Vendor qualified software on a database version that isn't qualified by the vendor

I am not sure this is the right forum to place this in but it sounds the most logical…

it was brought to my attention yesterday that the vendor qualified their application to run on Oracle and we are running that application on oracle someone made the decision that we were willing to take the risk and use the software on the unqualified database platform.

We have done a validation on this system, and are in the midst of a new validation project for this application including an upgrade to a certified version of oracle. Our intent was to do limited validation and base it totally on a functional risk assessment of what functionality we use and what functionality is new.

Right now I am not comfortable with this approach seeing as we have been on an unqualified platform since the system was implemented, but I cannot find anything in the regulations etc to clarify what our plan should be.

Any thoughts, help, advice, direction on where to look would be greatly apprecited!


I don’t think the path is necessarily flawed but, unless you left out some things, the execution is probably lacking.

First, you say that “someone made the decision…” Is that decision with the rationale documented? You say they were willing to take on the risk but you don’t describe what the risk is (and why it’s acceptable to take on). Was there any effort to assess the difference between & 0.5 to justify the decision?

For the limited validation effort, it does sound like a risk assessment was done and so if that, with the rationale for the decision is documented, it’s certainly an acceptable approach.

You say that you have done a validation on the system (presumably with the oracle platform?) so why would you feel you’re running on an unqualified platform? Sounds like you’re at least close to being in a pretty defensible position and maybe just need some analysis / decisions documented to shore it up.