Request Demo
Platform
One connected quality system for your entire operationsPlatform OverviewCompliance IntelligenceDashboards & KPIsModules HubPilot ApproachDocument ControlCAPA & DeviationsAudit ManagementTraining & CompetencyChange ControlRisk AssessmentsManagement ReviewAudit Confidence
Solutions
Meet teams where they are todayPaper-Based to Digital QMSExcel to Controlled WorkflowsLegacy eQMS ReplacementMulti-Site StandardizationAudit ReadinessQuality VisibilityProcess AccountabilityEnd-to-End Traceability
Industries
Quality management built for your regulated marketPharmaceutical ManufacturingMedical DevicesHealthcare & LaboratoriesNutraceuticals & SupplementsCMO / CDMOClinical Research & CROs
Compliance
Built to satisfy validation, data integrity, and records requirementsValidation ApproachData Integrity & Audit TrailsElectronic Records & SignaturesSecurity & Privacy
Resources
Practical resources for quality and compliance teamsResources HubBlogCompliance GuidesChecklists & TemplatesFAQsGlossaryeQMS Comparisons
Company
Learn about Complere and start a conversationAboutContactCareersLegalPricingRequest DemoStart Pilot
Request Demo
CSV + CSA Validation Pack 9 artefacts per module

What ships in Complere’s CSV protocol pack

Last reviewed: May 2, 2026 · Next review: Jul 31, 2026

Nine validation artefacts per module — VMP, URS, RA, TM, IQP, OQP, PQT, Part 11 checklist, ATS — delivered on day one, built using a CSA-aligned risk-based approach.

Most life-sciences eQMS vendors describe “validation support”, “templated IQ / OQ / PQ”, or sell Validation Management as a separate product. Complere’s CSV protocol pack ships with every module on day one, included with the licence, and built using a FDA Computer Software Assurance (CSA) Final Guidance-aligned risk-based approach. Below: the nine artefacts, what each one covers, and how they map to 21 CFR Part 11, EU GMP Annex 11, and GAMP 5.

  • FDA 21 CFR Part 11 aligned
  • EU GMP Annex 11 aligned
  • GAMP 5 Cat 4
  • FDA CSA aligned
  • ALCOA+
Request a validation-focused demo Email for the pack TOC PDF

The 9 artefacts in every module pack

Each artefact is generated against the customer tenant during onboarding and re-issued on Complere release upgrades that affect validated functionality.

# Artefact What it covers Maps to
1VMP — Validation Master PlanScope, validation strategy, deliverables list, roles, schedule, acceptance criteria for the module under validation.GAMP 5 (lifecycle); 21 CFR Part 11 §11.10(a)
2URS — User Requirements SpecificationTenant-specific functional, regulatory, performance, and integration requirements. Each requirement gets a unique ID for traceability.GAMP 5 (URS); EU Annex 11 §4.4
3RA — Risk AssessmentPer-requirement risk tier (high / medium / low) under a CSA-aligned methodology. Drives test rigour: high-risk gets scripted, lower-risk gets lighter qualification.FDA CSA Final Guidance; ICH Q9
4TM — Traceability MatrixMaps every URS requirement to RA risk tier, IQP / OQP / PQT test cases, and platform implementation evidence. End-to-end requirement traceability for audit.GAMP 5; 21 CFR Part 11 §11.10(a)
5IQP — Installation Qualification ProtocolVerifies tenant infrastructure: regional environment, application version, database, file storage, SSO configuration, audit-trail enablement, integration endpoints.GAMP 5 (IQ); EU Annex 11 §11
6OQP — Operational Qualification ProtocolTests platform functions against URS / TM: workflows, e-signatures, role-based access, audit trail capture, lifecycle transitions, alerts. CSA-tiered scripted vs unscripted execution.GAMP 5 (OQ); 21 CFR Part 11 §11.10(b)–(k); §11.50; §11.70
7PQT — Performance Qualification TestEnd-to-end customer-process validation in the production tenant: real users, real records, real reporting. Confirms the module meets URS in the tenant’s operating context.GAMP 5 (PQ); EU Annex 11 §4.7
8Part 11 checklistMaps each 21 CFR Part 11 sub-clause (§11.10(a)–(k), §11.50, §11.70, §11.100–11.300) to platform implementation evidence in the module.21 CFR Part 11 (entire)
9ATS — Audit Trail SpecificationDocuments what the audit trail captures (create / update / delete / view / e-signature events), retention, immutability, export format, and reviewer workflow.21 CFR Part 11 §11.10(e); ALCOA+; EU Annex 11 §9

Why the pack is included, not licensed separately

Validation evidence is not a feature; it is a regulatory requirement. Complere ships it with every module so customers do not negotiate, license, or contract validation as a separate work-stream.

9Artefacts per module
7Modules covered
CSA-alignedRisk-based test depth
0Separate Validation Mgmt licence

How the pack interacts with module rollouts

Onboarding (week 1–n)

VMP signed off. URS authored against tenant scope. RA classified per requirement. TM links every URS-ID to test case. IQP executed against the tenant region. OQP and PQT scripted per CSA tier. Part 11 checklist signed by quality. ATS documented and reviewed.

Release upgrades

Complere release notes map each platform change to affected URS / TM rows. Pack regenerates only the affected scripts. Re-execution scope is risk-based (changed high-risk requirements re-tested fully; lower-risk delta-tested). Audit trail integrity preserved across upgrade.

Frequently asked questions

What is in Complere’s CSV protocol pack?

Nine artefacts per module: Validation Master Plan (VMP), User Requirements Specification (URS), Risk Assessment (RA), Traceability Matrix (TM), Installation Qualification Protocol (IQP), Operational Qualification Protocol (OQP), Performance Qualification Test (PQT), 21 CFR Part 11 checklist, and Audit Trail Specification (ATS). Built using a CSA-aligned risk-based approach — testing rigour scoped per requirement risk tier.

Is the validation pack included in the licence?

Yes. The CSV protocol pack ships with every module on day one. There is no separate Validation Management product licence to purchase. The pack includes nine artefacts per module across all seven core modules (Documents, CAPA, Audits, Controlled Change, Risk Assessments, Events, LMS).

How does Complere’s pack handle CSA vs CSV?

Computer System Validation (CSV) is the regulatory expectation under FDA 21 CFR Part 11, EU GMP Annex 11, and GAMP 5. Computer Software Assurance (CSA) is FDA Final Guidance (issued 2022) on risk-based validation effort allocation. Complere’s pack is built using a CSA-aligned approach: high-risk requirements receive deep scripted testing; lower-risk requirements use lighter qualification methods. CSV deliverables remain mandatory; CSA scopes the depth of evidence per requirement.

Can we customise the pack per tenant?

Yes. The pack templates are tenant-specific: URS captures customer-specific use cases and integrations; RA reflects tenant risk posture; IQP / OQP / PQT execute against the customer’s selected region, environment, and configuration. The template list is fixed but the content is generated against the tenant during onboarding.

Does the pack regenerate on Complere upgrades?

Yes. Released changes that affect validated functionality trigger pack updates: the affected URS / RA / TM rows, IQP / OQP / PQT scripts, and ATS entries are re-issued for review and re-execution. Customers receive release notes mapping each change to the affected validation artefact.

Want a walkthrough of the pack against your modules?

Book a validation-focused demo. We’ll review the 9 artefacts against your scope and region.

Request a demoCompare to other eQMS