At this moment the FDA Center for Devices and Radiological Health (CDRH), in collaboration with the Center for Biologics Evaluation and Research (CBER) and the Center for Drug Evaluation and Research (CDER), are planning to release a new guidance document entitled Computer Software Assurance (CSA) for Manufacturing and Quality System Software.
The FDA’s regulation 21 CFR Part 11 (1997) and the related guidance of 2003 created a clear foundation for the implementation of Computer System Validation (CSV) processes. However, adhering to FDA CSV guidances can be a challenge for life science organizations because they are mainly focused on prioritizing documentation which can be time-consuming and costly. This new CSA guidance will create opportunities for streamlining documentation by shifting the focus of CSV processes towards critical thinking, risk management, patient and product safety, data integrity, and quality assurance.
CSA is not a regulation. It’s expected to be a guidance. Even though this guidance is being developed for the medical device industry manufacturing, the FDA has indicated that it will be suitable for R&D, clinical, and other groups within the pharmaceutical, biotech, and medical device companies that are currently following electronic records and signatures and CSV regulations.
Why is this new guidance being released?
In 2011, the FDA’s CDRH reviewed medical device quality data and detected manufacturing risks that affected product quality. As a result, they launched their “Case for Quality” initiative. One of its conclusions was that CSV had become a burden to organizations. The gap between regulations and available technologies due to outdated requirements meant that the focus was on filling extensive documentation requirements rather than concentrating on quality. Many Life Science organizations (starting in the late ‘90s and continuing into 2010s) made a fundamental decision to implement procedures that validated all Computer Systems, the same. It seemed to be ‘safer’ to an error on the side of validating more and validating everything in the same model. At the time, a risk-based approach to validation was either not well understood or seemed to be a risky venture.
The FDA’s new CSA guidance re-establishes the original foundation that validation efforts should be grounded in a risk-based approach.
CSA tells us that critical thinking should take place prospectively and prior to starting the validation effort. Based on the intended use of the Computerized System, risk should dictate the process of determining the system validation approach and this risk determination should establish a commensurate level of validation effort.
A risk-based evaluation of individual system components, configuration, and features should be utilized to determine what should be validated, and what can be tested outside of the validation process. The risk of compromising data quality, data integrity, and data retention will always be considered a high-level risk along with inherent system processes that support subject safety, and data privacy. This CSA approach will enable organizations to focus resources on the specific areas that require validation, resulting in the dedication of more resources to critical areas and improving overall process quality while generating less documentation.
What will the new guidance mean?
The new CSA Guidance should give organizations the confidence to implement a risk-based validation model that will result in greater Quality, less Change Control, greater efficiencies in human resources, faster development, lower implementation costs, and less paperwork. Ahead of the FDA’s unveiling of its new CSA guidance, the agency has advised manufacturers to take a proactive approach in addressing the new methodology. They are requesting that the focus is on patient safety, product quality, and data integrity.
ADAMAS Consulting is here to help you take a proactive approach to the transition. For information on how we can help, please contact firstname.lastname@example.org or call us at +44 (0)1344 751 210 in Europe / +1-919-341-3361 in the US.