What is computer system validation? It is a fundamental concept in the realm of FDA-regulated industries, where rigorous processes are implemented to confirm that computer systems are fit for their intended use.
The Life Sciences sector relies on CSV, meaning medical, pharmaceutical, medical device, and a variety of other industries use it to ensure the accuracy and quality of their systems and applications. For example, computer system validation in the pharma industry is a critical process that ensures the integrity and compliance of computerized systems used in various operations, such as manufacturing, quality control, and regulatory compliance. Ultimately, CSV in pharma and medical device plays an important role in safeguarding patient safety, maintaining data accuracy, and upholding regulatory standards. Companies in various industries can confidently rely on their computerized infrastructure to support crucial tasks by meticulously validating and documenting these systems.
Can a new, risk-based, critical-thinking approach help you gain altitude with your computer system validation? Pharmaceutical, biotech, medical device, and other life sciences industries have adopted Software as a Service (SaaS, or cloud) systems, and the struggle is real: It can feel impossible to juggle the validation of multiple regulated life sciences software solutions and their periodic updates while maintaining them in a state of control compliant with the FDA regulations that drive the need for the validation process.
At Sware, we are seeing clients in the pharmaceutical and medical device industries increase speed and efficiency – and meet the challenge of keeping computer systems in a state of control – by streamlining their approach to computer system validation. Their secret to success? These customers have embraced the FDA’s modernized computer software assurance (CSA) approach. FDA computer software assurance has helped redefine the methods by which software validation is executed in the pharmaceutical, medical device and life sciences fields overall. The transition from traditional, paper-based computer systems validation, a staple in the pharmaceutical industry and other GxP compliant sectors, to the more efficient methodologies endorsed by CSA, computer software assurance, marks a significant advancement toward risk-based testing, focusing testing rigor on systems that directly impact patient safety. By adopting paperless validation and automation platforms, companies are not only meeting FDA regulations and best practices with fewer resources but are also elevating the quality of system software critical to their operations. But What is computer system validation using CSA? And how is it changing approaches to traditional computer system validation and medical device industries? In this blog, we will explore how to raise your best practices around computer systems validation to the next level while maintaining and promoting GxP compliance – by using the Computer Software Assurance (CSA) approach.
Let’s work smarter, not harder, with benefits to the bottom line.
Comparing CSV vs. CSA
What is Computer System Validation vs. Computer System Assurance? What is your focus? Where should it be? What does the traditional approach to computer system validation process for life sciences software solutions entail?
In industries like life sciences and pharmaceutical, computer systems validation CSV is comprised of 80% of staff effort focused on documentation and testing, with only 20% focused on critical thinking and assurance activities. For example, we commonly see traditional paper-based computer system validation (CSV) protocols that include hundreds of pages of repetitive “blanket” test cases that do not consider the risks inherent to the application and may not even test the fitness of the application for the intended use. These scripts are usually accompanied by screenshots – often numbering in the thousands for a single validation protocol – all in the name of compliance with perceived FDA regulatory requirements around computer systems validation of GxP-compliant life sciences software. Imagine the labor, time, and cost involved, especially when you are managing multiple software systems! Then, let’s ask ourselves if this collateral is useful: Will anyone ever go back and use these documents again? How truly useful are all those screenshots to inspectors, and do they truly provide objective evidence that they need?
By answering these key questions about the computer system validation process, companies can review their procedures, start applying critical thinking, and start identifying opportunities for change, matching their practices with the latest FDA guidance on computer software assurance to enhance compliance and operational efficiency.
Several aspects of traditional CSV create drag on your operation, as it:
- Does not set the level of testing based on risk
- Takes a reactive, “audit proofing” approach, as opposed to a proactive, risk-based approach
- Generates large, burdensome quantities of paper documents
- Is often encumbered by test script errors and large numbers of screenshots
- Involves performing unnecessary activities in an effort to comply with regulations, but may not appropriately test the system or its state of control (a.k.a., its “validated state”)
Alternately, the recent FDA guidance on computer software assurance encourages a risk-based approach to establishing confidence that software being used for regulated purposes in the life sciences is GxP compliant, is fit for its intended use and is operating in a state of control while scaling efforts, testing, and record-keeping “right-sized” to the risk. When implemented, CSA flips the team’s focus to 80% on up-front critical thinking, with only 20% going into documentation and testing.
Imagine the positive impact of risk-based CSA on staff time and cost savings.
Examples of CSA critical thinking include
- Identifying appropriate team members and involving QA early in software projects, so that direct or indirect impacts on patient safety, product quality, and data integrity are clearly understood and accounted for. This approach, a departure from traditional testing, incorporates the CSA methodology, ensuring a comprehensive understanding and management of risks.
- Determining whether electronic signatures will be used (Part 11 assessment)
- Researching and planning to fully understand the intended use of the system
- Using ICH Q9 (R1) to proactively identify, assess, and prioritize risks early in the project; document these risks; and then perform periodic reviews of risks and risk activities during and after the project to ensure that risks were effectively mitigated
- Assessing and qualifying vendors early in the process (by audit or other methods) and leveraging validation work of qualified vendors
- Understanding the potential impacts of system failure on patient safety and product quality, plus defining the testing approach based on system, design, and regulatory risks
- Right-sizing validation testing and associated deliverables, with rigor based on identified risk levels
Understanding 21 CFR Part 11
How can you streamline your computer system validation process and its potential for efficiency? In the US, there are two driving regulations around validation: 21 CFR Part 11 is intended to ensure that electronic signatures and records are as robust and reliable as their paper counterparts for compliance, and 21 CFR Part 820 is the quality systems regulation that includes regulation around working with vendors and their documentation. The goal is to make CSA an activity that allows for more comprehensive testing of a system to ensure its fitness for intended use while decreasing the overall documentation load – saving time, money, labor, and resources.
Sware clients are taking a giant leap forward and going paperless by leveraging the Res_Q Validation Automation Platform for a fast and efficient process that fulfills their responsibilities. As an example, we have seen users move from requiring a team of 30 people to perform manual, paper-based computer validation over weeks/months to an automation-assisted, paperless process with 1-2 staff members completing validation in just days.
So, what is Computer Software Assurance’s main benefit? Through the implementation of risk-based CSA, software quality assurance and validation tasks can be performed by a user in a fraction of the time required traditionally, providing a massive boost to process and resource efficiency while promoting GxP compliance.
Do some quick math. What might your potential cost savings be?
Applying GAMP 5
How can you leverage current industry guidance to support agility? Traditional CSV follows a lockstep, Waterfall approach that cannot keep pace with the Agile methodology adopted by the software industry to speed modern systems development and the release of periodic updates to customers. The International Society for Pharmaceutical Engineering (ISPE)’s recent release of the second edition of Good Automated Manufacturing Practice 5 (GAMP 5) has been updated to support Agile development practices, cloud systems, and the use of tools over documentation. This guidance favors a lean, risk-based approach to GxP software validation – assuring data integrity and suitability of computer software while supporting the speed of innovation. As part of this guidance, the ISPE acknowledges today’s increased involvement of service providers, evolving approaches to software development, and expanded use of software tools and automation. It also highlights the use of critical thinking by knowledgeable and experienced SMEs to define appropriate approaches.
Teams can follow an integrated strategy that combines computer software assurance FDA recommendations with GAMP 5 guidelines to lighten their validation load, using a risk-based approach, auditing/assessing their vendors, and leveraging a qualified software vendor’s documentation for FDA-compliant computer systems validation.
Automating the process in the cloud with a platform such as Res_Q lends further speed. A rule of thumb: For robust software vendors with strong internal quality management practices and a stable product that routinely passes audits and offers low risk, less testing is required; for new vendors or custom products, more testing and analysis are required.
Companies often ask how they can establish the basic sets of documents needed for risk assessment as they search for a single source of truth. Our Res_Q product is an SaaS, paperless validation automation platform with built-in risk and criticality workflows that employ an easy-to-follow, step-by-step format to help users identify, quantify, and assess risks upfront. Higher risks may mean more documentation; lower risks may mean less documentation.
The impact? Modern CSA aligns with GAMP 5 to provide life sciences companies with updated thinking around risk-based, iterative, Agile-compatible approaches to assuring the quality of computerized systems. Further, using an automated validation automation platform such as Sware’s Res_Q takes validation paperless and provides a single source of truth for validation projects. It enables streamlined sharing of paperless validation deliverables and supports best practices around validation and risk management in the cloud to speed up the process for CSV using CSA principles and workflows. Validation becomes easier and happens much faster — with minimal staff time.
Realize bottom-line efficiencies by implementing automated CSA with GAMP 5 guidance in the cloud.
The Wrap-Up
Implementing CSA’s risk-based, critical-thinking approach is a paradigm shift for the life sciences industry: While the need to validate remains, the general approach has shifted to a leaner, risk-based, common-sense approach that involves a whole lot less paper. Fortunately, lessons learned from the pandemic, including the support of remote work, clear the runway to turn from paper-based systems to greater adoption of automation. The natural evolution is to apply lean, risk-based, systems-based thinking to transition the industry out of CSV’s onerous, paper-strewn trenches to the modernized, paperless practices supported by CSA – providing the industry with a clear plan and path for a soft landing. As the quality system merges CSA principles and removes itself from a burdensome documentation approach, it adapts to the software development life cycle, ensuring that this forward-thinking approach benefits every phase, from design to deployment.
As a manager, you want to do what’s right for your business regarding quality and GxP compliance. You also need to provide what inspectors are looking for while supplying needed justification. And you want to operate with end-to-end consistency in your process. Now, with CSA, your team can work smarter, not harder, while saving time and reducing costs. The CSA forecast? Fair skies and good tailwinds for your next software upgrade.
Learn how Sware helps you manage risk and compliance with an easy-to-use, ever audit-ready validation solution.