Validation and Compliance with Open Source Clinical Trial Software

We are often asked, “if your clinical trial software is open source, how can it be validated”? The answer is that, like with many other things open source, you have multiple options.

If you choose, you can validate the product yourself from the ground up. This involves defining your requirements, generating and executing test cases that are traceable to those requirements, and doing all this within the framework of well-defined change control and quality management systems. Since you have access to the source code, you might include design and code reviews as part of this process, especially if you are modifying the core distribution or applying patches. If your requirements are highly specialized or your implementation has been extensively customized to integrate with home-grown and legacy solutions, this might be an attractive option. Be warned however – this approach is time consuming and requires the generation of extensive documentation.

As an alternative, we offer a Validation Support Package to our OpenClinica Enterprise customers comparable to what you would expect from a proprietary software vendor. The validation support package provides access to documentation on the Akaza quality system and the OpenClinica Enterprise solution. For example, Akaza maintains a comprehensive SDLC (Software Development Lifecycle) controlled by Standard Operating Procedures, and each release undergoes comprehensive system testing and deployment testing according to a detailed test procedure and a controlled, documented testing methodology. Quality System and testing artifacts are available for auditing and inspection by customers. Customers receive access to test scripts and system requirements specifications, and may tailor these test scripts to their own needs, making them traceable to their business requirements, and executing performance qualification of their OpenClinica systems. A document specifying how OpenClinica complies with 21 CFR Part 11 requirements is included in the package as well.

At last year’s DIA Annual Meeting I hosted a panel that included two very knowledgeable colleagues on this topic, entitled “Utilizing Open Source Software in GCP-Compliant Environments”. We’re doing an updated, slightly broader version of the session at this year’s meeting in Boston in June: Utilizing Open-source Software in Clinical Research Environments. I’ll be sure to post the slides here after the meeting, and if you’re at the event please come by.

Leave a Reply