SaaS, short for Software as a Service, is a method by which applications are delivered over the Internet. Also called on-demand software, hosted software, or web-based software; SaaS removes the need to install and maintain software, all which can be done with just an Internet connection. SaaS applications can be run on the provider’s servers. Outsourcing is a major aspect of SaaS, because like in all other industries, most SaaS providers outsource their resources to cut costs.
Regulation for SaaS
This being the idea behind SaaS, it is necessary to understand the most essential element of such an activity: regulatory controls on SaaS providers. There are regulations such as 21 CFR Part 11, but these are only for the provider. Very few of these laws apply to the vendor. This being the case, it is entirely up to the regulated company to show compliance with the regulations and prevent issues relating to availability, performance and protection of data. With almost no regulation that will offer safeguards to the user from the vendor; ensuring compliance for both infrastructure qualification and Computer System Validation lies with the provider.
Any failure to show compliance affects the provider, because it is the provider, and not the vendor, that is regulated. It is the regulated provider that has to face FDA inspections on software validation and avoid FDA actions such as Warning Letters and 483’s. This makes it imperative for the regulated companies, software vendors and SaaS/cloud providers to take every step possible to comply with 21 CFR Part 11 and other regulations such as Annex 11. This is the only way to avoid legal and other issues associated with noncompliance.
Learning on SaaS compliance
A two-day seminar from GlobalCompliancePanel, a leading provider of professional trainings for the regulatory industries, will explain these aspects of SaaS compliance. The Director of this seminar is David Nettleton, who is an industry leader, author, and teacher for 21 CFR Part 11, Annex 11, HIPAA, software validation, and Computer System Validation.
Familiarizing participants with proven techniques
David will demonstrate proven techniques for reducing costs associated with implementing, using, and maintaining computer systems in regulated environments. He will address the latest computer system industry standards for data security, data transfer, audit trails, electronic records and signatures, software validation, and Computer System Validation to impart this understanding.
The FDA performs both GxP and Part 11 inspections. The EMA has released an updated Annex 11 regulation that expands Part 11 requirements, and companies must update their systems and processes to maintain compliance. David will explain this in sufficient detail. Participants will get an understanding of the specific requirements associated with local and SaaS/cloud hosting solutions.
Validation of various specialized areas and processes
The FDA and the EMA require validation of almost every computerized system used in laboratory, clinical, manufacturing settings and in the quality process. David will explain how to achieve these by using a 10-step risk-based approach to Computer System Validation, with which they can narrow the time needed for software implementation and lower costs. He will examine recent FDA inspection trends and use these as examples to explain by ways by which core aspects such as document authoring, revision, review, and approval can be streamlined.
This seminar is of high value to professionals in the regulatory, clinical and IT areas of health care, clinical trial, biopharmaceutical, and medical device sectors that use computer systems to perform their job functions. Software vendors, auditors, and quality staff involved in GxP applications will also benefit immensely from this session.