Software Validation Question

[duff999]

Regarding software validation to satisfy ISO 13485 requirements. Would a certificate of software validation from the vendor suffice, or do I need to create a test plan for intended use on my end to satisfy the requirement.

Any advice is appreciated.

 

[Tidge]

What are the answers to these questions:

1. Is it product software?
2. Is it implicated in the risk files for a medical device?

 

[duff999]

What are the answers to these questions:

1. Is it product software?
2. Is it implicated in the risk files for a medical device?

1. The software is provided with the instrument for data collection and analysis
2. It is not currently listed in our risk file.

Thanks Tidge

 

[William55401]

Duff, for QMS software validation (a form of non product software), GAMP 5 is the recognized approach. The vendor's cert will certainly help for off the shelf software but your org will want to be certain is part of an overall suite of deliverables to maintain the software in a validated state. (Is it cloud based? Does your org control new versions? How are changes assessed before implementation? The list goes on.....).

 

[William55401]

What is the instrument? Is the instrument used in the inspection, manufacturing, or testing of your finished device? If so, this is a form of non product software and GAMP 5 would apply. If your instrument is the device going to your customer, IEC 62304 would be in play for software in a medical device. Hope this helps.

Edit: Is the software distributed, by itself, to the end customer?

 

[Aihsemo]

Hello,

I have question relating to Periodic Review document(for a validated software). Is there a regulatory guideline/requirement on the Approvals required for this document ? My company follows four levels of approvals ie. by the Process Owner, System owner, IT Compliance & Quality. Any thoughts on this ?

 

[duff999]

What is the instrument? Is the instrument used in the inspection, manufacturing, or testing of your finished device? If so, this is a form of non product software and GAMP 5 would apply. If your instrument is the device going to your customer, IEC 62304 would be in play for software in a medical device. Hope this helps.

Edit: Is the software distributed, by itself, to the end customer?

It is an instrument we use in final QC testing, I will take a look at GAMP 5 as suggested.

 

[ScottK]

Regarding software validation to satisfy ISO 13485 requirements. Would a certificate of software validation from the vendor suffice, or do I need to create a test plan for intended use on my end to satisfy the requirement.

Any advice is appreciated.

If this is not custom software to your company for that specific machine I would accept the certificate as long as you are not modifying it.
Part of your qualification of the machine would be that the equipment vendor provided the software as specified in the purchase agreement.
This has been fine for me for chemical analytical equipment that came with pre-installed software. My company did not re-validate the software.

 

[duff999]

If this is not custom software to your company for that specific machine I would accept the certificate as long as you are not modifying it.
Part of your qualification of the machine would be that the equipment vendor provided the software as specified in the purchase agreement.
This has been fine for me for chemical analytical equipment that came with pre-installed software. My company did not re-validate the software.

Thank you. It is not customer software that was tweaked by us in anyway. It was installed per manufacturers specification.

 

[Tidge]

With the additional information, I have some general recommendations.

0) Don't over-think it.

1) Don't be quick to Jump to GAMP 5 for a commercially available piece of test & measurement equipment that is going to be used as a general tool for it's (marketed) purpose.

I don't want to poo-poo GAMP 5 (I was once a dues-paying a member of ISPE) but (a) it is expensive to own a legal copy of GAMP 5, and (b) if you don't own a legal copy (it's got a LOT of details and information in it) you are probably working with some watered-down version that you cannot trust is actually implementing GAMP 5. Most NPS process implementations I've seen that are "inspired by GAMP 5" have sharp edges/dark corners that (ironically?) get needlessly complicated for folks who haven't really engaged with the publication (and supplementary materials from ISPE) directly. I am aware that GAMP 5 is intended to be scalable (beyond the inherent scalability of suggested activities based on the nature of the NPS system) but I would never claim to be an old testament scholar just because I get a few select readings and a poem on Sunday mornings.

2) There are elements of this NPS that you will have to consider, even though I am going to go in a different direction.

What you are faced with is a measurement tool, so the primary concerns are about capability and reliability of the system (men, machines, methods) for the appropriate materials. Since it is a piece of equipment, you should have an Installation Qualification that documents all the important elements of the system, including the software version provided by the vendor. After identifying the nature of the objects to be measured/tested, you should (internally) generate confidence through appropriate means that the system is behaving with an acceptable range of outcomes... it could be gage R&R, round-robin challenges, whatever.... just like any other measurement system.

Now the thing you will have to keep an eye on, even if the system meets your needs: The manufacturer may find bugs or offer software updates. You ought to have a mechanism to stay aware of these. In the GAMP 5 approach, this is a lifecycle activity.