SharePoint Validation, Qualification, Certification
So a little about SharePoint validation, qualification, certification – which is right?
One of the most frequently asked questions is “Is SharePoint certified by the FDA or TGA before we buy it?”.
The answer, of course, is that neither the FDA or TGA certify any applications. What the regulatory agencies do expect is that the implementation of the hardware and software by regulated company is done in such a way that the hardware and software is compliant with the CFRs or other regulations. GAMP 5 provides a useful guidance on how to do this. So Microsoft cannot certify that the SharePoint application is TGA or FDA compliant, by simply providing validation documentation to the company. Usually a regulated company would need their internal QA, validation and IT departments to work closely with a vendor or a GxP SharePoint Consultant.
Another question that is frequently encountered is “Is the cloud validated?”
Again, the answer is that cloud vendors do not provide validated applications, but rather provide applications that are qualified through standard URS, and other specifications, and IQ, OQ and PQ approaches that are well documented. Of course, the implementing company is responsible for validating their application against the guiding regulations and standards.
SharePoint 21 CFR Part 11 compliance?
So we have discussed SharePoint Validation, Qualification, Certification, and no to discuss GxP, Annex 11 and/or 21 CFR Part 11 regulations and so the question remains, can the cloud be qualified?
Can applications in the cloud demonstrate compliance with a Software Development Life Cycle (SDLC) or GAMP? Can SharePoint eQMS in the cloud provide the qualification documentation against standards such as IEC 62304 (medical device software validation), ISO27001 or even GAMP 5?
The answer to those questions is a resounding “Yes!”
There is further reading here on SharePoint.