Transitioning to Computer Software Assurance from Computer Systems Validation

Life science companies need to verify that GxP computer and software systems accurately support their intended business processes. The traditional approach for meeting this requirement is computer system validation (CSV). CSV emerged decades ago when computer systems were less reliable, and software was often developed by staff programmers. As a result, CSV focuses on the qualification of IT infrastructure and detailed system functionality. Today, however, most solutions are cloud-based or commercial-off-the-shelf platforms that are built for purpose.

Using traditional CSV processes in today’s environment is incredibly inefficient. In most cases, vendor-supplied documentation sufficiently demonstrates evidence of the quality of the software and IT infrastructure. QA and IT now have an opportunity to align on a new, more efficient approach to validating solution platforms.

Developing a computer software assurance approach to CSV
Mike Ciaccio and Dave Fritsche are information technology consultants in the biopharmaceutical industry specializing in IT operations, commercial launch & IT program management. They have worked with a variety of life sciences companies in pharmaceuticals, biotechnology, and rare diseases.

Why Is This Important?

The FDA is preparing to issue guidance for life science companies to shift validation practices to a new computer software assurance (CSA) approach. CSA is a risk-based approach that emphasizes critical thinking to assure patient safety and product quality. By eliminating extensive documentation and detailed testing of all aspects of a software system, CSA has the potential to reduce the bottlenecks and burdens created by traditional CSV approaches.

Deploying new solutions into pharmaceutical and biotech IT ecosystems places a tremendous strain on IT, QA, and business stakeholders to qualify and validate GxP solutions. Typically, smaller and mid-size firms assign the same resources to multiple implementation projects as they scale up operations and prepare for product launch. A CSA program will guide the implementation team to identify and focus attention on business processes through the lens of patient safety, product quality, and data integrity. CSA aims to support the success of critical processes while de-emphasizing the testing of lower risk activities.

This transition will be a welcome change within the industry. It will allow software validation teams to efficiently verify what matters — how business processes will use the system to develop safe and effective therapies — instead of retesting features and functions already verified by a vendor’s testing team.

Additional Benefits of a Computer Software Assurance Approach

In our experience, CSA enables smaller IT and QA departments to shift to a more compact and meaningful set of tests that provide regulators a view of how critical business processes rely on the software.

Additionally, now that many of the systems deployed by life science companies are multitenant and cloud-based, the software vendor’s schedule drives the introduction of new features and functions. These releases may include fixes and functional enhancements, and typically happen multiple times during the year. A CSA approach helps the team efficiently review these new releases to determine how best to introduce any new features or functions, and perform necessary testing to ensure there is no deleterious impact from any update.

More Focused & Efficient Testing

Recently, we helped a client adopt the CSA approach for software validation over the traditional CSV approach that had been in place since the company’s inception. Instead of allocating time and resources to developing traditional IQ, OQ, and PQ testing of basic system features, such as the ability to login and menu placement, the team examined their business processes and the software configuration aspects necessary to support those processes. Efforts then focused on testing the business processes related to patient safety, product quality, and data integrity within the context of the software configuration.

The validation team, comprised of IT, QA, and business stakeholders, found this to be a much more efficient approach to software qualification. They designed and executed a smaller set of risk-prioritized use cases, resulting in a quicker path to system validation. The complete validation package included vendor-provided materials to document the more traditional validation requirements such as the quality of software features and IT infrastructure.

Key Takeaways

  • The adoption of a CSA framework enables QA and IT departments to commission systems more efficiently and to better serve the needs of patients by focusing on what matters – patient safety, product quality, and risk control – through execution of use cases that demonstrate the systems’ support of the business process.
  • Biotech companies, regardless of size, should take steps to align their validation practices to the upcoming FDA guidance of CSA when qualifying new computer systems.
  • QA and IT groups should start now by learning the differences between the CSA and CSV approaches to software validation and understanding the impact on current practices as they align on implementation of the new methodology.