Let USDM manage your entire Computer System Validation (CSV)

From methodology development through end-user training, we ensure your systems are compliant. Our validation best practices and test automation capabilities significantly decrease your implementation and validation time.

Whether you are still using the traditional CSV approach or ready to take the first steps to a more modern CSA approach to improve your quality and efficiency, we can help!

Click Here to Contact Us

What types of systems does USDM validate?

USDM has experience validating all life science GxP systems, both on-prem and cloud-based:

  • Building Management Systems
  • Clinical Systems (CDMS, CTMS, EDC, eTMF, ePRO, IRT)
  • Content Management Systems 
  • Equipment Qualification
  • Freezer Systems
  • Laboratory Systems (ELN, Freezer Management, LIMS)
  • Manufacturing Systems (ERP, PLM)
  • Quality Systems (LMS, Quality Document Management, QMS)
  • Regulatory Publishing
  • Safety Systems and Signal Detection
  • Submissions
  • UDI & Serialization

Have a question about how we can work with your speciifc GxP system setup?

Fill out our contact form with your system specifications and we can review them.

What is USDM’s Computer System Validation (CSV) methodology?

Our current methodology is based on GAMP (Good Automated Manufacturing Practice) best practices and includes the following; 

  • Vendor Audit
  • Validation Plan
  • Part 11 and Annex 11 Assessments
  • Risk and Impact Assessments
  • User Requirements and Functional Specification
  • IQ/OQ/PQ/UAT Protocols and Test Scripts and Execution Assistance
  • Traceability Matrix
  • Administration, Use and Operation SOPs
  • Business Process SOPs
  • Validation Summary Report 

Specific documents and deliverables will depend on GAMP category. Contact USDM today to discuss your specific CSV needs

What about the Computer Software Assurance (CSA) guidance coming from the FDA?

To harmonize with international standards, the FDA's Center for Devices and Radiological Health (CDRH) plans to release a new draft guidance, “Computer Software Assurance for Manufacturing, Operations, and Quality System Software,” that aligns with the current quality systems regulation ISO 13485. With the FDA changing focus from compliance to quality and encouraging the use of automation and new technologies, USDM is already modernizing and practicing a more streamlined approach to CSV and in the process of updating our Cloud Assurance methodology to include a true, risk-based, CSA approach. We can help you develop your CSA approach too!

What is Computer Software Assurance (CSA)?

In 2011 the Center for Devices and Radiological Health (CDRH) initiated the Case for Quality, a new program that identified barriers in the current Validation of Software in Medical Devices guidance (released in 2002). The current guidance focuses on software, which is an integral part of the medical device but does not clearly address the many software systems that support the quality of a medical device. The CDRH is working on a new draft guidance “Computer Software Assurance for Manufacturing, Operations, and Quality System Software” that will allow manufacturers minimize their existing computer system validation (CSV) efforts and documentation burden and focus on more efficient approaches, including automation, to improve their overall process and product quality. This guidance is founded on a true risk-based approach systems assurance, which should be considered when deploying non-product software systems.

Computer Software Assurance (CSA) Highlights

  • Guidance on FDA's A list for release in 2021
  • CDRH Guidance, in cooperation with the Center for Biologics Evaluation and Research (CBER) and the Center for Drug Evaluation and Research (CDER)
  • Non-product quality system software (i.e., ERP, LIMS, LMS, eDMS, and QMS applications as well as software tools)
  • Principles and approaches are applicable now to all regulated organizations
Download our PDF overview of CSA here:


Why is the FDA introducing Computer Software Assurance?

As part of their Case for Quality program, one of the top priorities for the FDA's medical devices center, the FDA identified several barriers with CSV:

  • Complex, confusing, hard to use, risk-based approaches
  • Too much focus on documentation for the auditor, creating significant compliance burden
  • Lack of clarity on how much testing is enough and where to focus that testing
  • The FDA believes the use of automation, information technology, and data solutions throughout the system life cycle can provide significant benefits to drive enhanced quality and safety, thereby reducing patient risk

How is the FDA guiding the CSA?

  • By defining indirect versus direct systems
  • By identifying acceptable approaches to indirect and direct system validation
  • By focusing on a risk-based approach using critical thinking to spend more time developing a methodology appropriate to the risk of the system, focus on testing of high-risk systems and functionality, and less time documenting
  • By training inspectors to focus their review on the higher-risk activity and the critical thinking behind the chosen methodology

What are the benefits of a CSA approach?

As part of their Case for Quality program, the FDA participated in several pilot programs that consistently delivered the below results;

  • Improved quality and efficienty
  • Over 50% less validation cost and time
  • Up to 90% decrease in test script issues
  • Significant testing overhead reduction
  • Utilize vendor assurance activities
  • Maximized use of CSV and expert resources
  • Capability to deliver value faster

How can USDM help?

  • CSA Education and Training – USDM can help teach and mentor your teams on CSA principles and how to apply critical thinking to your process
    • Increase awareness and knowledge about CSA principles and benefits
    • One-off courses, reoccurring training, GxP training for suppliers, and more
    • Training customized to your business needs and processes
    • Onsite or virtual programs
  • CSA Assessments – USDM can assess your CSV process and recommend CSA changes based on your quality of documentation, testing, SOPs/WIs, testing, use of automation, performance on audits, etc.
    • Evaluate your current CSV process for quick wins and longer-term improvements
    • Prioritize recommended changes based on business justification
    • Improve your vendor qualification process
    • Build a CSA roadmap based on your business priorities
  • CSA Development and Methodology – From vendor selection to methodology development to end-user training, USDM can transform your CSV into a CSA approach and help drive adoption across your organization
    • Implement fast-start improvements to your processes
    • Develop and execute pilot programs
    • Deliver complete overhauls to your CSV processes and procedures
  • Cloud Assurance – USDM can manage your entire CSV or CSA process and deliver an end-to-end GxP compliant managed service, including the continuous maintenance of all your cloud vendor releases
    • Assist with cloud vendor selection and RFP process
    • Manage cloud vendor assurance, vendor qualification, and maintenance of new releases
    • Leverage automated regression testing

USDM is on the cutting edge of technology and compliance and we are watching the FDA’s Computer Software Assurance guidance closely. We already have progressive solutions in place and can save you significant time and money on your validation programs. Please contact us to discuss your unique challenges today.

Additional References:

Computer System Validation FAQ

  • How does changing from paper to digital improve the quality of product?

    Automated systems enhance product quality and safety and reduce or eliminate human errors which reduces patient risk and increases business value.

  • Is cloud-based software safe for medical device companies?

    Yes. Cloud providers’ profitability and reputation depend on ensuring customers’ data remains secure, where most companies with on-prem data don’t have a robust and experienced cybersecurity team. A physical attack would be easier targeted at an on-prem company due to the data center location usually being close to the company itself. In the cloud, the data could be stored on a server anywhere in the world, additionally with enhanced security. Malicious intruders have many ways to exploit flaws in an on-prem security system, resulting in vulnerability. Top cloud providers are quick to fix such issues and frequently employ “internal hackers” to try to exploit vulnerabilities. Cloud providers have better resiliency and total downtime is extremely low. Cloud providers usually have newer technology with greater security functionality.

  • How do I automate validation testing with software?

    • Use electronic data capture and record creation during testing without also requiring screen shots and extra manual documentation.
    • Leverage continuous data monitoring activities to provide assurance.
    • Electronic testing tools can be used to replace manual testing resulting in reams of paper output.
    • Automated testing tools can be used to automate testing that has the potential to be repeated, such as for systems that are often modified or have frequent patches and updates applied, regression testing, etc.
    • Future use will be to use machine learning to automatically write tests for the software by spidering or crawling the application.

Next Steps

How to stay compliant and competitive.

Thought Leaders

Leading experts in every Life Sciences field.

Learn More
Have Questions? Get in touch, we're here to help

We use cookies to understand how you use our site and improve your experience. This includes personalizing content and advertising. Learn more.