Medical Device Software Verification & Validation for Client Specific Configurations

[tebusse]

Greetings!

For medical device software, after the installation process we may receive a request from a user (i.e. client) to customize their service. This servicing request may include changes to a report template, creating an app/cron action, etc. I've been told these are client specific configurations to the software and do not affect the finished medical device as a whole.

The current practice of our company is to perform a validation of the configuration prior to implementation. Is this the correct practice? The argument is that this only needs verification. If verification is the only requirement, is the documentation still based on pass/fail criteria?

Regards, Tonia

 

[somashekar]

Re: Verification or validation for client configurations?

Greetings!

For medical device software, after the installation process we may receive a request from a user (i.e. client) to customize their service. This servicing request may include changes to a report template, creating an app/cron action, etc. I've been told these are client specific configurations to the software and do not affect the finished medical device as a whole.

The current practice of our company is to perform a validation of the configuration prior to implementation. Is this the correct practice? The argument is that this only needs verification. If verification is the only requirement, is the documentation still based on pass/fail criteria?

Regards, Tonia

Hi Tonia.
Software in its capacity is a medical device per definition as in ISO13485:2003. When a change is made client specific after delivery, the changes shall be reviewed, verified and validated, as appropriate, and approved before implementation.
In your case when you make changes, you create a new version and perhaps will show up on the display at client for its identification. You will maintain this in your change records as a client specific change and the main validated software version is unchanged.
Based on the client request, the one who approves the original software must take a call after assessing, if this change is not effecting the safety and effectiveness of its use.
Records of the results of the review of changes and any necessary actions shall be maintained. Here the decision why a validation was not needed can be detailed.

 

[yodon]

Re: Medical Device Software Verification & Validation for Client Specific Configurati

Someshaker is (as usual) correct in his assessment but I'd like to add on a bit.

If your original V&V does not cover the scope of the customization then you may not be able to justify not doing anything. For example, if the customization does something like launch the application in 2 simultaneous sessions and you haven't verified this does not cause any data corruption, then you may need significantly more verification.

Part of the change assessment does need to include a risk assessment. Let that drive the level of V&V. And, as Someshaker correctly points out, document your actions and decision.

Your question about documentation (still being) based on pass/fail criteria took me aback somewhat. All V&V is based on pre-defined success criteria. I'm not sure what the point of testing would be otherwise. Can you clarify?