Introduction – Regulatory Compliance
In today’s highly regulated landscape, Regulatory Compliance is a must. The role of Learning Management Systems (LMS) like Cornerstone OnDemand extends far beyond employee training.
In this article we offer a comprehensive look at the critical aspects of maintaining a validated Cornerstone OnDemand system, focusing on the nuances of User Acceptance Testing (UAT), test planning, and efficient test execution.
By reading this article, you’ll gain valuable insights into best practices for ensuring compliance and operational effectiveness with Cornerstone OnDemand.
The Importance of Validation in Highly Regulated Industries – Regulatory Compliance
Cornerstone OnDemand System is a cloud-based learning, talent management, and human resource software provider that helps organizations manage their human capital effectively. The platform offers a comprehensive suite of tools for recruiting, training, managing, and developing employees.
This application is used in various types of organizations, including those in highly regulated industries such as the pharmaceutical sector. In these companies, the Learning Management System (LMS) is not just a tool but a validated platform that plays a crucial role in delivering essential training.
This is particularly important for employees who are engaged in high-risk tasks, such as pharmaceutical production.
In industries like pharmaceuticals, where the stakes are high, the role of an LMS goes beyond simple training delivery. It becomes a validated system that ensures employees are adequately trained and competent to perform tasks that could otherwise pose significant risks.
The validation of the Cornerstone OnDemand LMS involves a rigorous process, going beyond mere checkbox compliance.
Cornerstone OnDemand, being a Software as a Service (SaaS) system, presents a unique challenge in maintaining its validated state. This is due to the frequent software updates that the platform undergoes. Each of these updates must be separately validated to ensure that the system maintains its continuity and validated status.
Failure to do so could result in hefty financial penalties imposed by auditing organizations, making the validation process not just a regulatory requirement but a financial imperative.
The Significance of UAT (OQ) Testing in Maintaining a Validated State – Regulatory Compliance
User Acceptance Testing (UAT), also known as Operational Qualification (OQ), plays in maintaining the validated state of systems used by highly regulated organizations. While Cornerstone OnDemand, the software provider, is responsible for application testing, Clients bear the responsibility for testing the functionality of their Learning Management System (LMS) and the processes it supports. This is particularly true for processes identified as highly significant or critical in risk analysis, especially those related to Good x Practice (GxP) processes.
Being able to provide test results upon an auditor’s request is crucial. Therefore, every change (normal change, a software release, or a bug fix) that impacts the system configuration or business processes (especially those deemed highly significant) must be rigorously tested.
This creates a shared responsibility model where both Cornerstone OnDemand and the client have distinct roles. Cornerstone OnDemand ensures that the application itself is robust and compliant, while the client ensures that the system, as configured for their specific needs, remains compliant with all relevant regulations.
The implication is clear: any change affecting the system’s configuration or high-importance business processes necessitates thorough testing. This ensures not only the system’s reliability but also its compliance with stringent regulatory requirements, thereby avoiding potential financial penalties.
By understanding the importance of UAT (OQ) in this context, organizations can better prepare for audits and maintain a validated system that meets both operational and regulatory demands.
Components of a Comprehensive Test Plan for Minimizing Risk in a Validated Cornerstone OnDemand System – Regulatory Compliance
As organizations adapt to new business needs, system updates, or regulatory changes, the risk associated with these modifications must be meticulously managed to ensure ongoing compliance and operational effectiveness. This is where a well-structured test plan comes into play.
The test plan – Regulatory Compliance
A comprehensive test plan serves as a roadmap for quality assurance teams, outlining the specific tests to be conducted, the conditions under which they will be performed, and the criteria for their success or failure. It acts as both a guide and a record, providing a structured approach to testing and a documented trail for audit purposes.
The essential elements that should be included in a test plan are aimed at minimizing the risks associated with changes in a validated Cornerstone OnDemand system are as follows:
Identifiers and Titles – Regulatory Compliance
- Unique Test Case ID: To facilitate tracking and to link each test to the User Requirement Specification (URS) it covers.
- Requirement ID: To clearly identify which requirement is being tested.
- Test Scenario Title: A brief title that encapsulates what the test is about.
Objectives and Conditions – Regulatory Compliance
- Test Objective: What and why something is being tested in this scenario.
- Test Prerequisites: Conditions that must be met before the test scenario can be executed.
Roles and Environment
- Roles Used: Depending on the business process being tested, roles like Manager, Admin, and End User might be involved.
- Test Environment: Information on where the test should be executed, e.g., Pilot, Stage.
Execution Details
- Run Number: Information on whether this is the first or a subsequent test execution.
Test Steps – each test step should include:
- Step Description: What the step involves.
- Expected Result: What outcome is anticipated.
- Actual Result: What actually happened.
- Proof Requirement: Whether the step needs to be confirmed with evidence like a full-screen screenshot, including system date and time.
- Step Status: Whether the step is passed or failed.
- Attachment ID: If attachments are stored elsewhere.
- Incident Number: If the step failed and an incident was created for tracking.
- Execution Date and Time: When the test step was executed.
- Confirmation: Space for signatures from both the tester and the test reviewer.
Efficient Management of Test Execution in a Validated Cornerstone OnDemand Environment
As discussed in previous chapters, the frequency of running tests for a validated Cornerstone OnDemand system often depends on the number of changes being implemented.
In many cases, this frequency is quite high, making it crucial to manage test execution efficiently. This part explores various strategies to enhance the effectiveness of this process.
Clear Requirements for Validation
To start, it’s essential to have clearly defined requirements for validation. These should be unambiguous to avoid any confusion during the estimation and mapping of test scenarios. Clear requirements also assist test authors in understanding exactly what needs to be tested, thereby streamlining the testing process.
Resource Allocation – Regulatory Compliance
Allocate human resources who have an above-average understanding of the system well in advance. This ensures that the test steps are easily understood and that all test prerequisites can be met to prepare the environment for test execution.
An inexperienced testing team can cause significant delays due to knowledge gaps, requiring additional training sessions and clarifications.
Therefore, it’s crucial to allocate dedicated time for these resources to focus solely on test scenarios, or to outsource the writing and/or execution of tests to companies who are experienced in testing as well as in configuring the Cornerstone OnDemand system.
Regression Test Sets – Regulatory Compliance
If similar tests or similar functional areas are tested across different cycles, consider building a regression test set. Once created, this can be run multiple times, saving the time and effort of devising new tests.
These regression tests can also be automated, especially if they are repetitive. If you lack the resources to script these automated tests, firms like eConsulting can assist.
Test Environment Management
A well-maintained and frequently refreshed test environment can also enhance efficiency. Utilizing a Copy Down process to keep the test environment in sync with the production environment saves time that might otherwise be spent on transferring configurations and cleaning up outdated test data. This ensures that validation tests are conducted in a high-quality test environment.
Defect Management
An efficient defect management process can significantly expedite the conclusion of tests. Having defects analyzed by an experienced team, such as Cornerstone OnDemand Partners, can either lead to quick fixes or proper channelling of the issue to the software provider for a speedy resolution.
By implementing these strategies, organizations can not only make their testing processes more efficient but also ensure that they meet both operational and regulatory demands.
Conclusion
The Cornerstone OnDemand system is a powerful tool for managing human capital, but its utility in regulated industries goes beyond mere talent management. It serves as a validated platform that is crucial for training and compliance.
However, maintaining this validated state is not straightforward. It requires a well-thought-out strategy that includes clear validation requirements, meticulous test planning, and efficient test execution.
We hope the strategies outlined in this article will motivate you to enhance your internal processes for greater effectiveness and efficiency, while also helping you maintain the validated state of your Cornerstone OnDemand platform.
Sławomir Kwiatkowski
Cornerstone Release & Test Manager
Implementation Consultant