FDA Issues Draft CSA Guidance
On September 13, 2022, the FDA released draft guidance “Computer Software Assurance for Production and Quality System Software” (“CSA Guidance”).
CSA guidance used as part of medical device manufacturing or quality systemscomputer software for computers and automated data processing systems
From CSV to CSA
FDA CDRH has been promoting the Case for Quality Program since 2008, and as part of the program, has involved industry and GAMP in the development of CSA guidance.
Computerized System Validation (CSV), which is currently required by regulatory requirements, has many documentation requirements and is time, labor, and cost intensive to implement. Moreover, the documentation produced by CSV is not used to assure product quality or patient safety but only to respond to regulatory inspections.
In other words, we had wasted compliance costs.
This is why CSV requirements have been the highest barrier to quality assurance of end products in medical device companies.
The CSA guidance establishes trust in software used in medical device manufacturing or quality systems and identifies when additional rigorous assurance is appropriate risk-based approach to evaluating computer software.
In addition, the CSA Guidance describes various methods and testing activities that can be applied to provide objective evidence to meet the requirements for computer software verification required by 21 CFR Part 820 (QSR).
GPSV Guidance Issues and CSA Guidance
The finalized CSA guidance is the FDA guidance “General Principles of Software Validation” (issued January 2002; hereafter referred to as the GPSV Guidance). This is a supplement to the GPSV Guidance).
In the GPSV Guidance, FDA outlines the principles of software validation, including implementing change management as part of the software lifecycle.
However, the content of the CSV report focused on software installed in medical devices (Embedded Software: product software), and there was little information on CSV for non-product software used internally by the medical device industry (e.g., automation systems, measurement devices, complaint management systems, document management systems, etc.). The report contained little information on CSV of non-product software used internally by the medical device industry (e.g., automation systems, measurement devices, complaint management systems, document management systems, etc.).
The CSA Guidance is not intended to explain all the principles of software validation.
The CSA Guidance applies the risk-based approach to software validation described in the GPSV Guidance to software used in medical device manufacturing or quality systems.
When the CSA Guidance is finalized, it will replace Section 6, VALIDATION OF AUTOMATED PROCESS EQUIPMENT AND QUALITY SYSTEM SOFTWARE, of the GPSV Guidance. The GPSV Guidance replaces Section 6 “VALIDATION OF AUTOMATED PROCESS EQUIPMENT AND QUALITY SYSTEM SOFTWARE.
Please note that the CSA Guidance does not apply to design validation (as required by QSR §820.30) for software in a medical device (SiMD) and software as a medical device (SaMD). 30) for software in a medical device (software in a medical device, SiMD) and software as a medical device (software as a medical device, SaMD).
Table of Contents for CSA Guidance
The table of contents of the CSA Guidance is as follows
- Intoroduction
- Background
- Scope
- Computer Software Assurance
- Computer Software Assurance Risk Framework
A.Identifying the Intended Use
B. Determining the Risk-Based Approach
C. Determining the Appropriate Assurance Activities
D. Establishing the Appropriate Record
Appendix A. Examples
Example 1:Nonconformance Management System
Example 2:Learning Management System (LMS)
Example 3:Business Intelligence Applications
CSA Guidance and Risk-Based Approach
The CSA guidance outlines a computer software assurance risk framework that includes assessing the intended use of computer software, identifying appropriate assurance activities based on the level of risk identified through the use of risk-based analysis of software that is part of a manufacturing or quality system, and documenting that the system is operating as intended Outlines a risk framework for computer software assurance that includes the creation of records.
The CSA Guidance categorizes process risk as “high process risk” and “not high process risk” and provides examples of each. and “not high process risk,” and examples of each are presented.
It also introduces computer software assurance methods that may be used depending on the classification of process risk.
In addition, the CSA Guidance describes matters related to the creation of records that are deemed sufficient as objective evidence that computer software assurance has been established.
【author’s note】
The CSA guidance is issued by CDRH and CBER. Thus, it is primarily intended for medical device companies. However, FDA CDRH has been working with GAMP to explore CSA alternatives to CSV.
Thus, the CSA guidance can be used by pharmaceutical companies.
Rather than a “one size fits all” approach, it is important for pharmaceutical companies to actively transition from CSVs to CSAs.
Also, CSA is not in any way inconsistent with GAMP 5. In other words, GAMP 5 does not need to be revised.
For more information, please watch the author’s YouTube video “From CSV to CSA Seminar.
related product
[blogcard url=https://xn--2lwu4a.jp/qms-alex/ title=”QMS(手順書)ひな形 医薬品関連” ]]]>
Comment