FDA Software Assurance

Information & Understanding. | Software Validation.

Computer Software Assurance (CSA).

Software assurance is a critical FDA requirement for ensuring medical products and their associated manufacturing processes are compliant with relevant FDA regulations. As part of on-going regulation development and improvement, the FDA via the CDRH (Center for Devices and Radiological Health), the CBER (Center for Biologics Evaluation and Research) and the CDER (Center for Drug Evaluation and Research) are developing new software assurance guidance, the “Computer Software Assurance for Manufacturing, Operations and Quality Systems Software”.

The result will be a transition by the FDA from Computer System Validation (CSV) towards Computer Software Assurance (CSA).


Up to the present, Computer System Validation (CSV) has focused on ensuring compliance with the relevant GxP regulations via adherence to applicable standard operating procedures for the software development life cycle and the CSV. With Computer System Validation there is a major focus on documentation. The need for and demands of documentation activities, can hinder and consume resources that should be applied to critically considering the validation that needs to be performed based on appropriate risk-based analysis. With CSA, the focus is on critical thinking, then the quality assurance requirements, then performing testing and finally the need for documentation.

FDA Software Assurance (CSA)

FDA Software Assurance (CSA)

There are the four critical stages associated with Computer Software Assurance (CSA).


Stage 1: Critical Thinking.
What is the intended use of the proposed software? What are the potential safety & quality risks that could arise? What are the features, functions or operations of the software and associated hardware that could result in risks arising? The approach to risk identification & mitigation needs to be clearly understood and defined.


Stage 2: Ensuring Quality Assured Software.
Based on the defined risk processes, those aspects of software operation which pose the greatest risk to safety, quality, functionality are identified and quality assurance processes and controls are put in place to ensure performance to requirements. The quality assurance processes will entail comprehensive validations efforts proportionate to risk.


Stage 3: Testing.
For moderate and low risks features, the validation expectations will be lower. There may be opportunities to use available data from other sources, e.g. supplier provided validations or other supplier data. Ongoing monitoring and or verification may be acceptable. The objective at this stage, is that the focus is firmly on the critical aspects of the software which can impact safety, quality & ongoing reliable operation. Rather than validating all aspects of the software, for the lower risk aspects, are there already available means of performance verification. By saving, time, effort and resources on the lower risk performance characteristics, greater time, effort and re-sources can be focussed on the critical aspects of the software performance. This is key to the thinking behind the move from CSV to SCA.


Stage 4:
The final stage is Documentation. This is still an essential requirement, however, needs to be seen as just creating records which demonstrate that effective and appropriate validation was performed, rather than being the first though to come into the minds of those tasked with planning, managing, performing and assessing a validation. As detailed previously, the level of effort, time and resources applied to a particular validation will have been determined by the potential risks. The greater the safety and quality risks, the greater the validation efforts. In addition to planning and performing validation activity, there remains requirements for defined documentation processes, managed change control procedures, legible, relatively easily retrievable records, etc..
Software Validation Full Details

Information & Understanding. | Software Validation.

      • Agile Development. Extreme Programming. Spiral Validation. Etc..
      • Software Validation explained in an easy to understand, visual, format.
      • Use to inform yourself on the Validation of Software.
      • Information & Understanding   >>>

Information & Understanding. | Medical Devices.

      • Validation. Classification. Regulation. Requirements. Current best practices.
      • FDA cGMP’s, EU MDR’s / MDD’s.
      • Risk Identification. Documentation. DHR’s. DMR’s.
      • Information & Understanding   >>>
Software Systems Assured Verification