Do you know? One can save up to a million in the coming three (03) years by introducing Computer Software Assurance (CSA) in place of the existing Computer system validation (CSV) model!

Over the years, pharmaceutical organizations have incorporated CSV, a risk-based validation approach to ensure computer operating systems are at par with Regulatory requirements.

As the industry is now getting ready for the next transformation (next to a risk-based approach), that is CSA, USFDA is planning to release new guidance on CSA in 2022 to help organizations understand product quality and Regulatory compliance. The guidance is expected to give a clear understanding of how, where, and what measures need to be undertaken to conduct a successful Software Risk Assessment.

Let’s now broadly discuss the comparison between CSV and CSA from a process, people, and technology perspective; and how a successful implementation of CSA can provide tangible benefits to an organization.

Process

Computer system validation (CSV) is a compliance-centric documented approach that acts as evidence ensuring the system is fit for the intended purpose.

An organization invests 80% of its effort into the documentation of the validation process and 20% in testing. Any discrepancies in the CSV testing in association with the expected results need documentation and corrective action plan implementation.

Computer Software Assurance (CSA) is a quality-centric approach that emphasizes the impact software system has on patients’ safety, product quality, and data integrity.

The main objective is to focus on validating and documenting safety-risk activities based on software complexity. Such an approach encourages the usage of digitization and automation, thereby improving product quality. The reduction in the documentation process helps organizations react to critical software issues and comply with the health authority guidance. CSA leverages the vendor quality systems for unscripted testing for validating low-risk systems allowing organizations to invest their 80% efforts into testing and 20% effort into documentation.

Hence, processes should be tweaked (amended) to reflect the CSA approach at different stages of SDLC, which can be achieved by:

• Quality by Design (QbD) - Prioritizing patient safety and product quality ensure the primary goal of the software system installed is to fulfil the user requirements to optimize product quality.
• Risk-based validation strategy requires vigilant testing and documentation for systems prone to failures/defects for direct risk cases and less for indirect or no risk cases.
• Re-thinking on document versus testing ratio enables the sponsors to redefine their validation process by asking them to spend 80% effort on testing and 20% effort on documentation.
• Providing tangible benefits by relaxing the documentation pressure.

People

The differentiating factor between CSV and CSA is in the hierarchy of strategy. CSV observes documentation followed by testing and critical thinking, while on the contrary, CSA observes critical thinking as the first step followed by testing and documentation. CSV demonstrates documented evidence providing efficiency and effectiveness that a computerized system conducts activities according to pre-agreed specifications and quality attributes. On the other hand, CSA recommends the sponsor’s trace process improvements to mitigate risk and possible errors.

At the leadership level, widen the scope of critical thinking by having multiple ways to deal with uncertain situations as there’s no “one” right way of getting anything accomplished. Critical thinking will open doors for innovation to develop reliable products.

At the practicing and application level, train people and prepare them to transform and adapt to CSA via effective collaboration and effective training programs.

Technology Perspective

Comprehensive guidance on CSV is already in place as per Regulatory authorities like USFDA, EMA, MHRA, and many more. So, do we need CSA? The answer is yes. CSA will put the objective of validation into perspective and will clear the disparity between sponsors and Health authorities. There are adequate regulations and industry guidance arrangements that pharmaceutical organizations need to understand to get business benefits by simplifying the approach of the validation process. Transitioning from traditional CSV to CSA shifts the organization’s priority from fulfilling the regulatory compliance needs to product quality and safety. Such a shift maximizes the effect of the validation process by reducing the extensive documentation burden, project timeline, and costs on life science companies.

At the strategic as well as operational levels, this can be achieved by encouraging digitization and automation, mitigating all the possible risks and human errors.

Conclusion

As the US FDA’s guidance on CSA is yet to be published, pharmaceutical organizations should proactively start thinking and chalking out protocols for transitioning from CSV to CSA. The organizations must:

• Re-evaluate and identify systems having a direct and indirect impact on patient safety, product quality, and data integrity.
• Allocate resources capable of ensuring a smooth shift in the validation process.
• Conduct gap analysis assessment against the existing system to identify any discrepancy.

Assessment of the validation approach tells what an organization can do to effect change when they encounter any system issue. Proper execution of the CSV process requires an in-depth understanding of the system and insights on the ways to utilize it.

The need of the hour for organizations is to partner with CSV experts in moderating simple to complex projects and who can aid in a smooth transition from CSV to CSA. A quality review framework minimizes re-work in the product and vendor validation process to ensure total compliance and validation at any stage during deployment, maintenance, and decommissioning at an extremely competitive price. Reach out to Freyr for compliance.