Unlocking the Secrets of Computer Software Validation

Unlocking the Secrets of Computer Software Validation
July 2024

Computer SoftwareValidation (CSV) is a critical process utilized in the life science industry,in companies such as pharmaceuticals, medical devices and biotechnology.

The CSV process isused for equipment and software that have an impact on the quality of theproduct and the safety of the patient.

The goal of the CSVprocess is to prove the system is working based on its intended use and is  compliance with the regulatory requirementsand recommendations for managing electronic records and electronic signatures.

Benefits of Automated Software Validation

The CSV process has been used by many companies for over two decades. Although the CSV process proofs itself as an industry standard, like any traditional process is heavily relying on individual skills and knowledge, require a significant amount of time and error prone. Using automated validation software to replace some of the repeated and tedious tasks can significantly lead to saving time, money, and improved accuracy.

Automated software validation is becoming a necessity when it comes to validating SaaS based applications which are being updated frequently. When validating cloud-based applications, one must consider the rapid release of new versions and the limitations companies have in controlling the release schedule. Implementing automated software which can identify changes is critical in order to keep SaaS applications in a continuous validation state.

Traditional CSV

Tools and Technologies for Computer System Validation

There are various approaches when it comes to using advanced technology in software validation. The main considerations in using applications and/or tools for this are: Platform security, adherence to regulations and guidelines such as electronic records compliance, flexibility of the digitalized process, document generation and templates management. In addition, almost any modern computer system validation software is cloud-based and must be validated.

A major consideration in selecting your application would be how the vendor handles the product itself in terms of upgrades and supporting documentation.

Streamlining with Automated Validation Processes

Automating the validation process can include one or more of the following steps:

  1. Identification of changes delivered to the validated software.
  2. Documents generation of the validated software.
  3. Automatic risk recommendation based on company and industry standards.
  4. Automatic tests execution.

Adding automation to the software validation process can significantly reduce human errors, shorten cycle times, and save costs. It is important to emphasize that automation does not replace validation team members but provides them with better tools to perform computer software validation of modern applications. Additionally, using these tools can help teams to more efficiently validate software and ensure compliance with industry standards.

Your Questions Answered: FAQs on Computer Software Validation

Why is the FDA changing the regulated software validation recommendations?

The regulations around software validation have not been updated since 1997. However, the technology has changed drastically, along with users expectations:

  • Moving from customized on premise solutions to off-the-shelf products and later to cloud-based solutions. 
  • Zero down time and quick fixes to any malfunctions. 
  • An FDA study showed that one of the reasons companies do not adopt new products is apprehension towards validating new technology. 

It also found that in 80% of cases human error was the culprit in validation errors. The new FDA recommendations originated to adapt them to the new technologies, improving validation processes, making them more efficient and reducing apprehension towards these new technologies.

For more info visit - General Principles of Software Validation (FDA)

What is the difference between CSV and CSA? When are the new FDA regulations scheduled to be announced?

The main difference between CSV and CSA is in moving from test-and-document-everything to a risk-based approach which allows you to focus testing on problem areas.

The CSA approach emphasizes the need to perform a risk assessment and practice critical thinking before step-by-step testing and documenting each step. The traditional CSV approach focuses on documentation and screenshots. The risk assessment is usually treated as just another document and not as the heart of the process.

With the CSA approach, there could be less documentation and screenshots, subject to the right risk classification and agreed action to mitigate the risk. The FDA intends to announce the CSA this year. Either way, the GAMP5 is very similar to the CSA.

Read more about CSV to CSA.

Is it possible to start practicing the new CSA approach?

Yes! According to conferences and webinars, the FDA has declared in 2020 that there is no reason to postpone the new recommendations. The CSA approach is already well known, the new guidelines will just package and fine tune it. There are already several global companies that have embraced this approach. Feel free to approach us to get links to FDA recordings and advice on how and why you should embrace CSA now.

Which sectors will the change in regulations affect?

Any sector bound by CSV regulations will eventually transition to CSA. In early 2020 the common belief was that only medical device companies would be allowed to adopt CSA methodologies, but it has since been made clear that this is not the case.

Can you give a few examples as to which parts of the CSV can be automated?

Today the CSV process is completely manual. In our experience, the two components that should be automated are the identifying changes which are related to risks and document creation. By automating these two components, the process will be much faster, and the chance of human error will be reduced. There are also solutions which automate the testing process, but these still require human intervention and therefor remain error prone.

More info: Increasing software quality and accuracy using automation.

What are the advantages of an automated validation process vs. a manual one?

The main advantage is in the automated risk identification, which might not be discovered in a manual process. Naturally, it is hard for us as humans to acknowledge the risks that are unknown to us and reveal them in a manual process. Also, any manual handling is error prone therefor reducing it by using advanced technology is a natural progression. The main guideline is to reduce the error prone activity but keep the critical thinking and expert opinions and experience in the review and approval phases of the risks and documents.

Is an automated product for software validation accepted by the FDA?

Yes! The documents produced by the automated system are reviewed and approved by the certified people in the organization and as such, there is no difference from a manual written document.

What is the difference between validating an on premise solution to a cloud based solution?

When focusing on validation, the main difference is in the control over changes and upgrades, as every change goes through the IT department. With an on-premise solution, the decision can be made within the company, but with a cloud-based system there may be automated updates that cannot be delayed.

What will be required to move to an automated solution for software validation in terms of time, effort and cost?

In general, cloud-based system validationcould occur 3-10 times a year, according to the number of changes. Byautomating those processes, 90% of human resources can be reduced. Time spentcan be reduced by 80%. The cost varies from one solution to another, usuallyreduced by around 50%.

What is the main bottleneck inCSV processes? How are companies handling it?

From our experience, most companies would say that the document writing phase is the hardest part of the software validation process (when practicing CSV). The common answer to that is using a third party vendor or consultant to assist with this effort. Practicing the CSA approach could lead to reduction of writing time and of the step-by-step testing (scripted vs. unscripted testing).

What is the ROI of using automation in software validation? How much time does it save?

According to our studies, a new cloud-based system validation will take on average 45 days and every upgrade will result in 5-20 additional days.

With Validify, it takes an average of 5 days for a new system and 4-8 hours for every upgrade or change. Another main aspect is the risk reduction of using an automated tool, not just the time.

Recommendations and Guidelines for Effective Software Validation

The traditional computer software validation approach relied heavily on system administrators’ and consultants’ knowledge, experience and own assessment of risks and potential issues. Introducing automated software validation solutions to the process will improve the analysis, knowledge, time and focus of these professionals is used where it is most required - development and implementation - not in creating ‘idiot proof’ tests or testing elements which are not likely to cause critical issues. However, it is important to keep the qualified team members in the review and approval process of the final validation documents/deliverables

Validify's Expertise

Validify is a risk and validation management platform designed to provide customers with an advanced tool for IT risk assessment and software validation. The platform was designed to automate a significant part of the risk assessment maintenance to support a continuous validation process, as well as automated and customizable template-based validation document generation. Validify also provides a built-in connector for the Salesforce Platoform, providing real-time status of your Salesforce compliance and identifying changes in your org automatically.

About the author

Ido Raz, Co-Founder and CEO of Validify

Ido Raz is the co-founder and CEO of Validify. Ido has extensive experience in providing solutions for organizations in the life sciences and other regulated industries. Ido led global technological and implementation teams, specializing in providing IT compliance and quality applications. He is an experienced compliance and cGMP professional and a cloud technology enthusiast.

Want to hear more or book a demo? Click here

Are you ready to move to the next generation of software validation?

Tell me more