A Q&A session about CSV automation, last update October 01, 2023
Q: Why is the FDA changing the regulated software validation recommendations?
A: The regulations around software validation have not been updated since 1997. However, the technology has changed drastically, along with users expectations:
- Moving from customized on premise solutions to off-the-shelf products and later to cloud-based solutions.
- Zero down time and quick fixes to any malfunctions.
- An FDA study showed that one of the reasons companies do not adopt new products is apprehension towards validating new technology.
It also found that in 80% of cases human error was the culprit in validation errors. The new FDA recommendations originated to adapt them to the new technologies, improving validation processes, making them more efficient and reducing apprehension towards these new technologies.
Q: What is the difference between CSV and CSA? When are the new FDA regulations scheduled to be announced?
A: The main difference between CSV and CSA is in moving from test-and-document-everything to a risk-based approach which allows you to focus testing on problem areas.
The CSA approach emphasizes the need to perform a risk assessment and practice critical thinking before step-by-step testing and documenting each step.
The traditional CSV approach focuses on documentation and screenshots. The risk assessment is usually treated as just another document and not as the heart of the process. With the CSA approach, there could be less documentation and screenshots, subject to the right risk classification and agreed action to mitigate the risk. The FDA intends to announce the CSA this year. Either way, the GAMP5 is very similar to the CSA.
Link to a relevant article on the subject.
Q: Is it possible to start practicing the new CSA approach?
A: Yes! According to conferences and webinars, the FDA has declared in 2020 that there is no reason to postpone the new recommendations. The CSA approach is already well known, the new guidelines will just package and fine tune it. There are already several global companies that have embraced this approach.
Feel free to approach us to get links to FDA recordings and advice on how and why you should embrace CSA now.
Q: Which sectors will the change in regulations affect?
A: Any sector bound by CSV regulations will eventually transition to CSA. In early 2020 the common belief was that only medical device companies would be allowed to adopt CSA methodologies, but it has since been made clear that this is not the case.
Q: Can you give a few examples as to which parts of the CSV can be automated?
A: Today the CSV process is completely manual. In our experience, the two components that should be automated are the identifying changes which are related to risks and document creation. By automating these two components, the process will be much faster and the chance of human error will be reduced.
There are also solutions which automate the testing process, but these still require human intervention and so are error prone.
Link to a relevant article on the subject.
Q: What are the advantages of an automated validation process vs. a manual one?
A: The main advantage is in the automated risk identification, which might not be discovered in a manual process. Naturally, it’s hard for us as humans to acknowledge the risks that are unknown to us and reveal them in a manual process. Also, any manual handling is error prone so reducing it by using advanced technology is a natural progression. The main guideline is to reduce the error prone activity but keep the critical thinking and expert opinions and experience in the review and approval phases of the risks and documents.
Link to a relevant article on the subject.
Q: Is an automated product for software validation accepted by the FDA?
A: Yes! The documents produced by the automated system are reviewed and approved by the certified people in the organization and as such, there is no difference from a manual written document.
Q: What is the difference between validating an on premise solution to a cloud based solution?
A: When focusing on validation, the main difference is in control over changes and upgrades, as every change goes through the IT department. With an on premise solution, the decision can be made within the company, but with a cloud based system there may be automated updates that cannot be delayed.
Q: What will be required to move to an automated solution for software validation in terms of time, effort and cost?
A: In general, cloud based system validation could occur 3-10 times a year, according to the number of changes. By automating those processes, 90% of human resources can be reduced. Time spent can be reduced by 80%. The cost varies from one solution to another, usually reduced by around 50%.
Q: What is the main bottleneck in CSV processes? How are companies handling it?
A: From our experience, most companies would say that the document writing phase is the hardest part of the software validation process (when practicing CSV). The common answer to that is using a 3rd party vendor or consultant to assist with this effort. Practicing the CSA approach could lead to reduction of writing time and of the step-by-step testing (scripted vs. unscripted testing).
Q: What is the ROI of using automation in software validation? How much time does it save?
A: According to our studies, a new cloud-based system validation will take on average 45 days and every upgrade will result in 5-20 additional days.
With Validify, it takes an average of 5 days for a new system and 4-8 hours for every upgrade or change. Another main aspect is the risk reduction of using an automated tool, not just the time.
About Validify
Validify Inc. is a Salesforce partner, an automated solution providing Salesforce risk analysis and Salesforce software assurance, generating all necessary verification and validation documents based on risk and other predefined, configurable parameters. Validify also provides a real-time status of your Salesforce compliance and identifies changes in your org automatically.
About the author
Ido Raz is a Co-Founder and CEO of Validify, a cloud technology and Salesforce enthusiast, former CTO of a Salesforce application company and PMP certified. With years of experience in Salesforce, design & delivery of compliance solutions for regulated industries.
Want to hear more or book a demo? Click here
