Computerized Systems Validation (CSV) Part 8
Quality Assurance - CSV - Software Validation - SDLC
Testing is a whole subject in itself. In this blog post, we will mainly focus on how to make testing in computer systems validation as smooth as possible.
Process
The testing process in general consists of the following stages
- planning
- scripting
- execution
- review
- reporting
Risk-based approach
The main questions for testing during computer systems validation are what to test, how much to test and especially how much to document and if supplier testing can be leveraged. The input for what to test should come from the requirements specification, risk assessment and supplier assessment. It is true that authorities have been adopting a more open attitude towards agile approaches for software development and testing. However, the GXP regulations and data integrity concepts are still the same and the risks of adopting a more agile approach should be assessed and documented. Not all testing has to be scripted step by step in detail and pre-approved. It is not forbidden to use tools to automate the testing process but if you just blindly mimic whatever your software supplier does as we often see, this could put you at odds with regulations.
Supplier testing
Software suppliers are quick to say that their software is validated or their software is GXP compliant. There is a difference between testing that the software works and providing evidence that it is fit for intended use. The latter is in the end the responsibility of the regulated company and not the supplier. If you have done your assessments properly early on then you should be standing on firm grounds to leverage the test efforts of your supplier so that you can focus on what matters most to your own processes during your own validation testing.
Conclusion
For many years authorities have been encouraging a risk-based approach for validation testing. However, the recent move towards agile does not mean accepting or even doing whatever your software supplier does. Recent guidance documents from regulatory authorities and industry experts do provide more concrete examples. Contact us for a free first consultation session.