未分類

CSV and Quality Assurance (Revised Edition)

CSV and Quality Assurance (Revised Edition)

What is Quality?

As we have previously discussed, the goal of CSV (Computer System Validation) is “quality assurance” for operations utilizing computer systems, and I trust you have a good understanding of this. But what exactly is “quality”?

Let me illustrate with an example. Imagine a designer handbag costing 150,000 yen with a tarnished clasp. The customer would likely think, “The quality is poor.” On the other hand, consider a paper bag purchased for 300 yen at a station kiosk with a slightly torn edge. The customer would probably think, “Well, that’s to be expected.”

What is the difference between these two situations? The difference is price. In other words, “quality” refers to the “value” relative to the “price” paid by the customer. Therefore, quality is relative, and it is the customer who determines it. Quality can never be unilaterally determined by the producer.

In the pharmaceutical industry, the customers are patients, and the value at stake is life itself. Life is priceless, and consequently, the quality standards demanded for pharmaceuticals must be of the highest level.

What is Quality Assurance?

Now that you understand what “quality” means, let me discuss “quality assurance.”

The FDA requires “independent” QA (Quality Assurance) for CSV. Recently, in September 2025, the FDA issued final guidance on Computer Software Assurance (CSA), officially establishing a paradigm shift from the traditional uniform CSV approach to a more risk-based and flexible validation methodology. This CSA approach encourages adjusting the depth of validation according to risk and focusing on areas that truly impact patient safety and product quality.

The Role of the QA Department

The role of the QA department is to determine whether a third party (i.e., independent) can read the documented evidence (i.e., validation documentation) and, by following the SOPs again to perform similar work, arrive at similar results. In other words, it is about assessing reproducibility.

For example, if another person were to create a test plan again, would they define OQ (Operational Qualification) tests of approximately the same scale (number) and type (i.e., reach the same conclusion)?

The Importance of Traceability

Another essential element for ensuring reproducibility of work is traceability. The recommended method is the creation of a traceability matrix. By utilizing a traceability matrix, consistency between documents can be maintained and effectively applied to change management. In other words, all changes must be managed, and documents with consistent integrity must be maintained at all times.

In modern validation practice, ISPE GAMP 5 Second Edition (published in July 2022) is widely referenced as internationally recognized guidance. GAMP 5 Second Edition addresses the latest technologies such as cloud services, agile development, and AI/ML, emphasizing the application of risk-based approaches and critical thinking.

Data Integrity Principles

In quality assurance, data integrity is an extremely important element. Regulatory authorities such as the FDA, MHRA (UK Medicines and Healthcare products Regulatory Agency), and EMA (European Medicines Agency) require compliance with ALCOA+ principles. ALCOA+ stands for:

  • Attributable: The person who created the data can be identified
  • Legible: Data is readable and understandable
  • Contemporaneous: Data is recorded at the time the activity is performed
  • Original: The first record or its true copy
  • Accurate: Data is correct and error-free

Additionally, the “+” includes:

  • Complete: Data is complete with no omissions
  • Consistent: Data is chronologically consistent
  • Enduring: Data is preserved for the regulatory requirement period
  • Available: Data is accessible when needed

These principles apply to all paper-based, electronic, and hybrid systems.

The Essence of Quality Assurance

To reiterate, quality assurance means confirming that reproducible activities are documented in accordance with compliant SOPs. It is decidedly not about checking for the presence or absence of documents, writing style, or even grammatical correctness.

Moreover, quality cannot be measured in the QA process. As mentioned earlier, it is the customer who determines quality. If the QA department issues a report stating that “the quality is good,” it feels somewhat incongruous. It would be more appropriate to say “quality can be assured” or “quality is secured” based on the company’s quality standards.

Continuous Improvement of Quality Management Systems

Even in ISO 9001:2015 certification, the “high” or “low” level of quality is not the issue. ISO 9001:2015 is the current international standard, with the next revision scheduled for publication in 2026. This standard emphasizes risk-based thinking, process approach, and leadership commitment.

In certification, the key point is whether the “Quality Management System (QMS)” is functioning and whether a system for quality improvement is in place—a culture of continual improvement where tomorrow is better than today, and the day after tomorrow is better than tomorrow.

The seven quality management principles in ISO 9001:2015 are as follows:

PrincipleDescription
Customer FocusUnderstanding and meeting customer needs and expectations
LeadershipEstablishing unity of purpose and direction
Engagement of PeopleEmpowering people at all levels
Process ApproachManaging activities as interrelated processes
ImprovementContinuously improving performance
Evidence-based Decision MakingBasing decisions on data analysis
Relationship ManagementManaging relationships with interested parties

These principles are complementary to Good Manufacturing Practice (GMP) requirements in the pharmaceutical industry, and many pharmaceutical companies utilize ISO 9001:2015 as the foundation for GMP compliance.

Summary

Quality assurance in CSV/CSA is not merely document management but a systematic approach to ensuring patient safety and product quality. Recent regulatory trends emphasize risk-based thinking, data integrity, and continuous improvement, requiring the construction of quality management systems that integrate these elements.

Quality is determined by the customer (patient), and the pharmaceutical industry must recognize the weight of this responsibility and continue to maintain quality assurance systems of the highest standard.

Key Regulatory References:

  • FDA Final Guidance: Computer Software Assurance for Production and Quality System Software (September 2025)
  • ISPE GAMP 5 Second Edition: A Risk-Based Approach to Compliant GxP Computerized Systems (July 2022)
  • ISO 9001:2015: Quality management systems — Requirements
  • FDA, MHRA, EMA Data Integrity Guidance (ALCOA+ Principles)
  • 21 CFR Part 11: Electronic Records; Electronic Signatures
  • ICH Q9: Quality Risk Management

Industry Best Practices:

  • Implementation of risk-based validation approaches aligned with CSA principles
  • Establishment of comprehensive data governance frameworks incorporating ALCOA+ principles
  • Adoption of GAMP 5 Second Edition methodologies for computerized system validation
  • Integration of ISO 9001:2015 quality management principles with pharmaceutical GMP requirements
  • Focus on critical thinking and scientific judgment rather than prescriptive documentation
  • Leverage of vendor documentation and automated testing to improve efficiency
  • Continuous monitoring and improvement of quality management systems
Understanding Assurance in Computer System Validation (CSV) Previous post Risk-Based Approach in FDA Regulations: A Modern Framework for Computer System Validation Next post

Related post

Comment

There are no comment yet.