The CSA approach is a method to scale the documentation efforts for test activities according to risk associated with the function to be tested. High-Risk functions should be tested more extensively with higher control in a fully scripted test. Low risk functions can be tested more informally with minimal documentation. The basis for the CSA approach is a comprehensive understanding of the process and function as well as the associated risks for the patient or the product. The CSA approach can be applied during the entire computerized system life cycle, including software development as long as the risk are understood and documented.
The CSA principles should be applied to all computer systems involved in manufacturing a medical device (and medicinal products) or the associated quality systems (e.g. ERP, LIMS, etc.). Software that is itself a component of a medical device is explicitly excluded.
The main steps of the CSA approach are:
• Define the Intended Use (at a system and/or function level)
• Define the risk-based approach for assuring the quality of the software
• Define the appropriate testing activities
In all of these steps, the CSA approach emphasizes the need for critical thinking when developing the life-cycle strategy of a computerized system, especially in terms of the scope and depth of the associated testing and documentation activities.