FIVE VALIDATION: The Journey Towards ISO 9001:2015 and ISO 27001:2022 Certifications
2008The founding of FIVE VALIDATION
2017Implementation of the quality system based on physical documentation (folders with paper documents) begins.
2018Studies for the implementation of ISO 9001:2015 begin. Partnership with Forlogic to transform the digital quality management process. Cybersecurity measures are intensified. Finalist as one of the top three service providers for the production of the pharmaceutical industry in the 2018 Sindusfarma Quality Award.
2019Winner of the 2019 Sindusfarma Quality Award as the best service provider for the production of the pharmaceutical industry.
2020Winner of the 2020 Sindusfarma Quality Award as the best service provider for the production of the pharmaceutical industry. Study to verify adherence with ISO 27001:2018.
2023First place in the 'Software and Solutions for Production Equipment' category and second place in the 'Production Services' category in the 2023 Sindusfarma Quality Award. Issuance of the Final Infrastructure Qualification Report. Study to verify compliance with ISO 27001:2022.
2024First place in the 'Technical Consulting - Regulatory' category and second place in the 'Software and Solutions for Production Equipment' and 'Production Services' categories in the 2024 Sindusfarma Quality Award.
ISO 27001:2022 and ISO 9001:2015 certification.
How we got to this
important moment for FIVE VALIDATION:
Since its foundation, FIVE VALIDATION has always been concerned with information security and delivering high-quality services/documents.
In 2018, FIVE VALIDATION began studying ISO 9001:2015 to implement a more robust quality management system. This led to the need for digital solutions to support this journey.
In 2018, FIVE VALIDATION partnered with Forlogic to transform the quality management process. As a result, activities previously carried out on paper transitioned to a digital format. The digital implementation of the quality management system provided greater robustness to the entire process and was aligned with ISO 9001:2015 requirements from the outset.
During this same period, 2018, FIVE VALIDATION began intensifying security measures, as, in addition to the services provided, FIVE VALIDATION started offering and working with GO!FIVE®, a digital solution for validation document management.
At that time, FIVE VALIDATION was already working towards adopting the best market practices regarding quality and information security, but did not yet feel ready for certification.
In 2020, Silvia Martins, CEO of FIVE VALIDATION, proposed to the Quality and Information Technology team to conduct a study to evaluate FIVE VALIDATION's adherence with ISO 27001 requirements. The idea was to implement a consolidated Infrastructure Qualification approach, according to GAMP®5, to initiate the implementation process and adopt the controls required by the standard.
From the infrastructure qualification, several improvements were implemented throughout the company's structure, not only from a technological standpoint but also culturally. This process was not quick, as it required investment in time and money. Furthermore, the implementation must be worked on in a structured way so that it is part of the company's culture.
In December 2023, FIVE VALIDATION completed the infrastructure qualification project, identifying over 300 risks and conducting approximately 170 tests to complete this stage. Of course it is an ongoing effort, but we can consider this step as a major milestone for FIVE VALIDATION.
In addition to Infrastructure Qualification, internal audits (ISO 9001:2015 and ISO 27001:2022) were conducted to identify improvements and non-conformities. Beyond internal audits, FIVE VALIDATION participated in audits for the Sindusfarma Quality Award, which played a crucial role in this process by assisting in the implementation of various improvements since FIVE VALIDATION first participation.
In 2024, FIVE VALIDATION decided to pursue certification. The journey towards these certifications was both simple and complex. Simple because FIVE VALIDATION already had a robust Quality System and strong information security controls. Complex because the process required intense collaboration between departments, all of which performed their functions brilliantly. Despite the high demand, everyone was dedicated to making this achievement possible.
The first step in this new stage of preparation was reviewing and aligning all internal processes. We began by reviewing existing documents and mapping out any discrepancies found. The Quality team, in collaboration with other departments, dedicated itself to the detailed mapping of processes, identifying areas for improvement, and setting clear goals to meet the requirements of ISO 9001:2015 and 27001:2022.
Our first ISO certification audit took place on October 22, 2024, with the documentary review for ISO 27001:2022. This process identified the need to create essential new documents, such as the SOA (Statement of Applicability), Incident Management, Roles and Responsibilities, and Threat Intelligence. The documentary review for ISO 9001:2015, conducted on November 29, 2024, did not highlight any improvement opportunities, as we had already addressed suggestions from the ISO 27001:2022 audit that contributed to ISO 9001:2015 compliance.
Between the documentary audit and the certification audit, FIVE VALIDATION conducted an internal audit in mid-November 2024 to ensure compliance with the requirements of both standards, taking into account the auditors' feedback. As a result, the Quality team, together with other company departments, began updating key documents, such as the Quality Manual, Contingency Plans, Information Security Manual, as well as operational procedures and infrastructure qualification. Everything was adjusted to ensure full compliance with certification requirements.
With the creation and updating of documents completed, employee training sessions began. Readings of procedures and other documents were carried out, along with assessments to ensure content retention. During the monthly meeting, we conducted an activity with all sectors to reflect on how our daily routines align with the company's pillars, particularly regarding Quality and Information Security. Everyone was properly informed about the importance of the certifications and the impact these achievements would have on the company's operations.
FIVE VALIDATION also conducted a thorough survey of its entire infrastructure, identifying critical points and implementing rigorous access control, data protection, and cybersecurity measures. The goal was to ensure the protection of sensitive information—both internal and client-related—meeting the highest security standards required by the norms.
FIVE VALIDATION has been dedicated to pursuing excellence in its processes and information security. With this commitment, in 2024, the company underwent a rigorous preparation process to achieve the prestigious ISO 9001:2015 and ISO 27001:2022 certifications, internationally recognized as guarantees of quality management and data protection—a merit of FIVE VALIDATION.
With great satisfaction, we received the recommendation for ISO 27001:2022 certification in December 2024, following the successful completion of the audits. ISO 9001:2015, in turn, was also a significant milestone for us, with the certification process concluded in December 2024.
Continuous improvement and teamwork were fundamental principles in FIVE VALIDATION's preparation and, consequently, in achieving success.
This achievement was only possible thanks to the dedication of everyone, who swiftly resolved pending issues and implemented improvements effectively. The auditors highlighted the commitment and dedication of the team, who, despite the limited time, managed to implement significant changes during the process review. As a result, FIVE VALIDATION received no non-conformities in the audits, only observations and improvement suggestions, which are already being addressed by the team.
As continuous improvement is one of the company's pillars, FIVE VALIDATION continues to actively work on implementing these suggestions and ensuring the best service for its clients. Obtaining the ISO 9001:2015 and ISO 27001:2022 certifications reflects the company's commitment to quality and information security. This achievement further strengthens our practices and reaffirms FIVE's commitment to the constant pursuit of excellence. The company continues its journey of continuous improvement, ensuring the protection of sensitive data and customer satisfaction, always aligned with the highest international standards.
