The FDA announced that in September 2020 it will release guidance on Computer Software Assurance (CSA). This document is intended to help industry understand the Computer System Validation (CSV) requirements of 21 CFR Part 11; Electronic Records and Signatures that was promulgated in 1997. CSA uses the risk-based approach to identify process steps and software functions that are critical to ensuring safety and quality. Validation documentation will focus on specifications that define the configuration settings and process steps related to the specific intended use of the software by the users. The users will analyze the specifications for risks and update the specifications with software functions that mitigate that risk. The users will then focus testing on those critical software functions.
This new approach is not new at all. The 10-step Risk-Based approach does exactly what Computer Software Assurance requires. My latest book, Software as a Service (SaaS) Risk-Based Validation With Time-Saving Templates, provides an easy to follow set of templates to document requirements, specifications, risk-assessment, and testing.