In 2011, the FDA launched its Case for Quality initiative. At that point in time, only a limited number of companies were actively investing in the use of automated solutions. Businesses just used outdated software versions. The initiative was meant to study the best quality practices with medical device manufacturing. The result was that CSV (computer systems validation) was a burden that deterred making technology investments. Quality best practices were inhibited.
After the FDA learned the fact that CSV was a burden and it was the reason why companies did not invest in technology, it decided to create partnerships with the goal of balancing value-adding CSV and promoting automation. The FDA tried to improve quality by removing the activities that do not have value and focusing on the high-risk areas. This instantly reduced validation costs and even the time needed by companies by focusing on quality system integrity.
Oftentimes, testers spend a lot of time making sure that protocols are error-free. This is opposed to wasting time on solutions that are automated and that verify how software meets intended use.
Computer Software Assurance is practically the new approach of the FDA to CSV. It is a practical step-change in what we see as computer system validation. Critical thinking is put right in the middle of CSV. This opposes the traditional general approach.
The FDA keeps modifying and upgrading the regulatory approach it uses. The focus is put on the use of direct impact systems as opposed to the indirect systems. With the change to CSA, manufacturers can focus on testing areas that will directly impact device quality and patient safety, like:
- Direct System Software–This requires testing based on the identified risks and deliverables that are expected. Current expectations are taken into account. For instance, when the application is riskier, there is a need to go through more testing and much more documentation is needed.
- Indirect System – This involves software that will not directly impact patient safety or the product. However, it does impact quality systems. You do not need the same exact rigor and less documentation.
Current CSV (Computer System Verification) Approach
Computer System Verification was morphed right into activities that are primarily done in order to secure evidence for the auditors instead of assuring system quality that is validated. As a result, right now, the current approach is:
- Deterrent to the pursuing of automation cost, time, and use of appropriate automated testing tools, together with documentation generation.
- Using regulatory burden as a way to be excused for the resisting progress. Other nonregulated and regulated industries moved forward. They adopted modern testing frameworks that are very important for the future.
- The software that is validated is assessed like product software.
- CSV is burdensome and leads to a necessity to create really complex risk assessments.
- CSV focuses on the gathering of evidence so that auditors can use it.
- Vendor efforts duplication on client websites.
- 80 percent of the deviations coming from test script errors or the tester.
- Different post-go-live problems that could appear.
CSA is basically the future while CSV is the past.