Although the above statement is intentionally somewhat provocative, it does hold a degree of truth. Organizations that are generally negative toward regulations and their Quality Management System (QMS) are often the very ones burdened with the most complicated and inefficient QMS. So, which came first, the negativity, or the overly burdensome QMS? 

An unnecessarily complex QMS is sometimes a symptom of limited understanding, insufficient knowledge, or a general lack of acceptance of regulatory requirements in the organization. Excessive procedures are also often introduced because the organization lacks confidence that employees will actually follow them. This leads to employees following them even less. Another frequent issue is that operating procedures are developed without input from those who actually perform the work, resulting in processes that do not align with the actual needs.

So, what is the key to success?

The first and most crucial step—highlighted in every regulation—is the commitment of top management. If the CEO views “quality” as just another cost and the sole responsibility of the Quality Department, the path to success will be long and difficult, if not impossible. Moreover, top management’s involvement must be visible in practice, not just in words. Actions speak louder than words, and the importance of this cannot be overstated.

A key aspect of this commitment is ensuring that all staff, including the CEO, receive quality and regulatory training. Depending on the organization, training can be tailored in various ways. For larger organizations, a general training session for all staff, followed by more specific, department-focused sessions, can be particularly effective. This approach allows each department to delve deeper into areas most relevant to their work and address their specific questions. Undoubtedly, the CEO’s participation in quality training is not only a requirement but also sends a powerful message to employees about its importance.

Another important step to get acceptance and commitment to the QMS is to encourage process owners to take part in developing and updating Standard Operating Procedures (SOPs). Importantly, the Quality team needs to be flexible, supportive, and should avoid rigidly enforcing regulatory requirements. The goal is to ensure alignment with the intent of the regulation, rather than rigidly enforcing a single interpretation. The process owners’ proposals might almost align with the intent of the regulations, requiring only minor adjustments. Collaboration is key: the Quality team can clarify the purpose behind complex regulations, while process owners can provide insight into practical challenges and suggest feasible solutions.

This collaborative approach to developing SOPs serves several important purposes. First, it helps employees understand the reasoning behind each requirement. It also fosters a sense of involvement and ownership among staff. After all, it’s harder to criticize a procedure you helped create. For the Quality Department, this process provides valuable insight into the practical challenges of implementing regulations.

When all parties adopt an open and non-judgmental attitude, it creates an opportunity to build a QMS that supports daily work rather than hinders it. While regulations continue to become more stringent, working together allows us to identify and apply the least burdensome approach.

Does your organization need help aligning your QMS so that it genuinely supports your day-to-day operations? Contact us to find out how our Quality and Regulatory team can help you reduce complexity, increase engagement, and deliver real value where it matters most.

FDA’s final guidance on Computer Software Assurance (CSA) for Production and Quality System Software marks a significant modernization of software validation practices. 

In late September, the FDA finalized its guidance on Computer Software Assurance (CSA) for software used in medical device production and quality systems. Replacing Section 6 of the earlier “General Principles of Software Validation,” CSA modernizes validation practices by shifting from the traditional Computer System Validation (CSV) model to a flexible, risk-based approach. The focus moves from exhaustive documentation to maintaining ongoing confidence in software performance, emphasizing assurance over validation.

The guidance aligns well with international standards, supporting compliance with ISO 13485:2016 in areas like software validation, risk management, and continual improvement. CSA also complements EU MDR requirements, including Annex I´s General Safety and Performance Requirements and Article 10’s quality system obligations, making it suitable for global regulatory strategies.

Traditionally, CSV emphasized exhaustive documentation and uniform testing, regardless of risk. CSA shifts this by focusing assurance activities on software functions that could directly impact product quality, patient safety, or process integrity. It emphasizes intended use and process impact, with context-driven rigor applied to critical functions. This ensures alignment with real-world risk and operational relevance. The guidance promotes critical thinking over checkbox compliance, encouraging thoughtful risk assessment and appropriate rigor.

Another major change is the adoption of a binary risk classification: software features are categorized as either “high process risk” or “not high process risk.” This simplification helps organizations to prioritize the validation activities better. CSA also supports the use of vendor documentation and software development lifecycle (SDLC) artifacts as valid evidence of software reliability, rather than duplicating vendor testing.

While CSA streamlines assurance activities, it requires a shift in mindset for quality and regulatory professionals accustomed to extensive validation. QA/RA teams must recalibrate their approach, prioritizing risk-based decision making and context-driven documentation. Limited documentation could be acceptable, provided it is supported by a robust, well-documented risk analysis.

In summary, CSA introduces a smarter, more agile framework for software assurance in production and quality systems. It helps manufacturers reduce unnecessary effort, enhance efficiency, and uphold standards, while encouraging a risk-based mindset aligned with real-world impact.

Do you need help implementing CSA effectively? Let our experts guide your team through risk-based validation, leveraging vendor documentation, and aligning your processes with both FDA expectations and international regulations.

 

In an industry shaped by rapid regulatory changes and global competition, leading life science companies are rethinking what it takes to succeed. Increasingly, expert support is no longer a luxury—it’s a strategic necessity.

“There has been a cultural shift in the industry,” says Ulrika Hammarström, Head of CRO Operations at Aurevia. “Expert support is now seen as something a company must have in order to succeed.”

“Strategic clarity is the new currency in life science,” adds Anna-Karin Alm, Head of QARA Operations at Aurevia. “Thoughtfulness, experience, and planning are more important than ever.”

Aurevia, a consultancy formed by merging several European firms, including QAdvis and Scandinavian CRO in Sweden, provides comprehensive support across the entire product lifecycle. From early development to market access and beyond, Aurevia’s multidisciplinary team brings deep expertise in quality assurance, regulatory affairs, and clinical research to empower pharma, biotech, and medtech innovators to navigate complexity and achieve lasting success.

Read the full article at Göteborg Life Science in Swedish or English to explore the key factors that characterize successful life science companies.

Photo: Anna-Karin Alm, Head of QARA Operations at Aurevia (left) and Ulrika Hammarström, Head of CRO Operations at Aurevia (right).