Validation of eQMS - Cloud based out of the box solution

#1
Good morning!

I have been tasked with the validation of our eQMS, which is a cloud based out of the box solution. As part of the validation, we need to create our own user requirement specifications (URS) and Process Qualification (PQ).

I have several questions that I am struggling to answer, and would greatly appreciate assistance.

1) For the PQ, should observed results be a screenshot, or is just stating the result acceptable?
2) For the URS, how would risk be assessed e.g. 'authorised reader shall be able to access and read controlled documentation within the system' - would this be high, medium or low?

I suppose the biggest issue we would have with if the system went wrong would be that we couldn't up-revision any documentation without being in breach of our work instructions. We do not rely on the system for anything directly relating to production or patient safety.

Thanks for your help
 
Elsmar Forum Sponsor

yodon

Staff member
Super Moderator
#2
You should always strive to have objective evidence that the test expected results were met. *Judicious* use of screenshots can help. Bear in mind that the objective evidence should demonstrate a requirement was met. You don't need to capture every screen transition. Don't write requirements around the implementation, focus on your functional needs.

Risk, at least per 13485, "pertains to safety or performance requirements of the medical device or meeting applicable regulatory requirements." If you use a scale of high / medium / low, patient death would be high. You have to consider what the effects are if the software fails. You indicate no patient harm, so the likely failure would result in regulatory NC. You have to decide where that falls on your 3-level scale.

You mention PQ. To me, using the IQ/OQ/PQ paradigm:
  • IQ demonstrates the system is installed per mfg recommendations and per any of your requirements. Do note that if you are capturing PHI as part of the system (maybe feedback or complaints) then you should consider secureity as part of IQ. I also like to look at setup: are you configuring to enable compliance (is everyone admin or are security levels defined and enforced, is audit trail enabled, etc).
  • OQ is where I verify the requirements are met
  • PQ is rarely used; however if there are performance needs (e.g. 50 people hitting the tool at the same time, database capacity, response time, etc.) that's where I use PQ
 
#3
Thank you for the reply and for clarifying a few things.
I think my main concern is the use of screenshots in the documentation. I seem to find varying information relating to how many and how often to use.
 

LUFAN

Involved In Discussions
#4
I think my main concern is the use of screenshots in the documentation. I seem to find varying information relating to how many and how often to use.
You won't anywhere. That's up to you to demonstrate the correct amount of confidence in the software. When I did an eQMS, I believe I had close to 20 binders full of test scripts and matching screenshots. For every test script instruction, I had a screenshot at least demonstrating the software matched that requirement. Whether that's too much or too little is up to you to decide.

PQ is rarely used; however if there are performance needs (e.g. 50 people hitting the tool at the same time, database capacity, response time, etc.) that's where I use PQ
This is interesting to me. I've done a PQ on an eQMS after it was configured to better suit the needs of my QMS and after the OQ was done. The eQMS company called it their Conference Room Pilot but more formally referred to it as a PQ. I can appreciate without any deltas from the OQ, a PQ wouldn't be necessary.
 
#5
Does anyone have a template for ERP system Validation ( all very low risk activities which have a paper back up) or a sample validation protocol?
Thanks
 

MakingADifference

Involved In Discussions
#7
I have performed this a couple of times and have always kept it quite simple and high-level. I have treated it in the same way I would a Medical Device, focussing on the following:
Purpose
Intended Use
Requirements
Test Cases
Traceability between requirements and Test Cases
Conclusion.

Thanks
 

Tidge

Trusted Information Resource
#9
Might be 21 CFR Part 11 Part 11 Electronic Records Electronic Signatures Scope and Application is useful.
Several risks can be formulated based in 21 CFR Part 11.
I want to insert a note of caution: 21 CFR Part 11 does not introduce new requirements for non-product software systems, it merely describes the expected mechanisms for implementing a software system which provides the functionality for keeping electronic records and recording electronic signatures. Another way of saying this: Part 11 isn't introducing "new risks", any risks are coming from the regulated (or certified) element of the system that is being automated. E.g. the risk of losing (paper) records is always present, it didn't come from 21 CFR part 11.

Don't get carried away with "Part 11" when implementing ERP systems that have little or no bearing on regulatory requirements. There is value in using 21 CFR 11 as an informative source for some functional implementations/requirements, but it should never be at the beginning of a validation (where the risk analysis begins).
 

sreekiran14

Starting to get Involved
#10
Hi Lufan, I am validating Cloud based eQMS. I would like to know
1. Whose responsibility is to develop a Risk Management Plan? What a Risk Management plan contains for Cloud based systems?
2. Vendor is suggesting to utilize their IQ/OQ/PQ that they performed, is that acceptable by the FDA?

Thank you
 
Thread starter Similar threads Forum Replies Date
Y SaMD Verification and Validation SOP and Plan IEC 62304 - Medical Device Software Life Cycle Processes 2
C Spreadsheet Validation and Release Qualification and Validation (including 21 CFR Part 11) 2
M Packing Validation & Accelerated Aging Test ISO 13485:2016 - Medical Device Quality Management Systems 2
M Sterile packing validation tests to be performed and protocol Other Medical Device and Orthopedic Related Topics 1
S OEM full range calibrations vs Validation special test points Medical Device and FDA Regulations and Standards News 0
H Software Validation for FFS Packaging Machine Qualification and Validation (including 21 CFR Part 11) 1
Q ISO 13485 7.5.6 Validation - Off the shelf Software ISO 13485:2016 - Medical Device Quality Management Systems 3
M ERP / QMS related software standards for Validation IEC 62304 - Medical Device Software Life Cycle Processes 6
C ISO 19227 Validation Cost Other Medical Device Related Standards 2
A CNC Mill and Lathe - Validation Manufacturing and Related Processes 2
N Example for design and development planning,input,output,review,verification,validation and transfer Misc. Quality Assurance and Business Systems Related Topics 4
N Sterilization Protocol Change in Validation Process and further impacts ISO 13485:2016 - Medical Device Quality Management Systems 1
B Oracle Cloud ERP Validation during Quarterly Patch ISO 13485:2016 - Medical Device Quality Management Systems 1
D Software validation team Misc. Quality Assurance and Business Systems Related Topics 3
W LTPD, AQL, Ppk and Cpk validation sampling plan table Inspection, Prints (Drawings), Testing, Sampling and Related Topics 0
J Validation Sample Size for Tray Seal Qualification and Validation (including 21 CFR Part 11) 3
F AS9100 - Validation, FAIR's, ITAR and Sub-Contracting AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 3
R PCBA process validation Qualification and Validation (including 21 CFR Part 11) 2
A ISO 17025 - Methods validation and clients ISO 17025 related Discussions 3
S Sterilization validation after changing sterilization process provider Qualification and Validation (including 21 CFR Part 11) 3
B Sterilization Validation Plan Other Medical Device Related Standards 3
D Difference between Test Method Validation and Gage R&R Qualification and Validation (including 21 CFR Part 11) 18
T Laboratory Verification after validation ISO 17025 related Discussions 3
silentmonkey Rationalising the level of effort and depth of software validation based on risk ISO 13485:2016 - Medical Device Quality Management Systems 10
D Questions regarding process validation ISO 13485:2016 - Medical Device Quality Management Systems 6
Y We found out we have been using a equipment without validation for past 4 years Quality Manager and Management Related Issues 6
Z Is IQ necessary for laser marking validation? EU Medical Device Regulations 3
E 13485:2016, Sections 4.1.6, 7.5.6 and 7.6 - Validation of Software - Need some Advice please ISO 13485:2016 - Medical Device Quality Management Systems 3
A Validation of Forced Aeration Process ISO 13485:2016 - Medical Device Quality Management Systems 3
E Mentor for Test Method Validation (TMV) Design and Development of Products and Processes 2
M API 4F/7K/8C Design Package Validation Oil and Gas Industry Standards and Regulations 2
I ISO 2233:2000 Question - Medical Device Shipping/Transportation Validation Other ISO and International Standards and European Regulations 1
T Annual Validation as a detection mode on a PFMEA? FMEA and Control Plans 5
B TMV - Selection of TM's for Validation ISO 13485:2016 - Medical Device Quality Management Systems 5
S Forced ServiceNow validation - No change in our current user and functional requirements IT (Information Technology) Service Management 4
P Human Factors / Usability validation in the time of COVID Human Factors and Ergonomics in Engineering 17
C Template for Excel Validation Reliability Analysis - Predictions, Testing and Standards 6
M IT validation for a paper based MD repair company QMS ISO 13485:2016 - Medical Device Quality Management Systems 6
P Unrealistic Packaging Validation Sample Size 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 39
D Test summary report example for design validation wanted - ISO 13485 ISO 13485:2016 - Medical Device Quality Management Systems 1
M Is Validation of Plating Processes required and who is responsible? Qualification and Validation (including 21 CFR Part 11) 11
T ISO 13485 - Process validation at critical suppliers ISO 13485:2016 - Medical Device Quality Management Systems 7
K Software Validation for Measurement Tools used in Process Validation ISO 13485:2016 - Medical Device Quality Management Systems 2
Stoic Manual soldering processes - 100% verifiable, or always requiring validation? 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 15
P Design verification driven by new equipment. How is this different than process validation? 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 1
S Rees System Validation Qualification and Validation (including 21 CFR Part 11) 1
K PQ validation qualification - Asked to write a PQ protocol ISO 13485:2016 - Medical Device Quality Management Systems 6
Stoic Are any medical device companies using the 2011 FDA process validation guidance instead of GHTF/SG3/N99-10:2004? 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 1
K Old medical devices -> 7.3.7. Design and development validation ISO 13485:2016 - Medical Device Quality Management Systems 1
S SOP for ISO 13485:2016 Quality related Software validation ISO 13485:2016 - Medical Device Quality Management Systems 9

Similar threads

Top Bottom