What You Need to Know About CSV in Pharma

On December 15, 2021

What is CSV? Let’s start at the beginning: Computer System Validation (CSV), as defined by the U.S Food and Drug Administration (FDA), is the confirmation by examination and provision of objective evidence that software specifications conform to user needs and intended uses, and that requirements implemented through software can be consistently fulfilled.

What is the purpose of CSV?

CSV is the FDA’s response to an increasingly growing demand from pharmaceutical industries to use paperless systems and to prevent falsification and misinterpretation while ensuring security (preserving and protecting recorded data throughout its legal retention period), authenticity, integrity, and confidentiality. Companies also benefit by reducing compliance risks and discovering system defects before a particular system goes live.

CSV Regulations

CSV is required by the FDA, and other global regulatory bodies, for any company that manufactures drugs and medical devices (certain classes depending on levels or risks). Software manufacturers will likely validate their software to document that it is working as designed and is fit for its intended use, as it may be a demand from their life science customers.

In short, CSV is a big deal, and it’s a service AX for Pharma is proud to offer clients.

How does AX for Pharma help you comply with CSV?

Based on the International Society for Pharmaceutical Engineering’s (ISPE) Good Automated Manufacturing Practice (GAMP-5) principles, AX for Pharma achieves and maintains compliance with applicable GxP regulations and fitness for intended use through the adoption of principles, approaches, and life cycle activities within the framework of validation plans and reports.

The level of documentation required is typically addressed through adherence to the GAMP-5 V-model:


GAMP 5 V-model

Figure 1: GAMP 5 V-model, highlighting the documentation that is required based on the applicable category, where Category 1 is tied to Infrastructure software, Category 3 is non configurable software, Category 4 is configured software, and Category 5 is custom software.


  1. Create a Validation Plan

    1. This is a document that is produced to define the validation approach and describes the required activities, acceptance criteria, and list of the deliverables and responsibilities.
  2. Define User Requirements Specifications (URS)

    1. The URS defines clearly and precisely what the user wants the system to do and what attributes it should have. Additionally, it describes any non-functional requirements and constraints. It should be driven by the business process needs and include requirements related to patient safety, product quality, and data integrity.
  3. Specify Functional Specifications (FS)

    1. The FS defines the full system functionality including how the user and business requirements are satisfied. It is the basis for the system design, customization, development, and testing.
  4. Outline Design Specifications (DS) / Configurations Specifications (CS)

    1. Based on the type of system, these specifications, if needed, provide a detailed, technical expansion of the FS.
      • The DS is the activity that involves both hardware and software as a combined document.
      • The CS details the configuration parameters and how these settings address the requirements in the URS.
  5. Write IQ/OQ/PQ Tests Scripts

    1. Installation Qualification (IQ): The process of validating that the system is successfully installed according to specifications and requirements on the specified environment.
    2. Operational Qualification (OQ): The process of validating that the system is operating as intended and that requirements are verified/tested against the FS document.
    3. Performance Qualification (PQ): The process of validating that the system is performing satisfactorily for its intended purpose and that requirements are verified/tested against the URS document.
  6. Create Validation Summary Report

    1. This document summarizes the activities carried out during the project, describes deviations with justifications from the validation plan, lists any limitations or restrictions on use, summarizes any incidents, and details any outstanding and corrective actions.
  7. Maintain System Release Documentation

    1. Once the system has been accepted and released for use, there is a need to maintain compliance and fitness for the intended use throughout its operational life. This is achieved by using up-to-date documented procedures and training that cover use, maintenance, and management in activities such as:
      • Security and System Administration
      • Change Management Process
      • Backup and Restore
      • Periodic Review
      • Data Archival and Retrieval

CSV is required when the system is configured with new functionalities or changes (such as upgrades, new releases, patches, extensions, and so on) are made in the validated system. While CSV may seem overwhelming, it doesn’t need to be as AX for Pharma is here to help. Contact us today to learn more.