CNC Software Validation requirements as per ISO 13485:2016

Hello,
As per ISO 13485:2016, software validation is required. In our manufacturing process we use lots of CNC machines (Computer Numeric Controlled). Do these CNC's fall under the requirement of software validation? If so can you guide me with suggestion on how to go about.


Many thanks!
 

Marcelo

Inactive Registered Visitor
Hello,
As per ISO 13485:2016, software validation is required. In our manufacturing process we use lots of CNC machines (Computer Numeric Controlled). Do these CNC's fall under the requirement of software validation? If so can you guide me with suggestion on how to go about.


Many thanks!

Yes, they can fall under. Please see ISO 80002-2 for guidance.
 

mihzago

Trusted Information Resource
I imagine that you would validate the CNC machines as part of the process validation (sec. 7.5.6) and the software used by CNC would be validated together.
 

AndyN

Moved On
Hello,
As per ISO 13485:2016, software validation is required. In our manufacturing process we use lots of CNC machines (Computer Numeric Controlled). Do these CNC's fall under the requirement of software validation? If so can you guide me with suggestion on how to go about.


Many thanks!

Yes. The CNC program causes the part to be made, you check the part to print. If the part conforms, you've just validated the CNC program. Most folks do a "first item" inspection. That's your validation record.
 

Sidney Vianna

Post Responsibly
Leader
Admin
As per ISO 13485:2016, software validation is required.
Are you referring to section 7.5.6 of ISO 13485:2016?
In our manufacturing process we use lots of CNC machines (Computer Numeric Controlled). Do these CNC's fall under the requirement of software validation? If so can you guide me with suggestion on how to go about.
It depends. The ISO 13485 standard states that the need for validation of the process exists when the resulting output cannot be OR IS NOT verified by subsequent monitoring or measurement...

If the machined parts are thoroughly inspected after the NC processing, technically, you would not need to validate anything as, typically, the output can be measured/inspected.

If you plan on NOT inspecting some of the characteristics, then it makes sense for you to "validate" the NC program. In the aerospace sector, this is typically accomplished with a First Article Inspection.
 

yodon

Leader
Super Moderator
The ISO 13485 standard states that the need for validation of the process exists when the resulting output cannot be OR IS NOT verified by subsequent monitoring or measurement...

Software validation is a bit of a different beast. The standard cites a requirement for software validation in multiple places, including 4.1.6 (general requirement for software validation in support of the QMS), 7.5.6 (for software used in production and service provision), & 7.6 (software used in monitoring & measurement).

The standard allows (of course) a risk-based approach to software validation (commensurate with the risk).

I agree with others who indicated the CNC software should be validated. I don't disagree that doing a first article would support software validation but there's more to software validation than just "happy path" use. For example, is the software sufficiently controlled from unauthorized change? There may be other considerations specific to CNCs and potential (mis)use.

You should consider establishing a Validation Master Plan to drive your software validation efforts and establish your risk-based approach.
 

Sidney Vianna

Post Responsibly
Leader
Admin
I agree with others who indicated the CNC software should be validated.
Should is not the same as a requirement (shall). I already explained how ISO 13485:2016 makes a determination if a NC software needs to be validated or not. A simple (NC) machined part which undergoes 100% inspection means that the NC SW is not required to be validated. Obviously, the organization can (and should) go beyond and above the minimum requirements, but, whenever discussing about a standard (such as ISO 13485), I think it is important to identify what is a requirement and what is a nice to have feature.

As for unauthorized change of validated software, software revision re-validation, revision control, in my opinion, that all falls outside of the validation aspect and more along the lines of configuration management, data control, etc...
 
Last edited:

ScottK

Not out of the crisis
Leader
Super Moderator
I'm with Andy and Sidney.
I've spent most of the last 15 years in sites with CNC machines in the med device world and we did not explicitly validate the CNC software because we qualified the equipment (IQ/OQ/PQ) and performed inspection - first piece, in-process, final. Software qualification was part of the IQ/OQ/PQ

So we verified the product to meet the requirements.
 
Top Bottom