ISO 13485 software validation process

Posted by Emily Hill on Thu, Oct 26, 2017

When you're implementing an electronic medical device quality management system, your software validation plan is of the utmost importance. You'll need to ensure that your system is working and continues to work as required.

There are no shortcuts in this process. However, we provide a structured approach which will help you demonstrate compliance to regulations and standards such as ISO 13485 before, during and long after you've implemented our quality management software. 

In this article, Chris Owen, Services Director at Qualsys Ltd, explains what software validation means and how we approach validating your quality management system software.

What is software validation? 

Businesses must carefully consider the impact of introducing new software applications, particularly where the solution is mission-critical or where the company needs to demonstrate compliance with regulations and standards.

Once the software is installed it must be checked periodically to make sure that it's correctly configured and working as it should. This is all software validation. 


When is it necessary to validate quality management software? 

Quality management software must be validated when a computer system is used in a good practice (GxP) process, to revise the quality of a product, or to generate information for regulatory bodies. Validating the software helps reduce risk and legal liability, as well as providing evidence that the computer system is fit for purpose. 


Requirements for ISO 13485:2016 validation

In the latest version of ISO 13485, the standard has more explicit requirements for software validation. The standard specifies that any business wanting to achieve certification must:

  • Develop procedures to validate and revalidate your quality management system software
  • Develop an approach that is proportionate to the risk being taken
  • Use procedures to validate and revalidate other software applications 
  • Validate computer software applications for their intended use 
  • Validate software whenever its intended use changes 
  • Maintain a record of your software validation and revalidation activities. 


What does a software validation process look like? 

First, you need to adopt an approach which is proportionate to the level of risk that you're taking by using your electronic quality management system. Here's an example of a software validation process: 

  1. Understand the operational requirement
  2. Produce a specification of the requirements
  3. Choose a trusted supplier
  4. Verify the software's capabilities
  5. Validate the implemented system
  6. Use formal change control, including revalidation
  7. Resolve any non-conformities and deviations


Validation test plans

To validate your quality management system software, you'll need to put together a validation test plan. This is a document detailing the objectives, process required, description of the process, expected result, actual result and any comments or observations. Qualsys provides you with templates and support throughout this process. 


How Qualsys can help with the validation

Qualsys will help you throughout the validation process. We make sure that the validation process progresses smoothly and quickly by lessening the impact of many of the most time- and resource-consuming tasks.

We offer: 

  1. System specification requirements (before you buy the system)
  2. Operational Qualification (OQ), Performance Qualification (PQ) and Installation Qualification (IQ) documentation
  3. Validation test scripts
  4. Validation test plans
  5. Validation templates 
  6. Software verification
  7. System change control and validation 
  8. Problem resolution process and tracking

Qualsys work with in-house specialists and an independent validation services partner who have an excellent reputation in carrying out a range of validated projects for AstraZeneca, ConvaTec, Eli Lilly, GlaxoSmithKline, Piramal Healthcare and Sanofi. 

For more information about our validation services, request a 15-minute discovery call with one of our team.

Schedule a GRC Software discovery call 

Tags: ISO 13485

Pharmaceutical development company Nanopharm opts for EQMS by Qualsys

Posted by Emily Hill on Thu, Aug 03, 2017

Qualsys are delighted to welcome pharmaceutical development company Nanopharm as a new EQMS customer. Nanopharm will be implementing a full suite of EQMS modules to support scalable quality and compliance management systems. 

Nanopharm is the leading provider of tailored analytical and product development of orally inhaled and nasal drug products (OINDPS). It will be using EQMS to manage all their documentation, audits, corrective and preventive actions.

Susanne Durie, Head of Quality at Nanopharm, said the team are excited to see how the system will grow within their organisation. "We’re looking forward to exploring the software and finding out how we can make the most of it." 

EQMS by Qualsys is the preferred solution for many pharmaceutical development companies, as the software helps connect data, processes, business systems, assets and people in a central, unified solution. The system helps organisations to meet standards such as ISO 17025, ISO 13485 and ISO 14971, and robust controls required for MHRA and FDA.

Welcome cake sent to Nanopharm

Alex Swan, New Business Manager at Qualsys, has seen many life science and medical device manufacturers discover more hidden value in EQMS during the implementation process.

"The Qualsys implementation team take a best-practice approach to implementing EQMS," Alex said. "This is the best opportunity most quality professionals get to take a deep look at their processes and, with our help, make them more streamlined, efficient and compliant.

"After the implementation process, not only do our customers see considerable cost savings, they find their organisations are more agile and faster to adapt to change. We help other businesses to become fitter, faster and stronger.

EQMS KPI Dashboard

For more information about using EQMS for pharmaceutical, medical device and lifescience quality management systems, download our customer case studies here. 

Download EQMS Case Study Booklet

Tags: FDA, ISO 13485, ISO 17025, MHRA

ISO 13485:2016: 6 tips to optimise your medical device quality management system

Posted by Emily Hill on Thu, Dec 15, 2016

During Quality Context's Annual Training Conference, Victoria Cavendish, medical device quality consultant at Orca Solutions, shared six tips for optimising your medical device quality management system to meet the new requirements of ISO 13485:2016.  

We've shared Victoria's tips here so you can get started today.



#1 – Integrate process management

Process diagram

Victoria says:

"One of the common issues I come across is that processes are managed by each department. This causes a number of issues, such as a lack of communication between departments when a change is made, feedback is not always provided where it needs to be and it is very difficult to identify and measure risk." 

EQMS helps to overcome this issue. The powerful quality management software is ideal for medical device manufacturers, where there are often complex, multi-faceted processes which require the expertise of employees from across different departments or which need to be communicated to stakeholders across the organisation.

Whether there is an issue or an opportunity, EQMS will log this, then create a pre-configured workflow and send notifications to the relevant personnel. EQMS assigns responsibility for tasks, so employees know what they are accountable for. Furthermore, users can view a full audit trail at any stage to demonstrate compliance. 

Read more on the process approach

#2 – Consider automating processes, where possible

EQMS Modules.png

Victoria says:

"Printing, sending emails, and manually compiling reports is not only tedious, it is prone to error. Reducing reliance on paper-based or hybrid solutions is key for an effective medical device quality management system. This reduces compliance burden, improves information integrity and accountability." 

EQMS helps to automate time-heavy, manual processes by:

  • sending out emails and push notifications when actions need to be completed (for example, when documents need reviewing, issues need resolving, new suppliers need adding, risk needs managing etc.)
  • assigning responsibility for resolving issues to pre-configured groups or individuals rather than spending hours searching for the person responsible, and 
  • instantly producing KPI Dashboards with all of your ISO 13485 metrics.

Read more on automating processes with EQMS 

#3 – Analyse data from quality processes

Victoria says:

"Many organisations are really good at documenting processes. But you need to also review the process itself. Are your processes effective? Are they delivering the intended results? Are the key performance indicators correct? Do key performance indicators translate into business effectiveness?"

For example, ISO 13485 follows a plan-do-check-act approach, by which organisations must:

  • plan how to evaluate the quality management system
  • establish procedures for evaluating it, and
  • use analytical results to improve the quality management system. 

Plan do check act

Collaboration is key here, and having a system such as EQMS where you can plan and continually review processes is essential for an effective medical device quality management system. 

Read more on KPI reporting

#4 – Make sure your system is scalable 

Victoria says:

"Your quality management system must be available to all of your employees, anywhere, at any time. This means ensuring your quality management system is scalable. How can you ensure employees can access your medical device management system anywhere, at any time, on any device, whilst all the information is controlled?" 


EQMS is intended to work across entire organisations. Although it has lots of advanced functionality, many of our customers love the system because of its user-friendly interface and scalable pricing module.

Read more reviews and about EQMS pricing

Read more on scalable quality management systems

#5 – Provide ongoing training

Victoria says:

"For an effective management system, employee training is key. You need to be systematically planning training, reviewing the training and testing employees on their knowledge." 

Having established processes to manage competence is a key requirement of ISO 13485:2016. Too many organisations still manage training ad-hoc, rather than through an ongoing process. 

EQMS Training Records Manager

With EQMS Training Records Manager, you can log training requirements, provide feedback and associate any standards and regulations with each training requirement. 

Time to get rid of the spreadsheets? Read more on EQMS Training Record Manager 

#6 – Carry out regular internal audits

Victoria says:

"You just cannot trust that your employees and suppliers are doing what they say they are doing. You need to go down and check for yourself. The only way to do this is through regular auditing." 

You should carry out regular internal audits to ensure that processes are being followed as planned.

Auditing software solutions such as EQMS Audit and Inspection Manager and iEQMS Auditor provide a configurable, off-the-shelf solution for managing the audit process from beginning to end. You can create, schedule and report on any type of audit and associate any relevant standards, directives and regulations with each checklist. 

Read more on driving supplier quality assurance through regular auditing

Read more on iEQMS Auditor 

iEQMS Auditor


What you should do now

Download our ISO 13485:2016 Toolkit to learn more about the standard and how it applies to your organisation. 

ISO 13485


Tags: ISO 13485

ISO 13485 overview

Posted by Emily Hill on Fri, Nov 25, 2016

The UK has one of the largest medical device markets in the world, and it is forecast to grow by a culumative 16% by 2020.* Demand for medical devices is largely driven by innovation and an aging population. For organisations wishing to enter the market, one of the main challenges is navigating a complex regulatory landscape.

ISO 13485 is the world's most popular medical device quality management system which harmonises many international regulatory requirements to ensure products and services are fit for purpose. 

The below article gives those who are new to the Standard and medical device industry an overview of ISO 13485 which can be read in under 5 minutes. 




What is a medical device?

A medical device is anything related to healthcare that does not have a pharmaceutical action (i.e. it is not absorbed into the body or based on pharmacology / chemistry) as it's primary mechanism. Medical devices range from simple tongue depressors and bedpans to complex pragrammable pacemakes with microchip technology and laser surgical devices. 

The FDA defines a medical device as:

 "an instrument, apparatus, implement, machine, contrivance, implant, in vitro reagent, or other similar or related article, including a component part, or accessory which is:

  • recognized in the official National Formulary, or the United States Pharmacopoeia, or any supplement to them,
  • intended for use in the diagnosis of disease or other conditions, or in the cure, mitigation, treatment, or prevention of disease, in man or other animals, or
  • intended to affect the structure or any function of the body of man or other animals, and which does not achieve its primary intended purposes through chemical action within or on the body of man or other animals and which is not dependent upon being metabolized for the achievement of any of its primary intended purposes."


  • Delivery of medicines: syringes, tubing, inhaler
  • Patient monitoring: software
  • Repairing or replacing: stends, joint replacements
  • Diagnostic equipment: ECG, x-ray
  • Equipment with power sources: hearing aid, pacemakers


medical device manufacturerDySIS Medical: Innovative Medical Device Manufacturer 


Who needs ISO 13485? 

A quality management system is a set of policies, processes and procedures that help an organisation to meet the requirements of their stakeholders, based on the plan-do-check-act cycle.

In some countries, like Canada and in the European Union, it is a legal requirement to have the a quality management system if you: 

  • Design or manufacture medical devices. 
  • Supply raw materials or provide services related to medical devices, e.g. sterilization, installation, labeling, technical publication. 

ISO 13485, although not a legal requirement, demonstrates an effective quality management system. 

In contrast, however, to ISO / TS 16949, an organisation does not need to be actively manufacturing medical devices or their components to seek certification to this standard. This means it can be a strategic decision to get the standard if a company has the capability of manufacturing components for medical devices or providing services to medical devices companies. 



york instruments brain scanning medical device.png

York Instruments: Evolving brain scanning technology using EQMS 



Why get ISO 13485?

ISO 13485 is a voluntary standard, but it satisfies most European Union quality management system requirements and demonstrates compliance to medical device directives. As well as harmonising regulatory requirements, there are many other benefits of being certified to ISO 13485, here are 8 of them: 

  1. Increase customer confidence - ISO 13485 demonstrates an organisation's commitment to quality. 

  2. Meet customer expectations - ISO 13485 requires organisations to assess their ability to consistently provide medical device products and services that meet customer requriements and comply with all relevant regulatory requirements. 
  3. Promotes better communication - ISO 13485 sets out the requirements for establishing communications processes and encourages communication about the effectiveness of the quality management system.  

  4. Increase efficiency - ISO 13485 requires organisations to demonstrate robust processes which means they can benefit from reduced wastage and a better ability to monitor their supply chain.   
  5. Improves supplier relationships - ISO 13485 requires organisations to establish supplier evaluation, selection and monitoring processes.  

  6. Increases speed to market - The primary objective of ISO 13485 is to facilitate harmonised medical device regulatory requirements for a quality management system. ISO 13485 is recognised globally which means companies who are certified get access to more markets worldwide.

  7. Demonstrate that you provide safer medical devices - ISO 13485 follows the process approach, which treats the quality management system as a set of interrelated processes. Any changes need to be controlled and documented. 
  8. Enhances brand equity - Increased credibility ultimately leads to increased brand equity. This also means there are enhanced marketing and promotional opportunities. 





Inivata, medical device manufacturer who uses EQMS 


Want more information about ISO 13485:2016? Sign up for the Newsletter here.

EQMS newsletter




Tags: ISO 13485

ISO 13485: 7 Essential Resources to Support Your Transition

Posted by Emily Hill on Thu, Feb 04, 2016

ISO 13485 standard is currently under revision and is due to be published early 2016.

The following articles, groups, infographics and presentations have been collated to help you to make sure you're up to speed with the essential changes to ISO 13485.

1) Med Device Online 

Quality Systems & Regulatory Compliance Best Practices

Marcelo Trevino, Senior Director of Quality and Regulatory Affairs at Nihon Kohden answers important questions about ISO 13485 in "What to Expect from the Upcoming ISO 13485 Revision."

An essential read for anyone who manages quality and compliance in an organisation manufacturing or providing medical devices, the article offers insight into:  

  • Why ISO 13485:2016 publication has been delayed.
  • Why ISO 13485 is being revised.
  • Noteworthy changes to ISO 13485.

Read What to Expect from the Upcoming ISO 13485 Revision here.

Follow on Twitter: @MedDeviceOnline.


2) NQA  


The NQA, an international provider of accredited certification, training and support services, also offers a comprehensive range of articles on their website. 

"Proposed Changes to the ISO 13485is an essential read for anyone who wants to understand the changing requirements of ISO 9001:2015 and ISO 13485. 

Read Proposed Changes to the ISO 13485.

Follow on Twitter: @NQAGlobal and @NQAUSA.


3) Dr Victoria Cavendish: Delivering Quality in the Medical Device Industry 





At Quality ContextsFirst Annual Training Conference, keynote speaker Dr. Victoria Cavendish from Orca Solutions, provided insight into "Delivering Quality in the Medical Device Industry". An essential presentation for anyone who is new to medical device manufacturing or provides medical devices and wants to understand the relevant ISO standards in more detail, it covers a number of topics: 

  • Comparison of a pharmaceutical product to medical device
  • Device lifecycle planning
  • Regulations
  • Quality Standards relevant to medical device manufacturers
  • Advice on optimising your QMS
  • Medical Device Product Development Process

Download the Presentation here.

Connect with Dr. Victoria Cavendish on LinkedIn.


4) TUV SUD Infographic: 




Testing, inspecting, auditing and certification company, TUV-SUD have created an infographic on ISO 13485 titled "The Changing ISO 13485 in Numbers."

The infographic provides interesting facts on the increasing popularity of the standard over the past few years. This is a great printable resource if you want to get buy-in from top management to pursue ISO 13485 certification. The infographic includes: 

  • Timeline for changes to ISO 13485
  • Growth of the standard over the past 5 years
  • Breakdown of ISO 13485 certification by regions
  • Top 10 countries for ISO 13485 growth in 2014. 

View the infographic here.

Follow on Twitter: @TUVSUD.


5) ISO 13485 Group




You have probably heard about LinkedIn - the leading business social networking tool where you can connect, share and ask questions regarding ISO 13485. You may not, however, be familiar with LinkedIn Groups. LinkedIn Groups give you an opportunity to access industry specific forums without actually requiring you to connect with individuals. 

Join over 6000 industry professionals who are already part of the LinkedIn Group "ISO 13485: Medical Device Quality Management Systems - Implementation and Auditto read interesting articles regarding the standard, ask questions about ISO 13485 and join conversations about medical device quality management systems. 

Join this group here.



6) Webinar: 



Medical Devices Group is an online advisory board group who collate and share industry leading information regarding medical device manufacturing quality and compliance. 

In the online webinar "Processes to Address the Upcoming ISO 13485 Changes", Jon Speer, 16-year medical device industry veteran, provides insight into the challenges of implementing and processes required for ISO 13485 certification.

Download the webinar here.


7) How to Implement a New ISO 13485 Quality System Plan: 



Medical Device Academy who offer medical device submissions, compliance and training services in the USA have put together an entire step-by-step guide to implementing ISO 13485 in "How to Implement A New ISO 13485 Quality System Plan".

This is an essential guide for anyone who is new to ISO 13485 requirements. 

  • Time to implement ISO 13485 
  • Document Change Notice 
  • Developing Quality Objectives & Data Analysis
  • About your First CAPA's & more. 

Read the blog article here. 


Have we missed any helpful resources? Email or leave a comment below. 


What Next? 

EQMS can support you to deploy flexible and agile quality management systems and seamlessly transition to the new quality and regulatory requirements. 

View our full suite of EQMS modules here. 

EQMS Datasheets


Tags: ISO 13485