Computer verification and validation – or what do I actually find myself worrying about every day

voting_software
xkcd “Voting Software” https://xkcd.com/2030/

This xkcd comic basically sums up my recent life. WFI system? Never seems to be a problem. Bioreactors? Work like clockwork. Cell growth? We go that covered. The list goes on. And then we get to pure software systems, and I spend all my time and effort on them. I wish it was just my company, but lets be frank, this stuff is harder than it should be and don’t trust a single software company or consultant who wants to tell you otherwise.

I am both terrified and ecstatic as everything moves to the cloud. Terrified because these are the same people who can’t get stuff like time clocks right, ecstatic because maybe when we all have the exact same problem we will see some changes (misery loves company, this is why we all go to software conferences).

So, confessional moment done, let us turn to a few elements of a competent computer systems validation program (csv).

Remember your system is more than software and hardware

Any system is made up of Process, Technology, People and Organization. All four need to be evaluated, planned for, and tested every step of the way. Too many computer systems fall flat because they focus on technology and maybe a little process.

Utilize a risk based approach regarding the impact of a computer system impact on product quality, patient and consumer safety, or related data integrity.

Risk assessments allow for a detailed, analytical review of potential risks posed by a process or system. Not every computer system has the same expectations on its data. Health authorities recognize that, and accept a risk based approach. This is reflected across the various guidances and regulations, best practices (GAMP 5, for instance) and the ISOs (14971 is a great example).

Some of the benefits of taking this risk based approach include:

  • Help to focus verification and validation efforts, which will allow you to better focus of resources on the higher-risk items
  • Determine which aspects of the system and/or business process around the system, require risk mitigation controls to reduce risk related to patient safety, product quality, data integrity, or business risk
  • Build a better understanding of  systems and processes from a quality and risk-based perspective

Don’t short the user requirements

A good user requirement process is critical. User requirements should include, among other things:

  • Technical Requirements: Should include things like capacity, performance, and hardware requirements.
  • System Functions: Should include things like calculations, logical security, audit trails, use of electronic signature.
  • Data: Should describe the data handling, definition of electronic records, required fields.
  • Environment: Should describe the physical conditions that the system will be required to operate in.
  • Interface: What and how will this system interface with other systems
  • Constraints: discuss compatibility, maximum allowable periods for downtime, user skill levels.
  • Lifecycle Requirements: Include mandatory design methods or special testing requirements.

Evaluate each of people, process, technology and organization.

This user requirement will be critical for performing a proper risk assessment. Said risk assessment is often iterative.

Build and test your system to mitigate risk

  • Eliminating risk through process or system redesign
  • Reduce risk by reducing the probability of a failure occurring (redundant design, more reliable solution)
  • Reduce risk by increasing the in-process detectability of a failure
  • Reduce risk by establishing downstream checks or error traps (e.g., fail-safe, or controlled fail state)
  • Increased rigor of verification testing may reduce the likelihood by providing new information to allow for a better assessment

After performing verification and validation activities, return to your risk assessment.

Apply a lifecycle approach once live

  • Apply proper change management
  • Perform periodic reviews of the system. This should include: current range of functionality, access and training, process robustness (do the current operating procedures provide the desired outcome), incident and deviation review, change history (including upgrades), performance, reliability, security and a general review of the current verified/validated state.
  • Ensure the risk assessment is returned to. On a periodic basis return to it and refresh based on new knowledge gained from the periodic review and other activities.

Do not separate any of this from your project management and development methodology

Too many times I’ve seen the hot new development lifecycle consider all this as an after thought to be done when the software is complete. That approach is expense, and oh so frustrating

 

DIY medicines -another compounding pharmacy disaster?

Meet the Anarchists Making Their Own Medicine” mostly avoids bringing the typical “technology can solve anything” silicon-valley messianic fevor to an interesting idea, that of micro-pharmaceutical manufacturers.

“Unless the system is idiot proof and includes validation of the final product, the user is exposed to a laundry list of rather nasty stuff,” DeMonaco told me in an email. “Widespread use [of Four Thieves’ devices] would provide an entire new category for the Darwin Awards.”

Discussing at the high level the risks of DIY drug synthesis, the article points to compounding pharmacies as a lesson on how to do this right. Not sure I agree, as compounding pharmacies have had a slew of problems in recent years, and frankly quality systems still need improving.

I do think we will see more and more hospitals turn to small scale manufacturing. Hopsitals are more used to the idea of quality systems and can build the encessary systems and processes to do this safely.

ASQ to quality professionals – change is hard!

The ASQ has announced​ the theme for the 2019 World Conference On Quality And Improvement: “Leading Change”.

Change has always been constant, but in today’s digital landscape the pace of change is accelerating at a faster and faster rate. Within this dynamic is the opportunity for quality professionals to lead their organizations through the changes that each is destined to go through.

The focus areas are:

  • The Future of Quality
  • Managing Change
  • Building and Sustaining a Culture of Quality
  • Quality Basics
  • Advanced Content Master’s Series

For those interested, you can submit your proposal at https://asq.org/conferences/wcqi.

Looking back at the last few years:

  • The 2018 theme, was the “Innovation of You,” with focus areas of​ “Building and Sustaining a Culture of Quality”, “Master’s Series”, “Quality 4.0: The Future of Quality Starts Here”, “Quality Fundamentals in the Digital Age” and “Risk and Change.”
  • The 2017 theme was “Grow Your Influence: In the Profession, Through the Organization and Around the World” with focus areas of “Focus on the Customer
    Operational Excellence”, “Quality as a Competitive Advantage”, “Quality Fundamentals” and “Risk and Change.”

From this I draw the following opinion:

  1. Change is perceived as hard
  2. The future is murky
  3. Culture of Quality is definitely something important (we might not be sure exactly what it is, but it is important!)

All of which are true. It also iterates what I fundamentally believe is a core function of quality. We drive change, we build a culture of excellence, we help navigate the future.

I enjoyed the 2018 ASQ WCQI in Seattle and will certainly plan on going whether as a speaker again or a participant. While I wish the ASQ would be the perfect organization of my dreams, I do deeply believe that an approach defined in the 2019 focus areas is one that brings a lot of value to any organization.

I have begun recommending co-workers submit this year, and I have a few ideas I am toying with myself. Proposals are due Aug. 17. I encourage you to be contemplating the best practices in your organization and be considering how you can share them with the wider quality world.

Seven Skills for success

Adam J. Gustein and John Sviokla explore a topic that is probably on many people’s minds in the Harvard Business Review in the article “7 Skills That Aren’t About to Be Automated.”

In this article seven skills are set out seven skills that make you employable no matter what: communication, content, context, emotional competence, teaching, connections, and an ethical compass.

It is a good, broad, skill set and also demonstrates exactly what every quality professional should have. And points out a great direction for growth.

I am a big fan of the seven basic quality tools, but the day is quickly coming when four of them will be fully automated (Control charts, Histogram, Pareto chart, and Scatter diagram). Most big companies already have pilots in place as part of their big digital transformations.

A fun example of just why this skill set matters can be seen from playing with a semantic network like ConceptNet. Look a look at the word quality, and you see pretty easy why several of the above skills make a difference and will continue to do so.

Quality professionals are well placed on many of these skills. As automation continues the life of a quality professional will change. This change brings us a great many opportunities, and isn’t that one of quality’s core competencies?