Saving Time and Resources with CSA

Any computer system (or automated data processing system) used to automate any part of the quality or production system must be validated for its intended use with an established protocol, as required by the U.S. Food and Drug Administration's General Principles of Software Validation guidance.¹

In September 2022, the FDA issued a draft guidance titled Computer Software Assurance for Production and Quality System Software, intended to supersede Section 6, "Validation of Automated Process Equipment and Quality System Software," from the earlier guidance.

This post explores how transitioning from traditional computer system validation (CSV) to the computer software assurance (CSA) approach can save you time and resources.

What Do We Have Now?

Currently, any software used in manufacturing, operations, and quality systems activities under 21 CFR Part 820 must undergo CSV. The focus of this process is to document any validation activity and results.

The FDA's definition of validation provides a foundation for understanding the challenges:

"Validation" means establishing documented evidence that provides a high degree of assurance that a system will consistently produce a product meeting its predetermined specifications and quality characteristics."

From this definition, we can draw the following conclusions:

• System functionalities must be fully and thoroughly specified (the predetermined specifications and quality attributes).
• Testing must verify the quality acceptance criteria (the assurance that a system will ... produce).
• Testing must be thorough and rigorous (a high degree of assurance).
• Validation must be maintained throughout the system's lifecycle (consistently produce).

By creating detailed documentation, auditors gain a comprehensive overview of each aspect of the software used in the manufacturing process. This ensures fitness for its intended use.

A Problem of Scale

The FDA requires the testing and documentation of computer systems and automated equipment used in design, laboratory testing and analysis, product inspection and acceptance, production and process control, environmental controls, packaging, labeling, traceability, document control, complaint management, and many other aspects of the quality system.

These systems include:

• Programmable logic controllers
• Digital function controllers
• Statistical process control
• Supervisory control and data acquisition
• Robotics
• Human-machine interfaces
• Input/output devices
• Computer operating systems

As you can imagine, CSV teams invest significant time and effort in creating protocols and documenting processes and activities.

Over time, the focus has shifted from ensuring the system’s quality to ensuring manufacturers can generate and provide evidence for auditors. This generates a vast amount of evidence—stemming from extensive testing.

The most concerning issue is that even with comprehensive testing, the system is not guaranteed to be suitable for its intended purpose.

This approach presents a significant obstacle to Pharma 4.0 and the expanded use of automation for testing and document generation. To summarize the problem, everything must be validated, and everything validated must be extensively documented.

How can we transform CSV from a time- and resource-expensive activity into a competitive advantage?

Transition from CSV to CSA

The FDA recognized the challenges associated with traditional CSV and issued the CSA draft guidance. While the traditional CSV approach focuses on testing and verifying every aspect of software throughout its lifecycle, the “software assurance” method aims to prevent defects from being introduced during the software development process.

This is the key difference: instead of exhaustively testing the software, manufacturers should adopt a risk-based approach to establish and maintain confidence that the software is fit for its intended use.

Because the goal is to optimize overall system performance, only components essential to the product's and the patient’s safety should be validated and subjected to scripted tests. Identifying critical components involves a risk assessment, ensuring CSV-level validation and testing are reserved for higher-risk components. This approach enables more efficient use of your team’s time and resources—driven by critical thinking. For these reasons, transitioning to CSA should be a top priority.

Ready to Make the Transition?

ValGenesis is ready to support your transition by applying critical thinking and testing only what is necessary through a least-burdensome, risk-based approach to validation. Our CSA-ready solution enables risk assessment at the requirement level, minimizing the over-testing often associated with CSV.

To learn more about transitioning from CSV to CSA, read ValGenesis' Guide to Computer Software Assurance (CSA) or watch the video below.