Aged Inspection Equipment Software has no Audit Trail - Validation of Software

We (medical device manufacturer) use (many years) a software to administrate inspection equipment.
This software has no audittrail. furthermore there is no possibility to login.

The question is:
Is it possible to use and validate this software?
Do we have to replace the software by a part 11 compliant software?

What possibilities do we have?

Re: Prüfmittelverwaltungssoftware besitzt kein Audittrail

Frank Haberbosch said:

Die - schon seit vielen Jahren - bestehende Prüfmittelverwaltungssoftware (Standardsoftware), die im Hause genutzt wird besitzt keine Audittrail. Weiterhin ist diese Software auch nicht durch einen Login geschüzt.

Dies wurde im Rahmen einer Validierung festgestellt.

Muss diese Software nun duch eine Part 11 konforme Software ersetzt werden?
Oder kann diese bestehende Software weiterhin genutzt werden?

Oder muss eine neue Software beschafft werden?

Click to expand...

Frank, welcome to the Cove

Can you pl translate your post in English as we share Q & A in English and not in any other language ?

Welcome to the Cove, Frank.

This is to bump this thread and point you to some previous discussions on retrospective validation (click on the words in blue), from which you may be able to get some ideas.

Some general remarks:
There is no yes or no answer for such a general question / problem.
There are always multiple ways to Rome (and compliance)

Regarding your problem:
What is the process this software fullfills? (is it a register, a digital quality or product file, a software design tool, etc..)
(or is it just a registration tool such as excel, word, access?)
What is the criticallity of this process? (do you base descisions on the outcome, if so how critical are these, etc...)
Is the process so critical that the input (in the software) should be restricted to qualified personell only? (Please note that this can be done in multiple ways other than log-in restrictions on the software itself, e.g. OS log-in / application restrictions, network access restrictions, area restrictions, etc...)
Is the output critical? (who may access the output, can it be altered (accidentally), ...)
Is the output digital or do you keep hard copies (paper) as original files.

Long story short:
How critical is this software in your production process and what is the nessesity to control user access?

Hope this helps a bit.

Thank you for helping me.


The software stores all (> 2000) available "Inspection Equipment" (e. g. measurement device).
Critical parameters are "timestamp of last inspection" and "timestamp of next inspection".

It works a bit like excel, but there are some predefined "Searches":
a.) which equipment has to be inspected this next month
b.) which equipment can be used


The Software helps to locate the equipment for the next inspection.
Therefore i think the ouput is critical.

All inspections are documented as hard copies (paper).

--> The software 'helps to locate' the equipment for the next inspection...

It's a help-tool/list of dates to get your test equipment calibrated in time.
How can this be critical to the quality of your MD devices.
It's important, okay, but critical in the production process?

Any way, to me it's just another register. What would you need an audit trail for?
True/actual versions are (or can be) controled by hardcopy, so you could sign of on them as qualified QA person with a date etc.
I wouldn't bother validating and implementing 21cfr11 on such a register.
Whats the worst that can happen if it would crash or get corrupted?
Has that any 'direct' influence on the MD's you're producing?
Do the test devices have 'calibration due' stickers?
Do test operators verify the test device is ready for use (e.g. calibration not expired, system works properly... etc)

So again, why would you want to validate such a register tool (which is not much work, but even so, you need to ask yourself this question) and why would you want an (electronic) audit trail in it?