Computer Software Assurance (CSA) for Manufacturing, Operations, and Quality System Software Guidance – Is it the solution to arduous validations that the life science industry has been waiting for from the FDA?
Least Burdensome Approach to Validation – the Food and Drug Administration (FDA) has been pushing this concept onto life science companies for the past two decades, with less-than-desired results. The FDA's upcoming CSA guidance promises to be a useful tool to help the industry finally achieve this elusive goal.
The last FDA guidance proposing significant changes in validation approaches came out in 2004, the Pharmaceutical Current Good Manufacturing Practices (CGMPs) for the 21st Century1. It promotes the use of the latest technology, the newest quality methodologies, and a risk-based assessment of system functions to achieve compliance more efficiently than previous methods used in the 1990s and earlier. Still, the industry has been slow to adopt the philosophy and implement the suggested changes. This lack of acceptance has been due to the initial cost to employ new technology and processes, the perceived lack of maturity of some of the technology, and the resistance of companies to changing their processes from FDA "known and accepted" validation methodologies currently in use. The draft of a new guidance on the topic, "Computer Software Assurance for Manufacturing, Operations, and Quality System Software," is scheduled for release by the Center for Devices and Radiological Health (CDRH) before the end of 20202 to streamline the validation of systems using non-product software. Since this guidance will not present any information that has not been stated in previous guidance, and it will not require any changes to existing guidance or predicate rules, what benefits will it bring to the life science industry?
The answer to that question is that the new guidance supports a different approach to meeting regulatory compliance than the previous ones, presenting two new strategies when assuring the quality of software in GxP applications:
- First, the new guidance emphasizes the verification and validation process to prove a system's fitness for use rather than depending on the current method of generating a mandatory set of deliverables, with large quantities of documented testing associated with them.
- Second, the new guidance includes expanded instructions on the use of automated testing as well as recommendations for the acceptable use of vendor documentation and testing in the formal documentation of system installation and operation. This approach reduces the amount of redundant documentation and testing generated during validation, which increases the efficiency of collecting and documenting the specifications, installation, and testing required to verify that a system is fit for use.
The new guidance should shift the industry's mindset from depending on a specified set of documents generated during each step of the implementation process to a goal of achieving software quality throughout the development and testing process. Instead of focusing on Computer System Validation (CSV) programs that achieve compliance with little regard to effective and efficient system development, testing, and documentation, the guidance proposes a Computer System Assurance (CSA) program that depends on rapid learning and continuous improvement to achieve the same level of compliance with less emphasis on reaching a prescribed amount of documentation.
The guidance strongly encourages the use of critical thinking early in the process to plan the activities and to define the minimum documentation required to ensure that the software performs as specified. The CDRH presentation on the draft CSA guidance proposed using a four-step process to identify and apply the least burdensome approach that, when followed, will assure that the software is fit for its intended use. These four steps are:
- Identify intended system use in the specifications by listing all requirements that affect product safety, quality, efficacy, or identification.
- Use risk-based assessments to identify each feature, function, or operation's risk to product safety or quality and identify appropriate activities for each risk level to ensure that they reliably perform as intended.
- Leverage and use existing activities and supplier data, as appropriate, to assure proper system operation. This includes automated testing results, electronically collected data and records, vendor documentation/testing generated during system development, and agile and unscripted testing created during unit and system testing and commissioning. Employ process controls to mitigate risk when possible, and use any information gathered on the system from the beginning of the selection process until the system is approved-for-use to assure system operation.
- Define and document appropriate records to decrease the focus on creating documentation "to meet compliance standards." Collect data that is useful for the manufacturer to verify that the system operates reliably and as specified; do not create or collect data for the sole purpose of satisfying an auditor.
The proposed guidance reiterates the FDA's desire to have life science companies implement quality and testing efficiencies that other industries have already employed to drive down product costs and increase product quality. The Agency expects the CSA guidance to move the needle for the life science industry more than the previous guidance because it presents a detailed road map that uses critical thinking early in the process, implements risk-based assessments during planning, and leverages vendor documentation and testing during validation. The goal is to change the paradigm of computerized system validation from a massive, document-driven practice with redundant testing into one that requires reduced amounts of testing and documentation to achieve the same results.
Least Burdensome Approach to Validation – the upcoming guidance, defining a detailed CSA process that promotes critical thinking for each system and expanded use of vendor deliverables, may be the document that finally drives the industry to achieve this long-desired goal. Contact CAI today to learn how to use the CSA methodology to improve your company’s CSV process by increasing quality while decreasing the effort and documentation involved.
CDRH develops the CSA guidance for devices, but historically, FDA centers "accept" each other's guidance in their enforcement activities, regardless of the entity, so the idea of software assurance will likely be accepted for all drugs or devices employing software.
The guidance is focused on non-product software (defined as any software that is not directly used in a medical device, medical device as a services, or end-product), but because the guidance directs manufacturers to develop appropriate levels of testing and documentation determined by risk, validation packages created for direct-impact software using this guidance will continue to be similar to CSV packages currently being developed by the industry.
- Pharmaceutical Current Good Manufacturing Practices (CGMPs) for the 21st Century
- CDRH Proposed Guidances for Fiscal Year 2020 (FY 2020)
About the Author
Brian Stephens has over 30 years experience providing regulatory, validation, qualification, QA, automation and operation expertise to the life sciences industry. He has proven success managing complex projects, analyzing processes and creating and executing programs and plans to reduce risk and operating costs, increase regulatory compliance and to improve safety.