate to

TIBCO Spotfire and S+ Product Family

Epicor Manufacturing. Express Edition

COTS Validation Post FDA & Other Regulations

Product Lifecycle Management in the Medical Device Industry. An Oracle White Paper Updated January 2008

The Six Triggers for Using Data Center Infrastructure Management Tools

An Epicor White Paper. Improve Scheduling, Production, and Quality Using Cloud ERP

Key Issues for Identity and Access Management, 2008

Onboarding with Saba Cloud

Data in the Cloud: The Changing Nature of Managing Data Delivery

A Model for Training/Qualification Record Validation within the Talent Management System

Managing IT Risks During Cost-Cutting Periods

Roundup of Business Intelligence and Information Management Research, 1Q08

CDOs Should Use IT Governance and Risk Compliance Management to Advance Compliance

An Epicor White Paper. Improve Scheduling, Production, and Quality Using Cloud ERP

Qualification Guideline

Improve Scheduling Production and Quality Using SaaS ERP. An Epicor White Paper

Regulated Applications in the Cloud

Cloud IaaS: Security Considerations

Expre Expr ss Edition ess Edition

When to Use Custom, Proprietary, Open-Source or Community Source Software in the Cloud

The Impact of 21 CFR Part 11 on Product Development

Agenda for Supply Chain Strategy and Enablers, 2012

Considerations When Validating Your Analyst Software Per GAMP 5

Cloud ERP for Job Shops and Manufacturers. An Epicor White Paper

ComplianceSP TM on SharePoint. Complete Document & Process Management for Life Sciences on SharePoint 2010 & 2013

How To Create A Cloud Computing System

Modify Your Storage Backup Plan to Improve Data Management and Reduce Cost

Top 10 reasons to move to the cloud

Validated SaaS LMS SuccessFactors Viability

Validation Consultant

Validation of a Cloud-Based ERP system, in practice. Regulatory Affairs Conference Raleigh. 8Th September 2014

In the North American E-Signature Market, SaaS Offerings Are Increasingly in Demand

Best Practices for Confirming Software Inventories in Software Asset Management

Critical Privacy Questions to Ask an HCM/CRM SaaS Provider

BES12 Cloud Migration Program Description ( BES12 Cloud Migration Program Description )

Savvis IT Infrastructure. The Savvis Converged Cloud A secure, high-performance cloud infrastructure

IBM Cognos TM1 on Cloud Solution scalability with rapid time to value

An Epicor White Paper. Understanding ERP Deployment Choices

Recognize the Importance of Digital Marketing

For cloud services to deliver their promised value, they must be underpinned by effective and efficient processes.

Cloud, SaaS, Hosting and Other Off-Premises Computing Models

An Oracle White Paper September Oracle Database and the Oracle Database Cloud

Vendor Focus for IBM Global Services: Consulting Services for Cloud Computing

Eclipsys Sunrise Clinical Manager Enterprise Electronic Medical Record (SCM) and Title 21 Code of Federal Regulations Part 11 (21CFR11)

Emerging PC Life Cycle Configuration Management Vendors

Using SharePoint 2013 for Managing Regulated Content in the Life Sciences. Presented by Paul Fenton President and CEO, Montrium

Computer System Validation - It s More Than Just Testing

Electronic records and electronic signatures in the regulated environment of the pharmaceutical and medical device industries

Complete Document & Process Management for Life Sciences on SharePoint 2010

Research. Mastering Master Data Management

Establishing a Strategy for Database Security Is No Longer Optional

Q&A: The Many Aspects of Private Cloud Computing

The Electronic Signature Market Is Poised to Take Off

Epicor. Human Capital Management Express Overview

GAMP5 - a lifecycle management framework for customized bioprocess solutions

Iron Mountain's acquisition of Mimosa Systems addresses concerns from prospective customers who had questions about Mimosa's long-term viability.

Learning Management System Evaluation Guide

e-signatures: Making Paperless Validation a Reality

CHECKLIST: Top 10 reasons to move to the cloud

Overcoming the Gap Between Business Intelligence and Decision Support

Gartner's View on 'Bring Your Own' in Client Computing

Compliance and the Cloud. Guiding principles and architecture for addressing Life Science compliance in the cloud

Private Cloud Computing: An Essential Overview

Clients That Don't Segment Their Network Infrastructure Will Have Higher Costs and Increased Vendor Lock-in

X.509 Certificate Management: Avoiding Downtime and Brand Damage

Validation Best Practice for a SaaS

The IT Service Desk Market Is Ready for SaaS

Governance Is an Essential Building Block for Enterprise Information Management

BlackBerry Business Cloud Services. Version: Release Notes

GAMP 5 as a Suitable Framework for Validation of Electronic Document Management Systems On Premise and 'In the Cloud' Keith Williams CEO GxPi

Introduction to Cloud Computing What is SaaS? Conventional vs. SaaS Methodologies Validation Requirements Change Management Q&A

Validating Enterprise Systems: A Practical Guide

Reduce Trial Costs While Increasing Study Speed and Data Quality with Oracle Siebel CTMS Cloud Service

OneShield.com Leadership. Service. Technology. That s our policy.

Backup and Disaster Recovery Modernization Is No Longer a Luxury, but a Business Necessity

Solution Path: Threats and Vulnerabilities

Transcription:

Saba Cloud Validated Environment Managed Services (VEMS) White Paper

White Paper > Saba Cloud Validated Environment Managed Services (VEMS) Companies operating in highly regulated industries, such as drug makers, medical device manufacturers, biotech companies, biologics developers, life science companies, and food manufacturers are subject to rigorous compliance requirements set forth by the regulatory bodies in the countries in which they operate. These compliance requirements dictate among other things how electronic records and related e-signatures should be kept within validated computerized systems. U.S. FDA Title 21 CFR Part 11 In the United States, Title 21 of the Code of Federal Regulations (CFR) Part 11 defines the criteria under which electronic records and signatures are considered to be trustworthy, reliable, and equivalent to paper records and handwritten signatures. Part 11 requires controls including audits, system validations, electronic signatures, and documentation for software and systems involved in processing electronic data that are (a) required to be maintained by the FDA predicate rules or (b) used to demonstrate compliance to a predicate rule. Requirements include, for example, certain provisions of the Current Good Manufacturing Practice regulations (21 CFR Part 211) or the Quality System regulation (21 CFR Part 820). Specific to a Learning Management System (LMS) or Assessment Management System (AMS), given they are only used in support of the implementation of regulated industries Quality Systems, they may or may not need to be validated to the same degree as, for example, software used as components in the product design and manufacturing processes. EU Regulatory Guidance In the European Union, the latest guidance from the European Commission s Directorate-General for Health and Consumers on Annex11: Computerized Systems infers that manufacturers should be able to justify their standards, protocols, acceptance criteria, procedures, and records based on their risk assessment. Together with the stipulation that LMS/AMS applications have an indirect impact on life sciences product quality and consumer safety, it would stand to reason that they should not be treated (from a risk-based perspective) like firmware/software used in direct control of design and manufacturing processes. Accordingly, some manufacturers might subscribe to the notion that their LMS/AMS validation might be exercised in somewhat discretionary manner, given that the competence and reliability of a supplier can be established by assessing the supplier s established procedures that produce change tracking records accumulated within timesequenced documentation. Saba Experience Saba, founded in 1997, decided as part of its initial market segmentation to cater to 21 CFR Part 11 requirements and as such developed its software platform to support trustworthy and reliable electronic records with associated audit trails. As a result, Saba has attracted a significant portion of top global Fortune 50 life sciences organizations as its customers and, more importantly, has sustained them as long-term customers. Some of these customers have started to migrate into the cloud by moving their Saba implementations from behind their corporate firewalls into Saba SaaS Cloud. 2

Saba Cloud is a software application suite that is rendered as Software as a Service (SaaS) (see Figure 1 to the right). As its core functionality the application stores user profiles and training compliance information such as transcripts and certifications, and it meets the provisions set forth in 21 CFR Part 11 by sustaining a closed system by implementing functionalities that guarantee user account uniqueness, native password administration controls, and silent or verbose audit trails, as well as e-signatures triggered by end-user actions that require user confirmation to complete tasks within application workflows. Another requirement that the FDA imposes on its regulated industries is that it puts the impetus on organizations to validate whether software applications are developed and tested according to current Good Manufacturing Practices (cgmps) defined by the FDA. In this regard, too, Saba has well-documented internal quality standards for software development, and we have had all of our life sciences regulated customers audit us against our application Software Development Life Cycle (SDLC), as well as our methodologies in support of Installation, Operational and Performance Qualification (IQ/OQ/PQ) activities pertaining to our customers Deployed Application Environments. In every instance, without exception, Saba application suite SDLC and deployments have been accepted by the auditors and subsequently by regulators. Saba Cloud application suite and its core LMS functionality is rendered via a shared infrastructure SaaS model as depicted in the National Institute of Standards and Technology (NIST) abstractions in Figure 1. Current FDA IQ/OQ/PQ guidelines only pertain to computerized systems with infrastructure dedicated to a single organization and hosted in-house or via an external IaaS provider. As of the time of this writing, FDA guidelines have not been updated to define best practices for validating Cloud SaaS deployments, so Saba has put forward the following proposed framework. Cloud Provider Application Platform Architecture Virtualized Infrastructure Hardware Facility Cloud Consumer Figure 1: Differences in Scope and Control among Cloud Services Models Pursuant to NIST definitions, SaaS on shared infrastructure implies the Cloud Consumer would entrust the Cloud Provider to sustain the four infrastructure tiers below the Application tier as long as the Cloud Provider internal change control procedures are assessed by third-party American Institute of Certified Public Accountants (AICAP) accounting firms and produce annual attestations of Cloud Provider compliance to SSAE16 or similar internal frameworks for security and availability. Accordingly, infrastructure (the bottom four tiers below Application) changes are not subject to Cloud Consumer approval or review, and where a change cannot be fully verified by the Cloud Consumer, it shall be validated with a high degree of assurance and approved by the Cloud Provider according to established procedures. 3

White Paper > Saba Cloud Validated Environment Managed Services (VEMS) With the above framework in mind and the stipulation that an LMS application has an indirect impact on life sciences product quality and patient safety, some life sciences organizations might agree that LMS validation activities might be viewed as somewhat discretionary, especially since an LMS is not used to perform the transactions below: Control data supporting regulatory safety and efficacy submissions Control critical parameters or data used at any stage, including pre-clinical, clinical, development, and manufacturing Control or provide data for product release Control data required in case of product recall Control adverse event or complaint recording or reporting Saba Cloud Validated Environment Managed Service (VEMS) With the recent demand for transition into the cloud and in keeping with our ongoing strategy and success in leading the market, Saba has developed a new set of services that helps our regulated customers maintain validation compliance for their Saba Cloud SaaS environment via a comprehensive set of Application-tier pre-go-live validation services and postgo-live change tracking documentation. This new program is called Validated Environment Managed Service (VEMS) and is described in more detail below. Specific to post-go-live Continuous Validation, the proposed deferred validation model relies on the Saba Operations teams to validate all application software updates before approval for production use. Essentially, Saba performs Operational Qualification with a high degree of assurance according to established procedures, providing prospective and proactive accountability. A few weeks prior to Saba Cloud updates, customer is provided application software Functionality Change training followed by an opportunity to sandbox net changes to their application instance inside a QA site (and get prepared for potential, if any, upcoming changes to the Production site), before the Multi-Tenant Production Saba Cloud is updated. The above, together with open access to Sabaproduced application validation records, serves as both reactive and retrospective accountability that our customers can demonstrate to regulators at any time. Moreover, the proposed model enables our customer project teams to reduce their reliance on in-house validation support resources, hence eliminating the risk of losing application support (from vendor/supplier) due to inability to update their LMS as a result of IT and quality control resource scarcity. Saba Cloud VEMS is designed to help our regulated customers maintain ongoing validation compliance for their Saba Cloud shared infrastructure SaaS environments. Saba Cloud customers who use discretion about validation of their LMS may choose to defer some aspects of pre-go-live Initial Implementation Validation and post-go-live Application Change Tracking to the Cloud Provider. The Saba Cloud Multi-Tenant Application Validation model is comprised of: New implementation support services including Application validation (IQ/OQ/PQ). Please see Table 1. Post-go-live Continuous Validation of Application changes. Please see Table 1. 4

Table 1 Saba Cloud VEMS Phases IMPLEMENTATION PHASE APPLICATION CHANGE TRACKING PHASE Fixed-Fee Consulting Service Pre-Go-Live Audit: Saba facilitates requests to verify application software SDLC, deployment methodology, production support operations, and optionally co-lo facility Validation Package Creation: Performed by Saba Consulting and Customer Team, utilizing Saba Good Documentation Practices (GDP) Application Configuration Blueprint document suite (includes Traceability Matrix linking Requirements, Configuration Specifications, and UAT scripts) IQ Documentation: Executed by Saba Cloud Ops, using Saba IQ templates and GDP OQ/PQ Documentation: Saba Education provides sample Job Aids to enable UAT scripts creation Documented evidence that software components and integrated system perform as required and expected (including UAT execution/sign-offs by customer project team) Customer has option to maintain all IQ/OQ/PQ artifacts in the Saba-provided private documentation library, easily accessible at any time by customer-named contacts Monthly Fee; Co-Terminus With SaaS Subscription Formal processes track application functionality changes via change control request and approval records maintained within Saba release planning system of record Within a few weeks leading to each update: Application What s New training delivered to customers VEMS subscribers Cloud which is maintained at 1 Update cycle lower than Saba Public Cloud (enables approx. 10 weeks to validate current Update), is first Updated to current Update on Saba Public Cloud, before Saba Updates Public Cloud to next Update. Pursuant to each update to Saba Cloud, Saba performs summary Change Documentation, using Saba GDP-based change tracking forms, which include evidentiary summary of: Application Release Notes Release to Cloud Operations milestones, dates, and sign-offs IQ instructions and execution sign-off Change tracking forms maintained in private documentation library, easily accessible at any time by customer-named contacts Saba facilitates periodic requests for operational verifications, including third-party annual attestations for SaaS platform and operational compliance to Trust Services Principles (TSP) for security and availability, which include third-party reviews of Release To Operations cycles for Saba Cloud updates Value to VEMS Subscribers Rigorous Saba SDLC processes Standardized validation criteria Verified by independent 3rd party Access to meticulous documentation Significantly reduced customer resource requirements Lower overall operating cost Benefits of the Cloud with the flexibility to stage and validate Addresses risk of losing application support from Cloud Provider 5

www.saba.com Worldwide Headquarters Saba 2400 Bridge Parkway Redwood Shores CA 94065 United States Tel: +1-650-581-2500 Fax: +1-650-696-1773 EMEA Headquarters Saba Software (UK) Ltd. Circa The Ring Bracknell, Berkshire RG12 1AA United Kingdom Tel: +44 (0) 1344 382950 Fax: +44 (0) 1344 382951 India Headquarters Mumbai 506, 5th floor, C wing, Trade Star Andheri Kurla Road, JB Nagar Andheri East, Mumbai 400059 Tel: (+91-22) 66977222 Fax: (+91-22) 66978087 India Headquarters Pune Level 5, Muttha Tower Don Bosco Road Yerwada, Pune 411006 Tel: + 91 22-6706-6687 Japan Headquarters Saba Software K.K. 8F, Kayabacho Ekimae Bldg 2-11-8 Kayabacho Nihonbashi Chuo-ku Tokyo 103-0025 Japan Tel: +81-3-5649-1201 Fax: +81-3-5649-1202 http://japan.saba.com Asia-Pacific Headquarters Saba Software Pty. Ltd. Level 6, 61 York Street Sydney NSW 2000 Australia Tel: +61-2-8622-7563 Fax: +61-2-8622-7550 São Paulo, Brazil Saba Edificio Rochaverá Corporate Towers Marble Tower Av. das Nações Unidas 14171 15º andar Morumbi São Paulo Cep 04794-000 Brasil Tel: +55 11 3568-2419 Fax: +55 11 3568-2200 Toronto, Canada Saba Software (Canada) Inc. 4950 Yonge St. Suite 2200 North York, Ontario M2N 6K1 Tel: +1-416-221-7426 Saba delivers a cloud-based Intelligent Talent Management solution used by leading organizations worldwide to hire, develop, engage, and inspire their people. Intelligent Talent Management uses machine learning to offer proactive, personalized recommendations on candidates, connections, and content to help your employees and organization lead and succeed. 2014 Saba Software, Inc. All rights reserved. Saba, the Saba logo, and the marks relating to Saba products and services referenced herein are either trademarks or registered trademarks of Saba Software, Inc. or its affiliates. All other trademarks are the property of their respective owners. Saba 2400 Bridge Parkway Redwood Shores CA 94065-1166 USA (+1) 877.SABA.101 or (+1) 650.779.2791 www.saba.com wp_9/14

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information