Software tool validation

1 8
2 0
v i s
A d
Q
Breakfast)seminar
( c
Software tool validation
QAdvis seminar Lund 2018-05-09, Stockholm 2018-05-15, Uppsala 2018-05-17

Hedvig Tuxen-Meyer
 Software tool validation

QAdvis key competence areas

1 8
QA&RA/Clinical Consulting

QMS in-the cloud

Turn key QMS
System development

2 0
Interim management
Expert advise
Audits/Mock audits/Due diligence
Warning letters, compliance projects

s
Digital signatures Project management

i
Product software validation PMA, 510k, CE-mark
Efficient and lean Global regulatory support
Regulated software validation

v
Validated and compliant Vigilance, recall, post market surveillance
Requirement management
Risk management Clinical evaluation and clinical studies

Training/courses
d
Verification and validation
Process validation

A
CE-marking
ISO 13485 & 21CFR820
IEC 62304 & IEC 82304-1

) Q
Lean and Six Sigma
European Authorized
Representation
IEC 60601-1
IEC 62366-1

(
SW life cycle
c
SW risk management
Risk management
And more…
Training and Consulting
In cooperation with USA based
partner.
Providing European representation
for non-EU MedTech companies
Active board member of EAAR: European
Association of Authorised Representatives
 Software tool validation

8
QAdvis team: Lund and Stockholm
1
2 0
v i s
A d
) Q
( c
 Software tool validation

Software tool validation

1 8
Agenda
2 0
v i s
• Background
• Validation based on QSR 820.70(i)

A d • Validation based on ISO 13485:2016

• Validation of regulated SW

) Q Why? How? Who?

( c
 Software tool validation

1 8
2 0
v i s
A d
) Q
( c
Background
 Software tool validation

The bar is raised over time

1 8
2 0
Accident

v i s
New laws
and
A d People
get hurt

Q
regulations or die

( c ) Public
reaction
 Software tool validation

There is an expectation from authorities to do

validation of quality related SW
1 8
2 0
• Indirect effects of the product:
• Safety and performance

v i s
• Patients and users may get injured
• Data security and integrity

A d • Compliance

) Q
( c
 Software tool validation

The need for compliance is stated in regulations and

standards
1 8
2 0
• QSR 820.70(i)
i
• CFR 21 Partv11
s
A d
• ISO 13485:2016
) Q
( c
 Software tool validation

1 8
2 0
v i s
A d
) Q
( c
Validation of software tools
based on QSR 820.70(i)
 Software tool validation

QSR 820.70
Production and process controls
1 8
(i)Automated processes.

2 0
v i s
When computers or automated data processing systems are used as
part of production or the quality system, the manufacturer shall

A d
validate computer software for its intended use according to an
established protocol. All software changes shall be validated before

Q
approval and issuance. These validation activities and results shall be

)
documented.

( c
-> AAMI TIR36:2007
 Software tool validation

1 8
2 0
v i s
A d
) Q
( c
Validation of software tools
based on ISO 13485:2016
 Software tool validation

ISO 13485:2016
1 8
§4.1.6

2 0
The organization shall document procedures for the validation of the

s
application of computer software used in the quality management

i
system. Such software applications shall be validated prior to initial use

v
and, as appropriate, after changes to such software or its application.

A d
The specific approach and activities associated with software validation
and revalidation shall be proportionate to the risk associated with the
use of the software.

) Q
Records of such activities shall be maintained.

( c
-> ISO/TR 80002:2 2017
 Software tool validation

1 8
2 0
v i s
A d
) Q
( c
Validation of regulated SW
Why? How? Who?
 Software tool validation

The need for validation is based on the intended use

of SW
1 8
2 0
i s
All computerized systems

v
A d Validation required
by QSR 820.70(i) /
by 13485:2016

Q
§4.1.6

( c ) Part 11
compliance requried
 Software tool validation

A regulated SW is supporting a regulated company

process
1 8
2 0
Upstream
i
Process
v s Downstream

A d
) Q
( c SW
 Software tool validation

Examples of software that has to be validated

• Automated Software Test System
R&D

1 8
•
•
A simple spreadsheet
A (not so) simple spreadsheet
2 0
• C/C++ language compiler

v i s
Manufacturing

d
• PLC for manufacturing equipment
•

A
Automated welding system
• Automated welding process control system
•
•
) Q
Automated vision system
Pick and place system
•

•
( c
Parametric sterilizer
Quality

Nonconforming material reporting system—Total system upgrade

• Software for scheduling nonconforming material report review board meetings
• Approved vendor list system
• Calibration management software
 Software tool validation

Example of a risk based analysis of validation

requirements of regulated SW
1 8
Function/Record Risk of harm
to humans
Regulatory
Risk
2 0
Environmental
risk
Validation
Level
Word processor
Training database
No
No
v i
No
Lows No
No
None
Low
Compiler
Risk management
file
Medium

A
Medium d Low
High
No
No
Medium
High

Validation level

) Q Description
Low
Medium
High ( c Configuration management of file
Validation according to a plan, record
Validation according to a plan, report
 Software tool validation

Definitions are important, but are often vaguely used

1 8
2 0
i s
Validation means confirmation by

v
d
examination and provision of objective

Q A evidence, that the particular requirements for

a specific intended use can be consistently

( c ) fulfilled.
 Software tool validation

SW validation, what is included?

1 8
2 0
Develop &

v i s
d
Define test
Go live Operation Withdraw

Q A
)
Establish a validated state Maintain the Ensure future
validated state access to records

( c Control of
changes

Monitor
 Software tool validation

There are several sources of information available

1 8
2 0
• General Principles of Software Validation

v i s
(FDA Guideline)

• AAMI TIR 36 Validation of software for

A d regulated processes (AAMI Guideline)

) Q • 13485:2016 Medical devices-QMS-

Requirements for regulated purposes

( c • ISO/TR 80002-2:2017 Validation of software

for medical device quality system
 Software tool validation

TIR 36 – Key concepts

1 8
Intended use
Risk management
2 0
i s
Level of effort

v
Critical thinking

A d Toolbox
Documentation

) Q Changes

( c
 Software tool validation

ISO/TR 80002-2 – Key concepts

1 8
Intended use
Risk management
2 0
i s
Level of effort

v
Critical thinking

A d Toolbox
Documentation

) Q Changes

( c
 Software tool validation

Intended use – is this software regulated?

1 8
2 0
• Purpose of process
• Purpose of system

v i s
o Basic requirements?
o How dependent you are of the

A d system?
o What should it not be used for?

) Q
( c
 Software tool validation

Regulatory use assessment is crucial to decide

validation needs
1 8
devices?

2 0
a.Could the failure or latent flaws of the software affect the safety or quality of medical

i s
b.Does the software automate or execute an activity required by regulation (in particular,
the requirements of the 13485 or QSR)?
v
A d
c.Does the software generate or manage data to be used in or support of a regulatory

Q
submission?

c )
d.Does the software generate or manage records that are required by a regulation?

(
e.Is the software used to execute or record an electronic signature required by
regulation?
 Software tool validation

Risk management is the cornerstone in the

validation effort
1 8
2 0
• What are the process risks?
• What can go wrong?

i s
- System errors

v
- Use errors

A d - Errors in the interface to other systems?

• Will errors and mistakes be
detected?

) Q • How to reduce risks?

( c
 Software tool validation

Two kinds of risk analysis

1 8
• Risk of harm 2
0
Process
v i s to humans
• Regulatory risk

A d
• Environmental risk

Software) Q• Contribution to process risk

( c • Risk Control Measures

 Software tool validation

The level of effort and confidence needed differ

1 8
• Risk level
2 0
• Based on intended use

i s
• Critical thinking

v
A d
) Q
( c
 Software tool validation

Wide range of different software

1 8
• Off-The-Shelf
- Unmodified
2 0
s
- Configurable

i
- Modified

v
• Custom software

A d - In-house developed
- Purchased externally
• Stand-alone or in a network

) Q • Simple or complex

( c
 Software tool validation

Toolbox - examples

1 8
2
- Requirments 0
• Software life cycle

s
- Architetcure & Design

v i
- Test & review
- Release

A d • Different types of tests

• Analysis of known anomalies
• Supplier evaluation or audit

) Q • Training
• Monitoring

( c
 Software tool validation

Procedure – example

1 8
Classification of a software tool

2 0
Determine if the software is within the scope and the level of validation – Intended Use
Establish a Master Validation Plan

i s
List software to be validated in the Master Validation Plan
Determine the level of validation

v
d
Intended Use
Process description
Initial risk assessment

Q
Planning, execution and reporting A
)
Define the validation effort based on the risk level

c
Separate plan or sufficient with the Master Validation Plan
Maintenance
Retirement (
 Software tool validation

Validation Plan content (MVP or separate)

1 8
Description of the process
Intended use

2 0
s
Description of the software
Documentation of the risk assessment

v i
d
Other documentation
Training
Backup and recovery
Security
Q A
CM
Requirements
Verification ( c )
Validation
 Software tool validation

Example: To get an Off-the-shelf Customer

Complaints System into the validated state
1 8
Process analysis

2 0
Define Intended Use & requirements at user level
Risk analysis
Risk Control Measures
v i s
System description
Supplier evaluation
A d
Version control
) Q
Black box testing of requirements

( c
Change control process in place
”Customer Complaint System Validation Document”
 Software tool validation

The validation documentation has to be archived

1 8
2 0
i s
• Plan

v
• Records

A d • Summary report

) Q
( c
 Software tool validation

The changes has to be controlled

1 8
0
• Software changes

2
s
- New versions

v i
- Change control
- Regression test

A d • Change of use over time?

) Q • Re-validation required?

( c
 Software tool validation

Thank you for your attention!

Questions & Answers
1 8
2 0
v i s
A d
) Q
( c
 Software tool validation

QAdvis can support you as needed

1 8
•
2 0
Deployment of QMS
•
•
i s
Mentorship CSV

v
Risk management

A
•
d Courses
•
•
ISO 13485:2016
Risk management & SW risk management

www.qadvis.com

) Q • Internal trainings

Contact:
( c
[email protected]
[email protected]
[email protected]