Visit our new GMP Detox – YouTube Channel

Our YouTube channel for knowledge sharing about GMP (Good Manufacturing Practice) and CSV (Computer System Validation) and other related topics. The art of being well-informed and using the correct language and terms provided by Mr. Markus Roemer.

New QMSR – US-FDA final rule (Part 820 / Part 4)

The US-FDA issued the Quality Management System Regulation (QMSR) Final Rule, which amends the device current good manufacturing practice (CGMP) requirements of the Quality System (QS) regulation (21 CFR Part 820), incorporating the international standard specific for medical device quality management systems set by the International Organization for Standardization (ISO), ISO 13485:2016 Medical devices – Quality management systems – Requirements for regulatory purposes.
This final rule is the latest action taken by the US-FDA to promote consistency in the regulation of devices. This action is intended to harmonize the US-FDA’s CGMP regulatory framework with that used by other regulatory authorities.
The rule is effective 2. February 2026, two years after publication. Until then, manufacturers are required to comply with the QS regulation (source: US-FDA – January 2024). 

In addition, the US-FDA wants to reinforce the need for computer system validation of manufacturing and QS systems in the medical device industry.

The 2002 Guidance for Industry (Draft), Computer Software Assurance for Production and Quality System Software (short: CSA) provides recommendations on computer software assurance for computers and automated data processing systems used as part of medical device production or the quality system.

When final, the CSA guidance will supplement FDA’s guidance, “General Principles of Software Validation” (“Software Validation guidance” – SaMD – Software as a Medical Device) except this guidance will supersede Section 6 (“Validation of Automated Process Equipment and Quality System Software”) of the Software Validation guidance (source: US-FDA – 2022).

CCS prepared a full assessment package and gap assessment incl. checklists for the new QMSR rule in combination with the CSA approach incl. e-Validation. Please contact us today for more information:

 e-Validation Platform (eVP) – Confluence meets GXP

Ensuring your computer systems are cutting edge is a critical factor in beating your competition. This can be achieved only with a modern and fast computers system validation (CSV) framework.

Our e-Validation Platform (eVP) designed to comply with the requirements set by ISPE GAMP 5 second edition based on Atlassian Confluence and Jira is a milestone of validating computerized applications to ensure they meet the requirements of GXP. 

Our e-Validation framework is a critical step in ensuring that electronic applications, processes, equipment, cleaning and monitoring are reliable, accurate, and complete. It helps to prevent data integrity issues and ensures that the computerized systems, processes, risk assessments and project management are fit for their intended purpose by a holistic and comprehensive approach. 

There are several key steps involved in validation according to ISPE GAMP 5 second edition with Atlassian Confluence and Jira:

  1. Planning and Scoping: The first step is to plan and scope the validation project. This involves identifying the scope of the project, defining the objectives, and establishing a project and validation plan.
  2. Process, Data and Risk Assessments: Several levels of assessments should be conducted to identify potential risks to data integrity and to develop mitigation strategies.
  3. Design Review: The design of the computerized system should be reviewed to ensure that it meets the requirements of GXP processes and requirements.
  4. Development and Code Review: The code of the computerized system should be properly developed and reviewed to ensure that it is written according to best practice standards. This does also contain development test phases like unit, integration, and system testing before the release of a system version or patch.
  5. Installation and Configuration: The computerized system should be installed and configured according to the approved specifications.
  6. User Acceptance Testing (UAT): The computerized system should be thoroughly tested by users to ensure that it meets their needs and expectations.
  7. Formal Documentation: Formal documentation should be generated to document the validation process during project and operational phase.
  8. Ongoing Monitoring: The computerized system should be continuously evaluated and monitored to ensure that it remains compliant with GXP.

Atlassian Confluence can be used to support the e-Validation process in several ways. It can be used to:

  • Store and manage e-Validation documentation: Confluence can be used to store and manage all of the validation documentation, including risk assessments, design reviews, code reviews, UAT reports, and formal documentation.
  • Track e-Validation activities: Confluence can be used to track the progress of the e-Validation project and to record key milestones.
  • Communicate with stakeholders: Confluence can be used to communicate with stakeholders about the e-Validation project and to get their feedback.
  • Building a bridge between contract giver and contract acceptor (e.g.: development and configuration by supplier with Jira).
  • Implement ISPE GAMP®5 SE and Enabling Innovation requirements (e.g.: tools instead of documents, acceptance instead of approvals).
  • Use AI testing tools with Confluence for automated system and user acceptance testing.
  • Automated creation of Fit-Gap Analyses and Traceability Matrix.
  • Extend your Validation Master Plan with process, cleaning, equipment, utility, facility, and method validation and qualification.
  • Enables a total framework for project, process, risk, validation and supplier management and collaboration (e.g.: electronic Logbook Management, bridge to SOLMAN and eDMS/eQMS).
  • Fully inventory management (extension: CMDB), ITIL tools including patch and release history.
  • Compliance with EU GMP EudraLex Volume 4 Annex 11 and Annex 15 and US-FDA 21 CFR Part 11, GCP (EMA, FDA), GLP (OECD), GDP

Our CCS paperless validation approach is designed for reducing validation and qualification efforts.

Using our eVP with Atlassian Confluence in the entire validation and qualification process can help to improve efficiency and compliance. It can also help to reduce the risk of data integrity issues. 

A slow computer systems validation (CSV) is a roadblock on your path to success: It delays the deployment of improvements, the assessment of their impact, and ultimately, their value to your business. A quick feedback loop continuously drives better ideas and fuels your business with powerful breakthroughs.

What makes your solution unique? We do not offer a dedicated digital or electronic validation system; we offer a highly extendable platform approach close to software developers and system configuration and a high degree of regulatory compliance.  With our certified global Atlassian Solution Partner we can provide a fitting solution to any client and meet highest expectations.

What to do next? Contact us today at

Test report and traceability: 
Test execution: 
Requirements and testing: 

Online Training – ISPE GAMP 5 – second edition

23. November 2023 – Expert Training

Learn about the background, effects and details regarding the current changes and extensions of the ISPE GAMP®5 – Second Edition – which was released in August 2022.

In 2008, ISPE set GAMP®5 as the recognized state of science and technology regarding so-called computer system validation (CSV) in the GxP environment.

The volume ISPE GAMP®5 – Second Edition, published in August, is a deliberate extension of the proven standard.

With the expansion in the form of a second edition, current topics are to be presented even more clearly, pragmatically and purposefully.

Validation should be based more on process, data and system knowledge and these should be even more in the foreground of agile system development and the validation approach.

You will learn about the current updates to the ISPE GAMP®5
You will get an overview of the entire guide
You will learn how to orient yourself in the GAMP®5 guide
You will receive insight into how to understand and shape the responsibility between client and contractor (supplier)

Register now!


  • ISPE GAMP®5 – Second Edition – Scope and Change Overview
  • History and structure of ISPE GAMP®5
  • Annexes of the ISPE GAMP® (Management, Development, Operations, Special Interest)
  • ISPE GAMP® Good Practice Guides (incl. RDI) and examples of “Critical Thinking” and Data Flow Diagrams
  • ISPE GAMP®5 – Good Practice Guide – Enabling Innovation (2021) and others
  • Further CSV updates, e.g. from the US-FDA – Guidance for Industry: Computer Software Assurance (CSA) – Draft version for comment from September 2022 or EU Annex 11 – concept paper

Register now at: Register to ISPE GAMP 5 second edition Online Training

„Managers do things right. Leaders do the right thing”

Final EMA GCP Guideline on computerized systems

The EMA published the final guideline on computerised systems and electronic data in clinical trials.

This guideline will describe some generally applicable principles and definition of key concepts. It also covers requirements and expectations for computerised systems, including validation, user management, security, and electronic data for the data life cycle. Requirements and expectations are also covered related to specific types of systems, processes, and data.

The current guideline has 52 pages – the draft version had 47 pages. But there have been no major changes between the draft and the final version.

Download it here on the EMA website:

Here is the download link to the US-FDA Guidance for Industry – Computerized Systems Used in Clinical Investigations from 2007: LINK

Both guidelines are comparable, however the US-FDA guidance applies to medicinal products and medical devices (ref. 21 CFR 312.62(b) and 812.140(b)) and both guidelines refer to ICH E6.

The EMA GCP regulations and directives lacked on clearly defined requirements for computerized systems, and useful GMP regulations (e.g. Annex 11) were not really fitting to GCP processes (e.g. data entry, batch certification), this EMA guideline is highly appreciated and serves as a good basis for GCP computer system validation.

Read more also at the EMA Q&A GCP section: LINK

1. What are the roles and requirements for the study subject record (medical record) and related source documents in the context of a clinical trial?

2. What should be considered when transferring copies of medical records to clinical trials sponsors or their service providers? Rev. March 2022

GXP Outsourcing für IT Abteilungen, Projekte und externe Lieferanten

Event mit dem Bundesverband der Pharmazeutischen Industrie e.V.

Dieses Webinar vermittelt einen Überblick über die aktuellen Ansätze, Methoden und Standards (Good Practice Guide). Konkrete Vorgaben und Hilfestellungen sollen bei den IT-Vorhaben vermittelt werden und ein Outsourcing Projekt unterstützen.

Die regulatorischen Vorgaben sind eindeutig: Die GxP relevanten Anwendungen müssen validiert werden; die IT-Infrastruktur muss qualifiziert werden. Der im August 2022 erschienene Band – ISPE GAMP®5 – Second Edition – beschreibt im Detail die Vorgaben für IT-Abteilungen. Eine Unterscheidung, ob diese intern, also zur Firma zugehörig, oder extern organisiert sind, wird nicht mehr gemacht. Das IT-Service-Management, bestehend aus der IT-Infrastruktur selbst und die dazugehörigen Dienstleistungen (Service) muss qualifiziert sein. In Bezug auf externe IT-Dienstleister, aber eben auch interne oder einer häufigen Mischform, sind diese vom Ansatz her “Outsourcing Projekte“. Technologisch gesehen geht es auch immer mehr in Richtung “Cloud“ und/oder SaaS Lösungen oder anderen Bereitschaftsmodellen.

Inhaltliche Schwerpunkte des Webinars sind folgende:

  • GXP konformes IT Service Management
  • Qualitätssystem für die IT
  • ITIL – Best Practice
  • „Pharma-Cloud“
  • Qualifizierung interner und externer Audits – Auditmanagement
  • vertragliche und rechtliche Aspekte
  • das “Outsourcing“ Projekt

Mit Referenz zu ISPE GAMP 5 – Second Edition (2022) und Good Practice Guide “Enabling Innovation” (2021), ITIL und ISO 20000

Best Practice to Next Practice


Markus Roemer
Geschäftsführer der comes compliance services

Für weitere Informationen und Anmeldedetails klicken Sie hier

Read more

Concept Paper on the revision of Annex 11

The concept paper (public since 16, November 2022) addresses the need to update Annex 11, Computerised Systems, of the Good Manufacturing Practice (GMP) guide. Annex 11 is common to the member states of the European Union (EU)/European Economic Area (EEA) as well as to the participating authorities of the Pharmaceutical Inspection Co-operation Scheme (PIC/S). The current version was issued in 2011 and does not give sufficient guidance within a number of areas. Since then, there has been extensive progress in the use of new technologies.

Reasons for the revision of Annex 11 include, but are not limited to the following, refer to link (external):

Note: End of the consultation phase is 16. January 2023.

ISPE GAMP 5 – Second Edition – Training

Am 12. Juni 2023 findet von 10:00 – 13:00 Uhr ein Webinar zum Thema ″ISPE GAMP®5 – Second Edition – Enabling Innovation & CSA″ statt.

Die ISPE hat im Jahr 2008 den GAMP®5 als den anerkannten Stand von Wissenschaft und Technik bezüglich der sogenannten Computersystemvalidierung (CSV) im GXP-Umfeld global gesetzt. Der im Juli/August 2022 erschienene Band – ISPE GAMP®5 – Second Edition ist eine bewusste Erweiterung (Add-On) des bewährten GAMP®5 Standards und es sollte kein neuer GAMP 6 Standard damit entstehen.

Mit der Erweiterung in Form eines Zusatzdokuments – Second Edition – sollen diverse und wichtige Themen noch deutlicher, pragmatischer und zielführender darstellt werden. Die Validierung soll verstärkt auf Produkt-, Daten- und Prozesskenntnisse basieren und die realen Prozesse und Datenflüsse müssen noch mehr im Vordergrund des Validierungsansatzes stehen (″Critical Thinking″ Ansatz).

Ein weiterer Aspekt ist die noch intensivere Einbindung von Systemlieferanten, die oftmals agile Projektmanagement-Ansätze und agile Systementwicklungsprozesse erfolgreich anwenden. Diese Methoden lassen sich über smarte Werkzeuge und Plattformen auch für eine innovationsgetriebene Validierung (″e-Validation″) von Systemen und Prozessen adaptieren. Ebenso wird ein starker Fokus auf neu zu implementierende Systeme oder umfangreichere Innovationsprojekte (Digitalisierung, papierlose Prozesse) gelegt.

Link – BPI:

US-FDA – CSA – Computer Software Assurance for Production and Quality System Software – Draft issued

FDA is issuing the draft guidance CSA to provide recommendations on computer software assurance for computers and automated data processing systems used as part of medical device production or the quality system.

This draft guidance is intended to:

  • Describe “computer software assurance” as a risk-based approach to establish confidence in the automation used for production or quality systems, and identify where additional rigor may be appropriate; and
  • Describe various methods and testing activities that may be applied to establish computer software assurance and provide objective evidence to fulfill regulatory requirements, such as computer software validation requirements in 21 CFR part 820 (Part 820). –> medical devices

When final, this guidance will supplement FDA’s guidance, “General Principles of Software Validation” (“Software Validation guidance”) except this guidance will supersede Section 6 (“Validation of Automated Process Equipment and Quality System Software”) of the Software Validation guidance.

Download the DRAFT version here: EXTERNAL LINK

Update October 2022: Online Presentation by US-FDA – CSA