I am starting gain know-how of quality and validation aspects with regards to LS industry, so have a couple of questions which needs to be addressed.
If a pharmaceutical company has a strategic IT team and enough competent to handle CSV for its applications and systems, still is it mandatory to outsource CSV to third party vendor? if so, why?
No it is not mandatory to outsource if the in-house knows what they are doing and have experience in this field.
Please explain how the vendor could have validated the system, what is your definition of validation?
Please if anyone can help me understand with the queries, would appreciate that.
Outsourcing is a business decision, not mandatory by regulation. Software cannot be validated by the vendor, meaning that the end user (LS company) needs to validate its use of that software. In the risk based world COTS functionality may not get as thoroughly tested as before, but that is based on the risk assessment and the validation plan. You may want to read GAMP 5 which is available from ISPE.