10. QA & QC Roles in Validation

This division of quality roles is often lacking in software suppliers who frequently do not have a separate QA role in the  company… sometimes they are confused by the common practice of calling their formal testing group a software quality assurance (SQA) function. In reality, the software testing group is actively involved in building quality into the product and operates as a software quality control (SQC) function. (264)


The Quality Assurance (QA) role establishes the quality management system (QMS) for an organization and provides the Policies and Standard Operating Procedures (SOPs) as a process framework for quality practices that QA then audits against for compliance. The QA role itself must remain independent of the work process employing the quality practices in order to be unbiased in monitoring and auditing that work process and its product for compliance.

The Quality Control (QC) role operates within the work process and uses QMS procedures and quality practices to test and assess product quality as product is being made. The QC role itself is part of the work process and looks to identify quality issues and product noncompliance to correct it before any release of product from the work process. Both an embedded QC role and an independent QA role are needed for an organization to have successful computer validation and compliance.

Often in start-up and small companies, the QA function is considered to be an overhead luxury for later implementation rather than a core essential for establishing the foundation of the organization’s corporate culture and long term success.  A Quality Management System is not about papering over mistakes or just meeting regulations. A QMS is about defining an organization’s view of who and how good it thinks it is (Policies) and how it operates to achieve that vision (SOPs). The QA function then operates as the corporate conscience (internal & vendor audits) to see that the organization lives up to its stated goals for quality in products and services.

For computer validation success, it is important that QA do more than just issue Policy saying that computers handling regulated data will be validated. A standard approach to validation work needs to be defined in SOPs and forms established for the types of documentation required in validation packages. A consistent approach to system validation makes the job clear, easier to do and shows management control of the validation process across multiple systems in the company.  In addition, a forum for management review should be established to allocate validation resources in line with business priorities, resolve conflicts of interest between system user groups, and monitor the ongoing status of critical systems.


Next Month: The Archivist role for Electronic Archives

Backup tapes are not electronic archives. …System backups are designed to serve the immediate needs of the IT department for restoring interrupted services and disaster recovery. …Long term in the IT world is six months, not six years, or more than 20 years as in regulatory terms. (297-298)