perform-csv-assessment

Perform a Computer Systems Validation (CSV) assessment following GAMP 5 methodology. Covers user requirements, risk assessment, IQ/OQ/PQ planning, traceability matrix creation, and validation summary reporting. Use when a new computerized system is being introduced in a GxP environment, when an existing validated system is undergoing significant change, when periodic revalidation is required, or when a regulatory inspection demands a validation gap analysis.

9 stars

Best use case

perform-csv-assessment is best used when you need a repeatable AI agent workflow instead of a one-off prompt.

Perform a Computer Systems Validation (CSV) assessment following GAMP 5 methodology. Covers user requirements, risk assessment, IQ/OQ/PQ planning, traceability matrix creation, and validation summary reporting. Use when a new computerized system is being introduced in a GxP environment, when an existing validated system is undergoing significant change, when periodic revalidation is required, or when a regulatory inspection demands a validation gap analysis.

Teams using perform-csv-assessment should expect a more consistent output, faster repeated execution, less prompt rewriting.

When to use this skill

  • You want a reusable workflow that can be run more than once with consistent structure.

When not to use this skill

  • You only need a quick one-off answer and do not need a reusable workflow.
  • You cannot install or maintain the underlying files, dependencies, or repository context.

Installation

Claude Code / Cursor / Codex

$curl -o ~/.claude/skills/perform-csv-assessment/SKILL.md --create-dirs "https://raw.githubusercontent.com/pjt222/agent-almanac/main/i18n/caveman-lite/skills/perform-csv-assessment/SKILL.md"

Manual Installation

  1. Download SKILL.md from GitHub
  2. Place it in .claude/skills/perform-csv-assessment/SKILL.md inside your project
  3. Restart your AI agent — it will auto-discover the skill

How perform-csv-assessment Compares

Feature / Agentperform-csv-assessmentStandard Approach
Platform SupportNot specifiedLimited / Varies
Context Awareness High Baseline
Installation ComplexityUnknownN/A

Frequently Asked Questions

What does this skill do?

Perform a Computer Systems Validation (CSV) assessment following GAMP 5 methodology. Covers user requirements, risk assessment, IQ/OQ/PQ planning, traceability matrix creation, and validation summary reporting. Use when a new computerized system is being introduced in a GxP environment, when an existing validated system is undergoing significant change, when periodic revalidation is required, or when a regulatory inspection demands a validation gap analysis.

Where can I find the source code?

You can find the source code on GitHub using the link provided at the top of the page.

SKILL.md Source

# Perform CSV Assessment

Conduct a Computer Systems Validation assessment using GAMP 5 risk-based methodology for regulated environments.

## When to Use

- A new computerized system is being introduced in a GxP environment
- An existing validated system is undergoing significant change
- Periodic revalidation is required
- Regulatory inspection preparation demands a validation gap analysis

## Inputs

- **Required**: System description (name, purpose, vendor, version)
- **Required**: Intended use statement and regulatory context (GxP scope)
- **Required**: GAMP 5 software category (1–5)
- **Optional**: Existing user requirements specification (URS)
- **Optional**: Vendor documentation (design specs, release notes, SOPs)
- **Optional**: Previous validation documentation

## Procedure

### Step 1: Determine GAMP 5 Software Category

Classify the system:

| Category | Type | Example | Validation Effort |
|----------|------|---------|-------------------|
| 1 | Infrastructure software | OS, firmware | Low — verify installation |
| 3 | Non-configured product | COTS as-is | Low-Medium — verify functionality |
| 4 | Configured product | LIMS with config | Medium-High — verify configuration |
| 5 | Custom application | Bespoke R/Shiny app | High — full lifecycle validation |

**Got:** Category clearly assigned with rationale documented.
**If fail:** If category is ambiguous, default to the higher category and document the rationale.

### Step 2: Write User Requirements Specification (URS)

Create a URS document with numbered requirements:

```markdown
# User Requirements Specification
## System: [System Name] v[Version]
## Document ID: URS-[SYS]-[NNN]

### 1. Purpose
[Intended use statement]

### 2. Functional Requirements
| ID | Requirement | Priority | Source |
|----|-------------|----------|--------|
| URS-001 | System shall calculate BMI from height and weight inputs | Must | Regulatory SOP-xxx |
| URS-002 | System shall generate audit trail entries for all data changes | Must | 21 CFR 11.10(e) |
| URS-003 | System shall export results in PDF format | Should | User request |

### 3. Non-Functional Requirements
| ID | Requirement | Priority | Source |
|----|-------------|----------|--------|
| URS-010 | System shall respond within 3 seconds for standard queries | Should | Usability |
| URS-011 | System shall restrict access via role-based authentication | Must | 21 CFR 11.10(d) |

### 4. Data Integrity Requirements
[ALCOA+ requirements: Attributable, Legible, Contemporaneous, Original, Accurate]

### 5. Regulatory Requirements
[Specific 21 CFR Part 11, EU Annex 11, or other applicable requirements]
```

**Got:** All requirements have unique IDs, priorities, and traceability to source.
**If fail:** Flag requirements without clear source or priority for stakeholder review.

### Step 3: Perform Risk Assessment

Apply GAMP 5 risk-based approach using a Failure Mode and Effects Analysis (FMEA):

```markdown
# Risk Assessment
## Document ID: RA-[SYS]-[NNN]

| Req ID | Failure Mode | Severity (1-5) | Probability (1-5) | Detectability (1-5) | RPN | Risk Level | Mitigation |
|--------|-------------|----------------|-------------------|---------------------|-----|------------|------------|
| URS-001 | Incorrect BMI calculation | 4 | 2 | 1 | 8 | Low | OQ test case |
| URS-002 | Audit trail entries missing | 5 | 3 | 3 | 45 | High | IQ + OQ + monitoring |
| URS-011 | Unauthorized access | 5 | 2 | 2 | 20 | Medium | OQ test + periodic review |
```

Risk Priority Number (RPN) = Severity x Probability x Detectability.

| RPN Range | Risk Level | Testing Requirement |
|-----------|------------|---------------------|
| 1–12 | Low | Basic verification |
| 13–36 | Medium | Documented test case |
| 37+ | High | Full IQ/OQ/PQ with retest |

**Got:** Every URS requirement has a corresponding risk assessment row.
**If fail:** Escalate unassessed requirements to the validation lead before proceeding.

### Step 4: Define Validation Strategy (Validation Plan)

```markdown
# Validation Plan
## Document ID: VP-[SYS]-[NNN]

### Scope
- System: [Name] v[Version]
- GAMP Category: [N]
- Validation approach: [Prospective / Retrospective / Concurrent]

### Qualification Stages
| Stage | Scope | Applies? | Rationale |
|-------|-------|----------|-----------|
| IQ | Installation correctness | Yes | Verify installation, dependencies, configuration |
| OQ | Operational requirements | Yes | Verify functional requirements from URS |
| PQ | Performance under real conditions | [Yes/No] | [Rationale] |

### Roles and Responsibilities
| Role | Name | Responsibility |
|------|------|---------------|
| Validation Lead | [Name] | Plan, coordinate, approve |
| Tester | [Name] | Execute test scripts |
| System Owner | [Name] | Approve for production use |
| QA | [Name] | Review and sign-off |

### Acceptance Criteria
- All critical test cases pass
- No unresolved critical or major deviations
- Traceability matrix complete
```

**Got:** Validation plan approved by all stakeholders before test execution.
**If fail:** Do not proceed to test execution without an approved validation plan.

### Step 5: Create Test Protocols (IQ/OQ/PQ)

Write test scripts for each qualification stage:

```markdown
# Operational Qualification Protocol
## Test Case: TC-OQ-001
## Traces to: URS-001

**Objective:** Verify BMI calculation accuracy

**Prerequisites:**
- System installed per IQ protocol
- Test data set prepared

**Test Steps:**
| Step | Action | Expected Result | Actual Result | Pass/Fail |
|------|--------|-----------------|---------------|-----------|
| 1 | Enter height=180cm, weight=75kg | BMI displayed as 23.15 | | |
| 2 | Enter height=160cm, weight=90kg | BMI displayed as 35.16 | | |
| 3 | Enter height=0, weight=75kg | Error message displayed | | |

**Tester:** _________ Date: _________
**Reviewer:** _________ Date: _________
```

**Got:** Every medium- and high-risk requirement has at least one test case.
**If fail:** Add missing test cases before execution begins.

### Step 6: Build Traceability Matrix

Create a Requirements Traceability Matrix (RTM) linking every requirement through risk assessment to test cases:

```markdown
# Traceability Matrix
## Document ID: TM-[SYS]-[NNN]

| URS ID | Requirement | Risk Level | Test Case(s) | Test Result | Status |
|--------|-------------|------------|--------------|-------------|--------|
| URS-001 | BMI calculation | Low | TC-OQ-001 | Pass | Verified |
| URS-002 | Audit trail | High | TC-IQ-003, TC-OQ-005 | Pass | Verified |
| URS-003 | PDF export | Low | TC-OQ-008 | Pass | Verified |
| URS-011 | Role-based access | Medium | TC-OQ-010, TC-OQ-011 | Pass | Verified |
```

**Got:** 100% of URS requirements appear in the traceability matrix with linked test results.
**If fail:** Any requirement without a linked test result is flagged as a validation gap.

### Step 7: Write Validation Summary Report

```markdown
# Validation Summary Report
## Document ID: VSR-[SYS]-[NNN]

### 1. Executive Summary
[System name] v[version] has been validated in accordance with [VP document ID].

### 2. Validation Activities Performed
| Activity | Document ID | Status |
|----------|-------------|--------|
| User Requirements | URS-SYS-001 | Approved |
| Risk Assessment | RA-SYS-001 | Approved |
| Validation Plan | VP-SYS-001 | Approved |
| IQ Protocol/Report | IQ-SYS-001 | Executed — Pass |
| OQ Protocol/Report | OQ-SYS-001 | Executed — Pass |
| Traceability Matrix | TM-SYS-001 | Complete |

### 3. Deviations
| Dev ID | Description | Impact | Resolution |
|--------|-------------|--------|------------|
| DEV-001 | [Description] | [Impact assessment] | [Resolution and rationale] |

### 4. Conclusion
The system meets all user requirements as documented in [URS ID]. The validation is considered [Successful / Successful with conditions].

### 5. Approval
| Role | Name | Signature | Date |
|------|------|-----------|------|
| Validation Lead | | | |
| System Owner | | | |
| Quality Assurance | | | |
```

**Got:** Report references all validation deliverables with clear pass/fail conclusion.
**If fail:** If deviations are unresolved, the report must state "conditional" status with CAPA references.

## Validation

- [ ] GAMP 5 category assigned with documented rationale
- [ ] URS has numbered requirements with priorities and traceability to source
- [ ] Risk assessment covers every URS requirement
- [ ] Validation plan approved before test execution
- [ ] Test protocols have prerequisite, step, expected result, and signature fields
- [ ] Traceability matrix links every requirement to risk and test results
- [ ] Validation summary report documents all activities, deviations, and conclusion
- [ ] All documents have unique document IDs and version control

## Pitfalls

- **Over-validation**: Applying Category 5 effort to Category 3 software wastes resources. Match effort to risk.
- **Missing traceability**: Requirements that do not trace through to test cases are invisible gaps.
- **Testing without a plan**: Executing tests before the validation plan is approved invalidates results.
- **Ignoring non-functional requirements**: Security, performance, and data integrity requirements are often overlooked.
- **Static validation**: Treating validation as a one-time event. Changes require re-assessment.

## Related Skills

- `setup-gxp-r-project` — project structure for validated R environments
- `write-validation-documentation` — IQ/OQ/PQ protocol and report writing
- `implement-audit-trail` — audit trail implementation for electronic records
- `validate-statistical-output` — statistical output verification methodology
- `conduct-gxp-audit` — auditing validated systems

Related Skills

optimize-shiny-performance

9
from pjt222/agent-almanac

Profile and optimize Shiny application performance using profvis, bindCache, memoise, async/promises, debounce/throttle, and ExtendedTask for long-running computations. Use when the app feels slow or unresponsive during user interaction, when server resources are exhausted under concurrent load, when specific operations create bottlenecks, or when preparing an app for production deployment with many concurrent users.

skill-name-here

9
from pjt222/agent-almanac

One to three sentences describing what this skill accomplishes, followed by key activation triggers. This field is the primary mechanism agents use to decide whether to activate the skill — it is read during discovery before the full body is loaded. Start with a verb. Include the most important "when to use" conditions inline. Max 1024 characters.

write-vignette

9
from pjt222/agent-almanac

Create R package vignettes using R Markdown or Quarto. Covers vignette setup, YAML configuration, code chunk options, building and testing, and CRAN requirements for vignettes. Use when adding a Getting Started tutorial, documenting complex workflows spanning multiple functions, creating domain-specific guides, or when CRAN submission requires user-facing documentation beyond function help pages.

write-validation-documentation

9
from pjt222/agent-almanac

Write IQ/OQ/PQ validation documentation for computerized systems in regulated environments. Covers protocols, reports, test scripts, deviation handling, and approval workflows. Use when validating R or other software for regulated use, preparing for a regulatory audit, documenting qualification of computing environments, or creating and updating validation protocols and reports for new or re-qualified systems.

write-testthat-tests

9
from pjt222/agent-almanac

Write comprehensive testthat (edition 3) tests for R package functions. Covers test organization, expectations, fixtures, mocking, snapshot tests, parameterized tests, and achieving high coverage. Use when adding tests for new package functions, increasing test coverage for existing code, writing regression tests for bug fixes, or setting up test infrastructure for a package that lacks it.

write-standard-operating-procedure

9
from pjt222/agent-almanac

Write a GxP-compliant Standard Operating Procedure (SOP). Covers regulatory SOP template structure (purpose, scope, definitions, responsibilities, procedure, references, revision history), approval workflow design, periodic review scheduling, and operational procedures for system use. Use when a new validated system requires operational procedures, when existing informal procedures need formalisation, when an audit finding cites missing procedures, when a change control triggers SOP updates, or when periodic review identifies outdated procedural content.

write-roxygen-docs

9
from pjt222/agent-almanac

Write roxygen2 documentation for R package functions, datasets, and classes. Covers all standard tags, cross-references, examples, and generating NAMESPACE entries. Follows tidyverse documentation style. Use when adding documentation to new exported functions, documenting internal helpers or datasets, documenting S3/S4/R6 classes and methods, or fixing documentation-related R CMD check notes.

write-incident-runbook

9
from pjt222/agent-almanac

Create structured incident runbooks with diagnostic steps, resolution procedures, escalation paths, and communication templates for effective incident response. Use when documenting response procedures for recurring alerts, standardizing incident response across an on-call rotation, reducing MTTR with clear diagnostic steps, creating training materials for new team members, or linking alert annotations directly to resolution procedures.

write-helm-chart

9
from pjt222/agent-almanac

Create production-ready Helm charts for Kubernetes application deployment with templating, values management, chart dependencies, hooks, and testing. Covers chart structure, Go template syntax, values.yaml design, chart repositories, versioning, and best practices for maintainable and reusable charts. Use when packaging a Kubernetes application for repeatable deployments, parameterizing manifests for multiple environments, managing complex multi-component applications with dependencies, or standardizing deployment practices with versioned rollback capability across teams.

write-continue-here

9
from pjt222/agent-almanac

Write a CONTINUE_HERE.md file capturing current session state so a fresh Claude Code session can pick up where this one left off. Covers assessing recent work, structuring the continuation file with objective, completed, in-progress, next-steps, and context sections, and verifying the file is actionable. Use when ending a session with unfinished work, handing off context between sessions, or preserving task state that git alone cannot capture.

write-claude-md

9
from pjt222/agent-almanac

Create an effective CLAUDE.md file that provides project-specific instructions to AI coding assistants. Covers structure, common sections, do/don't patterns, and integration with MCP servers and agent definitions. Use when starting a new project where AI assistants will be used, improving AI behavior on an existing project, documenting project conventions and constraints, or integrating MCP servers or agent definitions into a project workflow.

vishnu-bhaga

9
from pjt222/agent-almanac

Preservation and sustenance — maintaining working state under perturbation, memory anchoring, consistency enforcement, and protective stabilization. Maps Vishnu's sustaining presence to AI reasoning: holding what works steady, anchoring verified knowledge against drift, and ensuring continuity through change. Use when a working approach is at risk from scope creep, when context drift threatens verified knowledge, after shiva-bhaga dissolution to protect what survived, when a long session risks losing earlier decisions through context compression, or before making changes to a currently functioning system.