7 Questions Answered on ISO 13485: 2016 validation requirements

With ISO 13485:2016 now published, many of our medical device customers are experiencing some uncertainty about the impact one of the key changes may have on their business: computer software validation now a requirement for ISO 13485. 

Software validation can be ambiguous subject within the industry and questions are arising around the associated regulatory and operational obligations for medical device companies following the updated ISO guidelines.

Ideagen’s Life Sciences team have addressed some of the direct questions the medical device industry are asking of us and we aim to clarify how we are supporting our medical device clients with the transition to ISO 13485:2016 and their validation requirements.

1. What software requires validation under ISO 13485?

 Per Section 4.16 of the standard, any application being used to support the development of, or maintenance of a medical device requires validation. 

2. ISO 13485:2016 states more explicit requirements for software validation for different applications, how does this impact our compliance requirements?

ISO13485 has always implicitly implied that software applications supporting the design, development and quality management system (QMS) processes be validated.  The standard was updated to stipulate that software systems supporting the QMS now have to be validated.

3. Why do I need to validate my electronic quality management system (eQMS)? 

As well as the e-QMS’s potential impact on the product, one of the key changes to ISO13485 is the clarification that regulatory requirements are now expected to be considered as well as that required by the guidance. If you are planning on selling your device into the United States as an example 21 CFR Part 820 would require your e-QMS be validated hence ISO 13485 is more harmonised to global regulatory requirements.

4. Does the software provider not validate their own software? 

We at Ideagen takes our software delivery process extremely seriously. All versions of Q-Pulse are stringently tested before release. However the validation requirements of the guidance are specific to your intended use of the application and the uniqueness of your configuration. Thus Q-Pulse requires to be validated in the context of how it supports your company’s operations, practices and requirements.

5. If Q-Pulse is my eQMS, do I have to test all the functions? 

No. With our Q-Pulse validated offering our validation partner CompliancePath has performed a full third party independent validation of all available Q-Pulse functions. When you are considering buying Q-Pulse, Ideagen life sciences team will provide you with options to suit your specific validation requirements. One option is to purchase the Life Science validation pack for Q-Pulse which will greatly reduce your validation burden. For process specific validation activities, these can be completed within your company or by engaging CompliancePath as a service partner.

6. What does revalidation mean and when will I require to do it? 

Revalidation occurs when a new version of Q-Pulse in released and you choose to install it. CompliancePath maintains current validation packages of all Q-Pulse versions. Typically revalidation is a short process that simply focuses on new functionality and checks any potentially impact functionality from the previous version.

7. Can a validated eQMS reduce the risk to my business? 

Yes, validating you eQMS provides an assurance of secure data, audit logs and increases the integrity of your record keeping and supplier quality processes.

Written by

Alexander Pavlović

Alex produces targeted content to help Ideagen’s readers and customers navigate the complex world of quality, governance, risk and compliance.

Alex has worked with brands such as BT, Sodexo and Unilever and is passionate about helping businesses build a cohesive, collaborative culture of quality.