Software Validation Guidance Suggestions

Mark Meer

Trusted Information Resource
#1
I'm looking for suggestions of guidance on how best to plan, execute, and document software validation - for both OTS software we use at our facility, as well as software we develop.

Major consideration is that we are a small company with limited resources, and the requirements/intended-use of all software we use/develop have low risk profiles. For the most part it's pretty simple stuff - excel calculations (maybe some macros), OTS micro-controller flash programming, document storage/retreival...

I'm familiar with the FDA's "Principles of Software Validation" guidance (as it's free), and I've looked at some other threads, where the following suggestions come up:
- GAMP 5 Manual
- ISO/TR 80002-2:2017 (yes, we are a medical device company)

Question: Given our pretty basic needs (uncomplicated/low-risk & OTS software, limited resources), are documents such as GAMP 5 & ISO 80002-2 useful (over-and-above free guidances such as the FDA's)? If so, what do they offer? Have people found these particularly useful for their own practices? Are there any other guidances you'd recommend?

Any feedback/advice much appreciated!
MM
 
Elsmar Forum Sponsor

Marcelo

Inactive Registered Visitor
#2
My opinion is that GAMP is too much for most of the medical device industry. ISO TR 80002-2 was created to specifically deal with the new "risk based" activities of ISO 13485:2016, meaning you can tailor the process depending on the risk.

There's several other guidances, general and for other industries. One example are the IEEE standards (which are usually usable together with ISO documents). I don't think they are that welcoming (most that I know are more complicated, in fact).

PS.: I was a member of the team that created ISO TR 80002-2, but I'm not suggesting it because of that :p
 

Mark Meer

Trusted Information Resource
#3
My opinion is that GAMP is too much for most of the medical device industry. ...There's several other guidances, general and for other industries....I don't think they are that welcoming (most that I know are more complicated, in fact).
Thanks Marcelo, the "welcoming" part is certainly a consideration. Someone posted in another thread that GAMP 5 manual is in excess of 350 pages! ...probably overkill for us.

But to your general statement that it is "too much for most of the medical device industry", I would have thought that, in principle, a more thorough coverage of the topic would be MORE appropriate to the medical device industry due to its generally higher risk, no?

ISO TR 80002-2 was created to specifically deal with the new "risk based" activities of ISO 13485:2016, meaning you can tailor the process depending on the risk.
If ISO TR 80002-2 treads a lot of the same territory as ISO 14971, then I'm dubious as to its utility (for our organization). We've got a pretty good handle, IMO, on risk-based processes. Like I say, I'm more interested in guidance on the execution and documentation. The (free) FDA guidance, seems to have a lot covered (including risk), so I'm curious what these paid standards such as ISO TR 80002-2 offer? Does it, for example, provide any real-world examples?
 

Marcelo

Inactive Registered Visitor
#4
Thanks Marcelo, the "welcoming" part is certainly a consideration. Someone posted in another thread that GAMP 5 manual is in excess of 350 pages! ...probably overkill for us.

But to your general statement that it is "too much for most of the medical device industry", I would have thought that, in principle, a more thorough coverage of the topic would be MORE appropriate to the medical device industry due to its generally higher risk, no?
Not exactly (and the "higher risk" is debatable :p). The point is how ISO 13485:2016 handles software validation. It was decided to require validation to all application of software (and remove the old "that affects the product"or something like that), so ALL use of software in the QMS needs to be validated. On the other hand, so as not to create an overburden requirement, we introduced the requirement of risk-based approach and activities for the software validation, which let's you tailor the software validation effort (and which is mirrored in ISO TR 80002, which has a toolbox with several activities, some mandatory, but most voluntary, to be chosen depending on the risk).


If ISO TR 80002-2 treads a lot of the same territory as ISO 14971, then I'm dubious as to its utility (for our organization). We've got a pretty good handle, IMO, on risk-based processes. Like I say, I'm more interested in guidance on the execution and documentation. The (free) FDA guidance, seems to have a lot covered (including risk), so I'm curious what these paid standards such as ISO TR 80002-2 offer? Does it, for example, provide any real-world examples?
Sorry, I did not understand you did not know ISO TR 80002-2. I was talking about the approach and activities of software validation being based on risk, as I mentioned above. ISO TR 80002-2 also has several examples of application in the annexes (14 examples, in fact).
 

somashekar

Staff member
Super Moderator
#5
If I am using an ERP s/w and the same is under annual maintenance contract with upgrades, does it meet the requirement of validation of the ERP s/w...
 

Marcelo

Inactive Registered Visitor
#6
If I am using an ERP s/w and the same is under annual maintenance contract with upgrades, does it meet the requirement of validation of the ERP s/w...
Nope. Validation is a confirmation that your intended use of the software is fulfilled. Upgrades have nothing to to with that.

On the other hand, after any update, you need to verify the need for re-validation. This can be very resource-consuming...
 

somashekar

Staff member
Super Moderator
#7
Nope. Validation is a confirmation that your intended use of the software is fulfilled. Upgrades have nothing to to with that.

On the other hand, after any update, you need to verify the need for re-validation. This can be very resource-consuming...
I understand what you mean now. But the ERP customization project was the purpose to make the ERP meet our intended use. Without affecting our intended use, there would be upgrades to add a feature, which may or may not be used by us. It may be considered as an improvement in the MIS.
So is my ERP by virtue of the customization and effective use stand validated...
 
Thread starter Similar threads Forum Replies Date
A Medical Device Software Validation Guidance Software Quality Assurance 3
P Guidance on ISO 13485 Section 7.5.2. about Software Validation ISO 13485:2016 - Medical Device Quality Management Systems 15
Y ISO 13485:2015 Software Validation IQ/OQ/PQ ISO 13485:2016 - Medical Device Quality Management Systems 12
R Debug mode in software/device validation IEC 62304 - Medical Device Software Life Cycle Processes 2
M Software verification and validation AS9100 AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 4
P Software verification and validation procedure IEC 62304 - Medical Device Software Life Cycle Processes 6
H Software Validation for FFS Packaging Machine Qualification and Validation (including 21 CFR Part 11) 1
Q ISO 13485 7.5.6 Validation - Off the shelf Software ISO 13485:2016 - Medical Device Quality Management Systems 3
M ERP / QMS related software standards for Validation IEC 62304 - Medical Device Software Life Cycle Processes 6
D Software validation team Misc. Quality Assurance and Business Systems Related Topics 3
silentmonkey Rationalising the level of effort and depth of software validation based on risk ISO 13485:2016 - Medical Device Quality Management Systems 10
E 13485:2016, Sections 4.1.6, 7.5.6 and 7.6 - Validation of Software - Need some Advice please ISO 13485:2016 - Medical Device Quality Management Systems 3
K Software Validation for Measurement Tools used in Process Validation ISO 13485:2016 - Medical Device Quality Management Systems 2
S SOP for ISO 13485:2016 Quality related Software validation ISO 13485:2016 - Medical Device Quality Management Systems 9
K ERP System Software Validation - ISO13485 2016 4.1.6 Design and Development of Products and Processes 8
D Software validation in Medical Equipment Other Medical Device and Orthopedic Related Topics 20
C Looking for simple Software Validation IQ templates. Qualification and Validation (including 21 CFR Part 11) 4
C Software validation - Off The Shelf Software - Web hosted ISO 13485:2016 - Medical Device Quality Management Systems 6
R Validation of Medical Device Hardware containing Software - How many to Validate ISO 13485:2016 - Medical Device Quality Management Systems 1
F 21 CFR Part 11 - Implicit requirements - Validation plan for a Software as a Service Other US Medical Device Regulations 1
R ISO 13485 Software validation procedure and Quality Objectives Monitoring wanted Document Control Systems, Procedures, Forms and Templates 1
S Validation of COTS Equipment plus Software Qualification and Validation (including 21 CFR Part 11) 12
D Software Validation - Contract manufacturer of Components (PCBA's) Qualification and Validation (including 21 CFR Part 11) 7
Pmarszal Software Validation Training Course - Recommendations Training - Internal, External, Online and Distance Learning 3
T Software Validation Certificate (ISO 13485:2016) ISO 13485:2016 - Medical Device Quality Management Systems 19
R FDA Requirements - Printing Equipment Software Validation Qualification and Validation (including 21 CFR Part 11) 1
G Windows 10 OS build Software Validation US Food and Drug Administration (FDA) 1
S Where to keep Enterprise Resource Planning software (ERP) Validation Records ISO 13485:2016 - Medical Device Quality Management Systems 1
C Software validation (4.1.6 ISO 13485:2016) ISO 13485:2016 - Medical Device Quality Management Systems 20
S QMS software validation - Documentation ISO 13485:2016 - Medical Device Quality Management Systems 5
A SOP for software validation of software in medical device IEC 62304 IEC 62304 - Medical Device Software Life Cycle Processes 5
R CNC Software Validation requirements as per ISO 13485:2016 Other ISO and International Standards and European Regulations 8
R Software validation - off the shelf X-Ray Software Quality Assurance 3
S What is the clause in ISO 13485 for SAP Software Validation? ISO 13485:2016 - Medical Device Quality Management Systems 3
P Software validation of Data Exporter ISO 13485:2016 - Medical Device Quality Management Systems 3
A Process Validation of QMS Software ISO 13485: 2016 Cl. 4.1.6 ISO 13485:2016 - Medical Device Quality Management Systems 26
P Software Validation for Equipment - Question ISO 13485:2016 - Medical Device Quality Management Systems 5
D Medical Device Software Tool Validation - Compilers! IEC 62304 - Medical Device Software Life Cycle Processes 7
N When is Medical Device Software Validation required? ISO 13485:2016 - Medical Device Quality Management Systems 6
O Process Mapping prior to Validation and Software to use to Map Process Maps, Process Mapping and Turtle Diagrams 12
S Software Validation – Clause 4.1.6 of ISO 13485:2016 ISO 13485:2016 - Medical Device Quality Management Systems 12
B Could I combine IQ, OQ and PQ for Minitab Software Validation ? Software Quality Assurance 3
R Document Management Software : Validation and other requirements Medical Information Technology, Medical Software and Health Informatics 8
E Software Validation - Clinical Trials US Food and Drug Administration (FDA) 3
K What are the minimum requirements for Process Validation (Software)? ISO 13485:2016 - Medical Device Quality Management Systems 5
R ISO - Clause 7.5.1.3 - CMM Software Program Validation ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 2
I Validation Software Experience? (Valgenesis, etc.) Quality Assurance and Compliance Software Tools and Solutions 1
M Injection Molding Machine Software Validation Calibration and Metrology Software and Hardware 2
E FDA Requirements for Implantable Medical Device Software Validation ISO 13485:2016 - Medical Device Quality Management Systems 5
C Change Control Forms Post Software Validation Medical Information Technology, Medical Software and Health Informatics 2

Similar threads

Top Bottom