With ISO 13485:2016 published and being implemented, many medical device customers are experiencing some uncertainty about the impact one of the key changes may have on their business: computer software validation.
Software validation can be an ambiguous subject within the industry and questions are arising around the associated regulatory and operational obligations for medical device companies following the updated ISO guidelines.
Within this feature, I look to address some of the direct questions I am seeing from clients in the medical device industry and hopefully clarify how software providers, such as ourselves at Ideagen, can support medical device organisations with the transition to ISO 13485:2016 and their validation requirements.
1. What software requires validation under ISO 13485?
Per Section 4.16 of the standard, this means any application that is being used to support the development of, or maintenance of, a medical device. Any application that falls under those areas requires validation.
2. ISO 13485:2016 states more explicit requirements for software validation for different applications, how does this impact our compliance requirements?
ISO13485 has always implicitly implied that software applications supporting the design, development and quality management system (QMS) processes require to be validated. The standard was updated to stipulate that software systems supporting the QMS now must be validated.
3. Why do I need to validate my electronic quality management system (eQMS)?
As well as the e-QMS’s potential impact on the product, one of the key changes to ISO13485 is the clarification that regulatory requirements are now expected to be considered as well as that required by the guidance. If you are planning on selling your device into the United States, as an example, 21 CFR Part 820 would require your e-QMS to be validated hence ISO 13485 is more harmonised to global regulatory requirements.
4. Does the software provider not validate their own software?
Using Ideagen as an example, we take our software delivery process extremely seriously. All versions of our Q-Pulse software are stringently tested before release. However, the validation requirements of the guidance are specific to your intended use of the application and the uniqueness of your configuration. Thus any software that you decide to use requires to be validated in the context of how it supports your company’s operations, practices and requirements.
5. Do I have to test all the functions of the software I choose?
Simple answer is no. Again, referring our own Q-Pulse software, with our validated offering our validation partner CompliancePath performs a full third party independent validation of all available functions. When you are considering buying a software product, you should be provided with options to suit your specific validation requirements from the vendor. At Ideagen, we offer a Life Science validation pack for Q-Pulse which reduces the validation burden.
6. What does revalidation mean and when will I require to do it?
Revalidation occurs when an updated version of the software you choose is released and you choose to install it. Typically, revalidation is a short process that simply focuses on new functionality and checks any potential impact on functionality from the previous version.
7. Can a validated eQMS reduce the risk to my business?
Yes, validating your eQMS provides an assurance of secure data, audit logs and increases the integrity of your record keeping and supplier quality processes.
As mentioned earlier, the purpose of this article is to try and answer some of the frequent questions I am faced with on a day-to-day basis from our clients operating in Life Science. I hope I have gone some way to answering them but, as ever, if you have any further questions then please don’t hesitate to get in touch.
Alternatively, I have also created an informative flyer that you can download from our website here.