Validation for a hosted solution

I have just recently started working for a company that provides a validated, pre-configured (per user requirements) system (bought from a different vendor) to the pharma industry. They will either ship a server with the pre-installed software, pre configured and IQ/OQ performed to the company or will host the server remotely. What are the requirements for this company as regards the whole QMS?

First of all have they got a QMS?

Are the servers qualified if used remotely?

How do they manage their configuration process depending on the customer in question?

Has the other company got a QMS would be a more important question as the system/software is coming from them.

When you say they provide a validated system I assume you mean they supply validation documentation. There is no such thing as a validated system, as the company in question will have its own validated standards that they must adhere to. Part of the whole validated system will involve developing SOP’s and providing training etc something that is done in house.

Let me know if you need further assistance

The company that will deploy the system is responsible for the validation of the system and not the supplier. You must therefore audit the supplier to obtain objective evidence that proves that the system was validated and, equally important, a process is in place to keep the system in a validated state (must be part of supplier’s QMS). Additionally, the company must establish its own QMS around the system to maintain its validated state. The specific requirements for the QMS vary from industry to industry but you must include a documented process for vendor audits if you work with suppliers.

To summarize the above, you can only claim that a system is validated when you can provide the objective evidence (and not your supplier) that supports your claim. So as Graham rightly said, there is no such thing as a validated system off-the-shelf.