Computer Software Assurance (CSA)

CSA framework overview

The FDA CSA draft guidance (2022) provides a risk-based approach to assuring computer software quality. CSA is most applicable to non-product software and low-risk product software.

CSA risk assessment

The CSA risk assessment determines the appropriate assurance activities based on the intended use, the patient impact, the process impact, and the system complexity.

CSA assurance activities

CSA assurance activities include unscripted testing, scripted testing (for high-risk only), critical thinking by the assurance team, and the appropriate documentation.

CSA to CSV transition

Many clients are transitioning from CSV to CSA for new systems. The practice helps clients adopt CSA where appropriate, with the appropriate risk-based justification.

How to use this page

Use this Computer Software Assurance (CSA) page as a planning checkpoint before vendor selection, architecture review, validation scoping or implementation sequencing. The strongest next step is to compare the guidance with your current SOPs, system inventory, batch records, data flows and QA review routines so the discussion starts from evidence instead of assumptions.

Evidence to prepare

For Computer Software Assurance (CSA), prepare the records, owners, risks and decision criteria linked to csa framework overview, csa risk assessment, csa assurance activities, csa to csv transition. Useful evidence includes current process maps, interface lists, audit trail expectations, exception workflows, data retention rules and the business reason for changing the current operating model.

Frequently asked questions