GxP Validation for enterprise customers
We offer bespoke services for our enterprise customers, read all about it here.
Last updated
We offer bespoke services for our enterprise customers, read all about it here.
Last updated
At Seal, we follow the GAMP 5 2nd Edition principles, which were picked up and reinforced by the FDA’s 2022 CSA Guidelines. This marked a significant evolution from Computerized System Validation (CSV) to Computerized System Assurance (CSA) — a shift toward risk-based, fit-for-purpose validation.
Rather than focusing on exhaustive documentation and legacy practices like IQ, OQ, and PQ, the modern approach prioritizes critical thinking, product quality, patient safety, and data integrity. At Seal, we partner with our customers to ensure compliance is not just a checkbox — but a foundation for quality.
Computerized System Validation (CSV) is a compliance-focused method. This involves a lot of heavy documentation (IQ/OQ/PQ) and scripted repeated testing, resulting in a very slow and burdensome process.
Computerized System Assurance (CSA) on the other hand, is a more modern quality- and risk-focused approach. CSA uses fit-for-purpose evidence, with risk-based testing to maximise efficiency.
Seal classifies under GAMP category 4: configurable software. This means that we need 2 aspects to our compliance.
Validating changes made by the customer, to the configuration of the platform.
Validating updates made by us, the provider, to the platform itself.
We make GxP compliance easy by distinguishing between:
Configuration Validation: Automated tests for every configuration change
Platform Validation: End-to-end tests on every platform update
3 simple steps to achieving configuration validation:
A Risk Assessment of the process
Identification of areas of high risk. This means any areas of the configuration that could impact:
Patient safety
Product quality
Data integrity
Validation of these areas using templates provided by Seal, and our automated testing.\
For Seal’s enterprise customers, we have the following to offer to help out with the process of configuration validation:
Change Control template - this can be used in your day-to-day use of the platform, as a way to ensure configuration changes are compliant.
Automated configuration validation guide - this guide helps you to ensure that the automated tests being carried out are thorough and complete
At Seal, we maintain a fully documented Software Development Lifecycle (SDLC) and run end-to-end Playwright tests to ensure platform stability. These tests run before releasing any updates to the platform, and are documented and stored - accessible to the customer at all times.
If we plan to release any major platform updates, we will work together with our GxP customers to go through a similar process to that done in configuration validation. Seal will:
Share an overview of the updates we are making, and the impacts they will have
Jointly work with the customer to analyse the risk to each individual platform configuration.
Define mitigation steps or re-validation needs as applicable.
An update is major if there is any possibility that it could break a GxP customer’s workflow, eg. changes to the API.
The VMP outlines the overall strategy for ensuring software is fit for intended use. It defines roles (Seal vs. Customer), scope, and activities to be performed.
Risk Assessments should use critical thinking to assess which functions need testing. Customers judge:
Intended use
GxP impact
Risk to product or patient
A URS is a documented set of user requirements, specific to the customer’s configuration. A well-constructed URS ensures traceability, supports effective risk assessment, and provides a rational basis for determining the scope and depth of testing required.
Functional Specification is a document defining how the platform is expected to work from a functional point of view. A good FS should include:
Descriptions of core features and what each one does
Rules and logic applied (e.g. automated triggers, validation constraints)
User roles and permissions
Field-level behaviour: inputs, outputs, and data flows
Configurable settings: options, or flags
A traceability matrix maps user requirements from the URS onto functions from the FS. The matrix should demonstrate how each user requirement will be met, and also give an indication as to how suitable the relevant function is to meet said requirement.
Step 2
Complete URS, FS, and Risk Assessment
Step 3
Complete configuration
Step 4
Identify required manual and automated configuration tests based on risk-assessment
Develop automated configuration tests
Step 5
Run manual and automated configuration tests and document reporting
Step 6
Setup continuous monitoring & compliance reviews
Define re-validation criteria
Seal’s implementation team supports each step to ensure a smooth, efficient validation process tailored to your organization.
To summarize, Seal achieves compliance by using guidelines from GAMP 5 2nd edition, embracing a risk-based approach to maximise efficiency, avoid unnecessary burdens, and focus validation efforts where they matter the most.
Our approach addresses validation from two key angles:
The platform - validated by Seal via a SDLC, thorough testing and collaboration with users on any major platform updates
The configuration - validated collaboratively with each customer, using templates from Seal to reflect their specific use case.
Every Seal customer will have access to our comprehensive validation template pack, which includes the following documents:
Validation Master Plan template
Risk Assessment template
User Requirement Specification template
Functional Specification template
Traceability matrix template
To support configuration validation, we also provide:
Change Control template
Automated configuration validation guide
Our implementation team is here to guide you through the process, tailoring each document to your specific needs - so you can confidently demonstrate fitness for intended use.
\