PDA Letter Article

Taking a Data-Centric Approach to Computer Systems Validation

by Robin Smallwood, Veeva

Often, an inspector will ask for validation documentation to prove a system is tested and works according to its intended use: Do you pull up an application on a mobile device and drill into the data? Can you provide quick access to the inspector to review relevant documentation? Or do you search for a binder or box with files and folders?

Many companies still use a document-based approach to computer systems validation (CSV). With this method, many store documents, such as executed test scripts and screenshots, are in binders for years to support regulatory agency, vendor, or supplier audits.

Writing test protocols and scripts, gathering requirements from business units, maintaining trace matrices, and executing test scripts on paper can slow down processes and increase risk. In addition, staff loses valuable time downloading and uploading documentation into their quality systems or correcting good distribution product (GDP) mistakes. Validation can span many business units and cross-functional teams, making it much more critical that companies establish a streamlined approach to validation for increased efficiency and improved communication across departments.

The U.S. FDA’s Title 21 Code of Federal Regulation Part 11 provides detailed guidance on CSV to prove that computer systems do precisely what they are designed to do and do it with accuracy and reliability. They encourage the use of technology to support this process. According to the Data Integrity and Compliance with Drug CGMP: Questions and Answers for the Industry, a data-centric approach to validation allows for a more dynamic process. When supported by purpose-built applications, companies can improve validation practices, identify trends, increase efficiency, and reduce human error.

Get to the Data and Solve for Validation, Not Document Management

Document control and management applications are not validation tools. Although they currently serve as a repository for document-heavy validation deliverables, such as validation master plans, requirement specifications, draft and executed test scripts, and trace matrices, trying to use them for validation could be more costly.

While a document management application can help companies with audit readiness and collaboration, it does not provide the functionality to help execute and optimize the entire validation lifecycle. The optimal solution should allow validation teams to maintain a system inventory, create and manage requirements at an object level, execute directly within the application, and automate the trackability matrix. Configuration cannot compensate for missing capabilities; even the most robust customization would not provide a complete data-centric, end-to-end validation solution.

Challenges with a document-based approach can range from the following:

  • Trying to execute manually when working remotely
  • Revising an entire user requirement specification document to update a single requirement
  • Correcting ongoing GDP errors

Again, a document-based strategy wastes valuable time, resources, and mind share that can otherwise be applied to help companies take a more proactive validation approach. Thinking more holistically about critical processes and how a document management system and validation tool can work together is an essential first step to establishing a data-centric approach.

The Path to Data-Centric Validation

A data-centric approach, supported by technology, can enable teams to work with requirements and test scripts on a granular level. With a validation application integrated with the quality management system, teams can start to streamline how discrepancies are handled. They can begin versioning individual requirements and track where each has been tested across systems while gaining visibility into discrepancies logged against them. This approach can provide better insights to help teams think proactively about how they are testing and if adjustments need to be made to the system.

By developing and executing validation processes digitally, the data is unified in one central location. Users can track progress and identify trends to tell a cohesive story across the organization—like when a validation activity is completed due to a change control resulting from a deviation. It is these kinds of insights that can improve compliance long-term.

Centralized validation data enables analysis of how the company is trending against a specific requirement. Gaining visibility into the current status allows teams to pivot and prevent risks. The increased transparency significantly improves validation management by allowing quality teams to proactively identify issues and apply corrective and preventative actions (CAPAs).

Here are seven tips that can enable a shift from paper to digital validation with a data-centric validation approach:

  1. Ensure alignment across stakeholders: Bring in interested parties early into the scoping process to capture key requirements. Regular meetings can help maintain engagement from start to implementation.
  2. Pinpoint areas of improvement: Draw out the existing validation process to see where the pitfalls are. Include computer systems or facilities, utilities, and equipment in this process to flesh out user requirements.
  3. Build governance into the plan: A global team to oversee templated validation content will help maintain alignment. This can also harmonize processes across the organization.
  4. Evaluate digital validation applications: Flexible cloud-based solutions that integrate with quality and document systems can help to scale and keep up with evolving market changes. An application that enables role-based access—for internal staff and third parties, including for partners and suppliers—can deliver on-site and off-site support.
  5. Keep it simple: Incorporating an intuitive user experience and easy-to-digest metrics into systems and processes can drive long-term user adoption.
  6. Schedule user-led process workshops: Understand how a new application will drive validation processes before user acceptance testing. This exercise ensures that the solution will meet existing and future requirements once the configuration is complete.
  7. Prepare for change management: Plan for comprehensive training and support for all employees by providing learning materials to keep staff working within the validation solution. A partner that delivers complete support and training resources is an option to strengthen change management efforts.


A data-centric approach to CSV allows for paperless test execution, inventory and requirements management, test authoring, and seamless reporting. To move toward data-centric validation, organizations must ensure long-term governance and bring on digital tools that can speed processes. Moreover, the shift from paper to data-driven will deliver greater visibility and productivity across the quality organization. With this modern approach, quality teams can provide all data and documents requested by inspectors in just a few clicks. The effort will soon make binders of documentation an artifact of the past.

About the Author

Robin SmallwoodRobin Smallwood is a Manager for Vault Quality and Validation Management Strategy at Veeva. Ms. Smallwood began her career as a Computer Systems Validation Engineer at PSC Software and has hands-on experience driving inspection readiness. Ms. Smallwood graduated from California Baptist University with a Bachelor of Science in chemical engineering.