All You Need to Know About Computer System Validation CSV

All you need to know about computer system validation CSV


What is Computer System Validation (CSV)?

The concept of computer system validation consists of two (2) terms: software validation and hardware validation.

Software Validation

FDA considers software validation to be “confirmation by examination and provision of objective evidence that software specifications conform to user needs and intended uses, and that the particular requirements implemented through software can be consistently fulfilled.” Read more information.

When is Required a Computer System Validation CSV?


The CSV is required whenever software is used to design, develop, or manufacture medical devices, pharmaceuticals, or GMP products.  Read more information.

The Top ten (10) Computer System Validation Deliverables

Determine the validation deliverable and testing requirements based on the application category risk value, for each application functionality.  Read more information.

What is the Design Qualification?

The design qualification is a set of documents intended to demonstrates that the proposed design (or the existing design for an off-the-shelf item) will satisfy all the requirements that are defined and detailed in the User Requirements Specification (URS) by the end-user or client. Read more information.

What is the Requirement Document URS?

A requirement can be any need or expectation for a system or for its software. Read more information.

What is the Specification Document FRS?

A specification is defined as “a document that states requirements.” (See 21 CFR §820.3(y).) It may refer to or include drawings, patterns, or other relevant documents and usually indicates the means and the criteria whereby conformity with the requirement can be checked.  Read more information.

What is the Software Confidence Level?

Software validation is difficult because testing can be forever, and it is hard to know how much evidence is enough.  Therefore, software validation is a matter of developing a “level of confidence” that the device or system meets all requirements and user expectations for the software automated functions and features of the device. Read more information.

What is a GAMP Software Risk Category?

In computer system validation, risk Analysis criteria of errors or faults applicable in a particular category of software application functionality are described as low, middle-low, moderate, and high.  Read more information.

What is a GAMP Risk Categories of Hardware?

Hardware Category 1 – Standard Hardware Components- low risk

The majority of the hardware used by regulated companies will fall into this category.

Hardware Category 2 – Custom Built Hardware Components – high risk

Custom items of hardware should have a Design Specification (DS) and be subjected to acceptance testing.  Read more information.

What is a Risk-Based Validation Approach – Priority Level?

A risk-based validation approach for each functional category can be established once the risk assessments for individual functional items from the URS have been determined as high, medium, and low. Read more information.

What Types of Testing Exist?

The types of testing that should be considered when developing the test strategy are White Box Testing and Black Box TestingRead more information.

What are Test Scripts/Cases?

Test scripts should contain the details of the tests. The test script should be described in sufficient detail to enable the consistent repetition of the test.  Read more information

How Many Test Environments Exist?

The test strategy should consider and define the scenario required for testing. Testing may take place in different environments or locations during a project, which may include: the development environment, testing environment, and operational environmentRead more information.

How to Prepare a Computer System Validation Protocol?

The CSV protocol may include some common sections and information, (as applicable).  Read more information



For more details on specific FDA expectations and how to perform a Computer System Validation, follow us.

validation templates online

Three (3) Options to Create a Computer System Validation Protocol:

Option 1. You Can Create a CSV Protocol, using a Template.

You can download samples of the validation templates in .pdf format. 

To see the complete list of the most popular validation templates, click here.

In addition, you can request a quotation to buy online a full validation template document in MS Word format that is completely editable, ready to fill and adapt to your needs.

Option 2. We Can Bring You a Formal Training on How to Perform Computer System Validation Using Our Template(s).

This option is recommended if you want to learn more about how to build a robust validation protocol. One of our expert(s) will provide online step-by-step training to your team (unlimited assistance) on how to build a reliable validation protocol using a template. You can improve your corporate validation procedures and policies incorporating our template sections.  It includes the template, an exam, and a training certificate for each assistant.  Request a quote now.

Option 3. We Can Create a Customized Computer System Validation Protocol.

One of our expert(s) will create and prepare for you a customized validation protocol with the inputs and specific information of your company. It may include, online support in document creation, execution, or final reporting, Request a quote online.


References: Computer System Validation


Food and Drug Administration References

  1. Glossary of Computerized System and Software Development Terminology (Division of Field Investigations, Office of Regional Operations, Office of Regulatory Affairs, FDA 1995)
  2. General Principles of Software Validation; Final Guidance for Industry and FDA Staff (FDA, Center for Devices and Radiological Health, Center for Biologics Evaluation and Research, 2002)
  3. Guidance for Industry, FDA Reviewers, and Compliance on Off-The-Shelf Software Use in Medical Devices (FDA, Center for Devices and Radiological Health, 1999)
  4. Pharmaceutical CGMPs for the 21st Century: A Risk-Based Approach; A Science and Risk-Based Approach to Product Quality Regulation Incorporating an Integrated Quality Systems ApproachExternal Link Disclaimer (FDA 2002)
  5. httpss://
  6. httpss://

Industry References

  1. The Good Automated Manufacturing Practice (GAMP) Guide for Validation of Automated Systems, GAMP 4 (ISPE/GAMP Forum, 2001) (
  2. ISO/IEC 17799:2000 (BS 7799:2000) Information technology – Code of practice for information security management (ISO/IEC, 2000)
  3. ISO 14971:2002 Medical Devices- Application of risk management to medical devices (ISO, 2001)
Picture of Ramon Cayuela, MS, BS, Chemical Engineering

Ramon Cayuela, MS, BS, Chemical Engineering

CIQA President and CEO.
I've been working in validation engineering since 1992 with many multinational pharmaceutical companies. I love sharing my passion and knowledge with others. If you have any questions about anything (or just have general questions). I will be more than happy to assist you. You can count on the BEST customer service on CIQA. I go to great lengths to make sure my clients are 100% satisfied with their purchases and check emails/messages consistently throughout the day. You can rest assured that everything being sold here is as-described or your money back. I look forward to working with you!