Software validation (4.1.6 ISO 13485:2016)

cam5603

Starting to get Involved
#1
Hi everyone,

In our company we have an ERP for finance activities and to record some data concerning inventories of our products (stock, lot number, expiration date...). However, all datas are paper based first. We enter these datas only in a second time in the ERP.

Do you think that we have to validate this ERP to comply with the standard ISO 13485:2016 ?

Thank you in advance for your answer !
 
Elsmar Forum Sponsor

Marcelo

Inactive Registered Visitor
#2
Hi everyone,

In our company we have an ERP for finance activities and to record some data concerning inventories of our products (stock, lot number, expiration date...). However, all datas are paper based first. We enter these datas only in a second time in the ERP.

Do you think that we have to validate this ERP to comply with the standard ISO 13485:2016 ?

Thank you in advance for your answer !
You need to validate the use of the ERP, and the use of any software in the QMS.
 
#3
Well, I'm not sure it is that black and white.


In my experience the question is: "what is the master?". I ran paper-based systems having electronic shadows for document display. This required me to prove control over the papers, but allowed me not to validate the electronic system.


Regards,
Richard
 

Marcelo

Inactive Registered Visitor
#4
Well, I'm not sure it is that black and white.


In my experience the question is: "what is the master?". I ran paper-based systems having electronic shadows for document display. This required me to prove control over the papers, but allowed me not to validate the electronic system.


Regards,
Richard
ISO 13485:2016 was modified to require validation for the application of all software (but using a risk-based approach to both the validation and validation activities). There's no option to question, unfortunately, s the focus was to required validation for ALL application of software.
 
#5
Hi Marcelo


With all respect I still feel it is not so black and white.


There are four areas where SW can be used, one among which is in the QMS itself and there, as you state, the "validation of the application of computer software used in the quality management system" has to be performed.


This SW automates a process that needs to be assessed as a part of the risk-based approach and validated based on #4.1.6. However, this process can be plain old-fashioned, manual, without any SW. Then, of course, there is no SW validation.


The point I was making is to have an old-fashioned paper-based process as the master and provide copies (clearly labeled as such) electronically. Then, there is no need for validation of this SW as long as you can argue that it isn't a part of your QMS (such as a printer).


At least this way I have succeeded in the past years. But, as you point out, maybe it is better to just make a list of all QMS SW and validate it.


Best regards,
Richard
 

Marcelo

Inactive Registered Visitor
#6
The point I was making is to have an old-fashioned paper-based process as the master and provide copies (clearly labeled as such) electronically. Then, there is no need for validation of this SW as long as you can argue that it isn't a part of your QMS (such as a printer).
Not sure I understand your example. You write things in the computer, then print them and use only the printed ones? Or also use the electronic ones?

Anyway, this is a document management system, and it has to comply not only with the documentation requirements, but now also with the software validation requirements.

At least this way I have succeeded in the past years. But, as you point out, maybe it is better to just make a list of all QMS SW and validate it.
What do you mean by "succeeded"?

Anyway, prior versions of ISO 13485 did not require validation of application of QMS software, only application of software in production and monitoring, so your example was not required to be validated before. Now it is.

But you are right that all application of software would not require validation. For example, software used in financial planning which has no direct relationship with the the device. However, these softwares should be clear identified as out of the scope of the system, and most of the time they are not.
 

Rincewind

Involved In Discussions
#7
I just want to add that I kind of agree with RichardJ_CH.

Two weeks ago, I visited a company that just had its ISO 13485:2016 audit. Their argument with the certification body was that, although they use software for the purchasing process and logistics, they print out all of their documentation to ensure traceability and therefore work paper-based and do not view the software as part of the QMS and do not validate it.

This was accepted by the certification body. I have to say I was surprised myself, i did not think this was possible.
 
Last edited:

Marcelo

Inactive Registered Visitor
#8
Two generic comments here:

1) Passing an audit does not mean that you comply with the requirements. Due to several reasons (such audits are performed by sampling, and unfortunately a lot auditors do not really know the requirements well), passing an audit only means that you may have satisfied one particular auditor. This does not mean that the next audit (if, for example, another auditor comes) will also pass. Anyway, it's the responsibility of the organization to be compliant, not of the auditor.

For example, we are doing a project in Brazil in which we are evaluating compliance of some manufacturers, and they all are certified to ISO 13485, have CE mark, etc (some have been even had an certification audit the week before our visit). They still fail more than 90 % of the requirements (and most are taken directly from standards and regulations), but we are asking them in a way most auditors do not ask (we created something I called "International Good Regulatory Practices"to use as a basis).

This is also one of the reasons I started this thread: Some possible misunderstandings on the application of ISO 13485

2) I usually do not make suggestions here to pass the audit, I make suggestions to do what I think is right (and thus you can pass all the audits).

With this in mind:

Two weeks ago, I visited a company that just had its ISO 13485:2016 audit. Their argument with the certification body was that, although they use software for the purchasing process and logistics, they print out all of their documentation to ensure traceability and therefore work paper-based and do not view the software as part of the QMS and do not validate it.

This was accepted by the certification body. I have to say I was surprised myself, i did not think this was possible.
I just want to add that I kind of agree with RichardJ_CH.

Two weeks ago, I visited a company that just had its ISO 13485:2016 audit. Their argument with the certification body was that, although they use software for the purchasing process and logistics, they print out all of their documentation to ensure traceability and therefore work paper-based and do not view the software as part of the QMS and do not validate it.

This was accepted by the certification body. I have to say I was surprised myself, i did not think this was possible.
Oh, I've seen several instances of things like that being accepted, but as I mentioned above, that does not mean that they really comply with the requirement.

In particular, if the company writes the document in the computer, they will have to guarantee that the requirements for documentation are fulfilled, even if in the end they only use the printed ones, because they do have a software document management system. So, I don't think the situation you mention is acceptable, even if the certification auditor did accept that. The problem as I see it is, this auditor accepted that today, he (or another auditor) may not accept that tomorrow.
 

DEVigil

Involved In Discussions
#9
<snip>

In particular, if the company writes the document in the computer, they will have to guarantee that the requirements for documentation are fulfilled, even if in the end they only use the printed ones, because they do have a software document management system. So, I don't think the situation you mention is acceptable, even if the certification auditor did accept that. The problem as I see it is, this auditor accepted that today, he (or another auditor) may not accept that tomorrow.

It seems that you are arguing that no one can have a paper-based QMS that conforms to requirements. I disagree. I do have one (not that I *want* one - I would *much* rather have an EDMS to use).



In my paper-based system, all QMS documents and records are printed hard-copy that is stored in files and/or binders. I should not need to validate the software on which I wrote the documents (a very common word-processing program) any more than I would have had to validate the typewriter or pen I would have used previously instead of a computer. The software in no way *manages* the documentation system - I do that with master document books, logs, and forms (all on paper). I do have electronic back up of all files, but they are *only* the back ups. The system of record is paper.



Just like it was done before there *were* computers or software.
 

Marcelo

Inactive Registered Visitor
#10
It seems that you are arguing that no one can have a paper-based QMS that conforms to requirements.
I did not say that, as this is not the focus of the discussion. The focus in on the software, and I just mentioned that if you use software to write your documents and then print it, you have a software document management system that has to comply with both documentation requirements and software validation requirements.

I'm not sure where you read that this means a paper-based QMS cannot comply with the standard.

In my paper-based system, all QMS documents and records are printed hard-copy that is stored in files and/or binders. I should not need to validate the software on which I wrote the documents (a very common word-processing program) any more than I would have had to validate the typewriter or pen I would have used previously instead of a computer. The software in no way *manages* the documentation system - I do that with master document books, logs, and forms (all on paper). I do have electronic back up of all files, but they are *only* the back ups. The system of record is paper.
The same thing applies to Excel spreadsheets, Both processes information. You need to validate that the processing is ok. If there's a bug in "very common word-processing program", you can print the wrong thing. I'm not sure why people get it with the Excel example (which has known processing errors), but not with work processors (when the use is basically the same).

This is not related to software "managing" anything, it's related to the use of the software inside your process.

Now, I know that a lot of people thinks that you do not need to validate those (even the ISO 13485 handbook says that), but again, this does not mean that it's correct.
 
Thread starter Similar threads Forum Replies Date
S SOP for ISO 13485:2016 Quality related Software validation ISO 13485:2016 - Medical Device Quality Management Systems 9
R ISO 13485 Software validation procedure and Quality Objectives Monitoring wanted Document Control Systems, Procedures, Forms and Templates 1
T Software Validation Certificate (ISO 13485:2016) ISO 13485:2016 - Medical Device Quality Management Systems 19
R CNC Software Validation requirements as per ISO 13485:2016 Other ISO and International Standards and European Regulations 8
S What is the clause in ISO 13485 for SAP Software Validation? ISO 13485:2016 - Medical Device Quality Management Systems 3
A Process Validation of QMS Software ISO 13485: 2016 Cl. 4.1.6 ISO 13485:2016 - Medical Device Quality Management Systems 26
S Software Validation – Clause 4.1.6 of ISO 13485:2016 ISO 13485:2016 - Medical Device Quality Management Systems 12
R ISO - Clause 7.5.1.3 - CMM Software Program Validation ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 2
R ISO 13485 Software Validation Requirements - Help needed ISO 13485:2016 - Medical Device Quality Management Systems 4
F ISO 13485 & FDA Requirements - What kinds of software require validation? ISO 13485:2016 - Medical Device Quality Management Systems 2
A ISO 13485, Document Control and Software Validation ISO 13485:2016 - Medical Device Quality Management Systems 9
E ISO 62304 and Validation of Medical Device Software Tools IEC 62304 - Medical Device Software Life Cycle Processes 17
P Guidance on ISO 13485 Section 7.5.2. about Software Validation ISO 13485:2016 - Medical Device Quality Management Systems 15
K Software validation question - Contract Manufacturer - ISO 13485 implementation ISO 13485:2016 - Medical Device Quality Management Systems 2
Marc Software Validation - Information Services in ISO 9001 Service Industry Specific Topics 1
Marc ISO 17025 Section 5.4.7.2.a - Software Validation Concern ISO 17025 related Discussions 0
D Software validation team Misc. Quality Assurance and Business Systems Related Topics 3
silentmonkey Rationalising the level of effort and depth of software validation based on risk ISO 13485:2016 - Medical Device Quality Management Systems 10
E 13485:2016, Sections 4.1.6, 7.5.6 and 7.6 - Validation of Software - Need some Advice please ISO 13485:2016 - Medical Device Quality Management Systems 3
K Software Validation for Measurement Tools used in Process Validation ISO 13485:2016 - Medical Device Quality Management Systems 2
K ERP System Software Validation - ISO13485 2016 4.1.6 Design and Development of Products and Processes 8
D Software validation in Medical Equipment Other Medical Device and Orthopedic Related Topics 20
C Looking for simple Software Validation IQ templates. Qualification and Validation (including 21 CFR Part 11) 4
C Software validation - Off The Shelf Software - Web hosted ISO 13485:2016 - Medical Device Quality Management Systems 6
R Validation of Medical Device Hardware containing Software - How many to Validate ISO 13485:2016 - Medical Device Quality Management Systems 1
F 21 CFR Part 11 - Implicit requirements - Validation plan for a Software as a Service Other US Medical Device Regulations 1
S Validation of COTS Equipment plus Software Qualification and Validation (including 21 CFR Part 11) 12
D Software Validation - Contract manufacturer of Components (PCBA's) Qualification and Validation (including 21 CFR Part 11) 7
Pmarszal Software Validation Training Course - Recommendations Training - Internal, External, Online and Distance Learning 3
R FDA Requirements - Printing Equipment Software Validation Qualification and Validation (including 21 CFR Part 11) 1
G Windows 10 OS build Software Validation US Food and Drug Administration (FDA) 1
S Where to keep Enterprise Resource Planning software (ERP) Validation Records ISO 13485:2016 - Medical Device Quality Management Systems 1
M Software Validation Guidance Suggestions Various Other Specifications, Standards, and related Requirements 6
S QMS software validation - Documentation ISO 13485:2016 - Medical Device Quality Management Systems 5
A SOP for software validation of software in medical device IEC 62304 IEC 62304 - Medical Device Software Life Cycle Processes 5
R Software validation - off the shelf X-Ray Software Quality Assurance 3
P Software validation of Data Exporter ISO 13485:2016 - Medical Device Quality Management Systems 3
P Software Validation for Equipment - Question ISO 13485:2016 - Medical Device Quality Management Systems 5
D Medical Device Software Tool Validation - Compilers! IEC 62304 - Medical Device Software Life Cycle Processes 7
N When is Medical Device Software Validation required? ISO 13485:2016 - Medical Device Quality Management Systems 6
O Process Mapping prior to Validation and Software to use to Map Process Maps, Process Mapping and Turtle Diagrams 12
B Could I combine IQ, OQ and PQ for Minitab Software Validation ? Software Quality Assurance 3
R Document Management Software : Validation and other requirements Medical Information Technology, Medical Software and Health Informatics 8
E Software Validation - Clinical Trials US Food and Drug Administration (FDA) 3
K What are the minimum requirements for Process Validation (Software)? ISO 13485:2016 - Medical Device Quality Management Systems 5
I Validation Software Experience? (Valgenesis, etc.) Quality Assurance and Compliance Software Tools and Solutions 1
M Injection Molding Machine Software Validation Calibration and Metrology Software and Hardware 2
E FDA Requirements for Implantable Medical Device Software Validation ISO 13485:2016 - Medical Device Quality Management Systems 5
C Change Control Forms Post Software Validation Medical Information Technology, Medical Software and Health Informatics 2
C Thoughts on validation of Legacy Systems for Medical Device Software EU Medical Device Regulations 2

Similar threads

Top Bottom