fbpx
1-888-310-4540 (main) / 1-888-707-6150 (support) info@spkaa.com
Select Page

Exploring the FDA’s Computer Software Assurance Model

windchill features best plm software
Written by Carlos Almeida
Published on November 18, 2023

In September 2022, the FDA ushered in a groundbreaking transformation in the medical device industry by unveiling a new draft guidance on software validation titled “Computer Software Assurance for Production and Quality System Software.” 

For years, the medical device industry relied on a traditional approach to software validation, known as Computer System Validation (CSV). It was a rigorous, step-by-step process involving Installation Qualification (IQ), Operational Qualification (OQ), and Performance Qualification (PQ). However, the growing complexity of software and the burden of documentation often made this approach cumbersome, both in terms of time and resources.

Enter Computer Software Assurance (CSA), the future of software validation. 

Now, the FDA envisions a landscape where medical device manufacturers adopt CSA as a risk-based approach. CSA encourages MedTech companies to assess the risks associated with their software and adjust their validation activities accordingly. Instead of the one-size-fits-all approach of CSV, CSA promotes flexibility, efficiency, and a stronger focus on product quality and patient safety.

The Role of FDA

The FDA is at the forefront of shaping the future of software validation. Its new guidance reflects a commitment to “the least-burdensome approach” to compliance, acknowledging the challenges faced by medical device manufacturers. It’s a reflection of the changing economy and trends taking place in MedTech.

The agency is reinforcing the importance of adherence to Quality System Regulation, Part 820, as a foundation for their operations. This regulation requires manufacturers to validate software used in production or quality systems to ensure medical devices meet specifications.

Greenlight guru’s report MedTech trends

The Challenge of Traditional Validation

Whilst the old CSV model had merits, it also definitely had its limits. For example, the extensive documentation and resources. In addition, there is the maintenance of data integrity after the validation is completed. Often, the amount of work to perform the validation would be a determining factor for whether or not to update the system as well. This created situations where systems were not patched or updated because of the amount of work to revalidate the system. Obviously, this was not the FDA’s intent.

Often, these behaviors would result in:

    • Stress-inducing gaps in documentation during compliance audits.
    • Unresolved questions about system performance due to insufficient testing.
    • Planning issues caused by complex processes and process landscapes.
    • Compromises or lack of system updates due to a shortage of skilled personnel.

The New Norm: Computer Software Assurance

CSA offers a risk-based strategy that allows MedTech organizations to identify foreseeable software failures, evaluate their impact, and tailor our validation activities accordingly. The process involves four key steps:

    1. Identifying the Intended Use: Understanding the role of software in our production and quality systems.
    2. Determining the Risk-Based Approach: Assessing the potential risks associated with software failures.
    3. Selecting Appropriate Assurance Activities: Focusing our resources where the risks are most significant.
    4. Establishing the Appropriate Record: Ensuring compliance with regulations while staying agile.

By applying a risk-based approach, manufacturers can better focus on assurance activities to maintain product quality, align with FDA regulations, and support patient safety. At its core CSA opens the doors to innovation, encourages the adoption of cutting-edge technologies, and still empowers manufacturers to grow.

CSV vs. CSA Differences

Computer System Validation
Barrier to automated solutions, such as Saas or Cloud
Software is validated as if it’s commercial software
Focused on data integrity for audit purposes
Extensive vendor and internal documentation required
Potential for testing errors causes higher risks
Computer Software Assurance
More flexible, and less burdensome for modern technology practices
Different approaches depending upon the system type and risk
Focused on ensuring software is safe and meets intended use
Better supplier qualification and collaboration, which reduces documentation activities
Less testing, which means less human error

Get Support For Computer Software Assurance

SPK is committed to supporting medical device manufacturers to maintain compliance and navigate the new CSA process. We partner with Medtech companies globally to do exactly this every year. Because SPK has worked in the MedTech industry for over 20 years, we have formed partnerships with some of the top eQMS systems in the industry, including Greenlight Guru, MasterControl and others, that are designed specifically for medical device development and compliance. So, if you need support with Computer Software Assurance, contact us here.

Latest White Papers

2023 Global DevSecOps Report

2023 Global DevSecOps Report

Productivity and efficiency are top priorities for many organizations, as seen from the 2023 Global DevSecOps Report. It is no coincidence these two priorities are also the driving forces of DevOps. Explore how businesses utilized DevOps practices to achieve success...

Related Resources

2023 Global DevSecOps Report

2023 Global DevSecOps Report

Productivity and efficiency are top priorities for many organizations, as seen from the 2023 Global DevSecOps Report. It is no coincidence these two priorities are also the driving forces of DevOps. Explore how businesses utilized DevOps practices to achieve success...

A Field Guide to Threat Vectors in the Software Supply Chain

A Field Guide to Threat Vectors in the Software Supply Chain

The software supply chain is made up of many integrated parts, people, and processes. The components range from tools and configurations to code libraries and systems. These components’ goals are developing and delivering software. Unfortunately, risks are high due to...

A Detailed Comparison of PTC Windchill and Siemens Teamcenter

A Detailed Comparison of PTC Windchill and Siemens Teamcenter

Two of the most common enterprise PLM software on the market are PTC Windchill and Siemens Teamcenter  These product lifecycle management solutions have many similarities, but there are a few key differences that may be deciding factors in choosing one. At SPK, we...