GxP Validation for enterprise customers

Contents

• Overview

• CSV vs CSA: Key differences

• Our validation approach for enterprise customers

  • Configuration Validation

  • Platform Validation

• Documentation needed for a risk based approach to validation

  • Validation Master Plan (VMP)

  • Risk Assessments

  • User Requirement Specification (RSA)

  • Functional Specification (FS)

  • Traceability Matrix

• Process and Timeline

• Validation Summary

Overview

At Seal, we follow the GAMP 5 2nd Edition principles, which were picked up and reinforced by the FDA’s 2022 CSA Guidelines. This marked a significant evolution from Computerized System Validation (CSV) to Computerized System Assurance (CSA) — a shift toward risk-based, fit-for-purpose validation.

Rather than focusing on exhaustive documentation and legacy practices like IQ, OQ, and PQ, the modern approach prioritizes critical thinking, product quality, patient safety, and data integrity. At Seal, we partner with our customers to ensure compliance is not just a checkbox — but a foundation for quality.

CSV vs CSA: Key differences

Computerized System Validation (CSV) is a compliance-focused method. This involves a lot of heavy documentation (IQ/OQ/PQ) and scripted repeated testing, resulting in a very slow and burdensome process.

Computerized System Assurance (CSA) on the other hand, is a more modern quality- and risk-focused approach. CSA uses fit-for-purpose evidence, with risk-based testing to maximise efficiency.

Our validation approach for enterprise customers

Seal classifies under GAMP category 4: configurable software. This means that we need 2 aspects to our compliance.

1. Validating changes made by the customer, to the configuration of the platform.

2. Validating updates made by us, the provider, to the platform itself.

We make GxP compliance easy by distinguishing between:

• Configuration Validation: Automated tests for every configuration change

• Platform Validation: End-to-end tests on every platform update

Configuration Validation

3 simple steps to achieving configuration validation:

1. A Risk Assessment of the process

2. Identification of areas of high risk. This means any areas of the configuration that could impact:

   1. Patient safety

   2. Product quality

   3. Data integrity

3. Validation of these areas using templates provided by Seal, and our automated testing.\

For Seal’s enterprise customers, we have the following to offer to help out with the process of configuration validation:

• Change Control template - this can be used in your day-to-day use of the platform, as a way to ensure configuration changes are compliant.

• Automated configuration validation guide - this guide helps you to ensure that the automated tests being carried out are thorough and complete

Platform Validation

At Seal, we maintain a fully documented Software Development Lifecycle (SDLC) and run end-to-end Playwright tests to ensure platform stability. These tests run before releasing any updates to the platform, and are documented and stored - accessible to the customer at all times.

If we plan to release any major platform updates, we will work together with our GxP customers to go through a similar process to that done in configuration validation. Seal will:

1. Share an overview of the updates we are making, and the impacts they will have

2. Jointly work with the customer to analyse the risk to each individual platform configuration.

3. Define mitigation steps or re-validation needs as applicable.

An update is major if there is any possibility that it could break a GxP customer’s workflow, eg. changes to the API.

Documentation needed for a risk based approach to validation

Validation Master Plan (VMP)

The VMP outlines the overall strategy for ensuring software is fit for intended use. It defines roles (Seal vs. Customer), scope, and activities to be performed.

Risk Assessments

Risk Assessments should use critical thinking to assess which functions need testing. Customers judge:

• Intended use

• GxP impact

• Risk to product or patient

User Requirement Specification

A URS is a documented set of user requirements, specific to the customer’s configuration. A well-constructed URS ensures traceability, supports effective risk assessment, and provides a rational basis for determining the scope and depth of testing required.

Functional Specification

Functional Specification is a document defining how the platform is expected to work from a functional point of view. A good FS should include:

• Descriptions of core features and what each one does

• Rules and logic applied (e.g. automated triggers, validation constraints)

• User roles and permissions

• Field-level behaviour: inputs, outputs, and data flows

• Configurable settings: options, or flags

Traceability Matrix

A traceability matrix maps user requirements from the URS onto functions from the FS. The matrix should demonstrate how each user requirement will be met, and also give an indication as to how suitable the relevant function is to meet said requirement.

Process and Timeline

Seal’s implementation team supports each step to ensure a smooth, efficient validation process tailored to your organization.

Validation Summary

To summarize, Seal achieves compliance by using guidelines from GAMP 5 2nd edition, embracing a risk-based approach to maximise efficiency, avoid unnecessary burdens, and focus validation efforts where they matter the most.

Our approach addresses validation from two key angles:

1. The platform - validated by Seal via a SDLC, thorough testing and collaboration with users on any major platform updates

2. The configuration - validated collaboratively with each customer, using templates from Seal to reflect their specific use case.

Every Seal customer will have access to our comprehensive validation template pack, which includes the following documents:

• Validation Master Plan template

• Risk Assessment template

• User Requirement Specification template

• Functional Specification template

• Traceability matrix template

To support configuration validation, we also provide:

• Change Control template

• Automated configuration validation guide

Our implementation team is here to guide you through the process, tailoring each document to your specific needs - so you can confidently demonstrate fitness for intended use.

\