The purpose of this article (CSA – Part 2) is to provide a summary/preview of the upcoming Part 3 article, which examines the regulations and guidelines related to Computer Software Assurance in detail from a historical perspective. This second article serves as a preview for our readers who would be satisfied with a high-level view of our work rather than a more detailed-level. The full review for our readers who would wish to delve into further details on regulations, guidelines and origins of the CSA concepts will be available in the third article (CSA – Part 3) of the 4-part series:.
Highlighted in bold font below is the focus of this 2nd article.
CSA – Part 1: Provide a brief summary of the latest guidelines related to CSA concepts
CSA – Part 2: Provide a Summary/preview of the historical review analyzed and presented in more detail in the next article (see CSA – Part 3) in the series (this article)
CSA – Part 3: Provide a historical review of CSA-related regulations and guidelines and trace early origins of the new CSA approach related to computerized system validation and computer software assurance by reviewing applicable regulations and guidelines
CSA – Part 4: Examine the areas in which CSV is evolving into CSA based on the recent guidelines
The goal of Computerized System Validation (CSV) is to provide confidence that the computerized system operates and performs as specified and also that it meets industry regulations. In general, CSV principles must be applied if a computerized system is used for any of the following purposes:
- To manufacture, process, distribute, package, or control a pharmaceutical product.
- To collect, analyze, or store data during production, R&D or clinical trials of a pharmaceutical product.
- To collect data that could impact patient safety or product quality.
- To provide information to regulatory authorities or other pharmaceutical companies.
As mentioned in the first article of this series (CSA – Part 1), three new guidelines were published in mid-late 2022, whose focus was to provide an update of how we think and perform computerized system validation (CSV) in the life sciences in the CGMP environment. This new way of thinking was labelled ‘Computer Software Assurance (CSA)‘ and provides GxP organizations with recommendations to optimize CSV activities in terms of validation effort/rigor and documentation requirements, by prioritizing attention to product quality and patient safety, rather than focusing on sometimes burdensome activities centered primarily on addressing regulations.
Our motivation for this review was two-fold: 1) to examine past regulations and guidelines that led to new CSA guidelines and 2) to trace CSA concepts back in time in earlier regulations and guidelines.
Our method was to review available information on CGMP regulations and guidelines available in the public domain, spanning more than 4 decades. These are shown in Figure 1 below.
Figure 1. Regulations and guidelines related to CSA
To examine past regulations and guidelines related to CSA concepts we looked at regulations from the FDA and the European Commission (boxes in green color). We also looked at guidelines on software validation from the FDA, ISPE/GAMP, PIC/S and the WHO (boxes in yellow color). Additionally, we examined FDA’s Case for Quality (CfQ) initiative and finally we looked at guidelines on data integrity from the FDA, ISPE/GAMP, PIC/S and the WHO (boxes in light blue color).
To trace CSA concepts back in time in earlier regulations and guidelines we looked at possible origins for CSA concepts, such as identifying the requirements for computer system validation according to the software‘s intended use, justification of the risk-based approach for software validation, the degree of necessary and sufficient documentation/ records requirements, selective testing against requirements for the software’s intended use, leveraging vendor software assurance activities with focus on product quality, and applying good data integrity practices for electronic records and data flows.
We also looked for possible signs of the recommended ‘critical thinking‘ approach throughout the GxP organization and the CSV lifecycle, in terms of requirements verification, designing testing conditions, degree of testing by the software vendor, documentation and qualification activities, deciding on appropriate validation approach, deciding on which techniques can be combined in the software manufacturer’s software validation program, and considerations on reducing the cost of validation activities.
The review of CSA concepts identifies certain areas, where CSA concepts may have originated from, lists several take-away points from this exercise and highlights the evolution of the thinking by regulators and the life sciences industry regarding computer software assurance. The 2022 CSA-related guidelines offer specific examples for applying these new CSA concepts based on the new recommended approaches.
Technological advancements, automation, alternative methods for software development, the need to reduce sometimes burdensome and costly quality-related activities, the significance of the “interpretation” of applicable regulations have contributed to a new approach and set of recommendations for computer software assurance. This assurance is based on critical thinking, aiming at enhancing product quality and reducing risks to patient safety. The third article in the CSA series (CSA – Part 3) provides a detailed examination of topics presented here.
Acronyms
| CGMP | Current Good Manufacturer Practices |
| CSA | Computer Software Assurance |
| CSV | Computerized System Validation |
| EU | European Union |
| FDA | Food and Drug Administration |
| GAMP | Good Automated Manufacturing Procedures |
| ISPE | International Society for Pharmaceutical Engineering |
| MHRA | Medicines & Healthcare products Regulatory Agency |
| PIC/S | Pharmaceutical Inspection Convention/Co-operation Scheme |
| WHO | World Health Organization |
References
Disclaimers
The information contained in this article is provided in good faith and reflects the personal views of the author. No liability can be accepted in any way. The information provided does not constitute legal advice.
Copyright
© CCG Solutions GmbH 2023 – 25 January 2023
Reproduction prohibited for commercial purposes. Reproduction for internal use is authorized, provided that the source is acknowledged.