1-888-310-4540 (main) / 1-888-707-6150 (support) info@spkaa.com
Select Page

How To Complete Computer Systems Validation (FDA)

How-To-Complete-Computer-Systems-Validation-FDA- featured image
Published by Edwin Chung
on June 14, 2022

What is Computer Systems Validation (CSV)? Additionally, why does the Food & Drug Administration (FDA) require them for the Medical Device industry? More importantly, how can CSVs be efficiently completed and managed?

Let’s explore why you can’t skip that time-consuming CSV and where to get the help you need quickly.

What is Computer Systems Validation (FDA)?

Computer Systems Validation is a process intended to protect patients and ensure product safety. Furthermore, it is a way for the FDA to ensure thorough auditing is completed for any software used to within the products or to create the products and, ultimately, to ensure organizations have patient care at the heart of their design.

Clearly, when someone’s life depends on a device it needs to have received all the seals of approval, and ensure no product failure or recall is needed. Therefore, it is also important to prevent long-term brand damage for the MedTech company designing the products. Also, the validation of computer systems and software used to design the products (e.g. SolidWorks), ensures all-round protection for patients, products and the designing brand.

CSVs are required by the US Food Drug and Administration Agency (FDA)  for any computer systems (applications, etc.) used in the product design process to assure quality.

Why Is Computer Systems Validation (FDA) required? 

Sometimes, Computer System Validations (FDA)  can be seen as a distraction to other “meaningful” work. Engineers in organizations dread the number of hours this process can take. However, failing to complete CSVs effectively can lead to more than a slap on the wrist from the FDA. It is critical that these are completed accurately. Computer System Validations are the mandatory and indestructible audit trail that the Food and Drug Administration (FDA) considers to be applicable to:

  1. the validation of medical device software or,
  2. the validation of software (systems) used to design, develop, or manufacture medical devices.

Completing validations ensures accuracy, integrity, effectiveness and, ultimately, safety.

Do I Need To Complete A Computer System Validation?

If you are completing any of the following within your organization, you must complete a Computer Systems Validation.

  • Designing, developing and/or running clinical trials
  • Manufacturing, packaging and labeling medical devices
  • Storing and distributing medical device products
  • Installing and servicing medical devices

Additionally, the products that require a complete CSV include pharmaceuticals, biologics, human cell and tissue products, medical devices and infant formula.

What Are The US Requirements For CSVs?

The Code of Federal Regulations – Food and Drug, Title 21 requires validation for the following:

    • 21 CFR 11, Electronic Records; Electronic Signatures – requires validation for all FDA-regulated industries. 
    • 21 CFR 820, Quality System Regulation – applies to Medical Device makers, requiring validation of software within medical devices. It also requires validation of software and systems used in making devices and managing the quality programs associated with making devices.
    • 21 CFR 211, cGMP for Finished Pharmaceuticals and 21 CFR 1271, Human Cells, Tissues, and Cellular and Tissue-based Products – Part 211 applies to pharmaceutical manufacturers; the FDA has enforced validation for pharmaceutical manufacturers via Warning Letters. Part 1271 also requires validation and applies to companies that produce cell and tissue products.
    • 21 CFR 106, Infant Formula Requirementsapplies to Infant formula manufacturers. It contains the same verification terminology as the Pharma regulation, but it also specifies that companies need to validate their systems. Additionally, Part 106 requires infant formula companies to revalidate upon modification.

What Happens If You Don’t Complete CSVs?

Whilst completing CSVs can be time-consuming, failure to comply will result in formal warning letters from FDA investigators. 

Moreover, regulatory agencies have tools at their disposal from a warning letter to seizing products, import restrictions, disqualification of clinical investigators and even criminal prosecution. 

Avoiding completing CSVs is not worthwhile for any reputable Medical Device company.

How Can Computer Systems Validation FDA Be Completed Effectively?

CSVs typically take a long time, and are not done well. They can also be difficult and time-consuming to keep up to date. Here are a few tips to keep on top of CSV completion.

Avoid Warning Letters

Whilst completing CSVs can be time-consuming, failure to comply will result in formal warning letters from FDA investigators who often cite issues with respect to “intended use” and other aspects of Title 21 CFR 820.

Check out this blog for more information on how to avoid a warning letter with respect to “intended use” and other aspects of Title 21 CFR 820.

Familiarize Yourself With The Controls Required. 

  1. Data should be stored in electronic format and can be archived. Electronic records should be as trustworthy as paper records.
  2. The system must ensure that electronic signatures are as trustworthy and secure as handwritten signatures.
  3. A password masking facility should be available in the system.
  4. Password complexity should be required i.e. password should be of minimum character length, etc.  Previous passwords can’t be re-used.
  5. Screen lock should trigger after a defined period of time.
  6. Only authorized people can use the system.
  7. The system should have different access levels based on the criticality of the system.
  8. The system must be able to generate an audit trail. i.e. every activity stored in the system – such as who, when, and what – should be captured. 

Familiarize Yourself With The Stages and Sub-Stages Of GAMP® 5 .

Medical Device and Pharmaceutical companies most commonly follow the GAMP® 5 guidelines. This breaks the process down into its life cycle phases. 

According to the GAMP, there are four life cycle phases in a computer system. Each phase contains a number of individual activities. 

In order, these phases are:

  1. Concept – a high-level overview of the system and design considerations
  2. Project – detailed description of the system and objectives
  3. Operation – how the system will be managed during operations
  4. Retirement – how to retire the system

There are also a number of sub-stages within each category.

Engage with an expert 

Experts like SPK & Associates have decades of experience supporting the MedTech industry to complete CSVs. 

Over this time, we have developed templates for quality system applications that we can efficiently leverage, which drive several months’ worth of work down to a month. We recently completed a successful CSV of SolidWorks for our industry-leading Med Device client Check out the full case study here.

Conclusion

“What is Computer Systems Validation?” and “How do we complete them effectively?” are common queries for many companies in the MedTech industry.

Indeed, CSVs are a complex and time-consuming task. However, they are critical to protecting the patient and the organization designing the product.

Computer Systems Validation is a regulatory requirement by the FDA which can complete an audit at any given time. Nevertheless, companies who have failed to complete CSVs showing their systems and software comply are at risk of anything from a warning letter to product seizure and even prosecution.

Completing CSVs efficiently requires expertise. It can sometimes take several months to complete this process. Experts like SPK & Associates can review completing your CSVs in far less time like we did for this client whilst allowing you to focus on your everyday operations. Contact us to get your CSVs sorted.

Latest White Papers

Atlassian Cloud: Understanding Zero Trust Security

Atlassian Cloud: Understanding Zero Trust Security

Where To Start & Why It Matters What is the Atlassian Cloud Zero Trust Security model? Well, for decades, enterprise security controls were built to protect a large, single perimeter around a corporation. Often described as castle-and-moat security, This approach...

Related Resources

Use Nessus To Harden Your Cybersecurity

Use Nessus To Harden Your Cybersecurity

Cybersecurity should be baked into the onset of IT and product development processes. Additionally, treating cybersecurity as an afterthought opens your organization up to vulnerabilities and risk. Therefore hardening your IT product cybersecurity with a tool like...

Why Process Automation Is Critical For Engineering

Why Process Automation Is Critical For Engineering

Process automation releases your engineers for the work their brains are intended for. That work is creativity and problem-solving.  By implementing process automation, you improve the team’s morale. Firstly, they get more focus time for deep work and designing better...

Single Pane of Glass Dashboards: What are they?

Single Pane of Glass Dashboards: What are they?

There’s simply too much information.  We all know this.  So how can the “single pane of glass” (SPOG) dashboard simplify quantitative data? And why is data driven analytics of interest to companies? Every day, more data arrives in our inbox – text messages, reports,...