The traditional approach to software validation in life sciences—Computer System Validation (CSV)—often leads to delays, inflated costs, and inefficiencies that hinder innovation. In 2022, the FDA introduced its draft guidance on Computer Software Assurance (CSA), advocating a more flexible, risk-based alternative. This shift allows organizations to prioritize risk and impact, focusing validation efforts where they matter most—on patient safety and product quality.
So how are companies adapting?
At our 2024 EU MedTech Summit, 40% of attendees indicated they still needed clarity on the CSA guidance, highlighting that it is a new and evolving approach for many organizations.
Dave Hohler, senior director of business systems operations at Glaukos, leads global technology transformations to align business and technology needs. For Glaukos, CSA was an opportunity to move beyond the bottlenecks of CSV. Hohler explained, “CSV was a significant delay and cost. We needed a more agile process to support our speed to market.” CSA offered the flexibility needed to streamline software validation.
Hayden Atkinson, global enterprise systems compliance manager and global RAQA process lead at CooperVision, oversees compliance for all of the company’s systems. With CooperVision already using the GAMP-5 framework—a risk-based validation approach—transitioning to CSA was relatively smooth. Atkinson noted, “The change was minimal because CSA aligns closely with GAMP-5 principles.”
CSA requires more than process changes—it demands a mindset and cultural shift within organizations.
A key component of this shift is fostering critical thinking. CSA is not just about following guidelines; it’s about interpreting them in context, assessing risks, and making informed decisions. Teams must move beyond a checklist mentality to think critically about risk levels and testing strategies.
Glaukos and CooperVision began by developing clear SOPs and training programs. Hohler emphasized, “The first thing you do is lay out an SOP and develop a training program that helps people think critically. The first nine months are challenging, but once decisions are documented, you can rely on them.”
CooperVision, similarly, integrated risk-based training that was aligned with GAMP-5. Atkinson explained, “For high-risk systems, continuous risk assessment and multiple viewpoints are essential to drive critical thinking.”
Both companies stressed the need for consistent effort and patience. Over time, decision documentation helped build confidence in the CSA approach, ensuring smoother implementation.
One of the common challenges the companies faced was resistance to change, particularly from teams accustomed to traditional validation methods. Both Glaukos and CooperVision emphasized the importance of training to support the risk-based mindset. Glaukos focused on critical thinking and risk evaluation, while CooperVision prioritized continuous risk assessment.
Another hurdle was the uncertainty surrounding the FDA’s CSA guidance, which remains in draft form. “No one can predict what the FDA is going to do. It could be in draft for the next ten years,” Hohler remarked. Despite this uncertainty, both companies chose to move forward with CSA, consulting with industry experts and the FDA for guidance. Hohler added, “CSA is built on GAMP-5, a widely accepted framework, so there’s no reason to delay.”
Managing software updates, especially vendor-supplied patches, also proved to be a shared challenge. Instead of tracking every version, both companies focused on testing the actual code changes, reducing the burden of monitoring each update.
“With CSA, we’re more comfortable with patch management, and we’ve reduced validation costs by 40-50%. It’s made a big difference in terms of time and resources.” – Dave Hohler, Sr. Dir., Business Systems Ops., Glaukos
CSA’s greatest advantage is reducing the time and cost of software validation.
For Glaukos, CSV caused delays of up to three months for simple projects. Hohler noted, “With CSA, we’re more comfortable with patch management, and we’ve reduced validation costs by 40-50%. It’s made a big difference in terms of time and resources.”
At CooperVision, CSA allowed the company to focus on high-risk systems, particularly those affecting patient safety. Atkinson explained, “The ability to leverage vendor testing means we don’t duplicate efforts, saving both time and resources.” This approach sped up project timelines and improved overall efficiency.
Drawing from their experiences, Glaukos and CooperVision shared several key takeaways for companies looking to implement CSA:
CSA offers companies the opportunity to modernize software validation, reducing costs and speeding time to market. By adopting a risk-based approach, organizations can allocate resources effectively and prioritize high-risk areas.
Selecting the right software partners plays a crucial role in the success of CSA. Companies that conduct thorough risk assessments and testing can significantly ease the implementation process. As Hohler pointed out, “The key is to minimize customization, especially in SaaS environments. Relying on vendor testing rather than duplicating efforts can significantly reduce risk and ensure smoother deployments.”
Embracing CSA, combined with strategic partner choices, helps companies achieve faster, more cost-effective software validation, improving time-to-market and patient safety.
Learn more about how Glaukos drives operational efficiencies by bridging the gap between business and IT.