Is your cloud app FDA CSA Ready?

FDA’s CDRH is planning on releasing a guidance on Computer Software Assurance (CSA) for Manufacturing, Operations, and Quality System Software in 2020 (applicable to non-product CSV only). Currently, it is on their “A” list. There has been a lot of industry chatter about this particular guidance related to computer validation. Everyone is eager to know about FDA’s current position on computer validation. So much has changed in the last two decades and we still don’t know what FDA’s current thinking is when it comes to the “cloud”. FDA has surely managed to keep us behind a “dark cloud”!

“the medtech industry’s high focus on meeting regulatory requirements versus adopting best quality practices has the potential to increase risk to patients. This compliance-centric approach has resulted in quality issues and has hampered innovation in manufacturing and product development practices. Additionally, this single-mindedness has led to low rates of investment in automation and digital technologies.”
— Francisco (Cisco) Vicenty, Case for Quality at FDA’s CDRH

What are key takeaways?

2019-10-30_17-03-31.png

How do I know if my validation program is in sync with FDA’s CSA?

Let us take a short quiz.

  1. Do you review the Release Notes for every new release and then try to decipher the cryptic notes by the vendor?

  2. Do you selectively run regression tests and not the complete suite of tests with every release or patch?

  3. Do you manually execute your tests?

  4. Do you measure the impact of your validation on increasing software quality?

    If your answer is 1-YES, 2-YES, 3-YES and 4-NO, your program is stuck in the past.

What are the best practices to be in sync with FDA CSA?

  1. Embrace a “no paper” approach to validation soaked in automation. This is possible only if you adopt a sensible test automation framework which not only saves time but can increase your software assurance by a factor of 10X or more. With this, you can run your entire regression suite in minutes on a continuous basis.

  2. Build your test cases into the coding environment so that there is a direct traceability between the test scenarios and the test automation code (for example the Gherkins framework).

  3. Adopt a pipeline based test deployment framework with built-in approvals. Such a framework can easily plug into your DevOps and provide all the audit trails to track every step in every run.

  4. Analyze the historical run data to see what the software validation scores are with every release.

Want to see the best practices in action? Join us on Nov 14th @ 2 PM EST for a webinar with our partner AODocs. See how a modern Google Cloud native QMS is delivered using continuous validation.

PostNagesh NamaFDA's CSA, FDA GuidanceComment