FDA’s Upcoming Computer Software Assurance Guidance
Kathleen Warner, Ph.D., RCM Technologies, wrote in the current issue of meddeviceonline: “As the FDA finalizes and publishes the Computer Software Assurance (CSA) guidance later this year, companies that have not already started the transformation process to CSA can get started now – don’t wait!
The medical device industry can benefit greatly by implementing CSA. In a recent European study1 on medical devices, AI application categories and types were researched and cited as producing data that can be collected and analyzed throughout the life cycle of the patient. Based on our understanding, the CSA guidance will, in many cases, require continuous validation of medical devices that use intelligent technology for patient and product safety to comply with the CSA guidance. The following includes examples of data collection and medical device scenarios that could benefit from the use of a “CSA approach” or “CSA methods”:
- Medical devices that collect clinical data
- Healthcare delivered remotely by medical personnel via txt, video, or phone
- Laboratory information systems (LIMS), chromatography testing, etc.
- Neurology, breast, oncology, molecular imaging, and X-ray equipment (i.e., portables)
- Personal assistance applications
- Physiological monitoring devices and those that monitor the function of an organ
- Surgical, medical, and manufacturing robotics
As we continue to build on the CSA transformation challenges ahead, there are activities that need to be performed to make this transformation to CSA in an organized and productive way, as follows:
- Develop a transformation plan.
- Implement a phased approach for achieving CSA.
- Implement test automation tools that enable CI/CD (continuous integration/continuous deployment).
- Establish a continuous software validation life cycle.
Two of the tenets of CSA are critical thinking and risk-based assessments. In the first article of this series, I discussed the importance of critical thinking, provided a definition, and listed skills required to master critical thinking. Additionally, I provided the “how” to perform a risk-based assessment for GAMP 5. The process has not changed; however, for direct impact systems, the risk-based assessment focuses on critical and high risks to assure that the software requirements align with the CSA guidance for patient and product safety, quality, and data integrity. This shift in thinking from validating everything to validating only critical and high risks for direct impact systems is new and places responsibility on software vendors to implement a continuous validation framework to successfully realize the transformation to CSA from CSV.
One of the most important activities is to develop a transformation plan that includes a phased approach to CSA. A well-developed transformation plan focuses on change management and business improvement for people, process, technology, and transformation (pptx). It should describe the phases of the transformation, approach/methods, and deliverables. Deliverables include estimated timeline, budget, and process improvement, which involves replacing old processes with new processes, developing success criteria and metrics, such as key performance indicators (KPIs) and/or software-level agreements (SLAs) with suppliers/vendor/partners, and addressing the barriers to transformation through organization change management (OCM). New technical competencies need to be developed through learning management programs to train employees on the new FDA CSA guidance. The effort to transform an organization is significant and can be successfully achieved by executing a well-developed transformation plan.
Recent data on this topic indicates that you could see a return on investment (ROI) between 50% and 80% with some of the following benefits: cost savings in time, improved quality processes, and reduction in resources combined with new development methods that enable continuous integration (CI), continuous validation (CV), and continuous deployment (CD).
The IT foundational framework provides the building blocks to achieve the CSA transformation. At the top of the list of transformation planning are the IT infrastructure architecture and the cloud integration strategy that describe your cloud and/or hybrid (i.e., cloud and on-premises) environments.
Since the transformation plan is a strategic document, to be effective, content should include, but not be limited to, the following:
- Description of IT architecture and cloud integration strategy (include cloud environment and on-premises environment)
- Description of DevOps tools being used for cloud and on-premises integration. Examples include, but are not limited to, codeless test creation and automation, end-to-end testing, and CI/CD tools, such as Jenkins, Bamboo, Azure DevOps, CircleCI, Teamcity, etc.
- Off-the-shelf (OTS) and commercial off-the-shelf (COTS) applications, such as ADOBE, Microsoft, SAP, SalesForce, etc.
- List of IT cloud partners, software products and services, roles and responsibilities, and SLAs.
- List of applicable U.S. and global standards (ISO 9001:2015) and regulations/guidance (FDA GAMP, EU, etc.)
- List of current quality standards, processes, and policies
- Organizational change management (OCM) approach and deliverables
- Descriptions of non-product computerized systems (e.g., manufacturing execution systems [MES], quality management systems [QMS], and electronic data management systems [EDMS]), to name a few, and non-product quality systems (e.g., QMS and product life cycle management [PLM] systems for change management and continuous improvement of quality processes)
In a report published by the FDA in 2011 on Medical Device Quality,2 the FDA identified seven major opportunities to improve quality in the industry, to enhance operating systems and management infrastructure, and to change the mindset and behavior. As described in Figure 1 below, the seven major opportunities are as follows:
- Design and reliability engineering
- Robust postproduction monitoring and feedback
- Supplier management processes
- Quality metrics and measurement systems
- Quality organization
- Performance management
- Quality culture“
Please find the complete article here.
For further information please get in touch with us: