COMPUTER SYSTEM VALIDATION (CSV)

TO
COMPUTER SYSTEM ASSURANCE (CSA)
A MUCH NEEDED PARADIGM SHIFT

Raktim Dey
Manager-Validations
Granules India Limited
LETS FAMILIARIZE WITH THE TERMINOLOGIES

Computer System Validation:

 Computer System Validation is a structured and in detailed approach to validate a
computerized system which performs critical functionalities. A computer system validation
is a must to render a software valid and accepted by regulatory authorities as a replacement
of the manual procedure.
Computer System Assurance:
 Computer System Assurance is somewhat similar to computer system validation in term of
the output i.e. validating a Software. The major difference is the approach. Computer
system is more detailed and contains stuffs that are not even related to the functionalities of
a software, on the other hand Computer system assurance focuses mainly on validating the
functionalities of the software.
COMPUTER SYSTEM ASSURANCE- A PARADIGM SHIFT

 The conventional approach of Computer system validation has gradually become a bottle
neck over the course of years to actually consider a Software validated. The reason being
the CSV requires huge volume of documents and Tests , most of which are not even related
to the actual functionalities of the software.
 The conventional CSV approach is more of a flamboyant approach where the primary
activity centered around gathering evidence for auditors rather than the assurance of the
quality of systems being validated.
 Conventional CSV approach incur a heavy cost on validation activity for a company,
doing extra work that are not even critical and need no extensive validation studies.
 The CSV approach creates barriers to pursuing automation due to time, cost, use of
automated testing tools, and the need for extensive documentation. Additionally, the
risk assessment process has evolved into a very complex process which is time consuming
and burdensome and focus on gathering evidence for auditors.
 Also, more test cases and test scripts the more possibilities of error by the testers.
COMPUTER SYSTEM ASSURANCE- A PARADIGM SHIFT (CONTD.)

 As the CSV approach became a Bottle neck for Industry validating a Computerized system
and the focus was shifting from producing a Quality product to a huge set of documentation
just for evidence to auditors, Computer System Assurance (CSA) came into existence.
 CSA came as a paradigm shift from generating huge data, documents, confusion to a
more logical, to the point and delivering a quality product, approach.
 CSA focuses on critical thinking and to the point analysis and abbreviated evaluation in
order to ensure the focus is in the right place i.e. delivering Quality Product. Leveraging
targeted testing to achieve results. Documentation remains important, however, the larger
focus is on testing and on those areas that are critical to patient safety and product quality.
COMPUTER SYSTEM ASSURANCE- A PARADIGM SHIFT (CONTD.)

 By using CSA concepts, companies can execute more testing with less documentation
based on risk associated with requirement.

Conventional CSV Approach New CSA Approach

APPROACH TO COMPUTER SYSTEM ASSURANCE (CSA):

 CSA is based on a “Risk Based Approach”- Do what is necessary , when necessary through
a Risk assessment. The following are the CSA approaches but not limited:
 Leverage Vendor Documentation- Functionalities that are not critical ( related to Patient
safety/ Business Continuity / Financial Loss) can be leveraged from execution during
validation of the Software, if the vendor demonstrate a strong QMS and technical upkeep.
 Scripted Testing : Basis to a Risk rating , the critical steps can be validated through well
defined test scripts with additional challenges to prove the robustness of a critical step (can
be done by executing negative testing along with positive testing)
 Unscripted Testing: Basis to a Risk rating , the non-critical steps can be verified through
non scripted testing only. Just execute the particular steps and check whether that step is as
per the desired acceptance criteria.
COMPUTER SYSTEM ASSURANCE (CSA) - RISK ASSESSMENT
APPROACH

 A Risk Assessment Approach in CSA can be defined in sequential steps:

 Step-1 : Determine potential causes that might impact on product quality and patient safety from
functionality failure for each user requirement point. This can be done by a group of SMEs involved in
the project & should have representation from relevant Cross Functional Teams.
 Step-2: Define the Risk Rating , rating can be given in-hose, depending upon the criticality
 Step-3: Follow the recommended test activities
Impact on Product/ Risk Severity of the impact Test activities
Patient Rating
HIGH 5 • Severe impact on product quality/efficacy • Validation required through
• Hazardous impact on patient including fatality. scripted testing
Medium 3 • Moderate impact on product quality/efficacy • Validation required through
• Moderate impact on patient that is not fatal. Unscripted testing
Low 1 • Low or no impact on product quality/efficacy • Vendor document can be
• Low or no impact on patient leveraged/ Ad-hoc Testing
WHY TO IMBIBE ‘CSA’ INTO THE SYSTEM?

 90% or higher reduction in test script and test errors

 Validation time was cut 50% or more, with faster implementation
 Lower project cost as less inventory would used.
 High quality and productivity
 More time for critical thinking versus generating documentation
 A reduction in cycle times (test creation, review and approval), as test cases would be more
specific.
 Less generated documents.
 The release of the CSA guidelines will support companies who have taken the path to
automation.
REFERENCES

 WHITE PAPER: Transitioning from Computer Systems Validation to Computer

Systems Assurance Factors Life Science organizations need to Consider @ Astrix
 COMPUTER SYSTEM ASSURANCE (CSA) ISPE Special Interest Group [SIG]
July-2021 Whitepaper for Industry implementation -ISPE Special Interest Group
[SIG] July-2021
 Other available resources from public domain.
THANK YOU !