SHIFTING THE VALIDATION PARADIGM: From Computer Software Validation to Computer Software Assurance.

In 2011 the FDA launched their “Case for Quality”.  The FDA were asking why many companies were still using outdated versions of software and not updating to newer versions?  Why were companies not investing in automated solutions?  The FDA want people to use automated testing, automated test tools (automated tools when used correctly are more reliable than humans).  The FDA’s investigation set out to investigate the best practises in quality in the area of medical device manufacturing.  One of their findings found that the burden of computer software validation (CSV) was stopping investments in the technology which in turn was impacting quality best practice.  Anecdotal evidence suggests that 40% of a software project cost is the validation.  It is estimated that validation teams are spending 80% (40% preparing documents for testing, 40% documenting testing) and only 20% of their testing time actually testing.  Can validation be streamlined to provide answers on risk rather than documenting what the tester is doing?

The FDA have developed a new approach to validating software titled Computer Software Assurance (CSA).  CSA comes from a multi-year collaboration between the FDA and industry.  The FDA’s current thinking puts patient safety and product quality at the heart of the risk assessment process. 

CSA is a risk-based approach to validation that is more efficient as the validation cycle is shorter and thus less expensive to execute.  Some Examples of software applications validated using CSA include ERP, custom MES, PLM, and QMS systems.  If the software vendor is already validating the software, why do inhouse validation teams do it all again?  CSA can be used to optimise testing efforts by focusing on the quality of the system by leveraging the vendors test documentation for COTS (Commercial off-the-shelf) system(s).  CSA aims to focus on the intended use, with a focus on the testing, and not the scripting of tests.

Table 1: The migration from Computer Software Validation to Computer Software Assurance

Figure 1: Activities involved in the CSA process

The FDAs approach to CSA is to focus less on documentation and more on testing.  Focusing on the systems intended use determines the level of risk-based testing.  The FDA suggests the CSA use a streamlined risk assessment which focuses on three variables:

  1. Does the software impact patient safety?
  2. Does this software impact product quality?
  3. How does this software impact your quality system integrity?

Instead of scripted testing scenarios that focus on documenting the steps and less on testing the system, CSA guides companies to use a more sensitive approach with unscripted testing. The testing is still documented, but now free test objectives can be defined without detailed test steps.  The tester is free to select any possible methodology to test the software. As per the typical definition of unscripted testing, software developers / Testers use their skills and abilities to test the software developed by themselves.  By focusing the testing on high-risk areas, reduces validation cost and time by focusing on the software’s impact to patient safety. 

The future of Computer Software Assurance will be a paradigm shift away from being a document focused computer system validation activity to critical thinking, risk-based assurance function.

Contact Us

Our team of experienced Validation Engineers can help you to enable greater efficiencies, improved quality and compliance within your industry. If you would like to discuss how we can use our experience and expertise to deliver real benefits to your business, please Contact Us today or call us on 051 878555. To read more about Computer Software Assurance check out a previous blog on the topic here

To stay up to date with Dataworks Limited news and events, connect with us via the links below:

DATAWORKS – Driving Digital Transformation in the worlds’ Leading Life Science Companies