MDSW release documentation

[MarRz]

Hello,

We have software registered as an IVD medical device. It is a legacy device, we registered to get a transition period under IVDR. No EC certificate. Only DoC, since under IVDD device falls under the "other" category.
When talking to our IT department, I discovered they made some changes to the software, and new versions were released. Those were not significant changes, but bug fixes and database updates. However, they did not do appropriate "IVDR documentation", especially release documentation.

We did all the missing documentation now (description of the change, demonstration that it is not a significant change, change management, ...). However, it can be seen in the system that we did it for past events. Also, the final release document (confirmation from the medical device responsible person to launch SW to production), cannot be done for the past.

My question is, what would happen if get surprise visit from local regulatory body and they see what happened? Do you thing things will be ok, since we documented everything for the past, and future work is done correctly? Or could we have some major problems due to what happened?

 

[yodon]

It's good that you caught it!

What's to prevent it from recurring? Sounds like this happened with multiple releases and if that's the case, you have a systemic issue which means you should open a CAPA.

I guess if I was reviewing the situation, I'd ask why you believed these undocumented releases didn't result in any (unknown) issues (i.e., your software not performing as expected)? I would probably say that a retrospective analysis, at least, would be in order with sufficient information to support claims that no issues could have arisen from these undocumented releases. (I would lump this in with the CAPA as part of corrections.)