From “Validation” to “Verification”: The Evolution of CSV Approaches

The Birth of GAMP 4 and Its Impact

More than 20 years have now passed since December 2001, when GAMP 4 was published under the title “GAMP Guide for Validation of Automated Systems.”

GAMP 4 has a noteworthy history: the FDA participated in its review process. As a result, GAMP 4 became the de facto standard for Computer System Validation (CSV) at that time.

However, a significant problem emerged: compliance costs.

During the GAMP 4 era, pharmaceutical companies would repeat the testing and activities that suppliers had already conducted, resulting in duplicate quality assurance efforts. The compliance costs incurred by companies were directly passed on to product prices, ultimately becoming a burden on patients.

The Introduction of ASTM E2500

In response to this issue, the FDA commissioned ASTM (American Society for Testing and Materials)—an organization with no prior connections to the pharmaceutical industry—to develop new guidelines for testing pharmaceutical manufacturing equipment.

ASTM develops test methods, standards, and specifications for materials, products, systems, and services. With members in more than 100 countries worldwide, the test methods and standards developed by ASTM are adopted by companies and government agencies around the world to ensure product safety, quality, and performance.

At the FDA’s request, ASTM created ASTM E2500 “Standard Guide for Specification, Design, and Verification of Pharmaceutical and Biopharmaceutical Manufacturing Systems and Equipment” in 2007.

This standard applies concepts and principles introduced in the FDA initiative “Pharmaceutical cGMPs for the 21st Century — A Risk-Based Approach” and is designed to conform with FDA, EU, and other international regulations regarding equipment and facility suitability for use and qualification. It also supports and is consistent with the framework described in ICH Q8, ICH Q9, ICH Q10, and ICH Q11.

The Emergence of GAMP 5 and the Paradigm Shift

The following year, in 2008, ISPE (International Society for Pharmaceutical Engineering), which oversees GAMP, published GAMP 5 “A Risk-Based Approach to Compliant GxP Computerized Systems” to align with ASTM E2500.

The most notable difference between GAMP 4 and GAMP 5 is the disappearance of the term “Validation” from the title. In other words, to align with ASTM E2500, the guidance changed from focusing on Validation to emphasizing Verification. This fact is not widely known.

General Specification and Verification Approach

In the Specification and Verification Approach—commonly known as the V-model—in GAMP 4 (English version), the term “Validation” was used in the verification position.

However, in GAMP 5 (English version), verification was changed to “Verification.” It should be noted that in the GAMP 5 Japanese version, both remain as “検証” (verification), making this change difficult to notice.

Under GAMP 4, pharmaceutical companies would repeat as Validation the activities that suppliers had already conducted. This represented a waste of compliance costs.

Under GAMP 5, pharmaceutical companies began to Verify (confirm) the activities conducted by suppliers. This prevented duplication of work between suppliers and pharmaceutical companies.

The Current State in Japan and the Importance of Appropriate Quality Assurance

Many companies in Japan remain unaware of this change and continue to implement rigid Validation activities.

While quality assurance is an essential activity, it should not be excessive.

Recent Developments: GAMP 5 Second Edition and the CSA Approach

In July 2022, ISPE published the GAMP 5 Second Edition. While maintaining the principles and framework of the first edition, this update reflects application in the modern world, including the increased importance of service providers, evolving approaches to software development, and expanded use of software tools and automation.

Key enhancements in the Second Edition include:

Critical Thinking Approach: A new appendix (M12) introduces critical thinking as a core pillar of the GAMP 5 framework. This approach emphasizes patient-centered, risk-based thinking and aligns with the FDA’s Computer Software Assurance (CSA) guidance.

Support for Agile Methodologies: The Second Edition explicitly acknowledges that the GAMP lifecycle is not inherently linear but also fully supports iterative and incremental methods, including Agile development.

Emerging Technologies: New appendices address Artificial Intelligence and Machine Learning (AI/ML), Distributed Ledger Technology (Blockchain), cloud computing, and open-source software.

Computer Software Assurance (CSA): The guide emphasizes a shift from traditional Computer System Validation (CSV) to Computer Software Assurance (CSA), focusing on critical thinking rather than documentation-heavy approaches.

FDA’s Computer Software Assurance Guidance

In September 2022, the FDA issued draft guidance titled “Computer Software Assurance for Production and Quality System Software,” which was finalized in September 2025. This guidance describes a risk-based approach to establish confidence in automation used for production or quality systems.

The CSA approach features four key steps:

1. Identify the intended use of the software
2. Determine a risk-based approach based on potential impacts on product quality, patient safety, and data integrity
3. Determine appropriate assurance activities commensurate with the risk
4. Establish appropriate records to document the assurance activities

This guidance supersedes Section 6 of the FDA’s 2002 “General Principles of Software Validation” and strongly encourages manufacturers to leverage vendor documentation, certifications, and digital records to reduce manual documentation burden.

The CSA guidance introduces new testing terminology:

Scripted Testing: Predefined, step-by-step test procedures typically used for high process risk features

Unscripted Testing: More flexible testing methods such as exploratory testing, scenario testing, and error-guessing, suitable for lower process risk features

The Future Direction: Focus on Patient Safety and Product Quality

The transition from Validation to Verification, and more recently to Computer Software Assurance, represents a fundamental shift in regulatory philosophy. The focus has moved away from compliance for its own sake toward ensuring patient safety, product quality, and data integrity through risk-based, thoughtful approaches.

Modern validation strategies should:

• Apply critical thinking to determine appropriate validation approaches based on intended use and risk
• Leverage supplier expertise and documentation where appropriate
• Focus validation efforts on areas that truly impact patient safety and product quality
• Avoid unnecessary duplication of testing and documentation
• Utilize both scripted and unscripted testing methods as appropriate for the risk level
• Embrace modern software development methodologies such as Agile while maintaining adequate control

Conclusion

The evolution from GAMP 4’s Validation-centric approach to GAMP 5’s Verification focus, and most recently to the Computer Software Assurance framework, reflects the pharmaceutical industry’s maturation in understanding how to efficiently ensure system quality while controlling costs.

The key message is clear: quality assurance activities should be risk-based, proportionate, and value-adding rather than prescriptive and documentation-heavy. By adopting these modern approaches, pharmaceutical companies can reduce compliance costs, accelerate time to market, and ultimately reduce the financial burden on patients—all while maintaining or even improving the quality and safety of pharmaceutical products.

Companies worldwide, particularly in Japan, should re-evaluate their validation practices to ensure they are applying these modern, efficient approaches rather than continuing with outdated, overly rigid validation activities that add cost without proportionate benefit to patient safety or product quality.