SBS - The best value in QMS software

Confirmation of Computer Software to satisfy Intended Application

I

Integrator - 2012

#1
Here's a topic not often discussed I think.

At the end of 7.6 Control of monitoring and measuring equipment, it says:-
'NOTE Confirmation of the ability of computer software to satisfy the intended application would typically include its verification and configuration management to maintain its suitability for use.'

This was new in 2008. Most external auditors I've seen interpret it to mean that some means of proof that software is working correctly is required, e.g. develop a form with some standard inputs and standard outputs; you verify if your regular check gives the right result (within an appropriate tolerance) and retain the record.

If this is the requirement the application seems patchy. There is so much software these days where do you draw the line. Just a few thoughts;

1) Common software normally works OK but what about a common problem that spreadsheet software formulas have become corrupted by poorly trained humans. Should there be some note in QMS documentation that spreadsheet or other relevant software should be protected where possible to prevent inappropriate alteration of formulas, or access restricted by login as required? Should training in relevant software be listed in Training Registers to reduce the risk of such corruption?

2) Can verification of software be requested from software suppliers? Would this be of value? Of course it can't be proven that the end result will be correct if untrained persons are at the controls, but perhaps this can provide some assurance. It can definitely be argued that in well developed software, source codes are usually protected from any kind of 'messing up' by users.

3) On the other hand verification by the end user must give confidence of no gross error. This would particularly be welcome where there is any doubt as to the software’s efficacy, e.g. ‘in-company' developed software where the chance of mistakes may be greater the software development may be less well resourced.

There's a lot to discuss here!
 
Elsmar Forum Sponsor

John Broomfield

Staff member
Super Moderator
#2
Integrator,

Yes, mission critical computer models must be validated and protected before issue for use from unauthorized changes.

As for the software I would say that is a matter of common usage. It would be wasteful to re-validate MS Excel every time we use it to calculate a standard deviation or a set of financial accounts.

But if we decide to select and use software with prohibitive costs of nonconformity such as awarding a multi-billion rail services contract, for example, we would design selection criteria, buy software that met the criteria, validate the software for its purpose, build the model, validate the model and then lock it down.

John
 

v9991

Trusted Information Resource
#3
Most external auditors I've seen interpret it to mean that some means of proof that software is working correctly is required, e.g. develop a form with some standard inputs and standard outputs; you verify if your regular check gives the right result (within an appropriate tolerance) and retain the record.
one way to overcome this scenario is to define the interpretation-scope-approach in your quality manual and then supported by respective procedures/records;

1) Common software normally works OK but what about a common problem that spreadsheet software formulas have become corrupted by poorly trained humans. Should there be some note in QMS documentation that spreadsheet or other relevant software should be protected where possible to prevent inappropriate alteration of formulas, or access restricted by login as required? Should training in relevant software be listed in Training Registers to reduce the risk of such corruption?
This would be specifically true for regulated environments. even otherwise, as a good practice, to control these excel formats/templates for auto calculations (viz., password protected to prevent any in-advertant modifications/deletions) etc.,
where the systems are controlling (PLCs) and where the SCADA systems are installed, any change to configurations of PCs could potentially impact the performance of the m/c; hence control required is obvious.
another way of looking at is the decisions&conclusions arrived from these PCs or S/w. (viz., batch release decisions, stock rejects, issuance or complaints or even doc-control etc)
now this is very approach-scope-interpretation to be included in QM which will form the basis for the implementation (& audit reviews)

2) Can verification of software be requested from software suppliers? Would this be of value? Of course it can't be proven that the end result will be correct if untrained persons are at the controls, but perhaps this can provide some assurance. It can definitely be argued that in well developed software, source codes are usually protected from any kind of 'messing up' by users.
3) On the other hand verification by the end user must give confidence of no gross error. This would particularly be welcome where there is any doubt as to the software’s efficacy, e.g. ‘in-company' developed software where the chance of mistakes may be greater the software development may be less well resourced.
YES; especially for COTS applications; the level of qualification & validation is outlined in GAMP guideline which categorizes s/w into 4 categories.
http://www.vialis.at/fileadmin/files/imgs/pdf/Newsletter/q1-09/08MJ-Martin.pdf

although the pharma & life sciences industries discuss above subject interms of compliance, and 21 CFR part 11 (electronic records and e-signatures)

There is dedicated forum on elsmar to discuss various aspects of this subject (although the scope here in following forum includes qualification & validations as well)
http://elsmar.com/Forums/forumdisplay.php?f=181

(of course this is widely focussed & accepted mainly in regulated environment, but principles are as relevant elsewhere... a quick search for above doc will reveal adequate insights into above doc(s))

hope this helps...
 
Thread starter Similar threads Forum Replies Date
supadrai Auditing Organization dragging their heels on issuing our MDSAP Surveillance Audit Confirmation Letter - everyone is nervous ... are we the only ones? Canada Medical Device Regulations 7
Pmarszal Delivery Confirmation? Do we need to save? 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 3
L Supplier Revision Confirmation of Received Engineering Documents ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 2
M Is a confirmation trial is obligatory in development of a product? Design and Development of Products and Processes 3
M Is a confirmation trial obligatory in development of a product? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 3
Uriel Alejandro P.O. As evidence of customer confirmation of requirements AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 4
A ISO 10012:2003 question (Confirmation ID) Other ISO and International Standards and European Regulations 1
L ISO 10012:2003 question (Confirmation ID) General Measurement Device and Calibration Topics 2
B Validation vs. Confirmation in the context of an Analytical Laboratory General Measurement Device and Calibration Topics 10
T Material Standard Confirmation - Mill cert standards for raw material? ie Bar, round ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 5
H Confirmation of software - Exactly what the last paragraph of 7.6 is asking for? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 6
F ISO 10012 and ISO 17025 - Doing research about metrology systems confirmation ISO 17025 related Discussions 7
T Monitoring & Measuring Software confirmation (validation) - TS 16949 Section 7.6 Statistical Analysis Tools, Techniques and SPC 1
W 7.6 Software confirmation ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 1
C ISO 10012-1 4.10 Confirmation Labeling General Measurement Device and Calibration Topics 2
D FDA Guidance on Computer Software Assurance versus 21 CFR Part 11 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 2
O Any info on release date of FDA “Computer Software Assurance for Manufacturing and Quality System Software” document? 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 0
S Computer System Validation of Bioinformatics Pipeline Qualification and Validation (including 21 CFR Part 11) 5
M Informational USFDA Draft Guidance – Implanted Brain-Computer Interface (BCI) Devices for Patients with Paralysis or Amputation – Non-clinical Testing and Clinical Medical Device and FDA Regulations and Standards News 0
F EMC testing for a system that is provided with a computer IEC 60601 - Medical Electrical Equipment Safety Standards Series 8
D Use of password managers on validated computer systems (21 CFR Part 11) Medical Information Technology, Medical Software and Health Informatics 2
L How to classify this computer-alike IT device EU Medical Device Regulations 2
U CE Marking of Customized Ruggedised Computer Systems Solutions CE Marking (Conformité Européene) / CB Scheme 5
Tagin Can/should SPC be applied to Computer Assembly and Software Imaging? Statistical Analysis Tools, Techniques and SPC 8
Q ISO 9001 Section 7.6 - Computer Software ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 2
L Computer stations unlocked - Office Stations vs Production Stations Supply Chain Security Management Systems 4
howste ASQ is Transitioning to Computer Based Exams ASQ, ANAB, UKAS, IAF, IRCA, Exemplar Global and Related Organizations 13
R Network/Computer Data Migration Sampling GMP Software Quality Assurance 1
E Computer System Validation - Migrating to SAP Document Control Systems, Procedures, Forms and Templates 5
D SDS (MSDS) for complex products such as a TV, computer, cars, etc Miscellaneous Environmental Standards and EMS Related Discussions 3
N Computer System Access and Security Procedure example wanted 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 1
Q The ability of computer software to satisfy the intended application ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 8
M Strategy to allow for OTS computer use as part of a Medical Equipment System EU Medical Device Regulations 14
D Validation of Computer and Network Equipment Test System Gage R&R (GR&R) and MSA (Measurement Systems Analysis) 4
Gman2 Control of Documents and (FORMS) on a Computer Network ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 16
H ISO 9001:2008 Clause 7.6 Control of Monitoring and Measurement (Computer Software) ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 6
M Computer System for Inspection Balloons in Technical Drawings Inspection, Prints (Drawings), Testing, Sampling and Related Topics 8
T Class II Medical Device with Software - Change to Computer 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 4
M Is a computer used in hospitals considered a medical device? ISO 13485:2016 - Medical Device Quality Management Systems 17
Marc Shopping for Computer Spyware After Work and Weekend Discussion Topics 4
Q 21 CFR 820.30 - Automated with Computer Software - Applicable? US Food and Drug Administration (FDA) 5
M Options for OTS Computer as part of Medical Equipment System IEC 60601 - Medical Electrical Equipment Safety Standards Series 6
A Is Computer Helpdesk a Special Process ? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 4
Marc Computer Viruses Are "Rampant" on Medical Devices in Hospitals World News 0
N Complying with ISO 9001 7.6 - Customer Provided Computer and Software ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 6
E Gages on Computer Screens General Measurement Device and Calibration Topics 2
Marc Life after the Personal Computer After Work and Weekend Discussion Topics 14
A Suggest Computer Aided Quality Assurance (CAQ) software for Medical Devices Quality Assurance and Compliance Software Tools and Solutions 3
F Traceability Requirements for Computer Hardware Equipment under ISO 13485 ISO 13485:2016 - Medical Device Quality Management Systems 2
B Computer Monitoring - Our company is implementing keyloggers IEC 27001 - Information Security Management Systems (ISMS) 11

Similar threads

Top Bottom