The FDA’s new approach to CSV is Computer Software Assurance (CSA). It represents a step-change in computer system validation, placing critical thinking at the centre of the CSV process. CSA is a risk- based approach to validate a system directly impacting Product Quality and Patient Safety.
The traditional approach to Computer System Validation (CSV) has been around since the introduction of FDA 21 CFR Part 11, 1997. Since then, CSV has often been described as a burdensome exercise for audit proofing, an exercise which results in large documentation packs with large volumes of screenshot or attachments.
CSA is CSV done correctly – Focussing on Risk Assessment, Critical thinking and Vendor collaboration. Computer Software Assurance (CSA) allows risk assessment during each & every process whereas in CSV, Risk is Assessed once for complete validation process.
In order to reduce time & cost, a proper risk assessment is required to be done in which Low, medium and high risk should be identified. And test scripts shall be documented only on the high-risk elements. In a nutshell, CSA focus on high risk areas.
The upcoming Computer Software Assurance (CSA) guidance document brings no change to the current governing regulations or to GAMP 5; the requirements remain the same.
Following the CSA approach, however, means that validation activities are designed around testing the critical aspects in an efficient way. Avoiding unnecessary activities and bureaucracy, critical thinking and a risk-based approach are used to ensure that testing focuses on the features or actions that pose a medium / high risk to the patient safety, product quality and/or data integrity, with less focus on the lower risk features of the system.
Now more than ever it is time to rethink our traditional CSV approach. An approach that aligns with Computer Software Assurance (CSA) will result in the implementation of computer system software in an efficient and innovative manner while remaining in compliance with regulatory requirements & GAMP 5.
