ISO 62304 and Validation of Medical Device Software Tools

sagai

Quite Involved in Discussions
#11
Re: ISO 62304 and Validation of Software Tools

Hi,
that looks like a good stuff, however only excerpt available on the net.
What does say about compilers? Should we buy that report?
Regards
Szabolcs
 
Elsmar Forum Sponsor
M

Micked

#12
Re: ISO 62304 and Validation of Software Tools

It is worth the money in my opinion. There are lots of real-world examples of different types of systems to validate.
 
S

SteveZed

#13
Re: ISO 62304 and Validation of Software Tools

what you can do is to drive your validation effort into almost zero with common sense involvement :tg:, namely the validity of the compiler operation is checked implicitly during the unit/subsystem/whatever product testing, because those test would fail obviously in case the compiler would have failed to fulfill itsown intended use.
Wow, Common Sense! That's a rare thing in regulatory discussions ;)

More seriously, that's the kind of rationale I'm trying to sell to our RA/QA folks so it would be good to hear other's experience presenting/defending this to auditors.

Specifically, we build medical devices that contain a good deal of software. We have a dedicated software build server that pulls source code from a revision control system and builds it. By process, we only use output from that server in the product, which then goes through Verification and Validation testing. So it seems to me that the only software that even needs to be looked at is that which is on the build server. Software on the developer machines should be irrelevant, right?

As for the software on the build servers (e.g. compilers), since the output is tested during V&V, it seems to me the CFR requirement you indicated
(i)Automated processes. When computers or automated data processing systems are used as part of production or the quality system, the manufacturer shall validate computer software for its intended use according to an established protocol. All software changes shall be validated before approval and issuance. These validation activities and results shall be documented.
amounts to documenting that we are using the compiler for its indended use and that the build system has adequate resources for this. And that we have some change control in place.

Thoughts?
-Steve
 

sagai

Quite Involved in Discussions
#14
Re: ISO 62304 and Validation of Software Tools

Hi Steve,
telling you the secret ... :popcorn: but likely you already know :cool:

When You have to sell a rational for your QM guys than those guys are not likely to work with the right mindset to your company and there could be a chance of the presence of ignorance and the fear of unknown due to their own lack of knowledge about the real regulatory requirements and interpretations.

ALL software should be investigated and their relevance to cGMP and 21CFR11 should be recorded. ... somehow ...

In your scenario it should touch minimum the revision control system, the build system.
And NO, the Sw on developer machine can be relevant, if ... that subject to cGMP or Part11.

But still, the scope and level of detail above the evaluation of relevance is highly depends on common sense.
Since a 1o line code correctness can be a subject to a PhD thesis, obviously there is no way to fully do any validation.

Regards
Szabolcs
 
K

kimovitch

#16
Hi All,

What is the original requirement for having development tool validated?

21CFR820.70(i) actually requires tool used in production when ISO 13485 clauses 7.5.2.1 also states "For production and service provision". When we look in the TR 14969 for more clarity, the scope of software is reduced to "computer software in process control". There is no specific requirement for tools in development. If we look at IEC 62304 or IEC 60601-1, there is a requirement to have development tools controlled, but no mention on tools to be validated. I understand the purpose of validation and why it has to be done. But what is the requirement at the root of this process? the intent of 21CFR820.70(i) or ISO 13485 7.5.2.1 are for the production, not for the development.
Let's say I have a software development that result in an .exe that is fully verified. Why would I validated the tool used for the development?
 

c.mitch

Quite Involved in Discussions
#17
Imho, dev tool validation, and especially compiler validation, is relevant for very, very, very, critical software.
Perhaps it makes sense for a small subset of embedded sw used in class III MD, like pacemakers. Likewise it makes senses in automotive or airborne systems where sw failure equals dozens of casualities.
Engineers in theses disciplines take time reading the assembly code generated by the compiler. Amongst other code verification techniques.

About compilers:
Validating a compiler is not an easy task. There is a symposium dedicated to code generation in Orlando FL. In 2011, Xavier Leroy presented the results of his team about C compiler validation. Here: http://www.cgo.org/cgo2011/Xavier_Leroy.pdf
Looks quite readable at the beginning but becomes quickly very difficult. Just have a look at this presentation to see the complexity of real compiler validation.

There are also commercial compiler validation products which contain thousands of tests cases to verify compilers compliance to C language standards. They are extremely expensive. Because they contain a huge history of tests added day by day by their manufacturers.

So imagine validating an IDE like visual studio. A perfect nonsense! Or a perfectly uncomplete task!

That's why unless you work on very critical MD, it's better to spend time testing the MD software, like sagai said. If there is a bug in the compiler then the generated code will be buggey as well.

To leave this discussion open: why shouldn't we validate processors as well? Remember the fdiv error in Intel pentium 4 instruction set.

@kimovitch: to answer your comment, there is no requirement to have a dev tool validated.
 
M

MennoV

#18
@c.mitch and @kimovitch: Tool validation requirement is issued in section 6.3 of the "General Principles of Software Validation; Final Guidance for Industry and FDA Staff". In general guidances are the FDA interpretations of their regulations.
 
Thread starter Similar threads Forum Replies Date
M Risk Analysis Flow - Confusion between ISO 14971 and IEC 62304 IEC 62304 - Medical Device Software Life Cycle Processes 8
P Risk acceptability alignment between ISO 14971 and IEC 62304 IEC 62304 - Medical Device Software Life Cycle Processes 6
S Relationship between IEC 62304 problem resolution and ISO 13485 IEC 62304 - Medical Device Software Life Cycle Processes 8
T Is there any requirement to be compliant with IEC 62304 while implementing ISO 13485 ISO 13485:2016 - Medical Device Quality Management Systems 5
B Our NB says that IEC 62304 is an ISO 14971 Requirement ISO 14971 - Medical Device Risk Management 1
B Clarification on interpretation of some EN ISO 14971:2012 & IEC 62304:2006 req's ISO 14971 - Medical Device Risk Management 46
H ISO 14971 vs. IEC 62304 vs. 98/79/EC vs. ISO 13485 (Software Medical Device) ISO 14971 - Medical Device Risk Management 1
M IEC 62304, ISO 14971 and FDA Medical Device SW Guidance 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 5
K ISO 14971 and IEC 62304 - Medical Device Software House ISO 14971 - Medical Device Risk Management 9
T ISO 62304 - Software requirements content IEC 62304 - Medical Device Software Life Cycle Processes 3
F How to Align a Software Consulting/Contract Firm to ISO 13485+14971 & 62304 ISO 13485:2016 - Medical Device Quality Management Systems 1
K Regarding ISO 62304 Clause 7.3.3 - Hazard and Risk Controls IEC 62304 - Medical Device Software Life Cycle Processes 9
Q ISO 62304 (Medical Device Software Development) Verification Requirements IEC 62304 - Medical Device Software Life Cycle Processes 1
D Applications that assist completing IEC 62304, ISO 14971 or ISO 13485 Documentation IEC 62304 - Medical Device Software Life Cycle Processes 7
K ISO 62304 Software Risk Management and Medical Device Class IEC 62304 - Medical Device Software Life Cycle Processes 5
I Is ISO 14971 certification required for IEC 62304? IEC 62304 - Medical Device Software Life Cycle Processes 11
I Software Design SOP to ISO 62304 (Software life cycle for Medical Device) IEC 62304 - Medical Device Software Life Cycle Processes 3
K Medical Device Software - Design Outputs? ISO 90003 and ISO 62304 IEC 62304 - Medical Device Software Life Cycle Processes 3
chris1price Archiving of paper records - ISO 9001 7.5.3.1b Records and Data - Quality, Legal and Other Evidence 2
M Transferring ISO 17025 from one company to another ISO 17025 related Discussions 1
D Common practices in ISO 9001 deployment ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 17
Q ISO 9001-2015 Internal audit finding Internal Auditing 12
B ISO 17025:2017 risk management Risk Management Principles and Generic Guidelines 0
P Audit check for IT company (ISO 9001) ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 7
M Label Making & Printing Standards ISO / ASTM ISO 13485:2016 - Medical Device Quality Management Systems 5
Sidney Vianna Interesting Discussion Should ISO 9004 be changed from a guidance standard to a requirements standard? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 5
Ed Panek ISO 13485:2016 Section 5.5.3 ISO 13485:2016 - Medical Device Quality Management Systems 3
Q Do these certificates of calibration meet ISO 9001 requirements for traceability to NIST? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 10
ebrahim QMS as per ISO 13485, Clause 4.2 Requirements for regulatory purposes for Medical Devices Authorized Representatives. ISO 13485:2016 - Medical Device Quality Management Systems 3
S ISO 2768-mk print call out Other ISO and International Standards and European Regulations 11
T ISO 17024, clauses 4.3.8. and 5.1.1. Other ISO and International Standards and European Regulations 4
C ISO 14001:2015 6.1.3 Compliance Obligations - Legal requirements monitoring ISO 14001:2015 Specific Discussions 0
C Requirement to link Quality Manual to ISO 9001 clause numbers? ISO 13485:2016 - Medical Device Quality Management Systems 13
D ISO 13485 scope (implantable) - Polymers for dental application EU Medical Device Regulations 9
W First time being audited (ISO 9001), asking for advice ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 9
John C. Abnet ISO 26262 ISO 26262 - Road vehicles – Functional safety 3
Marc ISO 26262- Road vehicles – Functional safety ISO 26262 - Road vehicles – Functional safety 0
John C. Abnet ISO 26262 IATF 16949 - Automotive Quality Systems Standard 0
A ISO/DIS 15223-1:2020 - Country of manufacture label (IEC 60417 No. 6049) - Which national law requires this symbol? Other Medical Device Related Standards 0
P ISO 14644 Class 8 Cleanroom Air Filter Requirements Other Medical Device Related Standards 4
K PDCA cycle and ISO processes alternative model Quality Management System (QMS) Manuals 14
N ISO 13485 7.3.9 Change control in medical device software ISO 13485:2016 - Medical Device Quality Management Systems 6
A ISO 13485 procedure change and reflect to legacy manufacture items ISO 13485:2016 - Medical Device Quality Management Systems 2
D ISO 13485 & CE Certification for Surgical Gloves CE Marking (Conformité Européene) / CB Scheme 0
S ISO 11137- Simulated product vs SIP Other Medical Device Related Standards 2
D Which ISO Standard to purchase? ISO 13485:2016 - Medical Device Quality Management Systems 7
V ISO 10360-5: 2020 Gap analysis and Action plan Excel .xls Spreadsheet Templates and Tools 1
Q ISO 9001 - Reseller Exclusions ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 7
S Inventory Listing and ISO 13485:2016 ISO 13485:2016 - Medical Device Quality Management Systems 3
C ISO 45001 6.1.2.1 Hazard Identification Occupational Health & Safety Management Standards 1

Similar threads

Top Bottom