What’s on your quality management to-do list? Aside from “a lot,” you probably have goals like improve training visibility, keep data secure, better organize your quality workflows, and increase your overall quality process efficiency. And if that’s the case, better add “get an electronic quality management system (eQMS)” to your list.
Of course, the question then becomes, “How do I find the right quality management system for my company?”
That’s where User Requirements Specification (URS) and User Acceptance Testing (UAT) come in. They’re tools to help you and your Quality team find an appropriate quality management software for your company, based on how well the software’s capabilities match your specifications. If you do opt to implement an eQMS, defining your needs (URS) and testing them (UAT) are critical steps to prove to regulatory bodies that the software you’ve chosen is validated and fit for your purpose. So with that in mind, let’s outline the procedure:
It all starts with a User Requirements Specification checklist
Building your URS is Step #1. In essence, a URS is a checklist of all the things you’ve determined an eQMS needs to be able to do. And just as every company is different, so too are the requirements. Here are just a few that would be relevant to a GxP life sciences company:
- The eQMS is 21 CFR Part 11 compliant for electronic records and signatures
- The eQMS features 2-factor authentication for data security
- The eQMS has a module to handle CAPA management and deviations
Preparing your URS in advance will save a lot of time and headaches. When you begin vetting eQMS solutions, you’ll already know what you’re looking for and what questions to ask, helping you determine which vendors to eliminate and which to pursue further.
If you don’t have a complete URS in place, it’s not the end of the world. Some vendors, like ZenQMS, develop and update a list of general system requirements of their software from the perspective of its users.
A snapshot of the URS and UAT template ZenQMS provides customers to help with validation and qualification.
There are other resources available, too. ZenQMS QA Specialist Olivia Dattner suggests using the 21 CFR Part 11 guidance as a starting point. 21 CFR Part 11 (and its European counterpart, Annex 11) is a set of regulations that apply to electronic records and signatures to ensure their security, authenticity, and confidentiality. For companies in the life sciences space, choosing an eQMS that satisfies the requirements of 21 CFR Part 11 compliance is the foundation on which to build all future quality processes.
User Acceptance Testing…1…2…3
Once you’ve determined your URS, the next step is to complete User Acceptance Testing (UAT). This is the bulk of the eQMS validation process and involves taking your requirements and testing them individually against the capabilities of the eQMS to make sure it’s the right fit. This is a critical step, because there’s no way of determining if your requirements are valid unless you have some way of testing them.
To test an eQMS, you’ll need to build a document of UAT scripts (step-by-step instructions on how to complete each of your requirements) and perform them inside the system’s testing environment. Here’s an example:
Requirement Description: |
The eQMS shall notify users of coming due/past due assignments and training. |
Test Script: |
Log into the eQMS with username and password |
From the “Notifications” tab, select the preferred time and frequency of notifications |
In your email inbox, verify you have received a notification (based on your preferences.) |
Once you’ve completed the UAT, you can determine whether the eQMS you’ve chosen is fit-for-purpose. If your requirements pass the test, you’re in good shape. If not, you’ll have to determine how those failures affect your operation. If there’s a low level of risk associated with the failed requirements, you might be okay, as not everything can be a priority. But if the risk is high – the system isn’t 21 CFR part 11 compliant, for example – you might want to go with another quality management system, in which case you’re back to square one.
On a related note, the FDA and GAMP have updated their computer software assurance (CSA) guidance to help companies reduce their validation burden. This approach stresses a focus on critical thinking and taking a risk-based approach to validation. For more information on this guidance, take a look at this webinar.
You’ll also be able to share your completed UAT results with anyone, including stakeholders, regulating bodies, and sponsors, and prove to them that the system you chose is fit-for-purpose.
For many who are new to eQMS validation, the process can seem overwhelming. That’s why some vendors will provide complimentary validation materials like UAT templates and pre-written scripts to help make the process easier. Additionally, some vendors will also provide verified, automated UAT to alleviate the strain even further, again, at no additional cost, (wink, wink).
Continuing with a risk-based approach
Like it or not, eQMS software validation is not a “set it and forget it” operation. As Olivia stresses, “It’s the regulated company’s responsibility to establish and continue to monitor their own requirements.”
This works two ways: On one hand, if your own requirements change, you’ll need to retest them against the system’s capabilities to make sure your eQMS is still compatible.
On the other hand, if the vendor updates their software, it’s the Quality team’s responsibility to read and understand the release notes, and take a risk-based approach to discover what effect, if any, the release has on their current operation. If any impact is determined, the company will have to repeat the testing process on all affected requirements. It’s the only way to confirm that the system continues to meet the requirements that were determined in the URS.
URS and UAT are two sides of the same coin. They are powerful tools to help companies organize and verify what they need from an eQMS in order to find the perfect fit.