ISO 13485:2015 Software Validation IQ/OQ/PQ

#1
I need some support in running test scripts for my software validation. For the User Requirements, these are tested in the PQ. The CS functional requirements are tested in the OQ. Please confirm.
 
Elsmar Forum Sponsor

yodon

Leader
Super Moderator
#2
There are no specific "rules" for how to do software validation (I personally like the IQ/OQ approach but rarely use PQ for software). Nor are you required to have a requirements hierarchy. If your internal procedures require all that then that's what you need to do.
 

Tidge

Trusted Information Resource
#4
In the context of NPS software validation, you have a variety of options. The actual choice you make ought to be spelled out in a validation plan document. Some organizations do proscribed activities by procedure, but it is pretty much a uniform expectation that for NPS validations there be some sort of Validation Report (typically concluding with a statement "this software system is validated for its intended use"), and I can't imagine generating a unique Report without a unique Plan. YMMV.

Some personal disclosures:

I have a personal distaste for adopting the tenets and terminology of Process validation (IQ/OQ/PQ) to NPS software validation. Many organizations do this; I think it demonstrates a lack of both experience and understanding.

I believe the "V-model" for validation leads to more confusion that clarification. The OP does not mention the V-model specifically, but the implied mapping between "high level requirements" (i.e. URS) and "PQ" (and mapping FRS to OQ) has the aroma of V-Model thinking.

Within the regulated medical device industry, the need for NPS validation (such as it is) is two-fold:
  1. The possible effects of the NPS on patients and users is understood (via risk analysis) and the risk are suitably controlled,
  2. The system meets the intended needs of the organization (for the entire life of the NPS system).
A relatively simple robust model of (initial) NPS validation to determine that the system meets its intended use (sidestepping planning, risk assessment) is:
  1. Establish the requirements for the system (This is typically from the Intended Use, any necessary controls identified from Risk Analysis, and "user requirements")
  2. If necessary, decompose the high-level user requirements into specific functional requirements and design choices which will satisfy the high-level requirements
  3. analyze the design choices and challenge the specific functional requirements (most users of NPS won't set out to explicitly challenge the software, they just want it to work)
  4. allow typical users to exercise the software in their typical ways to make sure that (as implemented) it is meeting their needs.
Traceability between these items should be established. Systems where you have no control over the detailed implementation may not even require steps 2 and 3 (if the risk to patients/users is low enough).

You can assign TLA (two/three-letter acronyms) to the various artifacts, but it isn't important what you call them... provided you aren't sowing confusion. Keep in mind that manufacturers of pharmaceuticals and manufacturers of medical devices don't agree (by consensus!) on the meanings of OQ and PQ, even in the context of Process Validation!
 

LUFAN

Involved In Discussions
#5
A relatively simple robust model of (initial) NPS validation to determine that the system meets its intended use (sidestepping planning, risk assessment) is:
  1. Establish the requirements for the system (This is typically from the Intended Use, any necessary controls identified from Risk Analysis, and "user requirements")
  2. If necessary, decompose the high-level user requirements into specific functional requirements and design choices which will satisfy the high-level requirements
  3. analyze the design choices and challenge the specific functional requirements (most users of NPS won't set out to explicitly challenge the software, they just want it to work)
  4. allow typical users to exercise the software in their typical ways to make sure that (as implemented) it is meeting their needs.
That's a good approach and mostly inline with what I expect FDA's Computer System Assurance guidance to look like. I think my challenge has always been coming up with an approach that's accepted sans any real universal harmonization. FDA's last guidance was issued almost 20 years ago, and a refresh is desperately needed to modernized the 'validate to death' approach that's become commonplace, and move to a model more like yours. ISO 80002 is helpful but not perfect as well.
 

Tidge

Trusted Information Resource
#6
I am desperate for the CSA draft to be released because without it we (medical device manufacturers) can't make anything like an appeal to authority (when pushing back against third parties). I have encountered some very disingenuous players in the field of NPS validation for medical devices. A new guidance will (unfortunately) breathe new life into such folks, but they will still have to execute to a smarter way of doing things... which I'm not sure most of them will be able to do.
 

yodon

Leader
Super Moderator
#7
The local ASQ Medical Device Discussion group I participate in has started a 3-part (virtual) meeting series on (the expected) CSA approach. (And yes, it will be a tremendous improvement over the current validation approach.) I believe they said that the CSA approach is already in practice in a few places. Not sure I'm ready to jump in myself until the guidance is published. I can see if they would allow the slides and support material to be posted here if anyone is interested.
 
#8
The local ASQ Medical Device Discussion group I participate in has started a 3-part (virtual) meeting series on (the expected) CSA approach. (And yes, it will be a tremendous improvement over the current validation approach.) I believe they said that the CSA approach is already in practice in a few places. Not sure I'm ready to jump in myself until the guidance is published. I can see if they would allow the slides and support material to be posted here if anyone is interested.
I am interested. I would like to see their approach to system validations and examples of how it will be rolled out. Hopefully, it is less confusing than the "V-model".
 

LUFAN

Involved In Discussions
#9
The local ASQ Medical Device Discussion group I participate in has started a 3-part (virtual) meeting series on (the expected) CSA approach. (And yes, it will be a tremendous improvement over the current validation approach.) I believe they said that the CSA approach is already in practice in a few places. Not sure I'm ready to jump in myself until the guidance is published. I can see if they would allow the slides and support material to be posted here if anyone is interested.
I listened in as well. I thought it was helpful, but I too am hesitant until I have a document I can leverage as a backbone of future CSV activities.

I am interested. I would like to see their approach to system validations and examples of how it will be rolled out. Hopefully, it is less confusing than the "V-model".
It was interesting. The presenter suggested assigning risks for your main validation topics, for example, 1 to 5, and if the scores come in at 1/2/3 you could perform unscripted testing where screenshots are not required, only doing so when a deviation is encountered, and for scores of 4/5 you still create your normal script and execute it with screenshots.
 

Tidge

Trusted Information Resource
#10
Screenshots (as objective evidence of NPS assurance) is one of the items that the FDA working group felt was overblown, so I am surprised that that even came up.
 
Thread starter Similar threads Forum Replies Date
B ISO 9001:2015 vs ISO 13485:2016 Gap analysis ISO 13485:2016 - Medical Device Quality Management Systems 9
D Reports under change management | ISO 13485:2016 & ISO 9001:2015 ISO 13485:2016 - Medical Device Quality Management Systems 3
I Who has had to move from ISO 9001:2015 to ISO 13485 and what were the challenges? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 7
GStough Informational SN EN ISO 9001:2015 and SN EN ISO 13485:2016 on Same Certificate? Registrars and Notified Bodies 7
B ISO 9001:2015 vs ISO 13485:2016 for MDR Compliance EU Medical Device Regulations 4
H Transition to ISO 13485:2016 together with ISO 9001:2015 ISO 13485:2016 - Medical Device Quality Management Systems 12
B Integrated Quality Manual ISO 13485:2003 ISO 9001:2015 ISO 13485:2016 - Medical Device Quality Management Systems 6
A Does anyone have a comparison between ISO 9001:2015 and ISO 13485:2016? ISO 13485:2016 - Medical Device Quality Management Systems 2
A Combined ISO 13485 Certification with ISO 9001:2015 ISO 13485:2016 - Medical Device Quality Management Systems 23
somashekar ISO 13485 plus ISO 9001:2015 will now attract a minimum 2 day upgrade audit ISO 13485:2016 - Medical Device Quality Management Systems 9
D Need for ISO 9001:2015 if we are ISO 13485:2016 EU Medical Device Regulations 4
S ISO 13485:2015 and ISO 9001:2015 divergence ? retain both under the EU MDD? CE Marking (Conformité Européene) / CB Scheme 2
M Is a Management Representative still needed for ISO 13485:2015? ISO 13485:2016 - Medical Device Quality Management Systems 7
M ISO 13485:2015 Pre-Release News and Discussion ISO 13485:2016 - Medical Device Quality Management Systems 169
M PROBLEM IN SCOPE OF ISO 13485 ISO 13485:2016 - Medical Device Quality Management Systems 6
S ISO 13485 signing of Procedures etc. ISO 13485:2016 - Medical Device Quality Management Systems 4
N ISO 13485 Scope Reduction Other ISO and International Standards and European Regulations 2
M Can veterinary implants be ISO 13485 certified? ISO 13485:2016 - Medical Device Quality Management Systems 23
D Audit Report details when ISO 13485:2016 and cGMP 21 CFR 820 are applicable ISO 13485:2016 - Medical Device Quality Management Systems 6
R Looking for ISO 13485 Internal Audit Checklist ISO 13485:2016 - Medical Device Quality Management Systems 7
FuzzyD ISO 13485 change in process ISO 13485:2016 - Medical Device Quality Management Systems 3
R Interesting Discussion Chapter 7.5 of ISO 13485 for manufacturers of mobile medical applications ISO 13485:2016 - Medical Device Quality Management Systems 4
V ADDING NEW MEDICAL DEVICE / Product, WHEATHER THIS AFFECTS EXISTING ISO 13485 CERTIFICATION? ISO 13485:2016 - Medical Device Quality Management Systems 4
K Subcontractors Providing Services Under MDD or MDR need ISO 13485 from EU Notified Body? CE Marking (Conformité Européene) / CB Scheme 5
E Theoretical project: Implementing ISO 13485:2016 into a start up acrylic bone cement manufacturer ISO 13485:2016 - Medical Device Quality Management Systems 4
M ISO 13485: 2016 Lot numbering question ISO 13485:2016 - Medical Device Quality Management Systems 4
Q Documented Evidence of Training ISO 13485: 2016 ISO 13485:2016 - Medical Device Quality Management Systems 33
D Customer Survey Example - ISO 13485:2016 ISO 13485:2016 - Medical Device Quality Management Systems 7
D Normative References for ISO 13485 ISO 13485:2016 - Medical Device Quality Management Systems 5
A Scope of ISO 13485 certification as legal manufacturer ISO 13485:2016 - Medical Device Quality Management Systems 4
R ISO 13485 certification scope ISO 13485:2016 - Medical Device Quality Management Systems 5
M Requirements ISO 13485:2016 ISO 13485:2016 - Medical Device Quality Management Systems 9
M ISO 13485 Clause 7.3.8 ---- on Business Transfer ISO 13485:2016 - Medical Device Quality Management Systems 2
D ISO 13485--Question regarding performing calibrations in house. ISO 13485:2016 - Medical Device Quality Management Systems 13
I EN ISO 13485:2016/A11:2021 ISO 13485:2016 - Medical Device Quality Management Systems 0
A ISO 13485:2016 Clause 8.2.1 ISO 13485:2016 - Medical Device Quality Management Systems 3
FuzzyD ISO 13485:2016 Clause 8.2.6 ISO 13485:2016 - Medical Device Quality Management Systems 4
A ISO 13485 Calibration Requirements- Assess and Record validity Previous measuring results ISO 13485:2016 - Medical Device Quality Management Systems 5
K Can I make an exclusion of Design and Development in ISO 13485:2016 if my product is not regulated ISO 13485:2016 - Medical Device Quality Management Systems 12
S Is the Design Service Provider required to be ISO 13485 certified? ISO 13485:2016 - Medical Device Quality Management Systems 13
C ISO 13485 Clause 7.3.3 a) ISO 13485:2016 - Medical Device Quality Management Systems 2
S ISO 13485, Clause 4.1.2 b) ISO 13485:2016 - Medical Device Quality Management Systems 12
Ed Panek FDA Submits to White House Plan to Harmonize with ISO 13485 US Medical Device Regulations 2
K 3rd party auditor for ISO 13485:2016 ISO 13485:2016 - Medical Device Quality Management Systems 4
chris1price MDSAP and ISO 13485 ISO 13485:2016 - Medical Device Quality Management Systems 5
D ISO 13485 Contained NC ISO 13485:2016 - Medical Device Quality Management Systems 3
Brizilla ISO 13485 for a Distributor ISO 13485:2016 - Medical Device Quality Management Systems 7
Q Harmonised Standards (EN ISO 13485 / EN ISO 14971) in MDR (2017/745/EU) ISO 13485:2016 - Medical Device Quality Management Systems 4
J ISO 13485- 8.3.1 Non-conforming material high volume ISO 13485:2016 - Medical Device Quality Management Systems 4
H Contract Manufacturer as Design Owner ISO 13485 ISO 13485:2016 - Medical Device Quality Management Systems 6

Similar threads

Top Bottom