ISO 13485:2015 Software Validation IQ/OQ/PQ

#1
I need some support in running test scripts for my software validation. For the User Requirements, these are tested in the PQ. The CS functional requirements are tested in the OQ. Please confirm.
 
Elsmar Forum Sponsor

yodon

Staff member
Super Moderator
#2
There are no specific "rules" for how to do software validation (I personally like the IQ/OQ approach but rarely use PQ for software). Nor are you required to have a requirements hierarchy. If your internal procedures require all that then that's what you need to do.
 

Tidge

Trusted Information Resource
#4
In the context of NPS software validation, you have a variety of options. The actual choice you make ought to be spelled out in a validation plan document. Some organizations do proscribed activities by procedure, but it is pretty much a uniform expectation that for NPS validations there be some sort of Validation Report (typically concluding with a statement "this software system is validated for its intended use"), and I can't imagine generating a unique Report without a unique Plan. YMMV.

Some personal disclosures:

I have a personal distaste for adopting the tenets and terminology of Process validation (IQ/OQ/PQ) to NPS software validation. Many organizations do this; I think it demonstrates a lack of both experience and understanding.

I believe the "V-model" for validation leads to more confusion that clarification. The OP does not mention the V-model specifically, but the implied mapping between "high level requirements" (i.e. URS) and "PQ" (and mapping FRS to OQ) has the aroma of V-Model thinking.

Within the regulated medical device industry, the need for NPS validation (such as it is) is two-fold:
  1. The possible effects of the NPS on patients and users is understood (via risk analysis) and the risk are suitably controlled,
  2. The system meets the intended needs of the organization (for the entire life of the NPS system).
A relatively simple robust model of (initial) NPS validation to determine that the system meets its intended use (sidestepping planning, risk assessment) is:
  1. Establish the requirements for the system (This is typically from the Intended Use, any necessary controls identified from Risk Analysis, and "user requirements")
  2. If necessary, decompose the high-level user requirements into specific functional requirements and design choices which will satisfy the high-level requirements
  3. analyze the design choices and challenge the specific functional requirements (most users of NPS won't set out to explicitly challenge the software, they just want it to work)
  4. allow typical users to exercise the software in their typical ways to make sure that (as implemented) it is meeting their needs.
Traceability between these items should be established. Systems where you have no control over the detailed implementation may not even require steps 2 and 3 (if the risk to patients/users is low enough).

You can assign TLA (two/three-letter acronyms) to the various artifacts, but it isn't important what you call them... provided you aren't sowing confusion. Keep in mind that manufacturers of pharmaceuticals and manufacturers of medical devices don't agree (by consensus!) on the meanings of OQ and PQ, even in the context of Process Validation!
 

LUFAN

Involved In Discussions
#5
A relatively simple robust model of (initial) NPS validation to determine that the system meets its intended use (sidestepping planning, risk assessment) is:
  1. Establish the requirements for the system (This is typically from the Intended Use, any necessary controls identified from Risk Analysis, and "user requirements")
  2. If necessary, decompose the high-level user requirements into specific functional requirements and design choices which will satisfy the high-level requirements
  3. analyze the design choices and challenge the specific functional requirements (most users of NPS won't set out to explicitly challenge the software, they just want it to work)
  4. allow typical users to exercise the software in their typical ways to make sure that (as implemented) it is meeting their needs.
That's a good approach and mostly inline with what I expect FDA's Computer System Assurance guidance to look like. I think my challenge has always been coming up with an approach that's accepted sans any real universal harmonization. FDA's last guidance was issued almost 20 years ago, and a refresh is desperately needed to modernized the 'validate to death' approach that's become commonplace, and move to a model more like yours. ISO 80002 is helpful but not perfect as well.
 

Tidge

Trusted Information Resource
#6
I am desperate for the CSA draft to be released because without it we (medical device manufacturers) can't make anything like an appeal to authority (when pushing back against third parties). I have encountered some very disingenuous players in the field of NPS validation for medical devices. A new guidance will (unfortunately) breathe new life into such folks, but they will still have to execute to a smarter way of doing things... which I'm not sure most of them will be able to do.
 

yodon

Staff member
Super Moderator
#7
The local ASQ Medical Device Discussion group I participate in has started a 3-part (virtual) meeting series on (the expected) CSA approach. (And yes, it will be a tremendous improvement over the current validation approach.) I believe they said that the CSA approach is already in practice in a few places. Not sure I'm ready to jump in myself until the guidance is published. I can see if they would allow the slides and support material to be posted here if anyone is interested.
 
#8
The local ASQ Medical Device Discussion group I participate in has started a 3-part (virtual) meeting series on (the expected) CSA approach. (And yes, it will be a tremendous improvement over the current validation approach.) I believe they said that the CSA approach is already in practice in a few places. Not sure I'm ready to jump in myself until the guidance is published. I can see if they would allow the slides and support material to be posted here if anyone is interested.
I am interested. I would like to see their approach to system validations and examples of how it will be rolled out. Hopefully, it is less confusing than the "V-model".
 

LUFAN

Involved In Discussions
#9
The local ASQ Medical Device Discussion group I participate in has started a 3-part (virtual) meeting series on (the expected) CSA approach. (And yes, it will be a tremendous improvement over the current validation approach.) I believe they said that the CSA approach is already in practice in a few places. Not sure I'm ready to jump in myself until the guidance is published. I can see if they would allow the slides and support material to be posted here if anyone is interested.
I listened in as well. I thought it was helpful, but I too am hesitant until I have a document I can leverage as a backbone of future CSV activities.

I am interested. I would like to see their approach to system validations and examples of how it will be rolled out. Hopefully, it is less confusing than the "V-model".
It was interesting. The presenter suggested assigning risks for your main validation topics, for example, 1 to 5, and if the scores come in at 1/2/3 you could perform unscripted testing where screenshots are not required, only doing so when a deviation is encountered, and for scores of 4/5 you still create your normal script and execute it with screenshots.
 

Tidge

Trusted Information Resource
#10
Screenshots (as objective evidence of NPS assurance) is one of the items that the FDA working group felt was overblown, so I am surprised that that even came up.
 
Thread starter Similar threads Forum Replies Date
D Reports under change management | ISO 13485:2016 & ISO 9001:2015 ISO 13485:2016 - Medical Device Quality Management Systems 3
I Who has had to move from ISO 9001:2015 to ISO 13485 and what were the challenges? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 7
GStough Informational SN EN ISO 9001:2015 and SN EN ISO 13485:2016 on Same Certificate? Registrars and Notified Bodies 7
B ISO 9001:2015 vs ISO 13485:2016 for MDR Compliance EU Medical Device Regulations 4
H Transition to ISO 13485:2016 together with ISO 9001:2015 ISO 13485:2016 - Medical Device Quality Management Systems 12
B Integrated Quality Manual ISO 13485:2003 ISO 9001:2015 ISO 13485:2016 - Medical Device Quality Management Systems 6
A Does anyone have a comparison between ISO 9001:2015 and ISO 13485:2016? ISO 13485:2016 - Medical Device Quality Management Systems 2
A Combined ISO 13485 Certification with ISO 9001:2015 ISO 13485:2016 - Medical Device Quality Management Systems 23
somashekar ISO 13485 plus ISO 9001:2015 will now attract a minimum 2 day upgrade audit ISO 13485:2016 - Medical Device Quality Management Systems 9
D Need for ISO 9001:2015 if we are ISO 13485:2016 EU Medical Device Regulations 4
S ISO 13485:2015 and ISO 9001:2015 divergence ? retain both under the EU MDD? CE Marking (Conformité Européene) / CB Scheme 2
M Is a Management Representative still needed for ISO 13485:2015? ISO 13485:2016 - Medical Device Quality Management Systems 7
M ISO 13485:2015 Pre-Release News and Discussion ISO 13485:2016 - Medical Device Quality Management Systems 169
blackholequasar ISO 13485 certification prior to Medical Device Manufacturing... worth it? ISO 13485:2016 - Medical Device Quality Management Systems 4
S Electronic Signatures - Non-Conformance - ISO 13485:2016 ISO 13485:2016 - Medical Device Quality Management Systems 29
E ISO 13485 software validation ISO 13485:2016 - Medical Device Quality Management Systems 4
D Notified Bodies - ISO 13485 & MDR Technical Files ISO 13485:2016 - Medical Device Quality Management Systems 3
D Deviations - Where in ISO 13485 deviations are covered? ISO 13485:2016 - Medical Device Quality Management Systems 7
B ISO 13485 Certification ISO 13485:2016 - Medical Device Quality Management Systems 2
J ISO 13485 for Metal Finishing Medical Device and FDA Regulations and Standards News 5
S How to calculate Effective Number of People for ISO 13485 Certification? General Auditing Discussions 2
D Question regarding where "validations" fit according to ISO 13485:2016 ISO 13485:2016 - Medical Device Quality Management Systems 1
E Any template/ form of Monitoring and Measurement of Processes and product to ISO 13485? ISO 13485:2016 - Medical Device Quality Management Systems 1
H ISO 13485-paragraphs for a SaaS SAMD needed or not? ISO 13485:2016 - Medical Device Quality Management Systems 2
D Question on using audit checklist ISO 13485:2016 ISO 13485:2016 - Medical Device Quality Management Systems 20
M ISO 13485 and document control for programs ISO 13485:2016 - Medical Device Quality Management Systems 6
M Customer Property - ISO 13485:2016 Clause 7.5.10 ISO 13485:2016 - Medical Device Quality Management Systems 9
pbojsen ISO 13485 Requirements versus FDA product classification and GMP exemptions - Audits ISO 13485:2016 - Medical Device Quality Management Systems 3
D Lead time to schedule an ISO 13485 audit General Auditing Discussions 2
S Does anyone have a checklist to prepare for ISO 13485, Stage I audit? ISO 13485:2016 - Medical Device Quality Management Systems 3
H QMS ISO 13485:2016 - ISO14971 IEC60304 etc ISO 13485:2016 - Medical Device Quality Management Systems 6
B Operational Procedures for ISO 13485:2016 ISO 13485:2016 - Medical Device Quality Management Systems 7
D ISO 14971 applicability in ISO 13485 ISO 13485:2016 - Medical Device Quality Management Systems 7
E ISO 13485 in Clinical Trial conduct: Applicable or No ISO 13485:2016 - Medical Device Quality Management Systems 2
G ISO 13485 Certification - Can we get the ISO 13485 certification prior to shipment of the device? ISO 13485:2016 - Medical Device Quality Management Systems 6
N Does anyone use SGS for ISO 13485 / CE certification Registrars and Notified Bodies 0
Ed Panek ISO 13485:2016 Section 5.5.3 ISO 13485:2016 - Medical Device Quality Management Systems 3
ebrahim QMS as per ISO 13485, Clause 4.2 Requirements for regulatory purposes for Medical Devices Authorized Representatives. ISO 13485:2016 - Medical Device Quality Management Systems 3
D ISO 13485 scope (implantable) - Polymers for dental application EU Medical Device Regulations 9
N ISO 13485 7.3.9 Change control in medical device software ISO 13485:2016 - Medical Device Quality Management Systems 6
A ISO 13485 procedure change and reflect to legacy manufacture items ISO 13485:2016 - Medical Device Quality Management Systems 2
D ISO 13485 & CE Certification for Surgical Gloves CE Marking (Conformité Européene) / CB Scheme 0
S Inventory Listing and ISO 13485:2016 ISO 13485:2016 - Medical Device Quality Management Systems 3
M ISO 13485:2016 Certification Scope ISO 13485:2016 - Medical Device Quality Management Systems 4
M Scope for ISO 13485 Certification of a Translation Service Provider ISO 13485:2016 - Medical Device Quality Management Systems 17
Q ISO 13485 7.5.6 Validation - Off the shelf Software ISO 13485:2016 - Medical Device Quality Management Systems 3
A ISO 13485 Certification for Resin Manufacturer ISO 13485:2016 - Medical Device Quality Management Systems 4
A ISO 13485 Sterilization Clause Applicability ISO 13485:2016 - Medical Device Quality Management Systems 7
K ISO 13485 and compliance of electronic signature ISO 13485:2016 - Medical Device Quality Management Systems 5
T ISO 13485 - Assembly instructions written vs. online ISO 13485:2016 - Medical Device Quality Management Systems 5

Similar threads

Top Bottom