We're in the process of transitioning to the 2016 version of ISO 13485, and one of the biggies for us is the requirement to validate our use of software that impacts on the QMS. I've justified what needs assessing based on risk and need to start writing the validation protocols for it now, but it's something I have absolutely no experience in. I think I could fumble through a new validation but the retrospective need to validate is throwing me completely as we have nothing to work off like a URS etc. Can anyone point me towards any guidance which would give me an idea of what paperwork would be the minimum we need and perhaps a decent way of laying it out? Any suggestions gratefully received.