From the healthcare industry to financial services, an increasing number of firms are finding themselves subject to regulatory compliance in their software development and testing processes. If anyone makes a testing- or quality-related change to a software build, such as correcting a defect or eliminating an error, compliance monitors want to know who did it― and want to see that an authorized company manager reviewed and approved the work.
Many companies use paper-based signature processes to record and track approvals or disapprovals. But, a much more efficient solution is to incorporate digital signature authentication into testing and quality control workflows. For users of HP’s Application Lifecycle Management (ALM) and Quality Center (QC) products, Orasi has developed a purpose-built add-on, the Orasi Digital Authenticator (ODA), to accomplish this goal.
The product is light and highly flexible, yet quite powerful in its approval management and reporting capabilities. It extends the basic workflow approval functions built into ALM to help companies meet the stringent compliance requirements of HIPPA (Health Insurance Portability and Accountability Act of 1996), Part 11 of Title 21 of the Code of Federal Regulations (covers FDA regulations), the Sarbanes-Oxley Act of 2002 (SOX) and other industry requirements.
With ODA, users gain the ability to require one or many electronic signatures for any field for which HP ALM offers reporting capabilities, such as defect status, test case execution date, approval date and more. Once ODA is installed and the roles for digital signature authentication have been established, the workflow cannot move past a certain point until required criteria are met. For example, when a user sets a decision status, ODA launches a user authentication window to ensure that the user is authorized to do so.
Furthermore, digital approval is user-name and password based to prevent accidental or intentional misuse of the signature process. Full reporting capabilities make it easy for a company to pull historic digital signature records for internal review, discovery requests, auditing requirements and other purposes.
In short, ODA incorporates digital authorization into the existing testing tools that HP users know and love. It locks down the HP ALM workflow to make sure that changes don’t occur outside the process and lets senior management know who is working on a test case, closing a defect or performing another testing or QC-based operation. It additionally allows management to know why users are making changes and whether they were authorized to perform the operation.
With ODA, there is always a complete audit trail and written, documented proof can be ready in minutes without anyone needing to dig through weeks’, months’ or years’ worth of wet-ink, physical records. ODA works with all currently supported versions of HP ALM and QC (both SaaS and on-premise).
Orasi offers ODA as part of a complete consulting package that includes a comprehensive analysis and discovery report that is used to customize and document the workflow to fit your unique needs and organizational structure. The custom workflow is tested and validated by the customer to ensure that it meets their requirements. Knowledge transfer sessions are also provided to make workflow administrators self-sufficient in maintaining the custom workflow.
For more information on ODA, visit its page on the Orasi site. Or, feel free to post your questions about ODA in the comments section below this post.
Also, join us for a complimentary webinar on October 23rd at 2pm EST to learn all about ODA and how it can help you leverage HP ALM/QC workflows and digital signatures to comply with industry regulations! Register here.