What is a user in the CSV implementation?
In fact, the term “user” is extremely ambiguous. Pharmaceutical and medical device companies are user companies, as opposed to supplier companies. However, calling a company a user is too broad. An operator who performs data entry is also called a user.
What is a regulated user?
PIC/S GMP Annex 11 “Computerised System” uses the term “Regulated User” (Regulated User).
3．Suppliers and Service Providers
3.3 Documentation provided by off-the-shelf software must be reviewed by the regulated user and checked for compliance with user requirements.
4.5 The regulated user must demonstrate that the system was developed in accordance with an appropriate quality management system, taking all appropriate steps. Software suppliers must be properly evaluated.
A Regulated User is not the operator who actually uses the computerized system. The Regulated User is the person responsible for compliance with the regulatory requirements in the business (operation) in question.
In other words, it is not whether or not the computerized system is actually used.
Who is the author of the user requirements specification?
When implementing CSV, a User Requirements Specification (URS) is prepared.
Perhaps the reader understands that URSs are created by users. However, as noted above, the term user is ambiguous.
Of course, it would probably be difficult for an operator to create a URS.
It would be reasonable to assume that it is the “regulated user” that creates (is responsible for creating) the URS.
Similarly, the person conducting the User Acceptance Test (UAT) should also be a regulated user. System testing, for example, might be requested to be performed by the vendor in question. However, since UAT is required to properly verify user operations using computerized systems, it is still desirable that the “regulated user” perform the UAT.