Interpreting clause 7.5.2.1 (validation of software used in production & service)

J

Joan Lintz

I am looking for an interpretation for the following clause in ISO 13485:

The organization shall establish documented procedures for the validation of the application of computer software (and changes to such software and/or its application) for production and service provision that affect the ability of the product to conform to specified requirements. Such software shall be validated prior to initial use.

Records of validation shall be maintained (see 4.2.4)

There is much debate on what this clause means and the implication of software validation(ie. do we need to validate Windows when a new version is installed on computers), so I'm taking this to the experts at the cove. I am looking for help on what this clause requires.
Thanks so much for your help.
 
S

SteveK

Re: Interpretation of clause 7.5.2.1

I am looking for an interpretation for the following clause in ISO 13485:

The organization shall establish documented procedures for the validation of the application of computer software (and changes to such software and/or its application) for production and service provision that affect the ability of the product to conform to specified requirements. Such software shall be validated prior to initial use.

Records of validation shall be maintained (see 4.2.4)

There is much debate on what this clause means and the implication of software validation(ie. do we need to validate Windows when a new version is installed on computers), so I'm taking this to the experts at the cove. I am looking for help on what this clause requires.
Thanks so much for your help.

Hi Joan,

My take on this is based on GAMP (Good Automated Manufacturing Practices) – which apply to pharmaceutical cGMP practices, but I think equally to Medical Devices and production/service processes. There are 5 levels (examples).
1. Operating systems, network software
2. Standard Instruments, micro controllers
3. Standard software packages
4. Configurable software packages
5. Custom built or bespoke systems
Windows and Microsoft Office applications come under GAMP 3 and do not need validation (apart from e.g. Excel macros if part of the process). However, if your manufacturing process is input to a ‘black box’ with subsequent output, and that ‘black box’ is controlled by some computerised process i.e. an automated process (GAMP 4 or 5) then IQ, OQ and PQ (validation) will be required.:2cents:

Note: As indicated in a previous thread, software that controls the device itself is covered under the updated MDD 93/43/EEC – this would be a separated validation exercise.

I could be totally wrong on this (I’ve excluded this clause in my QM – since we only use hand assembly processes), but we have a Materials Management System which produces our ‘kit’ list for assembly - validate? The test will be my audit next month!

Steve
 

yodon

Leader
Super Moderator
Re: Interpretation of clause 7.5.2.1

Great advise from SteveK.

We've never had any clients feel the need to validate windows (and the FDA has never considered it an issue for any of them).

A good start is to get a list of the software applications you do use, identify which could affect quality, assess the risk of those that could affect quality, and tailor the validation accordingly. This shows due diligence on your part to identify what is needed, an assessment of the criticality, and the level to which validation should be done.

Note: this is not a one-time effort! If, as you mention, you install a new version of the OS on your computers, you pretty much need to re-validate. Again, you can do a risk assessment to determine the extent of the re-validation efforts. This kind of stuff is covered in the validation master plan.
 
Top Bottom