Validation of Software regarding ISO 13485:2016

Bev D

Heretical Statistician
Super Moderator
@Denzel I echo what those above have said. It doesn’t appear that you understand what software validation is, nor are you really listening to the advice you are being given. I suggest you reread the above comments.


Read 4.1.6. You need to validate the application of the software, and validate it again after any changes to the software or the application. Re-validation is that second part - validating it again after something changes. There is also a list in 7.5.6 of what to document for validation.

Validation is about demonstrating that a process can consistently achieve the planned result.

If you are not sure how to do that, I would spend a few days reading guidance like that linked by yodon and wrapping your head around it, and possibly getting help from somebody in your org who knows what they are doing. Understanding this concept is pretty basic to being effective in quality, so don't skimp on it.
I'm sorry, maybe I didn't explain it properly. We have some software in the company, that we use, for example, Confluence for our QMS system, in this case, do we need to validate this software? If we need to do that, then how I can understand when I need to revalidate it? I do not have that many years of experience, but I have read the ISO 13485 and still have questions.


It sounds to me like the problem is with your process for validating(*1) NPS, not with the specific tool.

The fundamental issue (per the NC) is this:
  1. You have no documented evidence if the software needs to be validated (this is the risk assessment)
  2. Assuming it needed to be (re)validated, those records must have been lacking/missing
(*1) "Validating" NPS isn't quite necessary... but you need to assess NPS. I'm simplifying a little because it sounds like you are in over your head, and such is not the time for nuance.
Thanks for your comment, I can understand the problem more right now.
Top Bottom