I will agree with
@sagai that too much focus is often on testing. There are other considerations. And before you conclude that the software doesn't compromise patient safety, give it some more thought. An ERP system might help you manage inventory and if the system failed and allowed incorrect product to be used, that could lead to patient harm. If the system manages complaints and a complaint gets lost, there could be a repeat occurrence. Maybe you're right in that it can't lead to patient harm but be sure you give good documented rationale. Oh, and risk to not meeting regulatory requirements should also be considered!
I always recommend a Master Validation Plan to set the stage for a risk-based approach to deciding what validation is needed.
It's never a bad idea, as part of validation, though, to look at a few things:
- Are controls in place to ensure data integrity? It's not infrequent that I see systems set up giving everyone admin access or there's a single login for multiple people. (This is one reason why you can't purchase a pre-validated system - it has to be validated in your environment as you use it).
- Are you running it in a supported environment? ERPs have a database back-end which may be separately maintained. Is the database engine compatible with the manufacturer's specifications? This also extends to the hardware the system is running on. If cloud-based probably not a concern but there may be client side considerations as well (even if client side is browser based, are all your users using supported browsers?).
- Are you using the system in the manner intended?
- Are there any known issues published by the manufacturer that could impact your use?
- Is the data being properly backed up and secured?
- If you market in the US or are pharma in EU, there are electronic record / electronic signature requirements you may need to meet. Is the system meeting those? What about audit trail?
That's just off the top of my head; I'm sure there's other things I'm not thinking of but that gives you an idea.