What do URS and UAT mean for Quality Management?

Key Takeaways: 

• Learn the meaning of User Requirement Specification (URS) and User Acceptance Testing (UAT)
• Learn how to use URS and UAT to validate QMS software
• See an example of a URS and UAT template for quality management 

What’s on your quality management to-do list? Aside from “a lot,” you probably have goals like improve training visibility, keep data secure, better organize your quality workflows, and increase your overall quality process efficiency. And if that’s the case, better add “get an electronic quality management system (eQMS)” to your list. 

Of course, the question then becomes, “How do I find the right quality management system for my organization?”

A User Requirements Specification (URS) defines what your quality management system must do – everything from functionality and security to compliance expectations. User Acceptance Testing (UAT) is the process of verifying that the system actually performs the intended functions once implemented. 

Together, they form the foundation of software validation in regulated environments.

User Requirements Specification (URS) and User Acceptance Testing (UAT)  are tools to help you and your Quality team find an appropriate quality management software for your company, based on how well the software’s capabilities match your specifications.

If you do opt to implement an eQMS, defining your needs (URS) and testing them (UAT) are critical steps to prove to regulatory bodies that the software you’ve chosen is validated and fit for your purpose. 

What is User Requirement Specification in quality management?

In essence, a User Requirement Specification (URS) is a checklist of all the things you’ve determined an eQMS needs to be able to do. And just as every company is different, so too are the requirements.

Here are just a few that would be relevant to GMP, GCP, and other GxP-regulated life sciences companies: 

• The eQMS is 21 CFR Part 11 compliant for electronic records and signatures
• The eQMS features 2-factor authentication for data security
• The eQMS has a module to handle CAPA management and deviations

Preparing your URS in advance will save a lot of time and headaches. When you begin vetting eQMS solutions, you’ll already know what you’re looking for and what questions to ask, helping you determine which vendors to eliminate and which to pursue further. 

If you don’t have a complete URS in place, it’s not the end of the world. Some vendors, like ZenQMS, develop and update a list of general system requirements of their software from the perspective of its users.

A snapshot of the URS and UAT template ZenQMS provides customers to help with validation and qualification. 

There are other resources available, too. ZenQMS QA Specialist Olivia Dattner suggests using the 21 CFR Part 11 guidance as a starting point. 21 CFR Part 11 (and its European counterpart, Annex 11) is a set of regulations that apply to electronic records and signatures to ensure their security, authenticity, and confidentiality. For companies in the life sciences space, choosing an eQMS that satisfies the requirements of 21 CFR Part 11 compliance is the foundation on which to build all future quality processes.

Validating 21 CFR Part 11–Compliant Signature Tools

Validating 21 CFR Part 11–compliant eSignature tools can be one of the trickier aspects of software validation. These tools must demonstrate both technical compliance (secure user authentication, audit trails, data integrity) and control (documented approval processes, training, and validation evidence).

For regulated life sciences companies, ensuring that eSignature functionality aligns with both Part 11 and Annex 11 requirements is essential for maintaining data integrity and inspection readiness.

To learn more about what’s required – and how to simplify validation for eSignature functionality – read our post, A Guide to 21 CFR Part 11 and Annex 11 Compliant Signatures + eSignature Validation Guide.

The Complete QMS Software Validation Guide

Download our QMS Software Validation Guide for a deep dive into validation, revalidation, and qualification.

What is User Acceptance Testing in quality management?

Once you’ve determined your URS, the next step is to complete User Acceptance Testing (UAT). UAT is the bulk of the eQMS validation process and involves taking your requirements and testing them individually against the capabilities of the eQMS to make sure it’s the right fit. This is a critical step, because there’s no way of determining if your requirements are valid unless you have some way of testing them.

To test an eQMS, you’ll need to build a document of UAT scripts (step-by-step instructions on how to complete each of your requirements) and perform them inside the system’s testing environment. Here’s an example of a UAT template:

Once you’ve completed the UAT, you can determine whether the QMS software you’ve chosen is fit-for-purpose. If your requirements pass the test, you’re in good shape. If not, you’ll have to determine how those failures affect your operation.

If there’s a low level of risk associated with the failed requirements, you might be okay, as not everything can be a priority. But if the risk is high – the system isn’t 21 CFR part 11 compliant, for example – you might want to go with another quality management system, in which case you’re back to square one. 

Why URS and UAT are important for GxP software validation

On a related note, the FDA and GAMP have updated their Computer Software Assurance (CSA) guidance to help companies reduce their validation burden. This approach stresses a focus on critical thinking and taking a risk-based approach to validation. For more background, see the FDA and ISPE’s guidance on Computer Software Assurance (CSA), which continues to emphasize critical thinking and a risk-based validation approach. 

You’ll also be able to share your completed UAT results with anyone, including stakeholders, regulating bodies, and sponsors, and prove to them that the system you chose is fit-for-purpose.

For many who are new to eQMS validation, the process can seem overwhelming. That’s why some vendors will provide complimentary validation materials like UAT templates and pre-written scripts to help make the process easier.

Additionally, some vendors, including ZenQMS, will also provide verified, automated UAT to alleviate the strain even further, again, at no additional cost.

Revalidating quality management software with a risk-based approach

Like it or not, eQMS software validation is not a “set it and forget it” operation. As Olivia stresses, “It’s the regulated company’s responsibility to establish and continue to monitor their own requirements.”

This takes the form of software revalidation or software requalification.

Revalidation ensures your eQMS continues to meet the requirements originally defined in your URS after system or process changes. It’s an essential part of maintaining a validated state throughout the software cycle. 

Revalidation works in two ways: On one hand, if your own requirements change, you’ll need to retest them against the system’s capabilities to ensure your eQMS is still compatible. 

On the other hand, if the vendor updates their software, it’s the Quality team’s responsibility to read and understand the release notes, and take a risk-based approach to discover what effect, if any, the release has on their current operation. If any impact is determined, the company will have to repeat the testing process on all affected requirements. It’s the only way to confirm that the system continues to meet the requirements that were determined in the URS.

URS and UAT are two sides of the same coin. They are powerful tools to help companies organize and verify what they need from an eQMS in order to find the perfect fit.

URS and UAT FAQ