ISO 13485 software validation process: everything you need to know

When you're implementing an electronic medical device quality management system, your ISO 13485 software validation process is of the utmost importance. You'll need to ensure that your system is working, continues to work as expected, and meets the requirements of ISO 13485.

ISO 13485 has relatively stringent demands for software validation, with at least 8 clauses in the standard having specific requirements related to validation. Not least, ISO 13485 requires the establishment of a robust quality management system, which most organizations choose to achieve through software – which will, therefore, itself require validation.

There are no shortcuts in this process. However, we provide a structured approach that will help you demonstrate compliance to regulations and standards such as ISO 13485 before, during, and long after you've implemented quality management software.

What is software validation?

Businesses must carefully consider the impact of introducing new software applications, particularly where the solution is mission-critical or where the company needs to demonstrate compliance with regulations and standards.

Once the software is installed it must be checked periodically to make sure that it's correctly configured and working as it should. This is called software validation. This process is also there to confirm the software is designed for and satisfies its intended purpose.

When is it necessary to validate quality management software?

Quality management software must be validated when a computer system is used in a good practice (GxP) process to revise the quality of a product or to generate information for regulatory bodies. Validating the software helps reduce risk and legal liability, and provides evidence that the computer system is fit for purpose.

The medical device sector is one that most frequently requires software validation. When it comes to medical devices, taking the US as an example, FDA regulations categorize the software used into two groups: software utilized within the device itself (or as the device) and software employed in manufacturing or quality control.

Validation is required in both cases to ensure that any potential software quality problems do not compromise the device's effectiveness or patient safety. As the gold standard of quality in medical device settings, it follows that there are requirements for software validation in ISO 13485.

Requirements for ISO 13485:2016 validation

In the latest version of ISO 13485, the standard has more explicit requirements for software validation. The standard specifies that any business wanting to achieve certification must:

• Develop procedures to validate and revalidate your quality management system software
• Develop an approach that is proportionate to the risk being taken
• Use procedures to validate and revalidate other software applications
• Validate computer software applications for their intended use
• Validate software whenever its intended use changes
• Maintain a record of your software validation and revalidation activities

If you want a more in-depth explanation of the requirements set out in ISO 13485, download our ISO 13485 whitepaper, to learn what key parts of the standard will mean for your medical device setting in practice.

What does a software validation process look like?

First, you need to adopt an approach that is proportionate to the level of risk that you're taking by using your electronic quality management system. Here's an example of a software validation process:

1. Understand the operational requirement
2. Produce a specification of the requirements
3. Choose a trusted supplier
4. Verify the software's capabilities
5. Validate the implemented system
6. Use formal change control, including re-validation
7. Resolve any non-conformities and deviations

Validation test plans

To validate your quality management system software, you'll need to put together a validation test plan. This is a document detailing the objectives, process required, description of the process, expected result, actual result, and any comments or observations.

A validation plan should include:

• Deliverables (documents) that need generating as part of the validation process
• A list of resources, personnel, and key departments needed as part of the validation project
• Clear and reasonable timelines for completion of the validation project
• Sufficiently detailed acceptance criteria to conform the system meets defined requirements
• All relevant compliance requirements for the system, including how the system will meet them

The level of detail your plan requires will vary based on your unique circumstances, but it should more or less reflect the complexity of the system. The plan will likely need approval from, at the least, a System Owner and from Quality Assurance.

How Ideagen can help with the validation

Ideagen will help you meet the ISO 13485 software validation requirements. We make sure that the validation process progresses smoothly and quickly by lessening the impact of many of the most time and resource-consuming tasks. Ideagen also provides you with templates and support throughout the validation test planning process.

We offer:

• System specification requirements (before you buy the system)
• Operational Qualification (OQ), Performance Qualification (PQ) and Installation Qualification (IQ) documentation
• Validation test scripts
• Validation test plans
• Validation templates
• Software verification
• System change control and validation
• Problem resolution process and tracking

In addition to this, we also have a partner organization, Compliance Path, who specialize in computer systems assurance and validation. Through Ideagen, we can offer the exact software solutions to cater to your medical device organization’s specific needs, from quality management to quality control, all the way down to validation of your software.