ISO 62304 and Validation of Medical Device Software Tools

E

Enkidu

Hi,

Apologies if I'm asking a question that's already been answered. If so, any pointers an answer would be gratefully received.

I'm working with a manufacturer who is using an agile methodology to create class C medical device software. The organisation wants to ensure its QMS and practices are 62304 compliant. I'm supposed to be helping.

One of the issues I have is related to software tools. I'm struggling to understand the full extent of what's required to validate our configuration management software. What I'm finding hardest to understand is whether the tool needs to be on a dedicated server, how secure any server needs to be. Questions of that ilk.

Can anyone suggest where I might go for guidance? Or can anyone provide any guidance?

Any help gratefully received.
 
A

alex.Kennedy

Re: ISO 62304 and Validation of Software Tools

This is one of the major concerns is using 'software tools' to manipulate software. You must validated your 'tools' thoroughly to give confidence that the software is not adultered.
This has often preclude the use of such tools in the pharmaceutical field. I.E. validation of the tools was a bigger task than validation of the software.
Where you store validated software must conform to cGMP requirements. That usually means validating the system to ensure security of the data from unauthorized access, fire, tempest, floods all other biblical disasters.
 
A

alex.Kennedy

Re: ISO 62304 and Validation of Software Tools

This is one of the major concerns is using 'software tools' to manipulate software. You must validate your 'tools' thoroughly to give confidence that the software is not adultered by the use of the ‘Tools’.

This has often precluded the use of such tools in the pharmaceutical field. I.E. validation of the tools was a bigger task than validation of the software.

Storage of validated software, including tools used with this software, must conform to cGMP requirements. That usually means validating the system to ensure security of the data from unauthorized access/use/modification, fire or environmental degradation.

Alex Kennedy
 
Last edited by a moderator:
M

Micked

Re: ISO 62304 and Validation of Software Tools

Validation of software tools is a never ending source of confusion, ask me I've been there...
Ever tried to validate a C compiler?

I have actually found some light in the AAMI guidance TIR-36. This has the usual setup of intended use - requirements - installation - verification - maintenance etc. The largest value of this report is the examples provided. They walk you through validation of everything from a simple spreadsheet through a C compiler to a complex manufacturing system. Highly recommended!
This technical report is also on its way to be an IEC TR (technical report).

Good luck!
 
Y

yalna

Re: ISO 62304 and Validation of Software Tools

Sorry for bringing this thread back from the dead but...

I am currently in the middle of trying to validate a compiler (VS2010) and honestly, have no idea where to start from...

The FDA states in "Off-The-Shelf Software Use in Medical Devices" guideline the basic documentation required, one of which is: "5. How do you know it works?" part.

So how can I know a compiler works without covering all of the end cases?
Is assuming that millions of developers worldwide using it is sufficient?

Thanks,

Yalna
 
sagai

sagai

Quite Involved in Discussions
Re: ISO 62304 and Validation of Software Tools

Hi Yalna,
that special control relates to OTS built into the MD, that guide has no relevance to your problem I think, due to compiler is not built into the MD.
What you are looking for is how to comply with 21CFR820.70(i) actually.

For compiler :)
Is assuming that millions of developers worldwide using it is sufficient?
Click to expand...
In medical industry it does not save our soul. :cool:

what you can do is to drive your validation effort into almost zero with common sense involvement :tg:, namely the validity of the compiler operation is checked implicitly during the unit/subsystem/whatever product testing, because those test would fail obviously in case the compiler would have failed to fulfill itsown intended use.
Well it should be packaged nicely into a rational.

Regards
Szabolcs
 
Y

yalna

Re: ISO 62304 and Validation of Software Tools

Thanks for the reply.

You helped me put some sense into the whole procedure.

Yalna
 
You must log in or register to reply here.

Similar threads

A
Software validation with IEC 60601-1, 61508-3 or 62304?
Replies
5
Views
299
Tidge
T
J
IEC 62304, Multiple software systems in one medical device
Replies
6
Views
599
DanMann
D
A
Design validation for an embedded software ? 62304 or 82304 or what?
Replies
6
Views
213
Ed Panek
Ed Panek
A
Change Control SaMD, Validating Azure Dev Ops for using it as document control tool
Replies
2
Views
562
AtulD
A
W
Cybersecurity in Medical Devices: Quality System Considerations and Content of Premarket Submissions
Replies
7
Views
621
avrqms
A
Top Bottom