Newly published FDA guidance on Computer Software Assurance (CSA), together with the second edition of the GAMP 5 guide, have shifted the emphasis away from indiscriminate scripted testing and documentation, towards more critical thinking and a risk based testing strategy.
Making lighter work of system validation
For QA and IT departments, this is a weight lifted. Prior to the publication of the new draft guidance, these teams were expected to heavily document validation activities, and take screenshots of everything, as a record that IT systems were behaving as they should. Although never formally mandated, this unwritten expectation applied to any system and functionality, regardless of the criticality of functionality or the testing stage.
A risk-based approach: from ‘check & document everything’ to ‘test as needed’
From now on, where low risk is estimated for a functionality, either because of the purpose of the functionality, the use model, or other controls present in the process flow, companies are liberated from creating fully scripted test scripts. The saved time can be redeployed to enhance the testing of the most critical systems.
But CSA goes beyond the deployment of a particular methodology for testing strategy. It is more about a way of thinking about the management of computerised systems, moving further towards a risk-based approach in all aspects of system management.
What to do now
Now that the new recommendations have been set out, by the
FDA and within GAMP v5 Second edition, there are a series of steps companies
should take to align themselves optimally with the latest approach to CSA.
These are set out below:
Update the company’s validation master plan and SOPs, ensuring that these remain in step with internal Quality systems.
Ensure that the validation strategies include a risk assessment to determine an appropriate testing strategy for each functionality. Where risk levels are high, testing preparation workloads may not change radically.
Be aware that perfect execution isn’t essential when testing is carried out, especially in lower-risk scenarios. If there are deviations or minor variations, the key is to ensure that these are addressed. A top tip here is to keep any test scripts small. Then, if a problem does crop up, it’s easy to pinpoint the source.
Use tools to manage validations, to maximise control and limit the need for paper-based tracking of the measures taken. In an agile context, where deployments are incremental, such tools can be particularly invaluable.
Seize the opportunity to optimise your computerised systems validation and management
Ultimately, the CSA initiative offers Life Sciences companies the opportunity to improve their software deployment and validation processes, spending less time on the mechanics of this, while delivering better results.
Rephine has extensive experience of optimised CSA projects using the latest tools and techniques to drive efficiency, including reusable scripts.
We are also seasoned experts in agile development and cloud-based system deployments, disciplines we can combine to optimise outcomes and contain risk. To discover how we could support your organisation’s computer software assurance and system validation activities, please get in touch.
