The Computer Systems Validation (CSV) is requested by the ISO 13485 in clause 7.5.6 – Validation of processes for production and service provision. The requirement: The organization shall document procedures for the validation of the application of computer software used in production and service provision. Such software applications shall be validated prior to initial use and, as appropriate, after changes to such software or its application. The specific approach and activities associated with software validation and revalidation shall be proportionate to the risk associated with the use of the software, including the effect on the ability of the product to conform to specifications.
An Emphasis is given to potential risks to patients that may be caused by use of computer controlled processes. In other words it is not human that process the process and therefore it must be validated.
Nowadays the implementation of computer controlled processes is essential (industry 4.0???) where processes are expected to be:
- automated through digital technologies
- integrated in information system across the organization
- safe
The problem is that most of the systems act differently, which implies that from each type of system there are other expectations of CSV. And thus it makes hard to describe clear steps for the CSV. It results in high costs of implementing software in Medtech Processes. Researches are talking of 150% additional implementation costs of software used to support production.
When we take a look at the problem and try to analyze it we come to the following conclusions:
- The requirements for CSV are too general and may not be easy implementable to all types of systems
- Organization lack the resources to understand the requirements and thus require additional financial resources
I recommend to apply the next approach – risk based thinking regarding the functionality of the systems. Based on the safety risks associated with the software to be used in the realization, the organization is expected
to determine the specific approach, the combination of techniques to be used, and the level of effort to be applied in order to address those. The risk based thinking should focus on the patient needs and safety.
- which functionalities of the systems are being used during the realization of the medical device
- what are their risks
- how one should address these risks
- were these risks already induced during the design and development of the software
Naturally this will be incorporated in the risk management system implemented in the QMS.
This webpage contains only a fragment of the of the issue of validation of software application from the book:ISO 13485:2016: A Complete Guide to Quality Management in the Medical Device Industry, Second Edition published by:
Comments are closed.