In 2011, the Center for Devices and Radiological Health (CDRH) initiated the Case for Quality, which provided guidance on how software validation processes can be improved and streamlined for the medical device, pharmaceutical, and biotech industries. By refocusing on patient and product safety, quality assurance, and data integrity, some suggest that validation documentation can be reduced (between 20% and 40%, in my experience) by applying automated testing and deployment. The benefits are accurate code, faster development processes, and reduced validation documentation.
This article is part one of a three-part series and continues the discussion on computer software assurance (CSA), introduces new technologies and methods to achieve
continuous software development, provides insight into new standards (e.g., ISO 9001 and ISO 13485-2016), and concludes with a few good reasons to join the growing number of medical device, pharma, and biotech companies with software specialists (or companies that work with software development organizations) who are creating and/or using test automation tools and applying them throughout the software development life cycle (SDLC) phases: inception, design, implementation, maintenance and monitoring, audit, and disposal.
As we await FDA’s communication on the CSA guidance, we have an opportunity to reevaluate the phases of the SDLC and start to think about using new software development methods, such as a combination of artificial intelligence (AI) and adaptive machine language (ML) to provide human-like instructions for automated testing. Challenges include how to evaluate your SDLC phases and make the transition to continuous test automation. What is most puzzling to many is the impact of making this transition from traditional computer system validation (CSV), effectively and efficiently, to a continuous validation life cycle, while applying the tenets of CSA: critical thinking, risk management, patient and product safety, quality assurance, and data integrity.
ISO Standards Address Risk Management
For those in the medical device industry, your software development team (or your software supplier that you work with) are required to comply with medical device regulations and standards, such as ISPE GAMP 5, ISO 9001, and ISO 13485-2016 – Medical Devices. The regulations and standards include a risk-based assessment (RBA) for all computerized software systems. ISO 9001 requires this assessment during the initial phase of the SDLC; ISO 13485-2016, however, requires that a risk-based assessment be updated at every stage of the SDLC to determine the level of risk and the validation and/or change control actions required to be compliant.
Applying the Agile methodology enables you to find opportunities to improve, implement, and comply with the regulations and standards since it uses an iterative approach to ensure quality: continuous code reviews, continuous testing, continuous deployment, continuous monitoring and maintenance, and continuous audit and disposal. Many software development organizations are already performing automated testing and updating their SDLC. Agile testing methods, such as behavior-driven development (BDD), test-driven development (TDD), and acceptance test-driven development (ATDD), are all different approaches to validating code and may be used for automated testing. With the Agile method and progress in development of intelligent technologies, manual testing and/or unscripted testing for low-risk features may become obsolete.
Figure 1 below provides an example diagram of the continuous phases for automated testing: integration, delivery, and deployment.
As demonstrated above, the software engineering/development team lead will need to develop a test framework, identify the test phases, and choose the testing tools (i.e., open source or proprietary) for the various tests, such as regression, cross-browser, smoke, etc., and design the test for re-useability according to the testing phase or technology stack.
Information Technology Alignment With Software Engineering
Intelligent systems require IT and DevOps personnel, along with software developers, programmers, and software engineers, to acquire new skills and knowledge while applying the principles of software engineering. The ability to get back to basics and skills in software engineering principles, mathematics, and machine language will continue to be highly desired. Making the transition to continuous validation and continuous testing will not be an easy task, especially for mature companies that have been performing traditional validation since 2003 or earlier. Typically, the quality organization has been responsible for ensuring that the software application(s) are compliant and meet all required regulations for software validation. The process seemed straightforward: inception, design (analyze) implementation (build, test, deploy), maintenance and monitoring, audit, and disposal.
Quality assurance’s (QA) role was to oversee the validation effort by reviewing all computer system validation processes and documentation to ensure that they followed the company’s policies and standard operating procedures (SOPs) for compliance and met the associated regulations and standards. Deviations were documented, errors were corrected, and final documentation was reviewed, approved, and stored following 21 CFR Part 11 regulations. With continuous life cycle management for software development, QA’s focus will be on patient and product safety rather than manual testing and documentation, which will be replaced by test automation to enable continuous validation.
Opportunities For Continuous Life Cycle Management
By applying the concept of continuous life cycle management for software development, advantages such as the ability to address risk (critical, high, medium, etc.) during each stage of the development process are feasible. Performing iterative code reviews and automated testing enables early detection of errors, resulting in error-free code that can be shared with other software developers and programmers, minimizing change control actions after software is released. Organizations that will need to reinvent themselves include, but are not limited to, the following:
- DevOps groups have developed a set of practices for software development (Dev) and IT operations (Ops). The purpose is to streamline the SDLC, applying validation methodologies, such as Agile, to software development, and providing continuous delivery.
- Quality groups will need to change as intelligent technologies replace repetitive and mundane validation tasks by providing automated assurance that the software is performing as it was intended and according to the user requirements specifications.
- Intelligent technologies and methods (e.g., AI and ML) will replace traditional/legacy technologies and methods that will over time become obsolete.
- SDLC needs to be modernized and get back to basics by applying software engineering discipline and principles to new applications that enable continuous life cycle management.
AI And Advanced Technology And Research
AI presents a modern way for quality organizations to be compliant using test automation. AI is also a method used to advance technology and research by directing computers to perform automated tasks (using algorithms) through the application and translation of machine language. AI can teach machines to learn for themselves and find new avenues for learning.
As the life sciences industry starts taking advantage of AI and ML, its leaders will be known as future thought leaders, visionaries, and influencers. When we think of AI, some examples that come to mind are: adaptive (i.e., robust, efficient, and agile), prescriptive, and actionable data analytics; machine learning, automated administrative tasks (i.e., for patients, doctors, and healthcare personnel), as well as intelligent medical devices; and machines that can be designed to help and assist humans. Some of the top uses include, but are not limited to, diagnostic imaging, surgical robots, and faster, smarter, and secure tools. In fact, when looking at the world of robotics, machines can be designed in such a way as to imitate humans. By integrating engineering fields (i.e., mechanical engineering with computer engineering), software engineers can now develop programs in human-like language.
Some new challenges for software developers and software validation leads may include, but are not limited to, how do you test code when the outcome of the prescribed code potentially provides different results each time you test it? How do you test code when the inputs vary and the outputs are based upon other factors? How do you leverage the extensive work of the software developer/software engineer without duplicating the code? Answers to these and other questions will be discussed as we do a deeper dive into AI and ML.
Concepts For Intelligent Technologies
Concepts that enable intelligent technologies include, but are not limited to, the following:
- AML: ACPI Machine Language (AML) is platform independent code.
- Machine learning: Can machines learn by themselves? Maybe, if machines were coded to think like humans, learn to read text, and figure out the purpose of the text and/or understand music.
- Neural networks are computer systems that simulate the human brain and can be taught to understand things based on their structure. Applied intelligence is AI services coupled with analytics and automation to create a strategy for your organization.
- Predictive analytics uses data, statistical algorithms, and ML techniques to predict trends, human behaviors, and patterns based on current and historical data.
Biopharma, medical device, and pharmaceutical companies understand the benefits of test automation and many have already included continuous integration (CI) and continuous development and deployment (CDD) into their SDLC, while others are waiting for the new CSA guidance from FDA on how continuous testing will impact current validation regulations. Either way, intelligent, automated systems (e.g., AI and ML) are already here and will continue to be the future direction of technology development. The impact on these industries’ software and on the validation life cycle will be huge. The next article in this three-part series will continue to expand on validation challenges and next-generation intelligent technologies.
About The Author:
Kathleen Warner, Ph.D., VP of Consulting Services for RCM Technologies, Life Sciences, is an executive consultant with 25+ years of experience in information technology (IT) and the life sciences. She has served as a chief information officer, subject matter expert, and domain expert in regulated environments. As a management consultant, Warner has provided oversight for hundreds of life science projects both in the U.S. and globally. Her strengths include leadership, advisory, organization change management, business process analyses, and program/project management engagements. As a practitioner and technologist, Warner has performed future cloud assessments to define the IT infrastructure roadmap, clinical sample management process analyses, R&D IT program management, and more.