SQL Server 2019 - Master Data Services - Validation needed?

Hello at all,

we want to transfer some data from our ERP-System to the Master Data Services. There we want to establish some business rules, where allowed people can change some attributes and/or entrys of the master data, for example acitivating a checkbox or entering new data. Afterwards we will transfer it back to our ERP-System, so that the ERP-SYstem does have the updated data. The transferrings will be done daily automatically.

Do we need to validate the Master Data Service, which is a standard functionality of an SQL-Server? And how should it be validated?
Or it is just like validating an excel-sheet? Or do you just have to test and proof that the business rules and the transferring is working? Or only validating the interface to the ERP-System?

Or is it part of the server qualification of the IT? If yes, How should it be qualificated?

What documentation do you need?

Thanks a lot in advance for your advice
Last edited:
Elsmar Forum Sponsor


Trusted Information Resource
I'm reluctant to provide specific advice in this case, but I feel like there are some elements (of what you describe) that may require elements of validation/assurance. I don't anything about your broader policies and what they allow/require, so the following are just the corners where I would shine some light and a description of what I expect to see.

The specific details of the SQL server certainly ought to be documented, if only because it may become necessary to rebuild, repair, or replace it... just like any other element of infrastructure,

For the parts of the process that rely on automated features including the interface, you ought to have evidence that they are working as intended. If the business rules are established and never change those should be documented. If the data is manipulated by humans, you may want to investigate controls for the risks that data is unintentionally changed... even if this is just a business risk. I am dealing with an unfortunate CAPA which is basically "I am an important human and made a mistake, why did the tool allow me to make a mistake?" Think blaming an automobile because the driver exceeded a posted speed limit.

I don't believe that you are responsible for being the quality control for the mechanics of the underlying SQL database. You should have enough information to believe it is meeting your needs. It is possible that there may be some elements of (integrity of) electronic records involved, especially if data is moved into a second system for manipulation and then moved back to an original system. I don't have enough information to make an assessment... but generally: if you are familiar with how clauses of 13485 map to US regulatory requirements (e.g. 21 CFR 820) it is possible to make a regulatory compliance assessment about the (compliance-based) need to implement what kinds of controls (as described in 21 CFR 11). Of course, you may want to implement similar controls for business reasons, independent of the compliance question.
Hello Tidge,

thanks for your input.

I discussed it with the colleagues and there are some points which needs to be validated and documentated.

As the Master Data Services does have an Audit-Trail and a concept of user rights which differs from the user rights of the ERP-System, these features/points must be at least developed, documentated and verified. So that the user cannot change different things than they should. As well it should ve reviewed periodically


Quite Involved in Discussions
Just want to add on, that data backup also has to be shown somewhere. This is important for yourself and the auditors. In the event the maser data service is down, do you have an offline version to work with temporarily? I had a situation in a previous company once when the ERP was down for half a day (global network outage), we couldn't do any work at all. But back then the company wasn't ISO certified, in an ISO certified environment I would expect this to be more of a documentation issue.
Last edited:
Disclaimer: I know nothing about your way of work, tools, or company, but from the top of the head and imagining a setup as you described it, I offer my 2 cents below.

The very least I'd go for is the following:
- recognize the use cases of the tool for your company
--- storing entered data
--- returning values from the database
--- data access
--- data protection
--- keeping the audit trail
--- denying attempts to corrupt the history of stored data and/or transactions
--- syncing data between the DB and ERP (and vice versa)
--- ...

- recognize the risks emerging from the use of the tool
--- data is not stored correctly
--- tool returns incorrect values from the database
--- users can access data they're not supposed to
--- history of data can be manipulated/corrupted
--- interface between the DB and ERP fails (brings up a whole new cluster of risks) ...

- prepare test cases to test the above mentioned and prove that the tools perform as intended.

Make sure / prove / record that the tool is installed per manufacturer's guidelines (IQ), the supporting OS is adequate ...

Record and analyze known issues of the tools.

Is the "automatic sync" going to be done by a third software, or is the ERP or DB tool going to do this? In each case, think about what could go wrong with this setup (databases access, data translation from one DB to another, communication fails ...) and test it.

Also, as Junn1922 mentioned above, think about the "server down" and "communication down" situations, data sync after the communication is restored, backups ...

It seems like a wide array of things to be done, but then, you want to be sure the setup works and you've covered the use cases and foreseeable risks.


Thread starter Similar threads Forum Replies Date
D SQL Server Username and Password Excel .xls Spreadsheet Templates and Tools 3
T Wanted: Software for Developing Front-end Interfaces to (SQL) Databases Quality Tools, Improvement and Analysis 1
C Creating a Multiple Table SQL (Structured Query Language) Query in Minitab Using Minitab Software 10
ScottK PRC (China) Safety Quality License (SQL) for boilers and pressure vessels Various Other Specifications, Standards, and related Requirements 3
R Question about MINITAB's SQL Syntax Using Minitab Software 2
V CAR NCMR Software - SQL based, just for NCMR's and CARs Quality Tools, Improvement and Analysis 2
was named killer CLOUD BASED QUALITY DOCUMENTATION vs. SERVER BASED Document Control Systems, Procedures, Forms and Templates 5
S Moving from client-server to cloud-based, is that a new submission? Medical Information Technology, Medical Software and Health Informatics 3
M Trouble with Europa website - Internal Server Error (March 2019) EU Medical Device Regulations 5
Marc Server RAM Failure - 7 Dec 2018 Forum News and General Information 3
D Nonconformance on document control - Unapproved document on production server Document Control Systems, Procedures, Forms and Templates 4
J Dummy SMTP server for email testing Software Quality Assurance 3
H Requirements for Data Storage as to Geographic Server Location Medical Information Technology, Medical Software and Health Informatics 11
P Blackberry Server Down - October 2011 Coffee Break and Water Cooler Discussions 4
V Do we need to Validate a Server/Back-End System? Qualification and Validation (including 21 CFR Part 11) 2
kisxena Transferring a validated software platform to a virtual server Software Quality Assurance 8
B Controlled Copies of a Quality Manual in an electronic media (file/server) Quality Management System (QMS) Manuals 9
J What Can You Do with Active Server Pages? Quality Tools, Improvement and Analysis 0
C User Acceptance Testing best practice - conducted on production server or test server Software Quality Assurance 0
C Synthis software review - Process Modeler and Process Server Book, Video, Blog and Web Site Reviews and Recommendations 1
L Forms in MS Word - Trying to put forms on a server and prohibit modifications Document Control Systems, Procedures, Forms and Templates 84
W Is it permissable to maintain "controlled quality documents" on the EDP server only? Document Control Systems, Procedures, Forms and Templates 1
S ISO 9001 software package that will work with Outlook on an Exchange server Quality Assurance and Compliance Software Tools and Solutions 2
A Document Matrix - Can the Server Directory Listing(s) be used? Document Control Systems, Procedures, Forms and Templates 13
S Data/Drawing Control - All documents controlled on a head-office server? Document Control Systems, Procedures, Forms and Templates 1
D EN 61010-1:2010 vs 61010-1:2010+A1:2019 CE Marking (Conformité Européene) / CB Scheme 2
G Brazil Regulations RDC 270/2019 Other Medical Device Related Standards 0
B Risk Management Procedure updates needed for 14971:2019 ISO 14971 - Medical Device Risk Management 11
M AIAG-VDA DFMEA 2019 - it is compulsory? FMEA and Control Plans 7
B ISO 14971:2019 amendment A11:2021 questions ISO 14971 - Medical Device Risk Management 5
M ISO 14971:2019 vs FMEA methodology ISO 14971 - Medical Device Risk Management 23
Y BS EN ISO 14971:2019+A11:2021 released ISO 14971 - Medical Device Risk Management 3
R What are the new changes in EN ISO 11137-1:2015+A2:2019? Other Medical Device Related Standards 2
T The difference between ISO 14644-3:2005 and ISO 14644:2019 Other Medical Device Related Standards 2
M ISO 14971:2019: Criteria for overall residual risk ISO 14971 - Medical Device Risk Management 12
M ISO14971:2019 - Verification of implementation and effectiveness of risk control ISO 14971 - Medical Device Risk Management 14
B Timeframe for updating QMS / transitioning from ISO 14971:2012 to ISO 14971:2019 ISO 14971 - Medical Device Risk Management 16
D ISO 14971:2019 vs MDR Annex 1, Requirement #4 - "Manufacturers shall inform users of any residual risks" ISO 14971 - Medical Device Risk Management 5
J FMEA Handbook 2019 IATF 16949 - Automotive Quality Systems Standard 3
classical_quality Reflecting: Improvements Made 2019 & 2020? Coffee Break and Water Cooler Discussions 2
Aymaneh ISO 11607-1: 2019 main changes Other Medical Device Related Standards 2
K Overall residual risk according to ISO 14971:2019 ISO 14971 - Medical Device Risk Management 5
M Gap analysis on ISO 14971:2019 with previous revision ISO 14971 - Medical Device Risk Management 12
Bill Hansen New ISO 14971:2019 Harm: unreasonable psychological stress, and cybersecurity ISO 14971 - Medical Device Risk Management 13
dgrainger Informational UK - Medicines and Medical Devices Bill 2019-21 UK Medical Device Regulations 0
Ajit Basrur Why is ISO 14644-3:2019 not approved by US? Other Medical Device Related Standards 2
T Implant Card - Article 18.1(a) and MDCG 2019-8 clarification EU Medical Device Regulations 3
Richard Regalado Top 10 operational risks of 2019 for business continuity planning Business Continuity & Resiliency Planning (BCRP) 6
A EN ISO 14971:2019 does not include the Annex Zs ISO 14971 - Medical Device Risk Management 4
J UK Medicines and Medical Devices Bill - 2019 ISO 13485:2016 - Medical Device Quality Management Systems 0

Similar threads

Top Bottom