Scribd
Upload
20 views22 pages

CSV Main...

Summarises CSV basics

Uploaded by

nagireddy
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
20 views22 pages

CSV Main...

Summarises CSV basics

Uploaded by

nagireddy
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd

TRAINING TOPIC:

Computr System Validation (CSV)

PRESENTATION BY:
VENKATA NAGI
REDDY B.K
DIFFERENCES
Aspect Computer System Validation Computerized System Validation
Validation of systems used in GxP environments Validation of systems used in GxP
Core Meaning
environments
Includes Hardware, software, procedures, people Hardware, software, procedures, people

There is no functional or regulatory difference between “Computer System Validation”


and “Computerized System Validation.”

You may use either term, but “Computerized System Validation” is more technically

aligned with GAMP 5 and regulatory language.


Agenda

• Definition
• Software Validation Vs CSV
• Categorization as per GAMP5
• List of Deliverables
• Test your knowledge
DEFINITIONS &
REGULATIONS
•Definition: CSV is the documented process of ensuring that a computerized system
consistently produces results that meet its intended use in a regulated environment.

Regulations Requiring CSV


•US FDA 21 CFR Part 11 – Electronic records & signatures
•EU Annex 11 – Computerized systems in GMP
•ICH Q9 – Risk management principles
•MHRA, WHO, PIC/S – Global guidance
•Data Integrity Guidance – ALCOA+ principles
C AT E G O R I S AT I O N A S P E R G A M P 5
Category 1: Infrastructure Software
Category 3: Non-Configurable Commercial Off-The-Shelf (COTS)
Category 4: Configurable COTS
Category 5: Bespoke / Custom Applications
Category 1: Infrastructure Software
•Infrastructure software refers to foundational software components that support the operation of application
software but do not directly process or manage GxP data..
•It does not process GxP data itself or apply decision-making logic impacting data integrity or product quality.

•In Simple: Doesn't perform GxP logic. Just supports validated apps.

Example: Windows Server hosting LIMS

Category 3: Non-Configurable Commercial Off-The-Shelf (COTS)


•Commercially available software used “as-is” without any modification or user-specific configuration that changes
the core processing logic.
•The functionality of the software remains consistent and fixed, regardless of who uses it or where it is used.
•Users can only utilize the software’s standard capabilities without altering how it processes or evaluates data

•In simple: Used “as-is”, no config, no logic change

Example: Chromatogram viewer, Audit Trail viewer,


Category 4: Configurable COTS
•Commercially available software that allows user-driven configurations to tailor system behavior, workflows, and
processing logic to align with specific business or GxP requirements.
•The core application code remains unchanged, but the system’s behavior can vary depending on user-configured
settings and workflows

•In Simple: Configured using built-in tools; logic can be changed, but not Code

Empower CDS, LIMS, Track Wise

Category 5: Bespoke / Custom Applications


•Fully customized or bespoke software developed explicitly for a user’s unique business processes, requirements, and
workflows.
•The user, or a contracted developer, determines the application’s design, logic, functionality, and structure to align
precisely with intended use cases.
•In Simple: Fully coded

In-house ERP, custom stability trending app


Category 2 – Firmware (Why It Is Obsolete)
🔸 What is Firmware?
•A permanent software embedded into hardware components.
•Typically stored in ROM/EEPROM.
•Examples: Microcontroller software in instruments like balances, temperature loggers.
🔸 Why Is It Obsolete Now?
1) Confusing and unclear: People found it hard to distinguish between: Category 1 (infrastructure software like OS,
DB).Category 2 (support software).Category 3 (non-configured software).
Created unnecessary complexity during classification.

2) No validation approach difference: There was no practical difference in how Category 2 and 1 or 3 were validated.
For firmware or OS, you only need to confirm correct installation (like Cat 1).For simple utilities, the approach is the
same as Cat 3 (COTS software).
GAMP Category Washing Machine Example

Category 1 (Infrastructure Software) Electric Power Supply to the Washing Machine

Category 3 (Non-configured Product) Simple Washing Machine with Fixed Wash Modes

Category 4 (Configured Product) Programmable Washing Machine with User-Defined Settings

Category 5 (Custom Software) Smart Washing Machine Integrated with Home Automation
Category 1 – Infrastructure Software
Example: Power connection to the washing machine.
 It enables the machine to work but does not perform washing.
 In validation, it is like infrastructure software (OS, database engine).
Category 3 – Non-configured Product
Example: Basic washing machine with fixed wash modes.
 You select “Normal” or “Heavy” mode, press start, it runs its pre-set program.
 No advanced settings, no complex configuration.
 Like standard software used “as-is.”
Category 4 – Configured Product
Example: Washing machine with programmable settings.
 You can set wash time, temperature, spin speed, or save favourite programs.
 Uses built-in logic but user-configured as per need.
 Like LIMS or CDS where workflows are configured before use.
Category 5 – Custom Software
Example: Smart washing machine integrated with your home automation system.
 You control it via mobile app or voice assistant.
 You can program unique routines (e.g., “Wash after 10 PM when power is cheap”), send notifications to your phone,
integrate with your smart meter.
 Fully customized to your environment and needs.
 Like custom-built GMP software systems.
CSV VS SOFTWARE VALIDATION
DESKTOP CONNECTED TO CDS

Aspect Software Validation CSV (Computer System Validation)


Does Word/Excel work? Does CDS Does the entire system (desktop + CDS + storage) work securely
What is checked?
collect and show data correctly? and compliantly under GMP?
Focus Functionality only Functionality + data integrity + security + compliance
Can you type and save reports? Can Are reports protected from unauthorized edits? Is CDS data
Example check
you view chromatograms? traceable and secure? Is there an audit trail?
Output question “Does it work?” “Does it work reliably and compliantly under GMP rules?”
Purpose Basic functionality Regulatory compliance, patient safety, and data integrity
Data Lifecycle Short-term Must ensure long-term retention, traceability
Documentation Owner Usually dev team QA is boss, and users obey
Testing Style “Click it. Looks good!” “ “Here’s 43 test cases for one screen.”
Who Cares? Developers, sometimes QA QA, IT, Regulatory, Auditors, and your job security
Where In R&D Mode In GMP QC Lab
S-O-F-T validation is Simple,
Mnemonic Optional, Flexible, and Test- C-S-V is Critical, Structured, and Verified
based
GAMP 5 VALIDATION DELIVERABLES CATEGORY WISE

..\Desktop\GAMP 5 [Link]
TEST YOUR KNOWLEDGE ON CSV
1) What does CSV mean in real life?
“Computer Says Validate”

2) Have we performed CSV for Balances/pH meter at Our Lab?


..\Desktop\BALANCE [Link]

3) Facebook (Meta Platform) belongs to which GAMP 5 category?

4) Does firmware-only equipment need CSV?


If it affects GxP data, it needs qualification; full CSV may not be needed if there is no data storage.

5) Does Microsoft Excel need CSV?


Yes, if it is used for GxP data calculations, logs, or reports.
7) Is CSV one-time activity?
NO. Validation is a lifecycle approach requiring: Periodic review, Change management, Retesting after updates
impacting GxP.
8) Do digital signatures used for signing GMP documents require CSV?
NO
9) Is Risk assessment required for all GAMP categories
NO

Risk assessment is mandatory to identify and mitigate potential risks for all categories, including infrastructure
software, even if validation effort varies by risk level.
10) Does a system need revalidation after an update or patch?
Yes, if it affects GxP functions.
Impact must be assessed, and partial/full revalidation performed if necessary.

11)Does negative thinking really help?


Controlled “negative thinking” is necessary and beneficial in risk assessment
Example:
For CSV in a lab software:
Normal thinking:
The system will record data correctly.
Negative thinking:

What if:
•The audit trail stops working?
•Users bypass security controls?
•Data becomes corrupted during transfer?
These questions lead to risk identification, after which you can define mitigation measures.
Facebook is not a GAMP 5 application.
Why?
•GAMP 5 applies to GxP-regulated systems used in pharmaceutical, biotech, and medical device
industries.

If you hypothetically apply GAMP 5 categorization:

Facebook would fall under:


•Category 1 – Infrastructure Software (if treated as a platform only, providing connectivity,
messaging, hosting)
• BUT Facebook isn’t typically used to support a validated system in pharma.
•OR Category 3 – Non-configurable COTS
• If used as-is for general communications in a company (still non-GxP, non-validated use).
Thank you

You might also like