In 2011 the FDA launched their “Case for Quality”.  The FDA carried out an in-depth review on why many companies were still using outdated software?  It begged the question “Why were companies not investing in automated solutions”?  The FDA encourages medical device manufacturers to make the move towards automated testing and automated test tools (automated tools when used correctly reduce the risk of human error).

The FDA set out to investigate the best practises in quality in the area of medical device manufacturing.  One of the findings they uncovered was that the burden of computer software validation (CSV) was a barrier to investments in the technology sector which in turn was impacting quality best practice.

Anecdotal evidence suggests that:

  • 40% of a software project cost is the validation.
  • It is estimated that validation teams are spending 80% of their time on documentation (40% preparing documents for testing, 40% documenting testing)
  • Only 20% of their testing time is actually testing.


The question is, can validation be streamlined to provide answers on risk rather than documenting what the tester is doing?

The FDA have developed a new approach to validating software titled  Computer Software Assurance (CSA). CSA comes from a multi-year collaboration between the FDA and industry.  The FDA’s current thinking puts patient safety and product quality at the heart of the risk assessment process.

CSA is a risk-based approach to validation that is more efficient as the validation cycle is shorter and thus less expensive to execute.  CSA is utilised to validate non-product software applications in manufacturing environments. Examples in the literature of non-production software applications validated using CSA include:

  • ERP
  • Custom MES
  • PLM
  • QMS Systems

If the software vendor is already validating the software, why do in-house validation teams do it all again?  CSA can be used to optimise testing efforts by focusing on the quality of the system by leveraging the vendors test documentation for COTS (Commercial off-the-shelf) system(s).  CSA aims to focus on the intended use, with a focus on the testing, and not the scripting of tests.

Table 1: The migration from Computer Software Validation to Computer Software Assurance

Figure 1: Activities involved in the CSA process.

The FDA’s approach to CSA is to focus less on documentation and more on testing.  Focusing on the systems intended use determines the level of risk-based testing.  The FDA suggests that CSA use a streamlined risk assessment which focuses on three variables:

  1. Does the software impact patient safety?
  2. Does this software impact product quality?
  3. How does this software impact your quality system integrity?


Instead of scripted testing scenarios that focus on documenting the steps and less on testing the system, CSA guides companies to use a more sensitive approach with unscripted testing. The testing is still documented, but now free test objectives can be defined without detailed test steps.  The tester is free to select any possible methodology to test the software. As per the typical definition of unscripted testing, software developers/Testers use their skills and abilities to test the software developed by themselves.  By focusing the testing on high-risk areas, this reduces validation cost and time by focusing on the software’s impact on patient safety.  The lack of detail is seen as the primary reason in the drop of tester and test script errors.

The future of Computer Software Assurance will be a paradigm shift away from being a document focused computer system validation activity to critical thinking and a risk based assurance function.

Contact Us

Our team of experienced Validation Engineers can help you to enable greater efficiencies, improved quality and compliance within your industry. If you would like to discuss how we can use our experience and expertise to deliver real benefits to your business, please Contact Us today or call us on 051 878555.

To stay up to date with Dataworks Limited news and events, connect with us via the links below :