What are the minimum requirements for Process Validation (Software)?

[Kuhalit]

Hello, what are the minimum requirements for process validation, if we do not want to put to much effort in it, because we only have stand alone software - no production in a classical sense? I know, there are some advise papers, but which of them I MUST follow for US, Canada and EU?

Thank you and regards
Andreas

 

[c.mitch]

Hi
I understand that you are a software-only manufacturer. So no burden with generic production process validation. Please read FDA guidance: general principles of software validation. Free with the basics.
Then you have AAMI TIR36. More details but more time to implement.
Tip: a good solution is also to exclude a process from validation but with good/articulate/strong and simple rationale.

Bye

 

[Jen Kirley]

Good day,

The requirements for software, for process validation and otherwise, fall under Document Control elements, largely based on revisions and the availability of latest version to those who need it, when they need it.

The executables - that is, the results of the software's deployment - fall under Production Control.

 

[Kuhalit]

Hello, thank you for the hints.

Production Control... which means starting a CD or electronic distributed (like MS office) from the FTP server.

How would you do that?

Regards and thank you

 

[c.mitch]

Hi
You have two kind of software here.
-the medical device: validated at the end of design process, revalidated when patches/evolutions are done.
-the production tools: here you mentioned the ftp server. There may be other tools you use for "production" (pretty awkward for standalone software). Eg: excel sheets where you record who downloaded your medical device software, license generator tool...
For the ftp server, if it's not customized then it's a so basic service that I wonder the true meaning of a validation. One escape solution would be: each time you put a new version on the ftp server, you verify that you can download it with a client id/password.
Since you can't validate once and for all, you verify that it works for each version put on the server.
Hope it helps.

PS: these concepts of production, validation are difficult to transpose to software-only. But we have to do with it.

 

[Oscar Wang]

Hi
You have two kind of software here.
-the medical device: validated at the end of design process, revalidated when patches/evolutions are done.
-the production tools: here you mentioned the ftp server. There may be other tools you use for "production" (pretty awkward for standalone software). Eg: excel sheets where you record who downloaded your medical device software, license generator tool...
For the ftp server, if it's not customized then it's a so basic service that I wonder the true meaning of a validation. One escape solution would be: each time you put a new version on the ftp server, you verify that you can download it with a client id/password.
Since you can't validate once and for all, you verify that it works for each version put on the server.
Hope it helps.

PS: these concepts of production, validation are difficult to transpose to software-only. But we have to do with it.

hi, Kuhalit?t. The purpose of process validation is to ensure the product is produced consistently and reliably according the specification. Considering your case, is there any manufacturing process will impact your product's specification? if the answer is positive, you need to implement the process validtion; otherwise there is no need to do that. If your software have a self test mechanism to check whether the installation package is complete or not, i don't think FTP verification is necessary. By the way, you can hardly simulate yout customer's internet environment on the other hand.