Enter your registered email:
Indtast ny adgangskode:


SMJConsulting´s Approach to CSV Projects

​When it comes to CSV projects, SMJConsulting uses the GAMP5 framework. According to the GAMP5 framework, there are four life cycle phases in a computer system and each phase contains a number of individual activities. However, there are also a number of supporting processes that take place across the phases of the life cycle such as risk management, document management, repair activity, security management, etc and should be included when visualizing the CSV process.

​The CSV Life Cycle used by SMJConsulting includes:

  • Concept Phase: This is a high-level overview of the system and design considerations.
  • Project Phase: Gives a detailed description of the system and objectives.
  • Operation Phase: Defines how the system will be managed during operations.
  • Retirement Phase: Defineshow to retire the system.

CSV Concept Phase:

The concept phase is where SMJConsulting and the Client conceive the the idea for a computer system. This phase includes mainly data gathering (vendors, costs, high-level project plan, resources, timelines, benefits, restrictions, and justification of the requirement for the system).

Under the Concept phase SMJConsulting and the Client performs the following specific activities:

  • Planning.
  • System Software Categorization.
  • Risk Assessment.
  • Supplier Assessment.


This activity defines the specific aspects of the system such as:

  • Overall requirements of the system.
  • Critical functions it will be controlling.
  • Available options for hardware and software platforms.
  • Overall regulatory impact of the proposed system.
  • Novelty of the system and its complexity.
  • Requirement for document control
  • Testing that is required (what are the considerations for operating and maintaining the system?)
  • The data and records that will be generated and subsequently retained.

System Software Categorization:

The range of activities required to validate a computerized system depends on the type of software the Client is using. The GAMP 5 framework categorizes software into 4 types. The category into which the client´s software falls into, will determine the validation approach, the amount of time the project takes and the deliverables.

Risk Assessment:

SMJConsulting uses a risk-based approach to CSV, saving time and effort. A quality risk assessment is carried out to determine if the computer system has the potential to impact product quality, patient safety or data integrity in a way that could ultimately harm the patient.

Supplier Assessment:

This phase involves narrowing down the vendor options and getting an idea of the cost to be included in the business case. The response from the vendors will detail how their system can meet our client´s requirements, alongside an estimated cost.​

2. Project Phase:

Planning activities are finalized at this stage; the user requirement specifications, functional specifications, and design specifications are developed.

Specific activities in this phase include:

  • Planning.
  • Utilizing the CSV Process V model.
  • Risk assessment.
  • Writing Standard Operating Procedures.
  • Training.
  • Handover.

Documentation completed within this stage includes:

Validation Master Plan (VMP):

Depending on the size of an organisation there may be several sub validations plans within the validation master plan (site, departmental or system-specific) or there may be multiple validation master plans, one for each business unit.

System Overview:

In order to satisfy the regulatory requirements, a brief description of the system is required.

Definition and Description of the following is required:

  • Hardware /Firmware.
  • Software.
  • Computer System (Controlling System).
  • Operating procedures and people.
  • Data managed by the system.
  • Equipment controlling function or process.

User Requirements Specification (URS):

The URS spells out what the Client needs from the software and how they will use it. It also contains any constraints such as regulations, safety requirements or operational requirements. The specifications must be agreed between the end-user/customer and supplier. The URS will have input from the process owners, system owners, technical subject matter experts (SMEs), quality and the supplier where required.

Functional Specification:

The functional specification contains a detailed description of how the system will meet each of the requirements outlined in the URS such as:

  • How the software works.
  • What data needs to be captured?
  • User interfaces.

Design Specification:

The design specification describes how each function is to be designed or configured. It is a more technical follow-on document from the functional specification and may contain configuration specifications or code. This document is intended for the system developer.

Configuration and/or Coding:

Either build, develop, or purchase the software (depending on the software category) and then configure it to meet the criteria laid out in the previous specification documents. This is normally completed by the vendor.

Installation Qualification (IQ):

Installation Qualification (configuration or integration testing) confirms that the software or system is installed and set up according to the design specification.

Operational Qualification (OQ):

Operational Qualification (functional testing) confirms that all functionality defined in the functional specification is present and working correctly. In the case of customed software, it confirms that there are no software bugs.

Performance Qualification (PQ):

Performance Qualification (user requirement testing) confirms that the software will meet the user’s needs and is suitable for their intended use, as defined in the user requirements specification.

Final Report:

The last step of the CSV validation method is to write the summary report declaring that the system is fit for its intended use and that every deliverable that was planned has been delivered. The reporting stage verifies the planning stage, the performance qualification stage verifies the user requirement specification stage and ensures that the specifications have been achieved.

Standard Operating Procedures:

Standard Operating Procedures (SOPs) are a key part of the CSV documentation package. They outline how the computer system should be used, by its intended Users. All staff using the system are trained on the relevant SOPs to ensure they are using the system correctly and in the way it was intended.


SMJConsulting trains key users of the system on how to use the system software, applications, and procedures.


SMJConsulting develops a plan for the Client, defining when the application will move into the operation phase and how any disruption will be managed, making sure that the system can be used and supported in a controlled manner.

The handover process will verify the following:

  • The system is fit for purpose.
  • Roles and responsibilities are defined e.g., process owner/s, system owner.
  • All personnel are appropriately trained, such as standard user, system admin.
  • Operational and support procedures/personnel are in place.
  • Supporting quality controls and personnel are in place to maintain compliance.
  • Any residual risks have been accepted.

3. Operational Phase:

The following processes are to be in place before the system goes live, and be observed throughout operation of the system:

  • ​Change Management.
  • ​Configuration Management.
  • ​Security Management.
  • ​Business Continuity Management.
  • ​Disaster Recovery Planning.
  • ​Backup and Restore.
  • ​Incident Management.
  • ​Periodic Review.
  • ​Electronic Data Archiving.

Why choose SMJConsulting:

Benefits of SMJConsulting Computer System Validation Service include:

  • Knowledge and experience: Experienced SMEs in designing, building, testing, and validating systems.
  • Cost control: Our service delivers the support you need to help meet your validation requirements at a predictable price without hidden fees or variable costs.
  • Current compliance best practices: at SMJConsulting we constantly update our body of industry “best practices,” keeping abreast of regulations so we can help you comply with complex and ever-changing global compliance requirements.
  • Reduced validation time: Our experienced project managers & SMEs can validate your systems within weeks, helping you achieve quick returns on your investment.


Do you want to hear more, or get a non-binding offer?

Don't like forms?

Phone: +45 51 89 68 87

Email: info@smjconsulting.dk

Stanley: stanley.jensen@smjconsulting.dk

Please make sure all required fields are filled out correctly

Do you have any questions or

do you want to hear more?

Find our contact details below.


Vigerslevvej 242, 2. tv., 2500 Valby

Click here for directions

CVR: 32749542

Telephone hours

Monday - Friday: 08.00 - 16.00

Saturday and Sunday: closed