On-premises vs SaaS

Even though the corporate solutions landscape has rapidly evolved over the last decade, the decision between an on-premises software installation and a SaaS cloud solution is a common one that many organizations face. There are several key differences between the two that impact cost, functionality, and security.

  1. Cost: On-premises software requires a significant upfront investment in hardware, maintenance, and upgrades. It also requires the in-house expertise in the form of developers, engineers, infrastructure and security experts. In contrast, a SaaS solution is generally sold as a subscription service and eliminates the need for a large upfront investment. This means that the cost of a SaaS solution is more predictable and often more manageable.
  2. Functionality: On-premises software offers more customization options, but it also requires more expertise to set up and manage. Development and installation takes a significant amount of time as the complexity of the required functions increases, taking several months to years to setup a system. A SaaS solution, on the other hand, is managed by the vendor. It typically offers less customization but is easier to set up and use. If the SaaS solution offers a powerful API, customization can be further extended. This can lead to a more streamlined and efficient process with a significantly lower go-live time.
  3. Security: On-premises software is often perceived as more secure because the data is stored on the organization’s own servers. However it also requires more resources and expertise to manage and protect. A SaaS solution is managed by the vendor and typically offers a higher level of security than an on-premises solution, specially when large scale, well know infrastructure providers are used, such as Amazon. It also involves more trust in the vendor and their security practices, which is typically solved with Information Security audits.

In conclusion, when deciding between an on-premises software installation and a SaaS cloud solution, it’s important to consider the cost, functionality, and security implications of each option. While on-premises software offers more customization options, it also requires more resources and expertise to set up and manage. SaaS solutions are easier to use and offer more predictable costs, but they also involve more trust in the vendor and their security practices. Ultimately, the right solution will depend on the specific needs and resources of each organization, but let’s be honest. Who in its right mind would in 2023 decide to purchase an on-premises solution when there are SaaS alternatives on the market?

Is Software Validation outdated?

Image generated with Midjourney

Software validation is the process of ensuring that software systems meet the requirements set forth by regulatory bodies, such as the FDA in the United States. This is particularly important in highly regulated industries, such as the pharmaceutical industry, where software systems are used to manage and analyze critical data that is used to support the development and manufacture of drugs.

The origin of software validation can be traced back to the early days of computer technology in the pharmaceutical industry. In the 1970s, the FDA began to recognize the importance of software validation as a means of ensuring the accuracy and reliability of data generated by computer systems. This led to the development of guidelines and regulations for software validation, specifically in the pharmaceutical industry, such as the FDA’s “Guideline on General Principles of Software Validation” in 2002.

One key document that is created during the software validation process is the Master Validation Plan (MVP). The MVP is a comprehensive document that outlines the overall strategy and approach for validating the software. It includes details such as the scope of the validation, the validation team, and the schedule for validation activities. It is the first and foremost piece to documentation that needs to be created.

Following the MVP, you need to build three key documents: OQ, IQ and PQ.

Operational Qualification (OQ) and Installation Qualification (IQ) are used to ensure that the software system is installed and configured properly, and that it functions as intended in its intended environment.

Performance Qualification (PQ) is a process of testing software systems in order to verify that it performs as intended, and that it meets the acceptance criteria defined in the Qualification Protocol (QP).

As the technology and software development methodologies have evolved since the 70s, the need to adapt the validation model for modern SaaS cloud-based solutions has become increasingly important. With the advent of cloud computing, software systems are no longer installed and run on a single machine, but rather they are accessed through the internet from various devices and locations. This is the so called “single tenant system”, which is a radically different paradigm from the early on-site installations. This has led to the development of new guidelines and regulations for validating cloud-based software systems, such as the FDA’s “Guidance for Industry: Cloud Computing and Mobile Medical Applications” in 2013, although one might argue that those models are still outdated given the speed of the advancement of technology and cloud services.

In conclusion, software validation is a critical process in ensuring the accuracy and reliability of data generated by computer systems in highly regulated environments. However, application of outdated validation methods will only led to frustration and failure.

If you are about to embark on a validation process for a SaaS solution but your QA team has only experience on traditional on-site installations, do not rush. Take your time, read the available literature, get familiar with the tools and infrastructure used by your chosen vendor and if necessary, ask for additional budget to ensure the validation is not only successful, but more importantly, relevant.