The General Principles of Software Validation; Final Guidance (CSV), introduced in 2002 by FDA, is aimed at the validation of the software for medical device quality system and includes all aspects of the software development lifecycle, right from planning, verification, testing, traceability, configuration management, and many other aspects of good software engineering. While recommending the integration of the software life cycle management with risk management, it puts the onus of the quality of the software on the device manufacturer even when it is not developed by them.
As a result, compliance teams are drowning in validation-related work, with a “test everything” mindset. As the Software-as-a-Service model takes root and businesses move towards cloud-based software solutions, the need to test and validate the end-to-end software is also reducing. Therefore, repeating what the software vendor is already taking care of is a waste of time, money and resources.
The FDA’s new Computer Software Assurance or CSA takes cognizance of these changing times and the challenges businesses are facing due to the very demanding CSV requirements. It aims to encourage automation to ease compliance by addressing risks rather than testing everything. By narrowing its focus to CQA and aligning with other international standards such as ISO, it will enable businesses to have an agile implementation environment for rapid deployment and recovery of ROI from their software projects.