What’s Going On With FDA and Computer Software Assurance (CSA)?
April 1st, 2022 // 8:10 pm @ jmpickett
Computer software assurance – CSA – is the new FDA guideline for validating computer systems – CSV. Many in the pharmaceutical and regulatory industries hail CSA as a game changer.
The idea of less expensive computer and software validation sounds wonderful, but many drug firms are unsure how to interpret the new guidelines and put them into practice. It’s important to remember that CSV guidelines have been mostly unchanged since the early 2000s and the industry still awaits FDA CSA guidance.
If you are concerned about CSA, it will be ok – the standard isn’t much different from the computer systems validation you have been doing for years. If you do CSV as you should, you probably already are following the new CSA standard.
FDA came out with computer system validation standards 25 years ago with 21 CFR Part 11. Then, they refined it more in 2002 with their General Principles of Software Validation guidance document. While there were good intentions with this document, many pharma companies had difficulty with computer software validation. The standard methodology stresses being able to produce accurate documentation during an FDA inspection. It also stresses testing, assurance, and critical thinking.
But CSA looks at the matter through a different lens – stressing critical thinking first, then assurance requirements, testing, and documentation – in this order.
This seems like a big shift by the agency, but FDA has been pushing a risk-based approach to computer and software validation for 20 years. Remember, CSA will not supplant CSV; the idea is to make it better.
CSA’s goal is to encourage industry to think about the issue critically and leverage technology that we didn’t have in 2022 -think cloud computing, mobile applications, and validation management programs and software.
Are you currently applying CSA? You may be and not know it!
For example, you are already thinking critically as your company assesses risk. Critical thinking based on risk is what CSA is all about. Not understanding how to understand risk is what causes many computer system validation 483 observations.
When we do validation, we need to adhere to FDA regulatory standards and have a solid quality system and SOPs. Critical thinking allows us to analyze the situation carefully and validate the most critical items and focus later on the less critical ones.
Moden technology with AI and critical thinking ability lets you do highly accurate assessments of risk with decision tree logic.
Next, you already are doing testing and documentation. But documenting every part of your testing process exhaustively to be certain is the typical method to computer system validation. Overtesting without looking at risk can overuse vital resources and this can lead to a compromise of patient safety.
With CSA, you can take risk-based, less burdensome approach to computer system validation.
It’s clear that most of us in the pharma industry don’t need to be in fear of CSA or delay adopting it until the FDA guidance is released. CSA ideas and concepts are already within reach under current FDA regs. Firms that have already gone digital with their CSV processes are already doing CSA. Or, they are in a good position to fully implement CSA in the near future.