"You Went To QA” - The Case Study

In the complex landscape of Software Validation and Quality Assurance (QA) in the Life Science Industry, where meticulous attention to detail is paramount, an occurrence of non-compliance can have far-reaching consequences. The case study "You Went To QA” delves into a scenario where non-compliance issues arose, and, surprisingly, the Client's QA team failed to ensure the correct action was taken. Through the lens of this real-world example, ZES explore the ripple effects of non-compliance, the potential pitfalls of oversight, and the lessons that can be gleaned for bolstering QA practices and having a QA department that is actually in control.

In the ZES case study, a GxP Cloud software development and implementation project was underway with an unclear set of requirements, standards, and compliance expectations of the Software Supplier. It also became evident that certain team members of the Client's personnel were deviating from established guidelines and Client company policies and procedures. This non-compliance manifested itself in various forms – from GxP coding practices that violated established standards to a lack of adherence to regulatory documentation requirements.

In any project, early detection of non-compliance is crucial to prevent its escalation. Unfortunately, in this case, the red flags were initially overlooked (possibly deliberately) or underestimated by the preferred hands-off approach by the Client’s QA department. Warning signs such as “apparently" completed testing without approved User Requirements, untraceable coding, deviation from Client Policies and Procedures, and other sporadic sizeable documentation gaps were not promptly recognised by the Client's QA Department as potential indicators of non-compliance.

One contributing factor to the oversight, in the opinion of ZES, was the breakdown in communication channels. Client team members, including QA personnel and Users, were operating in silos, with limited cross-functional dialogue. Concerns raised by ZES about non-compliance had not been previously effectively communicated to the senior QA team by the Client's project team, and vice versa, possibly deliberately.

ZES assumed that the Client's QA team, as the guardian of quality standards, would be quick to identify and address non-compliance issues. However, in this case, the senior QA team were happy to operate at arm's length and were possibly inadvertently blindsided by a combination of factors, including a heavy workload, limited visibility of ongoing project progress, and a Project Manager who had little regard for compliance, policies and procedures and was happy to spin a yarn.

The aftermath of this case should have prompted a comprehensive root cause analysis. However ZES have little confidence that it did. ZES uncovered systemic issues within the Project Management structure and QA including insufficient communication channels, a lack of cross-functional collaboration, and Senior QA operating at arm's length (for example just signing the Validation Summary Report.) These factors, when combined, created an environment where non-compliance issues could thrive unseen and unheard, again potentially deliberately, by QA.

One of the main areas of concern for ZES was the intentional dumbing down of the potential risk to the Patient. The System was classed as a simple database by the Client. However, in the expert opinion of ZES, this was incorrect, as the System actually provided significant functionality for Users, i.e. to decide who was correctly trained, schedule appointments, send referrals, provide chat rooms, provide limited patient interaction, and provide functionality to change clinical interventions. There were also GDPR implications.

It is the expert opinion of ZES a simple database does not provide the degree of functionality, the System did in this case.

The repercussions of non-compliance can be multifaceted. In this case, the project faced costly overruns due to the need for extensive rework to rectify non-compliance-related issues. Timelines were delayed as the team grappled with re-testing and resolving unexpected complications. Additionally, the reputational damage incurred due to the discovery of non-compliance had broader implications for both the Client and their Project team, not to mention the potential risk to the Patient.

From this case study, several critical lessons emerge for fortifying QA practices:

Establishing transparent communication channels between Suppliers, Project Managers and QA teams is paramount. Regular meetings, cross-functional collaboration, and open dialogue can ensure that concerns are identified and addressed in a timely manner.

Keeping both Project Managers and QA teams abreast of evolving compliance standards through continuous training sessions fosters a culture of awareness. This ensures that all team members remain vigilant and proactive in identifying and rectifying non-compliance.

Implementing regular audits and reviews of coding practices, documentation, and development processes by technically competent personnel acting on behalf of QA, can serve as a preventive measure. These audits act as checkpoints to identify deviations from established standards before they escalate. QA should approve project documents at every key stage of the project and not just take the word of a Project Manager.

Encouraging a culture where all team members feel empowered to escalate concerns without fear of reprisal is crucial. Early detection and escalation of non-compliance issues prevent them from becoming entrenched problems with widespread implications. Plausible deniability should not be relied upon, when patients’ lives are at risk.

In conclusion, the case study highlights non-compliance, and QA oversight underscores the imperative of vigilance in QA practices. Non-compliance, when left unaddressed, can lead to cascading consequences, impacting project timelines, budgets, overall quality, but most importantly the Patient. The lessons learned from this scenario serve as a reminder that QA is not just about signing summary reports and hoping everything is correct but also about actively engaging in continuous improvement, communication, and a holistic understanding and supervision of the software development process. In the ever-evolving landscape of technology, where adherence to standards is non-negotiable, the ZES case study serves as a Call to Action for Life Science organizations to fortify their QA practices and embrace a culture of unwavering vigilance and to not solely rely on a supplier for compliance. 

Patients are the Life Science organisation’s Clients, not the Suppliers.