Your quality team has had enough of working with insufficient tools and now you’re ready to learn what an electronic quality management system (eQMS) can bring to your life sciences company. That’s great news! But before you dive in, know that you might receive questions – or even hesitation – from your IT team about any software you bring to the table. That’s ok! Keep reading to find out how to talk to your IT team about bringing on an eQMS – and how to find the right one to make both teams happy.
(P.S. Need help convincing your finance department to approve an eQMS too? Check out our guide here.)
The eQMS details your IT team cares about
An eQMS is a software as a service (SaaS) product, which means your IT team will want to be involved in the vetting process, as they should! They’ll have a whole set of technical questions about each vendor’s policies on storage, upgrades, and validation, to name a few. This is standard operating procedure and any reputable eQMS company will be transparent with their answers. Here are a few of the topics that they’ll want to cover – and that you’ll want to prepare information for with your eQMS support team:
Software Updates: It’s important for IT to know how many major and minor upgrades the eQMS vendor makes annually because it may trigger the need for software requalification. To help your IT team breathe easier, look for an eQMS that provides detailed lists of all upgrades, documentation (release notes, etc.), and test environments specific to each client’s account. Not all eQMS solutions share this level of information…especially at no additional charge, so it pays to do your due diligence and find one that values transparency.
Data Storage: Data storage is another major concern for IT. They’ll want to know where sensitive data (patient info, test results, proprietary information, etc.) is housed and what the protocols are in place for business continuity and disaster recovery to mitigate data loss. It’s not just in the vendor’s best interest to take privacy and security seriously, there are laws like GDPR and HIPPA that require regulated companies to pursue and maintain compliance in these matters.
On-premise vs cloud-based: SaaS companies, including eQMS vendors, are moving away from on-premise storage (think physical computer hardware sitting in an office) to cloud-based solutions for added security. Some eQMS platforms (like ZenQMS) use Amazon Web Services (AWS), which is a gold-standard cloud-storage provider. What makes AWS so great is that it was built to meet the security requirements for the military, global banks, and similar data sensitive organizations. It’s also proven to be incredibly reliable, with less than .01% downtime (time when the system went offline). Why does your IT team care about AWS? They can leverage the compliance certifications of this storage provider to gain the same level of security. If you want to make your IT team happy with your eQMS choice, make sure you find out where the platform is storing your data. (And if the eQMS vendor won’t tell you, keep looking!)
How to address your IT team’s eQMS validation concerns
The next item of concern for IT is validation. However, it’s important to distinguish what needs to be validated, and by whom. The life sciences company is responsible for validating the implementation of the eQMS. The eQMS vendor is responsible for validating the product itself.
What is eQMS validation?
Validation is the process of proving that any given software fits its intended use and reliably does what you need it to do while protecting consumer safety.For the life sciences company, their validation responsibility includes making sure the software is the right size and the right fit for the company’s purpose, that documents have been migrated correctly, roles and permissions have been assigned appropriately, workflows operate smoothly, and the software does what it’s supposed to do.
On the vendor’s end, their responsibility includes verifying security measures like firewalls, conducting penetration testing, and performing internal audits. It also includes meeting or exceeding all relevant compliance standards in the GxP space as they relate to software development.
Where IT teams get tripped up is thinking that they have to do both.
Your IT team may push back on your request for an eQMS because of the time and resources they’d have to allocate for validation and implementation, but part of the benefit of having an eQMS is being able to leverage the certifications and validation documentation that the vendor’s Quality Assurance (QA) team has completed. In a sense, the heavy lifting has already been done and doesn’t have to be repeated by the IT team. Not only does the FDA accept this practice, as part of their new Computer Software Assurance (CSA) guidance, they encourage it!
The other advantage is being able to receive the support and expertise of the vendor’s QA team who is not only familiar with the audit requirements of life sciences companies, but can provide validation materials (UAT templates, checklists, etc.) free of charge to expedite the implementation process.
Should your IT team build an in-house eQMS?
Your IT team is made up of skilled developers and engineers, so they may consider simply building an in-house eQMS instead of signing off on an eQMS vendor in order to save cost. We break down the pros and cons in this blog, but here are a few reasons why it makes more sense to buy rather than build:
Configurability: An experienced IT team can build a solid QMS, that’s not the issue. Rather, once it’s built, how easy is it to change? A configurable eQMS allows quality teams to adjust their workflows on the fly, without any IT involvement necessary, which saves everyone time and headaches. Custom IT-built solutions often rely on rigid templates, forcing the quality team to design their processes around the software or run to IT every time they need a change. For ease-of-use, a flexible eQMS is the way to go.
Efficiency: Again, we’re not saying IT can’t build an eQMS, it’s just a question of when. For quality teams struggling with complicated paper and manual processes, every day without a compliant, connected solution is a day too long. Rather than wait for the IT team to build a system in their spare time, a robust eQMS that includes a Learning Management System (LMS) as well as controlled document storage can be ready to go in 90 days.
Cost: You’d think an internally-developed eQMS would be less expensive to build because the IT team is already on the payroll. However, choosing this option puts your company on the hook for things you may not have thought about, like the costs involved with maintaining relevant ISO certifications and 21 CFR Part 11 compliance for electronic signatures.
Additionally, things like security auditing, penetration testing, building firewalls, adding data storage, and more become the financial responsibility of the company, and those charges don’t necessarily follow a predictable billing pattern year-to-year. Rather than deal with uncertainty, choosing an eQMS with those safeguards built in, along with a pricing structure that doesn’t charge for support, seat licenses, or individual modules makes budgeting for eQMS easier to forecast down the road.
If you’re interested in learning more about how ZenQMS simplifies quality management for both IT and quality teams, book a demo, invite your IT team, and let’s get started!