The Elsmar Cove Wiki More Free Files The Elsmar Cove Forums Discussion Thread Index Post Attachments Listing Failure Modes Services and Solutions to Problems Elsmar cove Forums Main Page Elsmar Cove Home Page
Google
  Web Elsmar.com
*Please be aware that SOME RECENT forum threads may not yet be indexed by Google.
PDA

View Full Version : OS Changes to Fielded (Validated) Medical System

yodon
27th December 2006, 05:56 PM
Hi all,

We have a client with a validated system (medical device). Part of the system is a "required peripheral" that is a back-end database server. The server is a fairly standard Windows OS configuration. As such, various OS patches / upgrades will be made available. Given that some of these will enhance security, there is a desire to keep up-to-date with patches / upgrades.

In looking at the guidance for Off-the-Shelf Software Use in Medical Devices (and as general good sense), it's clear that some V&V effort is needed to re-validate the system after the patches are applied. My question is how to handle individual sites where the system is deployed.

Given that this server drops into the customer's existing network and is connected to by workstations on their system (outside control of our client's system), I would not expect that an "off line" validation would be sufficient; i.e., it's not sufficient to show the patches do no harm just on a development environment.

Does anyone have any experience with anything like this? Any pointers to guidance docs that might help? Any feedback appreciated.
Kevin Mader
27th December 2006, 07:12 PM
Yodon,

My thinking is that each individual site will require their own specific validation plan. This plan should be developed in consideration to risk incurred by the periodic software updates and how the software itself is used/applied and updated to reflect the changes. The scope of verification and validation should be clearly stated (e.g. installation, integration, regression, operations) and appropriate rationale captured especially when electing to omit some type of verification/validation activity (risk mitigation).

I personally don't have any experience with off the shelf software used in a medical device, so I'm basing my comments on typical approaches we have taken when deploying modules within our enterprisewide software applications. The principles of software validation are pretty straight forward nonetheless and I think that adherence to these and general validation activities and practices should help you solve the riddle.

Sorry I couldn't be of more help.

Regards,

Kevin