Governance, Risk and Compliance Blog

ISO 13485 software validation process

Posted by Emily Hill on Thu, Oct 26, 2017

When you're implementing an electronic medical device quality management system, your software validation plan is of the utmost importance. You'll need to ensure that your system is working and continues to work as required.

There are no shortcuts in this process. However, we provide a structured approach which will help you demonstrate compliance to regulations and standards such as ISO 13485 before, during and long after you've implemented our quality management software. 

In this article, Chris Owen, Services Director at Qualsys Ltd, explains what software validation means and how we approach validating your quality management system software.

What is software validation? 

Businesses must carefully consider the impact of introducing new software applications, particularly where the solution is mission-critical or where the company needs to demonstrate compliance with regulations and standards.

Once the software is installed it must be checked periodically to make sure that it's correctly configured and working as it should. This is all software validation. 

 

When is it necessary to validate quality management software? 

Quality management software must be validated when a computer system is used in a good practice (GxP) process, to revise the quality of a product, or to generate information for regulatory bodies. Validating the software helps reduce risk and legal liability, as well as providing evidence that the computer system is fit for purpose. 

 

Requirements for ISO 13485:2016 validation

In the latest version of ISO 13485, the standard has more explicit requirements for software validation. The standard specifies that any business wanting to achieve certification must:

  • Develop procedures to validate and revalidate your quality management system software
  • Develop an approach that is proportionate to the risk being taken
  • Use procedures to validate and revalidate other software applications 
  • Validate computer software applications for their intended use 
  • Validate software whenever its intended use changes 
  • Maintain a record of your software validation and revalidation activities. 

 

What does a software validation process look like? 

First, you need to adopt an approach which is proportionate to the level of risk that you're taking by using your electronic quality management system. Here's an example of a software validation process: 

  1. Understand the operational requirement
  2. Produce a specification of the requirements
  3. Choose a trusted supplier
  4. Verify the software's capabilities
  5. Validate the implemented system
  6. Use formal change control, including revalidation
  7. Resolve any non-conformities and deviations

 

Validation test plans

To validate your quality management system software, you'll need to put together a validation test plan. This is a document detailing the objectives, process required, description of the process, expected result, actual result and any comments or observations. Qualsys provides you with templates and support throughout this process. 

 

How Qualsys can help with the validation

Qualsys will help you throughout the validation process. We make sure that the validation process progresses smoothly and quickly by lessening the impact of many of the most time- and resource-consuming tasks.

We offer: 

  1. System specification requirements (before you buy the system)
  2. Operational Qualification (OQ), Performance Qualification (PQ) and Installation Qualification (IQ) documentation
  3. Validation test scripts
  4. Validation test plans
  5. Validation templates 
  6. Software verification
  7. System change control and validation 
  8. Problem resolution process and tracking

Qualsys work with in-house specialists and an independent validation services partner who have an excellent reputation in carrying out a range of validated projects for AstraZeneca, ConvaTec, Eli Lilly, GlaxoSmithKline, Piramal Healthcare and Sanofi. 

For more information about our validation services, request a 15-minute discovery call with one of our team.

Schedule a GRC Software discovery call 

Tags: ISO 13485