I helped a client recently resolve a nonconformity that was issued when the client had lost pace with OTS software version updates that were being automatically pushed from the software vendor. I hate to break some bad news, but regulatory bodies like the U.S. FDA, European Notified Bodies, Health Canada, etc., think that medical product quality management systems (including requirements for product, quality system, and process software validation) are essential for ensuring public health. So those obligations need to be taken very seriously.
Accordingly, all changes (either individually or collectively) made for validated software need to be assessed for impact, followed by appropriate revalidation considerations made commensurate with risk and complexity. Bodies like the FDA or a Notified Body won't be receptive (putting it lightly) to a mindset asserting that there are too many changes to warrant proper validation considerations. It may be possible in some circumstances to create some margin for ourselves regarding lower-risk applications, but that can be dicey.
------------------------------
Kevin Randall, ASQ CQA, RAC (Europe, Canada, U.S.)
Principal Consultant
Ridgway, CO
United States
© Copyright 2021 by ComplianceAcuity, Inc. All rights reserved.
------------------------------
Original Message:
Sent: 19-Aug-2021 14:00
From: Anonymous Member
Subject: off-the-shelf software validation for version updates
This message was posted by a user wishing to remain anonymous
Hello,
Does anyone have a suggestion for how to handle validation for off-the-shelf software versions?
We were several versions behind (12) on a software and now wish to implement the current version. The list of changes from the software developer are >100 pages, so almost impractical to review change-by-change.