silentmonkey
Involved In Discussions
Hi All,
I am working with a startup medical device company and we have established our own manufacturing process. The manufacturing team have implemented 2 pieces of software to automate and support some of the manufacturing process steps and hence we are required to validate the software as per ISO 13485:2016.
Software A will be used by operators to record the results of manufacturing quality control checks including the results of visual inspections. The software will inform the operator if the outcome is a pass or fail based on operator input for that device and will also record all the information in a database. This database will form a part of our Device History Record.
Software B is a test jig used to automate electrical testing and firmware flashing of the device. It automatically records the results and informs the operator if the outcome is a pass or fail. The test jig also stores the outcomes in a database which will form a part of our DHR.
Evidently the software are critical to the quality of our product and automates critical QMS processes. I have read TR/ISO 80002-2:2017 and have understood it for the most. My struggle is - how do we rationalise the level of effort and depth of validation required after performing the risk assessment?
Let's say we perform a risk analysis using a Hazards Analysis or FMEA for both process risks and software risks. This certainly gives us an idea of how risky the software and process are but TR/ISO 80002-2 says that the risk assessment performed should be used to drive the selection of tools to use in the toolbox (TR/ISO 80002-2 provides a list of validation tools which we can use to achieve a validated state in Appendix A).
How can I justify what tools I should use and how many tools I should use based on the outcome of the risk assessments? Is there a way to quantify or qualify the risk assessments and then say something in my software validation procedure like "if risk level is X; use these tools" or "if risk level is Y; use these tools".
Any other general advice on achieving software validation would also be very much appreciated! Perhaps I have misunderstood the intent of TR/ISO 80002-2?
Thanks in advance!
I am working with a startup medical device company and we have established our own manufacturing process. The manufacturing team have implemented 2 pieces of software to automate and support some of the manufacturing process steps and hence we are required to validate the software as per ISO 13485:2016.
Software A will be used by operators to record the results of manufacturing quality control checks including the results of visual inspections. The software will inform the operator if the outcome is a pass or fail based on operator input for that device and will also record all the information in a database. This database will form a part of our Device History Record.
Software B is a test jig used to automate electrical testing and firmware flashing of the device. It automatically records the results and informs the operator if the outcome is a pass or fail. The test jig also stores the outcomes in a database which will form a part of our DHR.
Evidently the software are critical to the quality of our product and automates critical QMS processes. I have read TR/ISO 80002-2:2017 and have understood it for the most. My struggle is - how do we rationalise the level of effort and depth of validation required after performing the risk assessment?
Let's say we perform a risk analysis using a Hazards Analysis or FMEA for both process risks and software risks. This certainly gives us an idea of how risky the software and process are but TR/ISO 80002-2 says that the risk assessment performed should be used to drive the selection of tools to use in the toolbox (TR/ISO 80002-2 provides a list of validation tools which we can use to achieve a validated state in Appendix A).
How can I justify what tools I should use and how many tools I should use based on the outcome of the risk assessments? Is there a way to quantify or qualify the risk assessments and then say something in my software validation procedure like "if risk level is X; use these tools" or "if risk level is Y; use these tools".
Any other general advice on achieving software validation would also be very much appreciated! Perhaps I have misunderstood the intent of TR/ISO 80002-2?
Thanks in advance!