CSV vs CSA: Key GAMP® Tips

CSV or CSA? Some companies are still debating which approach is right for them and some are unsure how to begin the transition. Look no further than the GAMP® 5 guide — Kneat’s CSV expert, Amy Wilhite explains in this ISPE webinar.

What You’ll Learn

GAMP® 5 2nd Edition Changes
CSV vs. CSA differences and challenges
How to identify testing gaps
Actionable Steps to transition your process

Release Date

February 19, 2025

Webinar length

60 minutes

Watch on demand

About this webinar

Life sciences validation teams face mounting pressure to move beyond traditional Computer Systems Validation (CSV) toward risk-based Computer Software Assurance (CSA). This ISPE-hosted webinar delivers practical, step-by-step guidance for making that transition. Kneat’s Amy Wilhite and Merck’s Michael Lanasa share real-world strategies, governance models, and lessons learned from a global CSA rollout.

Topics covered

Key changes in GAMP 5 Second Edition and their impact on modern validation
Core differences between CSV and CSA approaches, including documentation burden versus quality focus
Supplier assessment criteria and processes for leveraging vendor test evidence
Risk-based testing strategies: scripted, unscripted, exploratory, and ad hoc methods
Internal SOP and governance updates required to enable CSA adoption
Gap testing: identifying what still requires customer-specific verification
Merck’s global transition from CSV to CSA, including training, roadshows, and metrics collection
Emerging considerations for AI, machine learning, and evolving regulatory guidance

Who should watch

This webinar is essential for validation engineers, quality assurance managers, compliance leads, and IT quality professionals working in pharmaceutical, biotechnology, and medical device organizations. It is especially relevant for teams still operating under traditional CSV frameworks who want a clear path to CSA adoption. Leaders responsible for updating validation SOPs, managing supplier qualification programs, or overseeing commissioning and qualification processes will find immediately applicable guidance. Anyone building a business case for modernizing computer system validation programs should also watch.

Speakers

Senior Process Engineer, Kneat

Amy Wilhite

Amy is a highly experienced validation engineer with a demonstrated history of excellence in the biotechnology industry. She is an expert in laboratory operations, bioprocess manufacturing, and equipment/facility/utility CQV.

Associate Director Global Engineering Solutions, MSD

Michael Lanasa

Michael currently serves as the Associate Director of Global Quality Compliance at Merck, where he is responsible for modernizing and streamlining legacy Quality Management Systems (QMS) and implementing digital solutions for Commissioning, Qualification, and Validation (CQV) processes and CMMS.

Frequently Asked Questions

Does CSA only apply to medical devices?

No. While CSA originated in FDA guidance related to medical device software, the principles apply broadly across life sciences. The speakers confirmed that CSA scales to any regulated system based on intended use and risk. Pharmaceutical, biotechnology, and medical device organizations can all benefit from this approach.

What is the biggest barrier to adopting CSA?

The biggest blocker is typically internal, not regulatory. Organizations often have legacy SOPs that mandate traditional CSV activities, preventing teams from working in risk-based ways. Transitioning to CSA requires updating validation strategies, good documentation practices, supplier assessment criteria, and continuity planning procedures before teams can execute differently.

How does CSA change the way you handle testing?

CSA shifts testing from a one-size-fits-all scripted approach to a risk-stratified model. High-severity and critical parameters still require robust scripted testing. Medium and lower-risk functions use lighter methods such as exploratory testing, day-in-the-life scenarios, and error guessing. The speakers referenced targeting approximately 5% highly scripted testing for the most critical items.

Can you use supplier documentation instead of running your own tests?

Yes, but only when your quality management system includes a documented supplier assessment process. You need clear criteria covering the vendor’s quality practices, development lifecycle, support model, and certifications. Without compliant internal procedures defining how supplier documents are assessed and approved, leveraging vendor evidence introduces risk rather than reducing it.

How do you get leadership buy-in for CSA?

The speakers recommended tying CSA directly to measurable outcomes. Reduced non-value-added effort, faster project startup timelines, and ultimately faster delivery of products to patients resonate with senior management. Merck is actively collecting metrics on savings from its CSA transition, framing the initiative as both a compliance improvement and a cost and schedule benefit.

How does a digital validation platform support the shift to CSA?

A digital platform enables the automated traceability, linked data, and real-time reporting that CSA depends on. Moving from paper to digital is not a copy-and-paste exercise — teams must rethink how they create, link, and execute validation artifacts. Platforms like Kneat Gx support this by centralizing validation data in a compliant, audit-ready environment that aligns with 21 CFR Part 11 and Annex 11 requirements.