Transcription
Software tool validation81siv02dAQBreakfast)seminarc(Software tool validationQAdvis seminar Lund 2018-05-09, Stockholm 2018-05-15, Uppsala 2018-05-17Hedvig Tuxen-Meyer
Software tool validationQAdvis key competence areas81QA&RA/Clinical ConsultingQMS in-the cloudTurn key QMSDigital signaturesEfficient and leanValidated and compliantSystem developmentsivProject managementProduct software validationRegulated software validationRequirement managementRisk managementVerification and validationProcess validationTraining/coursesdAQ)CE-markingISO 13485 & 21CFR820IEC 62304 & IEC 82304-1IEC 60601-1IEC 62366-1SW life cycleSW risk managementRisk managementAnd more c(Lean and Six SigmaTraining and ConsultingIn cooperation with USA basedpartner.02Interim managementExpert adviseAudits/Mock audits/Due diligenceWarning letters, compliance projectsPMA, 510k, CE-markGlobal regulatory supportVigilance, recall, post market surveillanceClinical evaluation and clinical studiesEuropean AuthorizedRepresentationProviding European representationfor non-EU MedTech companiesActive board member of EAAR: EuropeanAssociation of Authorised Representatives
Software tool validation81QAdvis team: Lund and StockholmsivdAc(Q)02
Software tool validationSoftware tool validationAgendasiv8102 Background Validation based on QSR 820.70(i)dA Validation based on ISO 13485:2016c(Q) Validation of regulated SWWhy? How? Who?
Software tool validation81sivdAQ)c(Background02
Software tool validationThe bar is raised over timesivAccidentdANew lawsandregulationsc(Q)81Publicreaction02Peopleget hurtor die
Software tool validationThere is an expectation from authorities to dovalidation of quality related SW8102 Indirect effects of the product: Safety and performance Patients and users may get injuredsiv Data security and integrity CompliancedAc(Q)
Software tool validationThe need for compliance is stated in regulations andstandards81si CFR 21 Partv11dA ISO 13485:2016Q)c( QSR 820.70(i)02
Software tool validation81siv02dAQ)c(Validation of software toolsbased on QSR 820.70(i)
Software tool validationQSR 820.70Production and process controls(i)Automated processes.siv8102When computers or automated data processing systems are used aspart of production or the quality system, the manufacturer shalldAvalidate computer software for its intended use according to anestablished protocol. All software changes shall be validated beforeQ)approval and issuance. These validation activities and results shall bec(documented.- AAMI TIR36:2007
Software tool validation81siv02dAQ)c(Validation of software toolsbased on ISO 13485:2016
Software tool validation81ISO 13485:2016§4.1.602The organization shall document procedures for the validation of theapplication of computer software used in the quality managementsystem. Such software applications shall be validated prior to initial useand, as appropriate, after changes to such software or its application.sivdAThe specific approach and activities associated with software validationand revalidation shall be proportionate to the risk associated with theuse of the software.Q)Records of such activities shall be maintained.c(- ISO/TR 80002:2 2017
Software tool validation81sivdAQ)c(Validation of regulated SWWhy? How? Who?02
Software tool validationThe need for validation is based on the intended useof SW81sivAll computerized systemsdAc(Q)Validation requiredby QSR 820.70(i) /by 13485:2016§4.1.6Part 11compliance requried02
Software tool validationA regulated SW is supporting a regulated ream
Software tool validationExamples of software that has to be validated81R&D Automated Software Test System A simple spreadsheet A (not so) simple spreadsheet C/C language compilersiv02ManufacturingdA PLC for manufacturing equipment Automated welding system Automated welding process control system Automated vision system Pick and place system Parametric sterilizerQ)c(Quality Nonconforming material reporting system—Total system upgrade Software for scheduling nonconforming material report review board meetings Approved vendor list system Calibration management software
Software tool validationExample of a risk based analysis of validationrequirements of regulated SW81Function/RecordRisk of harmto humansRegulatoryRiskEnvironmentalriskWord processorNoNo02ValidationLevelNoNoneTraining ediumRisk managementfileMediumQ)Validation levelLowMediumHighc(sivDescriptionConfiguration management of fileValidation according to a plan, recordValidation according to a plan, report
Software tool validationDefinitions are important, but are often vaguely used81siv02Validation means confirmation bydAexamination and provision of objectiveevidence, that the particular requirements forc(Q)a specific intended use can be consistentlyfulfilled.
Software tool validationSW validation, what is included?DefineDevelop &testQ)Establish a validated statec(sivdAGo live02OperationMaintain thevalidated stateControl ofchangesMonitor81WithdrawEnsure futureaccess to records
Software tool validationThere are several sources of information available8102 General Principles of Software Validation(FDA Guideline)siv AAMI TIR 36 Validation of software forregulated processes (AAMI Guideline)dAc(Q) 13485:2016 Medical devices-QMSRequirements for regulated purposes ISO/TR 80002-2:2017 Validation of softwarefor medical device quality system
Software tool validationTIR 36 – Key conceptsIntended use02Risk managementsivLevel of effortCritical thinkingdAToolboxc(Q)DocumentationChanges81
Software tool validationISO/TR 80002-2 – Key conceptsIntended use02Risk managementsivLevel of effortCritical thinkingdAToolboxc(Q)DocumentationChanges81
Software tool validationIntended use – is this software regulated?8102 Purpose of process Purpose of systemsivo Basic requirements?dAc(Q)o How dependent you are of thesystem?o What should it not be used for?
Software tool validationRegulatory use assessment is crucial to decidevalidation needs8102a.Could the failure or latent flaws of the software affect the safety or quality of medicaldevices?sivb.Does the software automate or execute an activity required by regulation (in particular,the requirements of the 13485 or QSR)?dAc.Does the software generate or manage data to be used in or support of a regulatorysubmission?Q)c(d.Does the software generate or manage records that are required by a regulation?e.Is the software used to execute or record an electronic signature required byregulation?
Software tool validationRisk management is the cornerstone in thevalidation effort8102 What are the process risks? What can go wrong?sivdAc(Q)- System errors- Use errors- Errors in the interface to other systems? Will errors and mistakes bedetected? How to reduce risks?
Software tool validationTwo kinds of risk analysis810 Risk of harm 2to humanssiProcess Regulatory riskv EnvironmentalriskdA Contribution to process riskQSoftware) Risk Control Measuresc(
Software tool validationThe level of effort and confidence needed differ0281 Based on intended use Risk levelsiv Critical thinkingdAc(Q)
Software tool validationWide range of different software Off-The-Shelf- Unmodified- Configurable- Modified Custom software- In-house developed- Purchased externally Stand-alone or in a network Simple or complexsivdAc(Q)0281
Software tool validationToolbox - examples8102 Software life cycle- Requirments- Architetcure & Design- Test & review- Release Different types of testssivdA Analysis of known anomaliesc(Q) Supplier evaluation or audit Training Monitoring
Software tool validationProcedure – example81Classification of a software tool02Determine if the software is within the scope and the level of validation – Intended UseEstablish a Master Validation PlanList software to be validated in the Master Validation PlansivDetermine the level of validationdAIntended UseProcess descriptionInitial risk assessmentPlanning, execution and reportingQ)Define the validation effort based on the risk levelc(Separate plan or sufficient with the Master Validation PlanMaintenanceRetirement
Software tool validationValidation Plan content (MVP or separate)81Description of the processIntended usesivDescription of the softwareDocumentation of the risk assessmentdAOther documentationTrainingBackup and dation02
Software tool validationExample: To get an Off-the-shelf CustomerComplaints System into the validated state02Process analysisDefine Intended Use & requirements at user levelRisk analysisRisk Control MeasuresSystem descriptionSupplier evaluationBlack box testing of requirementsVersion controlChange control process in place”Customer Complaint System Validation Document”sivdAc(Q)81
Software tool validationThe validation documentation has to be archived81siv02 Plan Records Summary reportdAc(Q)
Software tool validationThe changes has to be controlled02 Software changessivdA81- New versions- Change control- Regression test Change of use over time?c(Q) Re-validation required?
Software tool validationThank you for your attention!Questions & AnswerssivdAc(Q)0281
Software tool validation81QAdvis can support you as needed erg@qadvis.com02Deployment of QMSMentorship CSVRisk managementCourses ISO 13485:2016 Risk management & SW risk management Internal trainings
Software tool validation §4.1.6 The organization shall document procedures for the validation of the application of computer software used in the quality management system.Such software applications shall be validated prior to initial use and, as appropriate, after changes to such software or its application. The specific approach and activities associated with software validation
