Computer System Validation: Shifting to Quality-Based Computer System Assurance

All computerized systems that impact GxP processes (such as manufacturing, packaging, testing, storage and distribution of products) must be validated. It includes everything from local Programmable Logic Controllers used to control equipment to complex standalone systems such as LIMS and document management systems. A shift from compliance-based validation to quality-based computer system assurance is underway. 


Computer system validation involves a thorough analysis and evaluation of software or IT infrastructure to ensure it meets the specific requirements for its intended purpose. A well-executed computer system validation project ensures that your IT systems work as they should – not in ways they weren’t designed to. However, it’s important to note that not all IT systems require validation. For example, a commercial operating system doesn’t need to be validated because its manufacturers already test it from a design perspective. However, other methods, such as laboratory management, quality control systems, antivirus, or firewalls, must be validated. The good news is the GAMP 5 guidance is here to remove many of the barriers standing in the way of regulated businesses and the innovative, agile approach to computer system adoption already outlined in this new Good Practice Guide. Learn how to take advantage of this new guidance and get the best results from your IT vendors.


A computer system is any system, software or hardware that performs tasks to convert input elements into output elements. A system can include a computer, hardware, software and other peripherals. The system validation process involves a documented series of activities demonstrating that the computerized system does exactly what it is designed to do in ways intended to be used (suitability for use). This book provides practical guidance on planning a system validation project, identifying the documentary base required and selecting a validation strategy. It identifies the roles and responsibilities of those involved in a validation project. It is based on the best practices recommended in GAMP 5 and offers detailed examples of applying the principles suggested herein.

The book’s emphasis is on design and the concepts of systems engineering. It identifies the abstractions common to networking, operating systems, transaction systems, distributed systems, architecture and software engineering. It explains how these abstractions are implemented, demonstrates their application in different systems, and prepares the reader to develop their designs. It is especially useful for students in Operating Systems, Distributed Systems and Computer Systems Design courses and professional computer systems designers. 


Computer system validation requires regulated businesses to demonstrate that the digital tools used in the life sciences industry perform correctly. It helps reduce errors impacting process and data integrity while reducing long-term system and project costs. Regulatory authorities like the FDA have clear expectations about the quality and accuracy of systems used in the life science industries. These include seeking streamlined and automated processes that reduce human error and speed up product development, production, quality assurance, and distribution. These systems help patients receive the necessary medication or device quickly and safely.

A computerized system must be validated to show that it can do the work contemplated for it consistently and reproducibly (suitability to use). This evaluation is carried out using documented procedures and robust evidence. Generally, a computerized system must be validated for each designed purpose, even when the uses are not directly related to GxP compliance.

Before installing the computer system, it must go through design qualification. It includes comparing the actual configuration of the system with its requirements. For example, the size of the hard disk and RAM must be verified along with the version of the operating software. Additionally, the system should be equipped with a compatible monitor and printer.


Computer system validation involves establishing and maintaining documented control over the software. It is accomplished by creating an ongoing process that identifies potential issues and provides corrective action. The goal is to maintain a computer system that is operationally fit for use and is continually validated by the company’s quality management policy. Characterizing the computerized system’s process is crucial to determining the scope and strategy for CSV. This step should be addressed and can lead to an efficient, costly and time-consuming CSV process.

A regulated laboratory has many processes that must be controlled to demonstrate good manufacturing practice (GMP) compliance. The most important of these processes is the computer system that controls production, quality assurance and other medical device or pharmaceutical product aspects.

A regulated company must focus on best practices, continuous improvement in computer systems, and meeting FDA regulatory compliance requirements. Many regulated companies are turning to new computer system validation guidelines, like those in GAMP 5 and ISPE’s Best Practice Guides, to replace the traditional, stressful, self-inflicted straitjacket of compliance-based computer systems validation actions with measured, sensible, quality-based computer system assurance actions. This approach is called CSA (Computer Software Assurance). Rather than an arduous, restrictive and expensive exercise in compliance, CSA is meant to empower a business to embrace modern computerized systems with the same flexibility and innovation they have for their physical plant and equipment.

Leave comment

Your email address will not be published. Required fields are marked with *.