Hi All,
I'm working on performing software validation as described in ISO 13485:2016 for a "Data Exporter" that generates a Risk Summary Document.
We store our Risk Analysis in a "ticket-like" application. Every Risk Analysis is stored in a separate ticket and contains all required information and justifications.
To generate the Risk Summary Document where we also evaluate the Residual Risk, we use a "Data Exporter" software that collects part of the Risk Analysis information. The generated document is then sent for reviewing and finally approval.
My questions are:
1) Do we need to validate this software? (I assume that this is YES, however I would like to know why do I need to validate a software that generates a document that is afterwards reviewed by a real person)
2) As storing information into data system is very common nowadays, then there must be examples related to "Data Exporter" software. Do you know where can I find this kind of examples?
3) One of the biggest risks for this software is data corruption due to software bug. However this is part of the software verification process. Do we need to consider this as a risk or not?
Let me know if my explanation is not clear enough...

I'm working on performing software validation as described in ISO 13485:2016 for a "Data Exporter" that generates a Risk Summary Document.
We store our Risk Analysis in a "ticket-like" application. Every Risk Analysis is stored in a separate ticket and contains all required information and justifications.
To generate the Risk Summary Document where we also evaluate the Residual Risk, we use a "Data Exporter" software that collects part of the Risk Analysis information. The generated document is then sent for reviewing and finally approval.
My questions are:
1) Do we need to validate this software? (I assume that this is YES, however I would like to know why do I need to validate a software that generates a document that is afterwards reviewed by a real person)
2) As storing information into data system is very common nowadays, then there must be examples related to "Data Exporter" software. Do you know where can I find this kind of examples?
3) One of the biggest risks for this software is data corruption due to software bug. However this is part of the software verification process. Do we need to consider this as a risk or not?
Let me know if my explanation is not clear enough...

Last edited: