Software validation of Data Exporter

#1
Hi All,

I'm working on performing software validation as described in ISO 13485:2016 for a "Data Exporter" that generates a Risk Summary Document.

We store our Risk Analysis in a "ticket-like" application. Every Risk Analysis is stored in a separate ticket and contains all required information and justifications.
To generate the Risk Summary Document where we also evaluate the Residual Risk, we use a "Data Exporter" software that collects part of the Risk Analysis information. The generated document is then sent for reviewing and finally approval.

My questions are:
1) Do we need to validate this software? (I assume that this is YES, however I would like to know why do I need to validate a software that generates a document that is afterwards reviewed by a real person)
2) As storing information into data system is very common nowadays, then there must be examples related to "Data Exporter" software. Do you know where can I find this kind of examples?
3) One of the biggest risks for this software is data corruption due to software bug. However this is part of the software verification process. Do we need to consider this as a risk or not?

Let me know if my explanation is not clear enough...

:thanx:
 
Last edited:
Elsmar Forum Sponsor

yodon

Staff member
Super Moderator
#2
You need to have a risk-based means to determine whether and to what extent you validate. Based on just what you said, I would hesitate to say that the 100% output review would be a justifiable reason to not validate. What if the software completely lost a record?

I always recommend:
* Create a Master Validation Plan (MVP) that establishes a risk-based approach to validation decisions
* Compile (and maintain) your inventory of software that you use in execution of the quality system
* Use the risk-based approach defined in your MVP to drive the decision to validate or not and to drive the rigor of validation if validation is, indeed required

Bear in mind that having a system validated is not a one-time event. If you ever make updates to the software, that can (likely) take it out of the validated state and you'd need to re-validate. Other things may also change (support software, network, underlying OS, etc.). A system needs to be established to monitor all this and determine if re-validation is required. (Again, the frequency of such reviews would be risk-driven).

I'm a little unclear what you mean in your 3rd item by "this is part of the software verification process." Can you clarify that?
 
#3
Hi!

Sorry for the delay! and Thanks a lot for your answer!

1) The lost of records is one of the possible risks that we evaluated.
To clarify more: The "ticket-like" application can list all risks for a particular product and provides a total count. The "Data Exporter" also provides a total count. These two values must be equal and they can easily be verified by the reviewer of the document. However, the reviewer needs "Training" to check this point every time a new risk summary is released. Would this be an appropriate control measure in this case?
Another alternative would be to introduce a verification process in the Data Exporter application. For example, check the same total count in the "ticket-like" application. But then this new process would most likely introduce a new risk. Where do we stop?

2)
Bear in mind that having a system validated is not a one-time event.
Not at all. This is the reason I want to perform automatic validation using a kind-of unit test approach.

3)
I'm a little unclear what you mean in your 3rd item by "this is part of the software verification process." Can you clarify that?
As this is a software then it will have bugs. These bugs may introduce data corruption in the exported information (for example: one of the risks has an evaluation of "Unacceptable" but the tool export it as "Acceptable" due to a bug). I'm assuming this kind of bugs will be eliminated during the verification process (we use a "standard" software development process).
In spite of my naive assumption there is still the possibility that bugs can create data corruption, do we need to evaluate the risk that a bug in the application will corrupt the exported data?
 

yodon

Staff member
Super Moderator
#4
Not at all. This is the reason I want to perform automatic validation using a kind-of unit test approach.
Strictly speaking, unit testing is low-level testing not generally performed in validation. Automated testing is a generally done at the system level. I may be just quibbling over terminology. :)

I'm assuming this kind of bugs will be eliminated during the verification process (we use a "standard" software development process).
Bugs can't be eliminated in verification, they can only be revealed. Use of a rigorous development process only reduces the likelihood of error introduction.

In spite of my naive assumption there is still the possibility that bugs can create data corruption, do we need to evaluate the risk that a bug in the application will corrupt the exported data?
Sure, no software is completely bug-free. Yes, you should evaluate the risk and if the consequences of failure (data corruption) are sufficiently high and the current controls cannot bring that down, you may indeed need to consider other types of controls - which could include manual, independent inspection of the output.
 
Thread starter Similar threads Forum Replies Date
K Software Validation for Measurement Tools used in Process Validation ISO 13485:2016 - Medical Device Quality Management Systems 2
S SOP for ISO 13485:2016 Quality related Software validation ISO 13485:2016 - Medical Device Quality Management Systems 8
K ERP System Software Validation - ISO13485 2016 4.1.6 Design and Development of Products and Processes 8
D Software validation in Medical Equipment Other Medical Device and Orthopedic Related Topics 20
C Looking for simple Software Validation IQ templates. Qualification and Validation (including 21 CFR Part 11) 4
C Software validation - Off The Shelf Software - Web hosted ISO 13485:2016 - Medical Device Quality Management Systems 6
R Validation of Medical Device Hardware containing Software - How many to Validate ISO 13485:2016 - Medical Device Quality Management Systems 1
F 21 CFR Part 11 - Implicit requirements - Validation plan for a Software as a Service Other US Medical Device Regulations 1
R ISO 13485 Software validation procedure and Quality Objectives Monitoring wanted Document Control Systems, Procedures, Forms and Templates 1
S Validation of COTS Equipment plus Software Qualification and Validation (including 21 CFR Part 11) 12
D Software Validation - Contract manufacturer of Components (PCBA's) Qualification and Validation (including 21 CFR Part 11) 7
Pmarszal Software Validation Training Course - Recommendations Training - Internal, External, Online and Distance Learning 3
T Software Validation Certificate (ISO 13485:2016) ISO 13485:2016 - Medical Device Quality Management Systems 19
R FDA Requirements - Printing Equipment Software Validation Qualification and Validation (including 21 CFR Part 11) 1
G Windows 10 OS build Software Validation US Food and Drug Administration (FDA) 1
S Where to keep Enterprise Resource Planning software (ERP) Validation Records ISO 13485:2016 - Medical Device Quality Management Systems 1
C Software validation (4.1.6 ISO 13485:2016) ISO 13485:2016 - Medical Device Quality Management Systems 20
M Software Validation Guidance Suggestions Various Other Specifications, Standards, and related Requirements 6
S QMS software validation - Documentation ISO 13485:2016 - Medical Device Quality Management Systems 1
A SOP for software validation of software in medical device IEC 62304 IEC 62304 - Medical Device Software Life Cycle Processes 5
R CNC Software Validation requirements as per ISO 13485:2016 Other ISO and International Standards and European Regulations 8
R Software validation - off the shelf X-Ray Software Quality Assurance 3
S What is the clause in ISO 13485 for SAP Software Validation? ISO 13485:2016 - Medical Device Quality Management Systems 3
A Process Validation of QMS Software ISO 13485: 2016 Cl. 4.1.6 ISO 13485:2016 - Medical Device Quality Management Systems 26
P Software Validation for Equipment - Question ISO 13485:2016 - Medical Device Quality Management Systems 5
D Medical Device Software Tool Validation - Compilers! IEC 62304 - Medical Device Software Life Cycle Processes 7
N When is Medical Device Software Validation required? ISO 13485:2016 - Medical Device Quality Management Systems 6
O Process Mapping prior to Validation and Software to use to Map Process Maps, Process Mapping and Turtle Diagrams 12
SteveK Software Validation – Clause 4.1.6 of ISO 13485:2016 ISO 13485:2016 - Medical Device Quality Management Systems 12
B Could I combine IQ, OQ and PQ for Minitab Software Validation ? Software Quality Assurance 3
R Document Management Software : Validation and other requirements Medical Information Technology, Medical Software and Health Informatics 8
E Software Validation - Clinical Trials US Food and Drug Administration (FDA) 3
K What are the minimum requirements for Process Validation (Software)? ISO 13485:2016 - Medical Device Quality Management Systems 5
R ISO - Clause 7.5.1.3 - CMM Software Program Validation ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 2
I Validation Software Experience? (Valgenesis, etc.) Quality Assurance and Compliance Software Tools and Solutions 1
M Injection Molding Machine Software Validation Calibration and Metrology Software and Hardware 2
E FDA Requirements for Implantable Medical Device Software Validation ISO 13485:2016 - Medical Device Quality Management Systems 5
C Change Control Forms Post Software Validation Medical Information Technology, Medical Software and Health Informatics 2
C Thoughts on validation of Legacy Systems for Medical Device Software EU Medical Device Regulations 2
C Cement Mixing Software Validation ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 7
Y OTS (Off The Shelf) Software Validation for 510k Traditional 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 3
V Validation of macro - scripts - programs used in statistical software (Minitab-SAS... Qualification and Validation (including 21 CFR Part 11) 5
R ISO 13485 Software Validation Requirements - Help needed ISO 13485:2016 - Medical Device Quality Management Systems 4
M MSA - Validation of Metrology Software such as PCDMIS Calibration and Metrology Software and Hardware 2
T Class II Software Device 510k V&V (Verification and Validation) Criteria and Results 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 4
A ClassIIa Medical Device Software Validation Report Format and Content IEC 62304 - Medical Device Software Life Cycle Processes 5
A Medical Device Software Validation Guidance Software Quality Assurance 3
T Validation of OTS (Off The Shelf) Software in Medical Devices IEC 62304 - Medical Device Software Life Cycle Processes 12
K Validation of ERP/CRM Software Using Sandbox Qualification and Validation (including 21 CFR Part 11) 4
J Validation of software used for product realisation ISO 13485:2016 - Medical Device Quality Management Systems 4
Similar threads


















































Top Bottom