Regulatory Open Forum

 View Only

  • 1.  ISO 13485 2016 4.1.6 Validate Software

    This message was posted by a user wishing to remain anonymous
    Posted 07-Sep-2018 09:39
    This message was posted by a user wishing to remain anonymous

    Hi,

    To what extent are companies validating software "used in the quality management system".  Are you validating Salesforce, MRP software systems as well simple Excel spreadsheets?  Can anyone give me an example of the approach taken to meet this requirement of the standard.  Thanks!


  • 2.  RE: ISO 13485 2016 4.1.6 Validate Software

    Posted 07-Sep-2018 11:17
    You don't need to validate the software, but the application of the software. For example, you don't need to validate Excel, but you need to validate the spreadsheets you use. 

    You can take a look at ISO TR 80002-2:2017, it was created to fulfill the validation requirements of ISO 13485, it also includes several examples.

    ------------------------------
    Marcelo Antunes
    Regulatory Strategy Consultant
    São Paulo
    Brazil
    ------------------------------

    Original Message


  • 3.  RE: ISO 13485 2016 4.1.6 Validate Software

    This message was posted by a user wishing to remain anonymous
    Posted 11-Sep-2018 13:28
    This message was posted by a user wishing to remain anonymous

    Hi,

    We recently passed our ISO13485:2016 audit and had positive comments on our validation approach from our auditor. We looked at the software used in our QMS processes and ruled out anything specifically business related e.g. our Salesforce equivalent and our accounts reporting. We identified a number of macro enabled spreadsheets and validated the custom macros rather than the basic functions of excel. We detailed our risk based approach in our validation protocols highlighting the custom nature of the macros and the OTS nature of excel.

    Original Message


  • 4.  RE: ISO 13485 2016 4.1.6 Validate Software

    Posted 12-Sep-2018 04:38
    Yes, you need to validate software for your intended use.   Use AAMI TIR 36 to help determine if the software is required to be validated, for example SW meets business requirements  verses reg/quality requirements.  We've developed documented assessments based on TIR  36 before and they are great way of documenting how you have assessed each software application.

    once you have identified which SW requires validation, then you can use guidance documents such as GAMP 5 and General Principles of Sw validation to determine the level of  validation required.
    hope this help
    seb

    ------------------------------
    Sebastian Clerkin
    Consultant
    Ballincollig
    Ireland
    ------------------------------

    Original Message


  • 5.  RE: ISO 13485 2016 4.1.6 Validate Software

    Posted 18-Sep-2018 17:14
    Items responded are accurate. By and large, validating the process and the decisions made form the information is where the findings would develop. With a "packaged" system, validating the activities is nearly impossible. However, validating the "decisions" and verifying the risks associated are key areas reviewed for certification.

    ------------------------------
    Gregory Kleinert

    ------------------------------

    Original Message


  • 6.  RE: ISO 13485 2016 4.1.6 Validate Software

    Posted 19-Sep-2018 02:23
    Lots of excellent advice and good references- I would only add do you risk assessment of the deployment and if the proposed validation is out of balance to the risk associated then one or the other is wrong! If others are doing more validation maybe you have missed or underestimated a risk

    ------------------------------
    Neil Armstrong FRAPS
    CEO MeddiQuest
    Peterborough
    United Kingdom
    ------------------------------

    Original Message


Related Content