IS0 13485:2003 - Validation of the Application of Computer Software

Chitchat

Registered Visitor
Can anyone explain what is meant by this clause (validation of the application of computer software)? Is it solely in relation to software systems that are used in production or is it in relation to material management software, MS Access databases and excel spreadsheets which are use for the collection/trending of data? Am I confusing this requirement with 21 CFR Part 11? What would be the content of a typical procedure on the validation of the application of computer software?

Thanks in advance!
 

Al Rosen

Leader
Super Moderator
Chitchat said:
Can anyone explain what is meant by this clause (validation of the application of computer software)? Is it solely in relation to software systems that are used in production or is it in relation to material management software, MS Access databases and excel spreadsheets which are use for the collection/trending of data? Am I confusing this requirement with 21 CFR Part 11? What would be the content of a typical procedure on the validation of the application of computer software?

Thanks in advance!
You may be unsure of this because you have left out the complete statement as it appears in 7.5.2.1, General requirements.
ISO13485 7.5.2.1 in part said:
The organization shall establish documented procedures for the validation of the application of computer software(and changes to such software and/or its application) for production and service provision that affect the ability of the product to conform to specified requirements. Such software applications shall be validated prior to initial use.
So if the software can affect product/service quality, it must be validated prior to initial use.
 

amjadrana

Involved - Posts
Iso 13485:2003

The software that is part of a medical device needs to be validated for its intended use.
 

Chitchat

Registered Visitor
IS0 13485:2003, Validation of the application of computer software

Yes, I understand that if it part of the medical device it must be validated. My question is in relation to software that’s used to perform a regulated activity such as CAPA/complaint handling databases. Do these applications need to be validated per this clause in 13485:2003, they are not part or the medical device itself but part of the QMS for the medical device?
 

Al Rosen

Leader
Super Moderator
Chitchat said:
Yes, I understand that if it part of the medical device it must be validated. My question is in relation to software that’s used to perform a regulated activity such as CAPA/complaint handling databases. Do these applications need to be validated per this clause in 13485:2003, they are not part or the medical device itself but part of the QMS for the medical device?
I believe, if the software forms part of the device, or has been used to design the device, according to ISO 13485, it needs to be validated . I don't think you need to validate CAPA/complaint handling software.
 

apestate

Quite Involved in Discussions
Excellent timing

I haven't had to address this requirement in the past.
The organization shall establish documented procedures for the validation of the application of computer software(and changes to such software and/or its application) for production and service provision that affect the ability of the product to conform to specified requirements. Such software applications shall be validated prior to initial use.
What if that software provides control points in SPC data and displays instructions for making adjustments, does math?

This question has been coming back into my mind for a while. At our company, a piece of software has been custom written by an IT professional. It basically displays the measurements required and sample frequency, and then puts the measurements into an SPC output.

Will this software require validation--and in a general sort of way, what means are there to prove that the software and its application is valid?
 

Al Rosen

Leader
Super Moderator
atetsade said:
Excellent timing

I haven't had to address this requirement in the past.

What if that software provides control points in SPC data and displays instructions for making adjustments, does math?

This question has been coming back into my mind for a while. At our company, a piece of software has been custom written by an IT professional. It basically displays the measurements required and sample frequency, and then puts the measurements into an SPC output.

Will this software require validation--and in a general sort of way, what means are there to prove that the software and its application is valid?
This software requires validation. It is:

"computer software for production and service provision that affect the ability of the product to conform to specified requirements".

Look at the FDA guidance, "General Principles of Software Validation". I know that I have posted it here, in the Cove.
 
P

PAMELAGR

Validation requirements apply to software used as components in medical devices, to software that is itself a medical device, and to software used in production of the device or in implementation of the device manufacturer's quality system.


The criteria needs to be a #1 risk based, science based assessment, the potential of impact to affect product quality, safety, and record integrity. see ALSO latest FDA guidance 21CFR PART 11 August 2003
 

Al Rosen

Leader
Super Moderator
PAMELAGR said:
Validation requirements apply to software used as components in medical devices, to software that is itself a medical device, and to software used in production of the device or in implementation of the device manufacturer's quality system.


The criteria needs to be a #1 risk based, science based assessment, the potential of impact to affect product quality, safety, and record integrity. see ALSO latest FDA guidance 21CFR PART 11 August 2003
Pamela the original post was in reference to ISO 13485. I suggested the FDA guidance as a source of information only. I don't think there is anything in 13485 that is analogus to 21CFR11. If I am mistaken, please direct me to the requirement.
 
L

Linda W

ISO-13485 does not require compliance to FDA 21 CFR Part 11 but anyone in the medical device industry must be aware of this requirement and comply. In March of 1997, FDA issued 21 CFR Part 11 regulations that provided criteria for acceptance by FDA of electronic records and signatures as equivalent to paper records and handwritten signatures executed on paper. FDA requires any software product developed or acquired after June 1, 1997 to be subject to this rules. Compliance with FDA regulations is mandatory for all systems or networks that contains records (data) required to provide evidence of compliance to a predicate rule, such as 21 CFR 820 (GMPs for medical devices) that would include CAPA, Complaints, Document Control, etc.

Linda
 
Top Bottom