How to Validate Ketryx

Lee Chickering
August 12, 2025

Table of Contents

Let’s Talk About Validation

If you work in a regulated space (medical devices, diagnostics, pharma, digital health), you know that validation is a fact of life. You need to show that your tools and systems do what they say they do. And while the intent behind validation is noble (we all want safe and effective products), the actual process can feel heavy.

We get it. At Ketryx, we’re not just building software for compliance—we’re living it too. Our entire platform is built under a quality system that aligns with the standards you already follow (ISO 13485, IEC 62304, ISO 14971). We went through an audit process and earned certification by UL, one of the most trusted notified bodies in the industry. That means a third party has reviewed and approved our processes for how we build, test, and maintain the Ketryx platform. So when you receive a validation package from us, you’re not just getting documentation. You’re getting artifacts from a system that’s been externally audited and certified to the same standards you’re expected to meet. That’s why our validation is shareable, auditable, and useful.

That means you don’t have to validate Ketryx from scratch. You just need to figure out what’s right for your team, your product, and your level of risk tolerance.

Most of our customers land on one of two options. I’ve also provided a third option that no one has (thankfully) chosen.

Option 1: Accept Ketryx’s Validation (Most Popular and Easiest)

This is the go-to route for most of our customers, and here’s why: you already trust suppliers through supplier evaluations and audits to follow standards, and Ketryx is no different.

Why it works

Ketryx is:

  • Built under an ISO 13485-certified quality system
  • Developed according to IEC 62304 (medical software lifecycle)
  • Designed with ISO 14971 (risk management) principles in mind

We’re also actively using our own platform to track requirements, risk controls, and test cases, so we practice what we preach. That means our internal validation process is complete, documented, and auditable.

Instead of duplicating all that work on your end, you can simply accept our validation as part of your supplier qualification process.

What you do

  1. Store our certs. You can request our ISO 13485, IEC 62304, and ISO 14971 certificates and place them in your EDMS or wherever you track your validated tools and suppliers.

  2. Request our validation docs. We’ll send you:

  3. Review the documentation that’s been sent over

    • Review the use cases identified in the SRS, how they are traced in the RTM, and how they are tested in the test report.
    • Assess that it’s representative of your intended use of Ketryx
    • Conclude that you can accept Ketryx’s validation package and that you don’t need to do any of your own validation testing in addition to that

  4. Write a short internal assessment. This is your “why” - your rationale for accepting Ketryx’s validation. Something like:

    • “We’ve reviewed Ketryx’s validation evidence and certification to applicable standards.”
    • “Our users still review and approve all outputs generated in Ketryx before release.”
    • “Given this, we consider the risk of using Ketryx low, and their validation is sufficient for our needs.”

  5. Set a review schedule. Depending on your internal SOPs, you might:

    • Request updated validation docs from Ketryx at every major/minor release
    • Or just conduct an annual review of all tools and suppliers, including Ketryx

Why this is enough

This approach is widely accepted because:

  • You’re documenting your rationale
  • You’re showing due diligence in supplier management
  • You’re not revalidating a system that's already been validated and is externally certified
  • You’re leveraging supplier documentation to the fullest extent possible, as recommended by GAMP

It checks all the boxes without wasting time on duplicative work.

Option 2: Light Internal Validation Using Your Own Use Cases

Sometimes, teams want an extra layer of assurance, especially if your internal policies or risk profile call for some amount of hands-on testing.

This hybrid approach still uses Ketryx’s validation as the foundation, but adds a small layer of internal validation tailored to how you actually use the platform.

Why it works

You’re not trying to revalidate the entire system, just showing that it behaves as expected for your real-world use cases.

For example:

  • You might use Ketryx to manage software requirements and risk traceability across multiple projects.
  • You might lean heavily on integrations with Jira, GitHub, or Jama.
  • You might have specific templates implemented by the Ketryx Client Operations team.

In this case, it makes sense to do some lightweight testing to confirm those workflows function as expected in your environment.

What you do

  1. Document key use cases. These don’t need to be formal user stories — just high-level notes like:

    • “Users want to trace software requirements to test cases and risk controls.”
    • “Users want to generate validation documents for release.”
    • “Users want to configure approval workflows and assign reviewers.”

  2. Run hands-on tests. Log into your configured Ketryx instance and walk through those use cases. Verify the outcomes match expectations: screenshots or short notes are enough.

  3. Write a short summary. In your validation report, note:

    • That you’ve received validation documentation from Ketryx (see Option 1)
    • That you’ve performed internal tests based on real-world use
    • That this combination is sufficient for your intended use of the platform

Why this is a good middle ground

  • You’re showing traceability between intended use and testing.
  • You’re validating your configuration, which can be helpful when using complex integrations or custom workflows.
  • You’re not trying to prove that every feature in Ketryx works, just the ones you rely on.

This is great for teams that want to be extra cautious but still move fast.

Option 3: Perform a Full Validation of the Ketryx Platform (Not Recommended)

We occasionally hear from teams who are wondering: “Should we just perform a full validation of Ketryx ourselves, end-to-end?”

Our short answer? No… please don’t.

Why this is not recommended

Ketryx is a large, complex platform with hundreds of interconnected features and validation scenarios. We’ve already done the work of fully validating the system, and we mean fully:

  • We maintain a validated state across all major and minor releases
  • Our validation artifacts include traceability matrices, requirements, specs, test protocols, executed results, and system configurations
  • The resulting documentation spans thousands of pages, all developed under our ISO 13485-certified QMS

Unless you're using Ketryx as a component inside your own software product (you’re not), there is no regulatory requirement to re-validate the entire platform. In fact, trying to do so can lead to:

  • Redundant time and effort that doesn’t reduce risk
  • Missed functionality or incomplete coverage due to lack of internal visibility
  • Unnecessary delays during implementation

When teams try to do this, it backfires

We’ve experienced customers thinking about going down this road early on, spinning up large internal validation projects for Ketryx. Almost all of them eventually pivoted to one of the lighter-weight approaches described above. Why?

Because they realized:

  • They didn’t have access to the internal system behavior or logic required to test every component.
  • Their validation effort would end up duplicating work already done and certified by Ketryx.
  • It would be impossible to keep up with ongoing updates.

What to do instead

Use our validation. It’s detailed, structured, and built to be shared. Whether you accept it directly or add a layer of your own use-case-based testing, you’ll be in a better place than trying to re-create the wheel.

Wrapping It All Up

Validating your tools shouldn’t be more painful than validating your product. With Ketryx, you have flexibility and support. Whether you choose to fully accept our validation or layer in a little of your own, we’re here to provide the evidence and guidance you need.

We’ll meet you wherever you are on the compliance maturity curve, whether you're just getting your QMS up and running or preparing for your twentieth annual audit.