Computer Software Assurance
CSA intends to provide recommendations to life sciences companies on computer software assurance for computer systems and automated data processing systems that are part of medical device production or the quality system.
The FDA’s new approach to CSV, Computer Software Assurance (CSA), represents a step-change in computer system validation, placing critical thinking at the center of the CSV process, as opposed to a traditional almost one size fits all approach.




What does Computer Software Assurance (CSA) Mean in Pharma Industry?
Computerized System Validation (CSV) is an activity carried out by Pharmaceutical and Medical Device organisations to ensure that IT infrastructure and applications that impact product quality are operating in a controlled state. Organisations must demonstrate an appropriate level of control of their Computer Systems to regulators such as the US FDA, TGA and EMA.
Solution providers are typically too far from the regulated user's operating environment and regulated users are not able to clearly define requirements or expectations regarding CSV. In addition, rapidly evolving technology disrupts and challenges the conservative approach to CSV. To simplify the intent of CSV, the US FDA has drafted new guidance on Computer Software Assurance (CSA).
Computer Software Assurance (CSA) is a risk based approach, which allows manufacturers to concentrate on areas such as product quality, patient safety, and speed to market. Traditionally, the FDA’s CSV has prioritized documentation, followed by testing activities, assurance needs, and critical thinking. However, the new CSA model will focus on critical thinking first, followed by assurance needs, testing activities and finally, documentation.
CSA aims to reduce unnecessary documentation whilst still assuring that the software is fit for purpose and that any risks are mitigated. This new approach will focus on:
• Critical thinking: Risk definition for each software feature
• Assurance: Demonstrate if the feature and functionality is working as desired
• Testing activities: Leverage and define the different test methods like scripted and unscripted testing.

Why the need for CSA arose?
Learn Computer software assurance and computerized system validation from one of the best institutes in India
During a 2011 review of medical device quality data, the FDA’s Center for Devices and Radiological Health (CDRH) noticed a variety of widespread manufacturing risks that were impacting product quality. A few of these risks included:
• An industry focus on regulatory compliance as opposed to adopting best quality practices
• Lack of adoption of automation and digital technologies, with manufacturers choosing instead to continue running long-outdated versions of software
• Virtually no competitive market around medical device quality
After obtaining feedback from both FDA and industry stakeholders, the CDRH launched their Case for Quality. The initiative’s intention was to identify best manufacturing practices and help medical device manufacturers raise their manufacturing quality level by shifting their focus from being compliance oriented to what really mattered – improving product quality. Through effective collaboration with companies and stakeholders, the Case for Quality established manufacturing standards for the medical device industry, providing the industry with clear objectives to strive for.
One of the key findings of the FDA’s Case for Quality initiative was that the burden of Computer Systems Validation (CSV) was deterring technology investments and as a result, inhibiting quality best practice. The FDA’s regulation 21 CFR Part 11 in 1997 and the related guidance of 2003 created the clear foundation for implementation of Computer System Validation (CSV) processes. Adhering to FDA CSV guidance can be a challenge for life science organizations, however. CSV guidelines prioritize documentation, primarily to appease auditors, which can be both time-consuming and costly. This emphasis on documentation impedes the application of critical thinking during the validation process, along with opportunities to improve automation via system modernization.
To address these issues, the CDRH, in collaboration with the Center for Biologics Evaluation and Research (CBER) and the Center for Drug Evaluation and Research (CDER), planned to release a new guidance document in 2021 entitled Computer Software Assurance for Manufacturing and Quality System Software. This guidance will create opportunities for streamlining documentation by shifting the focus of CSV processes towards critical thinking, risk management, patient and product safety, data integrity, and quality assurance.




Similarities and difference between CSA and CSV
The similarity between CSV and CSA is that both require some tests to be performed and objective evidence to be generated. However, the most crucial difference between the CSV and CSA is that CSV is an objective, evidence-based approach without risk assessment. Therefore, the CSV process results in more tests and test evidence. As a result, the CSV process generates larger volumes of data in the form of reports. This makes CSV a more burdensome approach compared to CSA, as in the case of CSA, the number of tests to be performed depends on the potential impact of the failure mode of the specific feature on the process or medical device.
The number of steps in the CSV and CSA process differs as follows
CSV CSA
Planning Identifying the intended use
Defining DS, FS, and URS Determining risk-based approach
Testing includes:
• Verifying IQ against DS
• Verifying FS against PQ
• Verifying URS against OQ Determining appropriate assurance activities
Reporting all test-based evidences Establishing appropriate records

Another difference between CSV and CSA is that the CSV is a validation process itself, whereas CSA always remains in the validated state.
In a nutshell, CSA is a more critical thinking-driven and efficient approach compared with the CSV approach. However, the choice of CSV vs. CSA may also depend on your objective. For example, as a computerized system vendor, you may prefer to rely on the extensive testing and evidence to leave no stone unturned. But if you are a user, it might make sense to prioritize testing of the failure modes for high-risk features or systems.
Become a certified professional in Computerized system validation and Computer software Assurance