Is Computer Software Assurance (CSA) the new CSV?
Bart Degroote, Senior Project Manager at pi life sciences consultancy, commented the FDA draft guidance on Computer Software Assurance within the PI knowledge page:
“The FDA draft guidance on Computer Software Assurance is a paradigm shift from document focused computer system validation to critical thinking assurance practices. The Guidance is on FDA’s list for release in September 2020 and applies to non-product quality system software solutions. The principles and approaches will apply to all regulated organizations.
How it all started
The concept of validation was derived from engineering validation principles that have been extended to the software industry. Feeling the necessity to validate computer systems, the FDA published the ‘bluebook’ (1983) this was a guide to the inspection of computerized systems in pharmaceutical processing.
These regulations on the use of electronic records and electronic signatures are formalized in 1997 in 21 CFR part 11 the FDA and revised in 2003, for Eudralex (EU GMP regulations) this is Annex 11 (EME 1998).
According to both computer system validation is defined as: “Confirmation by examination and provision of objective evidence that software specifications conform to user needs and intended uses, and that the particular requirements implemented through software can be consistently fulfilled”
Purpose and initial need for CSV
The purpose of the validation process is to provide a high degree of assurance that a computer system will consistently produce electronic records which meets predetermined specifications and quality attributes.
FDA regulations mandate the need to perform Computer System Validation and these regulations have the impact of the law. Having the evidence that computer systems are serving their intended purpose and operating properly represents a good business practice.
Failure to take corrective action immediately can result in shutting down manufacturing facilities, consent decrees, and stiff financial penalties.
Why we need a new approach
The Guidance on computer system validation is already dating back to 2003 in a rapidly changing digital landscape and is no longer aligned with new technologies. This makes it unclear on how much testing is enough and where to focus that testing.
FDA believes the use of automation, information technology and data solutions throughout the life cycle can provide significant benefits to enhance quality and patient safety. This substantial benefit in enhancing quality is shown in other industries utilizing thorough automation.
At this moment CSV is an obstacle in the process to move to a more automated environment, this due to the required extensive testing and comprehensive documentation that demonstrate the validation of computer software.
To support the use of this new technologies FDA is drafting new guidelines “Computer Software Assurance for Manufacturing, Operations, and Quality System Software”, CSA will tackle the issues we have at this moment with CSV.
Additionally, FDA intends to focus on direct impact systems and not on the indirect systems (support tools).
The paradigm shift of CSA
The new paradigm will focus on critical thinking (risk-based), assurance needs, testing activities and documentation in that order.
Risk determination should focus on:
- Does the software impact patient safety?
- Does this software impact product quality?
- How does this software impact your quality system integrity?
Comparison CSV VS CSA
Focus on creating documentary records for compliance VS Focus on testing for higher confidence in system performance
Validating everything with the risk to miss higher risk functionality VS Risk-based assurance, applying the right level of risk to patient safety and/or product quality
Ignoring previous assurance activity or related risk controls VS Taking prior assurance activities into account and upstream / downstream risk controls”
Please find the complete article here.
Please get in touch with us: