Process Validation ISO13485 - Confusion on what processes need to be validated

[beepst]

hi all!

i am reading ISO13485 validation clauses and GHTF document and i am having a hard time trying to understand what processes should be validated and what does not need validation. my current understanding is whatever process that manufactures product should be validated, but what about testing processes?

we have leak testing process where we use equipment to test whether there is any leakage in our product and this leak testing does not really 'produce' anything while clause 7.5.6 states 'validation of processes for production'. does this need to be validated as well?

thank you

 

[Hi_Its_Matt]

What you are looking for is “test method validation”. You need assurance that your test (when run by real operators, using the real equipment) is capable is accurately detecting and distinguishing between good and bad units (leaking/not-leaking). If it’s a simple pass/fail test, this is an attribute test; but if you have say a leak rate or leak volume that has to be below some threshold, then you could do a variable test. The method for validating each is slightly different.

Once you are confident that your test method is a good one, then you can use that validated test method to validate your manufacturing process. This would be the IQ/OQ/PQ you are likely familiar with for process validation. But you have to do the test method validation first, otherwise you have a test that is no better at detecting good units from bad than flipping a coin (or asking a groundhog.)

 

[QuinnM]

If your product can be tested, then validation is not need. As an example, for one manufacturer, a product was destroyed to determine if it met specifications. We validated the process, to skip the destructive testing. We also do destructive testing on aging product to determine life expediency, and yes this is in addition to accelerated testing.

 

[yodon]

To rub a bit of salt into the wound, if your leak test process uses software, the software needs to be validated, too.

 

[Hi_Its_Matt]

If your product can be tested, then validation is not need.

I offer a minor clarification: if your product is tested, then validation is not needed.
Even if your product can/could be tested without destroying it, if you choose to not do this testing, then you would need to validate the process.

As an example: let's say I make very simple tubing, and I have a requirement that it not leak water when the water is pressurized to a certain PSI. I could test all the tubing that I make. But it may take a lot of time, and be too costly. So instead of 100% verification, I could validate my process, and then just monitor my process parameters.

 

[Sidney Vianna]

if your product is tested, then validation is not needed.

I am not very knowledgeable on 13485, but I have a suspicion things cannot be oversimplified like that. I would suggest the OP seek guidance on the ISO document that provides clarification on the requirements of 13485. In principle, if a process output characteristics can be verified in conformance with specs, via examination, one could make a case that process validation might not be necessary. But, as mentioned below, even that can be deemed not sufficient.

As for testing/inspecting product as means to bypass process validation, I offer the example that when dealing with structural welding, it is a well known fact that such processes need to be validated, despite the fact that the resulting weldments are inspected via a variety of non destructive examination using techniques such as visual inspection, x-ray, magnetic particle, dye penetrant, ultrasound, etc. And, all of these nondestructive methods are ALSO deemed “special” processes that require validation as well. So, I would offer to the OP that some testing and examination processes would ALSO require validation.

Good luck.

 

[Bev D]

As always nothing - nothing - in quality engineering is ever simple. And the standards aren’t always interpreted correctly, especially when done from memory.

It is always helpful to write the applicable sections for those of us who don’t have immediate access but do have a lot of expereince in interpreting and implementing other earlier standards. For example I have a lot of experience with special processes in automotive and aerospace but little experience with 13485 despite having spent almost 20 years in (veterinary diagnostic) medical devices. I believe but could be wrong that the relevant sections are 6.5.1 and 6.5.6…

Since 13485 is derivative of automotive and aerospace standards (which of course are derivative of ISO9001) I I think that the requirement for 13485 is similar to those standards. In general the requirement for validation and extensive controls that ensure a compliant output is for any process whose output cannot be fully verified by subsequent testing or inspection. I know we’ve discussed this regarding the difference between cannot and is not here before. We’ve even debated what the word fully means.

My advice is that quality engineers can and should go beyond mere compliance to the standard and validate any process whose output can only be verified through destruct testing and most non-destruct techniques that: 1) require special certification, 2) cannot insure all of every part and are difficult themselves to validate through the appropriate method validation (MSA) testing. In my experience, this is simply prudent.

If however you are looking for simple compliance there are more experienced 13485 people here who can provide more specific advice.

 

[Sidney Vianna]

I would suggest the OP seek guidance on the ISO document that provides clarification on the requirements of 13485.

A portion of the guidance offered in the document concerning process validation states

​

I also took the liberty of asking the original question to an AI powered platform (Grok) and the answer came as follows:

Does Leak Testing Need Validation? Leak testing itself is typically a verification activity and not a production process, so it may not directly fall under Clause 7.5.6. However, you need to validate the equipment and methods used for leak testing to ensure they are reliable and capable of consistently detecting leaks. This is especially critical in a medical device context under ISO 13485, where patient safety and product quality are paramount.

Key considerations:

1. Equipment Validation: The leak testing equipment (e.g., pressure decay testers, helium leak detectors) must be validated to confirm it consistently and accurately detects leaks within specified parameters. This includes Installation Qualification (IQ), Operational Qualification (OQ), and Performance Qualification (PQ).
2. Test Method Validation: The test method (e.g., test parameters, acceptance criteria, and procedures) must be validated to ensure it is repeatable, reproducible, and capable of detecting leaks reliably.
3. Risk-Based Approach: ISO 13485 emphasizes a risk-based approach. If a failure in the leak testing process could lead to undetected defects affecting patient safety, validation of the testing process becomes more critical.
4. Documentation: You must document the validation process, including protocols, acceptance criteria, and results, to demonstrate compliance with ISO 13485 requirements.

Conclusion: While the leak testing process itself is not a production process under Clause 7.5.6, the equipment and test methods used for leak testing typically require validation to ensure consistent and reliable performance. This ensures that the verification process (leak testing) is robust and meets ISO 13485 requirements. You should:

• Validate the leak testing equipment (IQ/OQ/PQ).
• Validate the test method to ensure it reliably detects leaks.
• Maintain documented evidence of validation activities.

 

[beepst]

thank you all for the helpful replies!

for context i am trying to drive the validation activities for our site as we are trying to be ISO13485 certified and and none of us here have any experience in doing validation for iso13485 so it's time to learn!

What you are looking for is “test method validation”. You need assurance that your test (when run by real operators, using the real equipment) is capable is accurately detecting and distinguishing between good and bad units (leaking/not-leaking). If it’s a simple pass/fail test, this is an attribute test; but if you have say a leak rate or leak volume that has to be below some threshold, then you could do a variable test. The method for validating each is slightly different.

Once you are confident that your test method is a good one, then you can use that validated test method to validate your manufacturing process. This would be the IQ/OQ/PQ you are likely familiar with for process validation. But you have to do the test method validation first, otherwise you have a test that is no better at detecting good units from bad than flipping a coin (or asking a groundhog.)

our manufacturing process (for now) is entirely manual where we do manual assembly in which there are multiple verification steps in between assembly process and the inspection rate is 100%, except for our packing process in which we use a vacuum sealer which operates at specific T, P, and sealing time.

what i'm doing for now is listing out all of the manufacturing processes and equipment including testing, and environmental monitoring, assess whether the output can be verified, along with whether process/equipment failure has an impact on product quality to identify what to validate. not sure if our current approach is good enough and hoping to get some advices on what to improve.

and since the output of our assembly is verified each time, the only processes left to validate is our leak testing process along with our environmental monitoring (we have a particle counter and data logger) but really i don't see the point of validating data logger since it's calibrated and its purpose is just to show reading and not really doing anything, but at the same time RH and T are critical for us and i would like to ensure the data logger is reliable in recording data.

for our packing process the verification is done each time through visual inspection just to see whether our product is sealed completely but not the seal strength but i don't think verifying the seal strength adds any value to us.

To rub a bit of salt into the wound, if your leak test process uses software, the software needs to be validated, too.

ouch! the software is also custom built!

As always nothing - nothing - in quality engineering is ever simple. And the standards aren’t always interpreted correctly, especially when done from memory.

It is always helpful to write the applicable sections for those of us who don’t have immediate access but do have a lot of expereince in interpreting and implementing other earlier standards. For example I have a lot of experience with special processes in automotive and aerospace but little experience with 13485 despite having spent almost 20 years in (veterinary diagnostic) medical devices. I believe but could be wrong that the relevant sections are 6.5.1 and 6.5.6…

Since 13485 is derivative of automotive and aerospace standards (which of course are derivative of ISO9001) I I think that the requirement for 13485 is similar to those standards. In general the requirement for validation and extensive controls that ensure a compliant output is for any process whose output cannot be fully verified by subsequent testing or inspection. I know we’ve discussed this regarding the difference between cannot and is not here before. We’ve even debated what the word fully means.

My advice is that quality engineers can and should go beyond mere compliance to the standard and validate any process whose output can only be verified through destruct testing and most non-destruct techniques that: 1) require special certification, 2) cannot insure all of every part and are difficult themselves to validate through the appropriate method validation (MSA) testing. In my experience, this is simply prudent.

If however you are looking for simple compliance there are more experienced 13485 people here who can provide more specific advice.

not sure if there's any other section that i missed
7.5.6 Validation of processes for production and service provision
The organization shall validate any processes for production and service provision where the resulting output cannot be or is not verified by subsequent monitoring or measurement and, as a consequence , deficiencies become apparent only after the product is in use or the service has been delivered.

 

[Bev D]

You need to understand that the requirement is not simply verified but FULLY verified. That means 100% testing. And you need to understand the difference between destruct testing and non-destruct testing (known as NDE). Down of your ‘beleifs’ that validation may not be valuable to you are troubling as they indicate that you may not be truly understanding the thorough advice you have already been given.

I would recommend that you provide some specific examples of where you beleive that process validation - and it’s necessary CONTROLS which you have not discussed - are not required and we can help you understand better.

For example sealing is typically considered a special process as the testing required is destruct or at least can degrade the quality of the seal if not done properly with the requisite controls. This is from my experience in automotive, biological and aerospace industries…