Process Validation of QMS Software ISO 13485: 2016 Cl. 4.1.6

A1S2H3I4T5H

Starting to get Involved
#1
Hello Guys,

4.1.6 in ISO 13485: 2016 calls for Process Validation of QMS Software.

1. What does QMS software mean ??
2. Does it mean SAP, Company Intranet etc ??
3. If yes, How do we validate such softwares.

Also please suggest any ideas about how to validate CNC software ??

Any templates if available would be really helpful !!

Thank You.
 
Elsmar Forum Sponsor

yodon

Staff member
Super Moderator
#2
Any software used in support of the QMS is a candidate for validation. Without knowing how you use the applications in question 2, it's not possible to say.

You can take a risk-based approach to validation; i.e., for those applications that pose minimal risk, you can take a very minimalist approach to validation; whereas an application that has high risk should be rigorously validated.

It's not a trivial subject (there are courses galore on software validation) and not possible to fully describe here. Similarly, each application is unique so a one-size-fits-all template is not the best approach. In general, define the requirements for how you use the system and then take the actions to demonstrate the application meets those. A good resource is the GAMP 5 Manual (which, at over 350 pages, is another indication that the subject matter isn't trivial!).
 

Mortalis

Involved In Discussions
#4
You can contact the supplier of the software. They may already have some validation scripts and can help you with the validation.
 

Wolf.K

Involved In Discussions
#5
This is really not that trivial!

We had our 13485:2016 certification audit a few weeks ago, and already implemented the software validation issue. We wrote a SOP "Validation of QMS software", which includes 3 forms: validation log, validation plan, validation report. On the log we list all software we think can have an impact on the QMS and/or product safety. As we have production/manufacturing outsourced, we have only some software packages on the log.

The log is a spreadsheet with the colums:

- ID number
- Software name/version/date
- Description (what does the software do)
- Failure mode(s) (what could go wrong)
- Validation required (yes/no)
- Rational for validation decision
- Software validation report available (yes/no)
- Software released for everyday use (yes/No)
- Decision made date /by

If validation is required, a validation plan is prepared - how to validate the software. If the validation is finished, the validation report is prepared, and the log is updated.

Currently we have only three different software packages on the log - our QMS is still paper-based, that makes it simple. We have a data logger for a storage room for products (temperature/humidity), excel spreadsheets with home-brewed algorithms, and a statistical software for number needed to treat calculations for clinical study planning.

For excel we use the FDA recommendations (I will write a work instruction for our personnel), the statistical software (G*Power) does not need validation as all algorithms are already validated by the manufacturer (take a look on the manual), and the data retrieval software of the data logger needed validation (is the retrieved logged data similar to the true environmental conditions).

Next year we get an ERP. The manufacturer will validate the software! EXPENSIVE!!! But necessary.

Hope this helps!
 
Last edited:

locutus

Involved In Discussions
#6
That is really nice info Wolf. Just to further along with what Yodon stated earlier, considering adding another "column" to your spreadsheet called "Risk Impact." You already kind of that in Failure Mode and Validation Required along with the rationale. Only advice is to specifically call it Risk and/or Risk Assessment because section 4.1.6 uses a risk-based approach. So A1S2: Wolf has a very nice structure there, just make sure to include the whole risk-based approach to determining what needs to be checked, verified, or validated - and make sure to include a review period .. especially when the software changes. What?!? Software changes?!? ;) lol
 

Wolf.K

Involved In Discussions
#7
Yes, we, that is, I add the risk impact in the column "Failure mode" - it is more like "failure mode and effects analysisFMEA" like style - but I had not enough space for another column... But of course you are right - the impact needs to be evaluated!

Next year we get an ERP - in December I will read the GAMP 5 manual, and then I will decide if it is necessary to visit a seminar...

As we are a small company, our notified body is always very nice to us. We don't hide anything from him, and for him it is important that he can see that we (a) observed /noticed a possible problem and (b) thought about the impact it could have. So, a bad SOP is a not so good thing, no SOP at all is a bad thing, because then he sees that we acted on some issue. We did not ignore it. If we did not do enough, he will tell us...
 

A1S2H3I4T5H

Starting to get Involved
#8
Thanks Wolf..

The information is very useful.. I'm now following the similar template for Mapping the Software validation..

I'm able to map the Roles & Responsiblity (who should do what) for Process Validation of Mechanical processes like Welding, Painting, Heat treatment etc.. Is there a similar kind of Matrix for Software validatiion

Thank You.
 
L

Lorlee

#9
Wolf - Terrific information! Would you be willing/able to share your SOP "Validation of QMS software"?
 
#10
If anyone is interested, we found a company that specializes in SW Validation. Their name is Ofni Systems in Raleigh, NC. Their prices are very reasonable for what we needed done for a few spreadsheet validations, at least compared to another quote we received. We just aren't staffed with resources to get these done in time for our certification audit.
 
Thread starter Similar threads Forum Replies Date
S Sterilization validation after changing sterilization process provider Qualification and Validation (including 21 CFR Part 11) 3
D Questions regarding process validation ISO 13485:2016 - Medical Device Quality Management Systems 6
A Validation of Forced Aeration Process ISO 13485:2016 - Medical Device Quality Management Systems 3
T ISO 13485 - Process validation at critical suppliers ISO 13485:2016 - Medical Device Quality Management Systems 7
K Software Validation for Measurement Tools used in Process Validation ISO 13485:2016 - Medical Device Quality Management Systems 2
P Design verification driven by new equipment. How is this different than process validation? 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 1
Stoic Are any medical device companies using the 2011 FDA process validation guidance instead of GHTF/SG3/N99-10:2004? 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 1
G Devices from IQ, OQ or PQ process to be used for verification, validation and summative? 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 5
N Design Verification & Process Validation - Statistical sample sizes Design and Development of Products and Processes 2
E Equipment Qualification - IQ/OQ per ISO 13485:2016 section 7.5.6 Process validation ISO 13485:2016 - Medical Device Quality Management Systems 7
B API Q1 5.7.1.5 Process Validation - Machining, heat treating, Manganese Phosphate and Zinc Plating Manufacturing and Related Processes 2
N Validation procedure, Major NC CAP - Equipment Validation process is not effective ISO 13485:2016 - Medical Device Quality Management Systems 5
D ISO13485:2016 7.5.6 Process Validation Responsibilities ISO 13485:2016 - Medical Device Quality Management Systems 1
Z Who is responsible for writing the validation of a new process? Manufacturing and Related Processes 7
M Requirement for manufacturing process validation in IATF 16949 IATF 16949 - Automotive Quality Systems Standard 8
E Sampling plan for orthopedic implant - Process Validation Inspection, Prints (Drawings), Testing, Sampling and Related Topics 4
Z Class 2 medical device - Process Validation - Test sterile or non-sterile units? Qualification and Validation (including 21 CFR Part 11) 4
T ISO 13485:2016 - Processes exempt from process validation ISO 13485:2016 - Medical Device Quality Management Systems 12
L Injection Moulding Process (Special Process) Validation Food Safety - ISO 22000, HACCP (21 CFR 120) 2
K Is Mold qualification / process validation always required? Manufacturing and Related Processes 7
R Process Validation on CNC Lathe and Milling machining process Design and Development of Products and Processes 1
Q Release of the first batch of a cleared product before process validation 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 4
R Process Validation sample size selection Statistical Analysis Tools, Techniques and SPC 0
P Auditing "process validation" process 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 2
E Cleaning Validation Process of Non-Sterile Implants and Instruments Other Medical Device Related Standards 2
W Design and Process Validation - Different? ISO 13485:2016 - Medical Device Quality Management Systems 6
A Supplier - Process Validation Manufacturing and Related Processes 3
M Medical Device Process validation, Validation of excel spreadsheets used for process Other Medical Device and Orthopedic Related Topics 4
V Tyvek packaging for Medical device process validation Qualification and Validation (including 21 CFR Part 11) 2
L Process Definition and Process Validation 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 2
S Can we sell units that were chosen for process validation? ISO 13485:2016 - Medical Device Quality Management Systems 6
S How do I do a Process Validation for soldering process Manufacturing and Related Processes 5
S Process validation when changing location ISO 13485:2016 - Medical Device Quality Management Systems 10
P Root Cause for a Process Validation Batch Failure 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 2
GoSpeedRacer Validation of Processes 7.5.6 - Do cosmetic welds need process validation? ISO 13485:2016 - Medical Device Quality Management Systems 3
A Is Aeration Process in ETO Sterilization Validation Required? Manufacturing and Related Processes 7
C Does Japan accept the Bracketing Approach for Process Validation Japan Medical Device Regulations 1
A Robotic Sanding and Painting Process Validation Manufacturing and Related Processes 5
alonFAI Gamma Irradiation Process Validation Help Other Medical Device Related Standards 2
J Where does process validation fit within design & development? Design and Development of Products and Processes 7
O Process Mapping prior to Validation and Software to use to Map Process Maps, Process Mapping and Turtle Diagrams 12
M Justification for Not Having a Validation Plan for a Critical Process ISO 13485:2016 - Medical Device Quality Management Systems 4
alonFAI PCBAs Process Validation Help (Regulations FDA) Manufacturing and Related Processes 2
M Is Validation an ongoing process? 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 4
K What are the minimum requirements for Process Validation (Software)? ISO 13485:2016 - Medical Device Quality Management Systems 5
P Process Validation of inherited tooling by Contract Manufacturer ISO 13485:2016 - Medical Device Quality Management Systems 4
L GHTF/SG3/N15R8 - Process Validation and Risk Analysis ISO 13485:2016 - Medical Device Quality Management Systems 4
R TS 16949 Process Re-Validation Frequency Requirements IATF 16949 - Automotive Quality Systems Standard 3
T "Special Process" Validation Requirements (21 CFR Part 820) 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 15
V Is it required to perform Process Validation for food or dietary supplements? Food Safety - ISO 22000, HACCP (21 CFR 120) 4

Similar threads

Top Bottom