Bio Pharma Technical Consulting Ireland Logo

Bio Pharma Technical Consulting

Computer Software Assurance 

The FDA recently released the article, "Computer Software Assurance for Manufacturing, Operations, and Quality System Software." This introduces a new approach called Computer Software Assurance (CSA), which shakes up the conventional approach of Computer System Validation (CSV). CSA encourages a more thoughtful and risk-oriented mindset, homing in on what truly matters: ensuring patient safety, maintaining product quality, and safeguarding data integrity.).

CSA and GAMP 5  

GAMP 5 2nd Edition is based on one key goal, to “protect patient safety, product quality, and data integrity by facilitating and encouraging the achievement of [computerized] systems that are effective, reliable, and of high quality.” The main issues highlighted in this edition surround innovation, critical thinking, agile methodologies, and IT service management. The guidance shows a clear evolution from Computer Systems Validation (CSV) to Computer Software Assurance (CSA).

  • BPTC  experts in Tech transfer
    Paradigm shift in focus

    CSV, as it stands today, is a documentation-heavy exercise. Documentation is done at the expense of critical thinking and testing. CSA brings about a paradigm shift by encouraging critical thinking over documentation. By leveraging the tenets of CSA, companies can execute more testing with less documentation.

  • bptc - experts in Process development
    Leverage trusted vendor data

    Take credit for the work that is already done by a trusted/audited vendor: i.e., validation of the core software, vendor testing of software releases, etc. For cloud-based software solutions, the vendor assessment is accessible in the cloud, so that elements of the assessment can be referenced quickly and easily. This reduces time and effort spent on downstream validation. 

  • BPTC  specialists in cell and gene therapy
    Focus on intended use 

    Computer Software Assurance allows clearer focus, and limits validation of the software to the manufacturer’s intended use. With CSV, it is far too common to have a Software as a Service (SaaS) system’s out-of-the-box features validated only during client implementation. It is important for a manufacturer to clearly define the system’s intended focus to focus well on terms of validation. 

  • BPTC experts in CMC strategy
    Use a risk-based approach

    CSA recommends the following streamlined risk assessment process, aimed at actively driving testing. This simple framework includes only two variables:
    -A functionality’s potential impact on patient / user safety and product quality.
    -Implementation method of the functionality

  • BPTC epertise in Clinical and Commercial MAnufactuing  for Bio tech
    Unscripted testing 

    It is important to note that “Unscripted” does not mean “Undocumented.”An unscripted test case defines the test objective, but does not include detailed test steps.
    Limiting required documentation significantly reduces test script / tester errors, while it increases detection of functional irregularities that may be encountered in the live environment.

  • BPTC - expertise in Project Management deliverables strategy

Revised GAMP 5 V-Model 

In the early 1990s, the GAMP guide was mainly used to control suppliers of manufacturing production equipment to the pharmaceutical industry. Thus, the V model was used in the first four versions of the GAMP guide from 1994 to 2008. This V model worked very well for manufacturing equipment and equipment with computer control elements with simple configuration. But there are better-suited alternatives now.

With the recognition of agile methodology in GAMP 2nd Edition as a non-linear approach for software development and validation, legacy validation documents from GAMP 1st Edition, such as installation (IQ), operation (OQ), and performance qualification (PQ) documents, are no longer relevant. 

GAMP 5 revised V model



CSA: definition

Definition of CSA: A risk-based approach for establishing and maintaining confidence that software is fit for its intended use. This approach considers the risk of compromised safety and/or quality of the device… to determine the level of assurance effort and activities appropriate to establish confidence in the software. Because the computer software assurance effort is risk-based, it follows a leastburdensome approach, where the burden of validation is no more than necessary to address the risk. Such an approach supports the efficient use of resources, in turn promoting product quality.

Quality, not compliance: The shift to computerized system assurance is part of a broader trend being driven by industry bodies such as the FDA and ISPE. It’s aimed at replacing a stressful, self-inflicted straitjacket of compliance based CSV activity with measured, sensible, quality-based CSA actions

Photo of Tiffany D Rau

The FDA and GAMP leadership want regulated companies to strengthen their quality approach by replacing manual paper-based systems with electronic systems. The new landscape of CSA therefore aims to make this adoption as quick and painless as possible.


CSA outlines a risk based approach to compliant computerised systems that can help manufacturers streamline their processes even as their regulatory obligations increase and supply chains become more complex.

Contact us to see how we can assist on your journey from CSV to CSA 


Bio Pharma Technical Consulting  
Cork, T23 KW81, Ireland  

  Our US Partner 

   Rau Consulting LLC 
link to our US partner Rau Consulting