COMPUTER SOFTWARE ASSURANCE (CSA) IN ACTION

CSA

A Risk Based Approach

Preparing and testing documentation on average takes 80% of the time dedicated to validation. The objective of CSA is to reduce the documentation significantly by separating testing by risk. A risk-based approach can define the required level of testing that a function requires.

 

Executing Validation Testing Utilising a CSA Method

An example process for executing validation testing utilising a CSA method would be as follows:

  1. A Risk Assessment is developed by the validation engineer, customer and/or developer. This is important as the testing is based on a risk-based approach.
  2. After completion of the Risk Assessment, the validation engineer in collaboration with the developer will decide which risk category the requirements will be logged against. This will determine the level of testing needed for each.
    • High Level Risks will be tested using traditional test scripts with step-by-step guidance although the evidence collected would be cut down by only taking evidence of the success or the failure of the test. A validation engineer can spend a significant amount of time taking screenshots of the full process of how they reach the result that matters and covers the risk. If the validation engineer only has to concentrate on the test result rather than the step-by-step evidence collecting, it would cut down on documentation and errors through missing pieces of unrequired evidence.
    • Medium Level Risks may utilise test scripts and/or unscripted test scripts for validation. This will be determined by the validation engineer and developer when completing the risk assessment.
    • Low Level Risks will be tested with unscripted test scripts. The unscripted test will not contain a step-by-step script but a general statement of the function and whether it passes or not. This cuts down on document error discrepancies and delays which can have a huge effect on the time taken to finish testing.

The Testing can be Comprised of the Following:

  • scripted testing
  • unscripted testing
  • ad hoc testing

Scripted Testing

Is the traditional detailed test script with at least step by step instructions, objectives, expected results and pass/fail required fields. It is essential for any requirements that impact patient safety or product quality are tested to the same standards as traditional CSV.

Unscripted Testing

This testing will be used on risks/functions that do not directly impact product safety, patient safety or data integrity but does impact the quality system. It will not have a step by step but will have a test objective and pass/fail required field.

Ad hoc Testing

Is available to be utilised for all risk levels and evidence should be collected for this level of testing in the same method and criteria as other types of testing. Ad hoc testing can be used for scenarios which have not been considered when writing the tests initially. If a validation engineer decides that factors have not been considered or tested for then they can write a short description of what is being tested and attach any relevant evidence.

 

Testing Evidence

Evidence must be collected however, the evidence is only required to record the success or failure of the function, not the steps that do not directly impact patient safety and/or data integrity. Evidence must be taken for all failures no matter the risk level. GAMP5 states “Supporting documentation such as printouts, screenshots, notes, pictures, etc., may be helpful to support test results depending on the nature of the test, and the GxP impact, complexity, and novelty of the area tested. Unnecessary supporting documentation that does not add value to the normal test results should be avoided”.

Contact Us

Our team of experienced Validation Engineers can help you to enable greater efficiencies, improved quality and compliance within your industry. If you would like to discuss how we can use our experience and expertise to deliver real benefits to your business, please Contact Us today or call us on 051 878555. To read more about Computer Software Assurance check out a previous blog on the topic here

To stay up to date with Dataworks Limited news and events, connect with us via the links below:

 

 

DATAWORKS – Driving Digital Transformation in the worlds’ Leading Life Science Companies
for over 25 Years