Verification and validation has been coming up quite often recently in conversations with client lawyers. It seems there are a number of litigants relying on systems data or log files information that have not validated their data properly and are suffering the consequences of poor data management practices as a result.
V&V, and data management practices, are well developed standards dating back decades that all IT shops should be incorporating into their standards and practices for systems and data administration.
If the foundation data isn’t right, the business operations won’t be right. In some cases, notably 21 CFR 11, V&V is a requirement. But even if it’s not a legal compliance issue, it should be part of normal IT business practices at every company because of the inherent risk in ignoring V&V.
If your risk management program doesn’t have a V&V component, you might be missing a big vulnerability.
As always, we’re here to help, if you need us.