Software Validation in Medical Device Companies
The software validation subjects that must be performed by medical device companies are as follows
- Software used as a component, part or accessory of a medical device
- Software that is itself a medical device (stand-alone program, SaMD)
- Software used in quality management systems
- Software used for manufacturing and service provision
- Software used for monitoring and measurement requirements
On the other hand, there are two types of software validation
- Design Validation
- Computerized System Validation (CSV)
In QMS ordinance and ISO 13485,
Design validation is required for “software used as a component, part, or accessory of a medical device” and “software that is itself a medical device (stand-alone program, SaMD).
On the other hand, ISO 13485:2016 requires validation for the following software in bullets 4.1.6, 7.5.6, and 7.6
- Software used in quality management systems (4.1.6)
- Software used in manufacturing and service provision (7.5.6)
- Software used for monitoring and measurement (7.6)
These software are called “Non-Product Software” and CSV is required.
In general, international standards such as ISO 13485 can only describe requirements (what). In other words, the implementation method (how) must not be described.
The reason for this is that if the how is stated, it will be pointed out if it is not implemented as stated. However, we would rather know how.
Therefore, ISO often issues Technical Reports (TRs) to explain specific how-to’s. TRs are not requirements, but only for reference. In other words, there is no obligation to comply.
ISO/TR 80002-2 was published in June 2017 as a standard to explain how to implement CSV as required by ISO 13485:2016.
ISO /TR 80002-2 is designed to help determine appropriate activities for software validation using a risk-based approach that applies critical thinking.
In other words, it is designed to assist stakeholders, including manufacturers, auditors and regulators, in understanding and applying the CSV requirements contained in ISO 13485:2016, 4.1.6, 7.5.6 and 7.6.
However, ISO/TR 80002-2 is difficult to understand. This is a complete turnaround. More comprehensive guidance is desirable.