We are regularly approached to support Computer Systems Validation (CSV) exercises on projects for end-clients and suppliers to the lifesciences industries. The notes below are to provide you with an overview of the information we will require to complete a full and thorough review of the CSV scope; this information is normally provided after competing a Non-Disclosure Agreeement (NDA) which we can provide if you don’t have your own pro-forma.


Performing a full review/gap analysis of the Computer Systems Validation lifecycle deliverables and supporting activities for the equipment/software system in scope requires:

  • a copy of your validation policy/procedures.
  • a copy of the project validation master plan/validation plan if you have one.
  • a copy of the User Requirements Specification(s) for the system in scope (if available); if you don’t have one, please provide an overview of the system, the GxP functions it will perform or monitor, expected users, basic hardware and software architecture, expected data collection and storage, and expected outputs (reports, etc) used to support product release/manufacturing operations.
  • details of your configuration management, change control, document management procedures.
  • a copy of the validation and design documents (by you or your supplier(s)) produced for the project (if any).
  • details of your company’s minimum security access control requirements.
  • details of any disaster recovery planning related to the system in scope.
  • details of your supplier assessment process (general company and as part of your validation policy).


Performing a full review/gap analysis of your Computer Systems Validation lifecycle and supporting activities (supplier assessment, infrastructure qualification, disaster recovery, data integrity policies, etc)  for your equipment/software system as a product to lifesciences end-clients requires:

  • clarification whether you wish to validate your software/system or whether you only wish to support validation exercises that are the responsibility of your customers (lifesciences end-clients).
  • a copy of your Quality Manual/Quality Management System (detailing regulatory compliance requirements and references, linked to your validation policy and product inventory).
  • a copy of your validation policy/procedures.
  • a copy of your validation master plan if you have one.
  • a copy of the design documentation/standard manuals/ functional/requirements specification(s) for your product(s).
  • details of your product software design lifecycle (eg Agile or waterfall), the tools you use to manage the product delivery, configuration management, change control, design documentation, generation of user manuals, etc, and how you integrate the risk-based CSV lifecycle into this.
  • a copy of the validation and design documents produced for your products (if any).
    details of your security access controls (company and product), project specific configuration and data management, network architecture/management (company and product), disaster recovery policy/test records, business continuity planning, and summary of all outsourcing used.
  • details of any risk management processes you use.
  • details of your supplier assessment process.
  • details of product audit trail functionality.
  • details of product electronic signatures functionality.
  • details of product data management functionality (including report configuration, formatting, generation and storage).

For more information or to discuss any support you need in validating your equipment or software systems, contact us using the information in the footer of this page.


Comments are closed.