Skip to content
GXPLearn.io

What is Computer System Validation (CSV)?

Computer System Validation (CSV) is the GMP discipline of demonstrating — through documented requirements, testing, and maintained validated state — that automated systems are fit for their intended use.

CSV definition

Computer System Validation (CSV) is the regulated-industry practice of proving that computerised systems perform reliably for their intended purpose. Under GMP, manufacturers must ensure that automated systems affecting product quality, patient safety, or data integrity are validated — meaning fitness for intended use is demonstrated and maintained throughout the system life cycle.

CSV is not a single test event. It spans user requirements, functional and design specifications, installation and operational qualification, performance qualification where applicable, traceability matrices, validation summary reports, and ongoing change control to preserve validated state.

GXPLearn's public glossary defines CSV as demonstrating fit for intended use under GMP through documented lifecycle activity — the same vocabulary learners encounter in Module 09 and across the professional curriculum.

Fit for intended use

The core CSV objective is fitness for intended use: the system does what users and quality agreements require, consistently and traceably. Intended use drives scope — a historian used only for troubleshooting may warrant different evidence depth than a system executing batch release decisions.

Requirements must be testable. Vague intended-use statements undermine validation because reviewers cannot determine what 'pass' looks like. Module 10 (V-Model) trains learners to trace requirements through design into executed test evidence and spot gaps auditors would question.

V-model and traceability

The validation V-model maps specification layers on the left (user requirements, functional requirements, design) to verification and validation activities on the right (IQ, OQ, PQ, intended-use confirmation). Each layer should trace to evidence — not exist as isolated documents.

For a dedicated explanation of installation, operational, and performance qualification — including how IQ, OQ, and PQ differ and connect to traceability — see /iq-oq-pq-explained. For the full software validation lifecycle from requirements through change control, see /validation-lifecycle.

Traceability gaps are a common audit finding. CSV packages fail review when tests do not map to requirements, deviations are poorly classified, or retest scope after failures is undocumented. GXPLearn Module 10 provides interactive traceability exercises across specification and test layers.

Testing and operational qualification

Operational qualification (OQ) demonstrates that the system operates as intended across defined operating ranges. In GXPLearn Module 09, learners execute a digital OQ protocol against a live training simulation — documenting failures, assessing deviation impact, and tracing evidence from requirement through closure.

CSV testing is evidence-driven: predefined steps, acceptance criteria, observed results, and disposition when tests fail. Incomplete evidence, unclear acceptance criteria, or undocumented retests undermine the validation package — regardless of how many pages the protocol contains.

Maintaining validated state

Validation does not end at go-live. Changes to configuration, software versions, interfaces, or intended use can invalidate prior evidence. Change control assesses GxP impact, scopes retesting, and documents approval before implementation.

Periodic review confirms that validated state remains supported by current evidence — especially after organisational changes, vendor updates, or repeated deviations linked to system behaviour.

CSV and FDA CSA guidance

FDA's February 2026 CSA guidance (GUI00017045) supersedes Section 6 of FDA's General Principles of Software Validation guidance for production and QMS software — it does not eliminate CSV as a discipline. CSV remains the baseline GMP expectation; CSA provides a risk-based framework for how assurance activities and records are proportioned.

Organisations increasingly use CSV lifecycle structure for GxP-critical systems while applying CSA thinking to right-size testing and documentation. See /csv-vs-csa for a detailed comparison and /what-is-csa for the FDA six-step framework.

Practise CSV in GXPLearn

Module 09 (CSV Validation) focuses on OQ-style decision paths with validation consequence panels. Module 10 (V-Model) builds traceability skills. Together with Modules 11–12 (CSA and CSV vs CSA), they form the validation spine of the GXPLearn professional curriculum.

Start with free foundation Modules 01–03 for system and batch context, then explore /csv-csa-training for the guided CSV/CSA learning path.

Practise in Module 09 CSV & CSA training path Start learning free

GXPLearn.io provides independent educational content only. FDA guidance cited here is nonbinding recommendations for medical device production and quality management system (QMS) software — not device software functions (SaMD/SiMD). This page does not constitute regulatory advice. Consult your quality organisation and applicable regulations for site-specific decisions. GXPLearn.io is an independent educational platform. Not affiliated with Emerson. Not a real DeltaV emulator. Not validated GMP training software.

Frequently asked questions

What is Computer System Validation (CSV)?

CSV is the GMP discipline of demonstrating that automated systems are fit for intended use through documented requirements, testing, traceability, change control, and maintained validated state.

Why is CSV required under GMP?

Regulators expect manufacturers to control computerised systems that affect product quality, patient safety, or data integrity. CSV provides documented evidence that systems perform as intended and remain in a validated state across changes.

What is the difference between IQ, OQ, and PQ?

Installation Qualification (IQ) confirms correct installation and configuration. Operational Qualification (OQ) demonstrates operation across defined ranges. Performance Qualification (PQ) confirms performance in production-like conditions. Scope depends on system risk and intended use.

What is a traceability matrix?

A traceability matrix links requirements to design elements and test cases. It helps reviewers verify that every requirement has corresponding evidence and that tests map to real intended-use risks.

Does CSV require testing every function equally?

Traditional CSV often emphasises comprehensive documented testing. Risk-based approaches — including CSA — encourage proportionate effort: more rigor where GxP impact is high, leaner evidence where risk is lower. CSV structure remains; depth may vary.

How does CSV relate to FDA CSA guidance?

FDA's 2026 CSA guidance extends risk-based assurance principles to production and QMS software. It supersedes Section 6 of FDA's Software Validation guidance for that scope but does not replace CSV as a GMP discipline. Many teams use both lenses together.

What happens when an OQ test fails?

Failures should be documented, investigated for root cause and GxP impact, and dispositioned — retest, change scope, or halt release. Hiding or re-running without documentation undermines validated state and is a common audit finding.

How can I practise CSV workflows?

GXPLearn Module 09 walks through OQ-style testing and deviation handling in a training simulation. Module 10 covers V-model traceability. Visit /csv-csa-training to see the full CSV/CSA module path.

Ready to practise regulated workflows?

Choose the path that fits — start with free foundation modules or discuss a team licence for your organisation.

For individuals

Start with the free foundation modules and upgrade when you are ready for simulation labs and professional scenarios.

For businesses

Request a business demo or pilot discussion for team/site licensing, standalone export, and onboarding use cases.