Switzerland: Computer Software Assurance

In a GMP environment, patient safety, data integrity and product quality are of utmost importance. Computerised operations are under highest regulatory scrutiny: both FDA and EU GMP guidelines stipulate the need to validate processes, systems and software which replaces manual operations

Since the introduction of the CSV Guideline in 2011, the regulatory bodies require validation of computerised systems (CSV) to assure patient safety and product quality, and they require full documentation, audit trails and scripted testing as proof.

It is expected that in 2021 a new FDA guidance will be released on this subject, concerning Computer Software Assurance (CSA), where the focus is more on the electronic systems and the software used. This new FDA guidance aims to minimize misinterpretation of regulations, to clarify existing approaches, to increase the possibility of technology innovation and to introduce a risk-based approach to software testing & computer systems.

CSA

Computer Software Assurance is a risk-based approach to computer systems and the software used, that is product quality-focused and patient-centric. CSA follows a critical thinking approach, still focusing on patient safety, product quality, and data integrity, but with more concise, risk-based testing and less documentation.

However, Computer System Assurance is not a replacement for, nor a contradiction of, current Computer System Validation approaches as defined in GAMP 5. Rather, CSA is a reinforcement, or restatement, of the GAMP 5 key principles of product and process understanding, quality risk management, and leveraging supplier activities. CSA combines risk-based testing with risk-based documentation

1 CSA and CSV - What are the differences?

CSV focusses on computerised systems and includes the processes around the system.

Current CSV regulations resulted in a focus on documentation and less on critical process thinking. The majority of the efforts were spent on validation, testing, documentation and reconfirming previous testing and CSV efforts, also from suppliers. The approach was often to test and document all, to satisfy inspectors and auditors, instead of focusing on the high-risk processes.

CSA lays the focus more on the software and the computer system. In CSA, critical process thinking is key and reduced documentation is possible: much of the effort is spent on risk evaluation and prioritised testing (sometimes even automated). Furthermore, the utilization of previous work (e.g., by the software provider) is possible. This can strongly reduce the workload, shorten the process time, and assure focus on high-risk areas of the system. The total effort on validation and the output of documentation can be reduced.

Computer System Validation versus Computer System Assurance

Click here to continue reading . . .

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.