Computer Software Assurance (CSA) is emerging as the future of validation in the life sciences, offering a risk-based approach that prioritizes testing and critical thinking over extensive documentation to improve patient safety, product quality, and efficiency.
By Gaurav Walia, V0 of CSV, CSA, DI and Digital Governance, Local Equity Partner and Head of PQE Group Chicago Office
The life sciences landscape is undergoing a digital transformation, and the pharmaceutical, medical
device, and healthcare industries have already begun embracing digital technology to improve quality,
boost efficiency, and, most importantly, improve data integrity, product quality and patient outcomes.
While the Computer System Validation (CSV) approach has been the go-to method for ensuring
compliance and software reliability in the life sciences industry for decades, the current life sciences
landscape in the digital era demands a more flexible, risk-based, and modern approach that puts system
performance, product quality and patient safety first over excessive documentation.
Because of this, Computer Software Assurance (CSA), a new risk-driven and critical-thinking-centered
approach first introduced by the FDA in September of 2022, has become the go-to method for ensuring
software quality while reducing unnecessary documentation and focusing on real patient safety risks via
augmented Risk Assessments and Critical Thinking. In this article, we will contrast the CSA approach with
the legacy CSV model most of you in the industry are familiar with and illustrate why life sciences
companies that want to gain a competitive advantage in today’s digitally driven healthcare environment
need Computer Software Assurance.
The Problem with Traditional CSV
Validation has traditionally been associated with extensive documentation, meaning the bigger your
stack of documentation was to present to the FDA, the better the outcome would be. This fixation on
documentation unfortunately resulted in many life sciences companies to focus their attention and
resources on generating voluminous documentation, instead of enhanced attention from improving
product quality, data integrity, and most importantly, patient safety. In reality, quality in the life sciences
is not something that can be measured by the volume of paperwork you produce, but rather by the
ability of your systems and processes to consistently perform as intended. Despite life sciences
companies investing resources in paperwork, the FDA still continued to find issues during inspections,
which raised a key question: ‘Was the system really tested thoroughly to make sure it is working as
intended?’ or was the documentation simply crafted with more focus on documentation?
What Is Computer Software Assurance?
The draft guidance “Computer Software Assurance for Production and Quality System
Software,” published by the FDA in September 2022, can best be understood as a response by the
federal agency to the challenges at hand by enforcing critical thinking and taking an approach relevant
to the times to streamline validation by guiding life sciences companies to focus testing efforts only on
what matters most. Instead of encouraging life sciences companies to test everything and produce large
volumes of documentation, the FDA CSA guidance is instead driving manufacturers to focus their
attention on critical areas like patient safety and product quality which shouldn’t be decoded as a push
to do less but rather what’s necessary. CSA is therefore, at its core, a risk-based approach to
determining if software is fit for its intended use by applying validation efforts that are proportional to
the potential risk. Taking this approach is not only resource-efficient for life sciences companies, it can
also help in improving potentially data integrity, product quality and patient safety by making sure the
software used in production, quality systems and other areas is better tested controlled and monitored
throughout its lifecycle, ensuring it is continuously validated throughout.
CSV vs CSA
While CSV and CSA are both approaches that are designed to ensure system reliability and adherence to
regulatory compliance, Computer Software Assurance (CSA) represents a paradigm shift in the life
sciences industry in the digital age we live in, with a focus on testing over documentation, risk-based
“assurance,” and leveraging prior assurance activities to avoid duplication and leverage the Report of
the Technology Vendor Audit.
Testing Over Documentation
Unlike CSV, which often resulted in prioritized documentation over testing as we have already discussed,
leading to situations where your teams spend more time on tasks like writing scripts instead of actually
verifying system functionality, CSA flips the script and does the complete opposite to instill higher
confidence in system performance through augmented risk-based assessments and corresponding level
of testing.
Risk-Based “Assurance”
As you might know by now from what we have briefly touched on earlier, CSA requires you to apply the
right amount of rigor based on the level of risk to patient safety and product quality instead of a
universal approach. This means the higher the risk, the more comprehensive testing and attention to a
function or component of the system being tested. This can also have a secondary effect of a more
strategic prioritization and allocation of resources logically in accordance with where they are needed
the most.
Leveraging Prior Assurance Activities (e.g. SaaS/Cloud Based Solutions)
CSA is all about promotes leveraging efficiency and one of the key areas is leveraging Vendor
Documentation. An example of where Computer Software Assurance encourages you to leverage prior
tests by vendors instead of conducting a new test which would lead to duplicated efforts and a waste of
resources and time by testing something that has already been tested is leveraging SaaS/Cloud Based
Solutions whereas documents such as the Installation Qualification (IQ) and Operational Qualification
(OQ) can be leveraged with a proper Technology Vendor Audit that show the vendor is in proper
compliance.
Why You Should Consider the CSA Approach
The life sciences industry is all about adaptation and innovation, and if you have been thinking of taking
the CSA approach or are not sure how to go about it, the time to do it is now before you risk falling
behind. The good thing about CSA is that it is not only designed to align with existing FDA regulations
like 21 CFR Part 820.70(i), it also aligns with the mission to promote innovation, efficiency, and patient-
centric thinking using modern digital tools while utilizing resources efficiently. This is especially
important for the life sciences industry, as it means your organization will also align with global best
practices such as ISPE’s GAMP® guidelines, which, like the FDA’s, advocate for risk-based, patient-
focused approaches to system validation. CSA is not something in the far future that we can ignore or a
trend that will fade away, it is the present, and companies that are embracing this approach now are
setting themselves up for success by positioning themselves as innovation-ready and quality-driven
businesses that put patients’ lives first efficiently and effectively while saving time and money with
better overall quality in mind.
