Quality Assurance

Company’s Supporting Infrastructure

In addition to the above, companies that build high integrity software are required to have a set of written, approved and enacted policies called Standard Operating Procedures (SOPs) for all the core business activities that affect the software development process. These SOPs act as the foundation of the software development activity and ensure that this activity is not compromised. SageKey maintains the following SOPs to run its core business activities:​

Evaluation Results from Computer System Validation

SageKey Software was recently evaluated by David Nettleton, founder of Computer System Validation. David is an FDA and HIPAA computer system validation specialist who is considered to be one of the nation’s foremost experts in the field. He is the author of three books on the subject and was on the team that developed the 21 CFR Part 11 regulations.​

During the past two weeks I evaluated SageKey Software, Inc. for compliance with 21 CFR Part 11, the FDA’s Electronic Records and Signature regulation that affects all GxP data (laboratory, clinical, manufacturing). Part 11 has three primary areas for compliance; Standard Operating Procedures (SOPs), product features, and validation documentation.​

SOPs: I reviewed infrastructure SOPs related to document management, training, facility security, computer and network security, data backup, and disaster recovery. All SOPs show mature processes and commitment to quality standards.​

I reviewed software development and validation SOPs related to coding standards, source code control, issue tracking, software development and validation, and software change control. All SOPs show a comprehensive and mature process for developing state of the art software applications that meet industry standards for FDA compliance.​

​I reviewed the training records of two members chosen at random, a senior software developer and a system administrator. Both sets of records show appropriate training of 21 CFR Part 11 and applicable SOPs.

​Product Features: SageKey is a contract software vendor and as such does not market software applications themselves. Therefore no specific product was included in this evaluation. However, I was presented with a demonstration of a medical records application, an EMR for the dialysis industry, that demonstrated compliance with the current industry standard feature set for security, data transfer, audit trails, and electronic signatures related to 21 CFR Part 11, and 45 CFR Part 164, the HIPAA electronic records security standards rule.

​Validation Documentation: SageKey has a comprehensive software development and system validation lifecycle with detailed validation documentation. I reviewed all of the validation documents for one project that included: Product Requirements, Software Development and Validation Project Plan, Design Specifications, Technical Specifications, Code Review Report, Build Notes, Software Quality Assurance (SQA) Testing Protocol, SQA Testing Report, and Release Notes. All of these documents follow SageKey SOPs, meet industry standards, and clearly show a commitment to quality and regulatory compliance.

​In summary, SageKey shows an excellent level of compliance related to FDA and HIPAA regulations and is a mature contract software development vendor.

​We invite you to visit us and audit our example projects, processes and SOPs. SageKey is located in a beautiful part of Western Canada, well known for its wine, vacation spots and low impact industries.