Medical Device Validation: How Vendors Can Assist their Customers

Similar documents
The complexities of developing a hightech

SOFTWARECPR CRISIS PREVENTION AND RECOVERY, LLC

A new approach to verifying and validating medical device development.

Automated System Validation By: Daniel P. Olivier & Curtis M. Egan

CUSTOMER AND SUPPLIER ROLES AND RESPONSIBILITIES FOR 21 CFR 11 COMPLIANCE ASSESSMENT. 21 CFR Part 11 FAQ. (Frequently Asked Questions)

SECTION L QUALITY ASSURANCE. 1) designating and managing quality control functions, including:

How PLM is Being Applied to Support Today s Dynamic Enterprises

Quality Management System MANUAL. SDIX, LLC Headquarters: 111 Pencader Drive Newark, Delaware 19702

Correspondence Between ISO 13485:2016 and 21 CFR Part 820 QMS Requirements

QUALITY ASSURANCE PLAN OKLAHOMA DEPARTMENT OF HUMAN SERVICES ENTERPRISE SYSTEM (MOSAIC PROJECT)

Equipment In-house Calibration Requirements and use of Non-Accredited Calibration Service Providers

The Complete Guide to FDA Design Controls

V&V Best Practices. CASSS, CMC Strategy Forum Steven W. Badelt, PhD Managing Partner Suttons Creek, Inc. SUTTONSCREEK.COM

QUALITY MANUAL ECO# REVISION DATE MGR QA A 2/25/2008 R.Clement J.Haislip B 6/17/2008 T.Finneran J.Haislip

Rocky Mountain Regulatory Affairs Society. Elements of and Maintenance/Remediation of the Design History File (DHF) March 15, 2017

Software in Medical Devices

TECTURA LIFE SCIENCES HIGHLIGHTS

(c) QAdvis Breakfast seminar. Software tool validation QAdvis seminar Lund , Stockholm , Uppsala

Quality Manual. This manual has been written to the ISO 9001:2000 International Quality Standard

Beaver Machine. Quality Manual

2013 Rational Software Open Labs

Infor CloudSuite Industrial

GxP Auditing, Remediation, and Staff Augmentation

Increasing Bid Success Through Integrated Knowledge Management

The Challenges of Collecting Product Compliance Data: 6 Critical Decisions

WARNING LETTER AUG 3, 2016

Computerised Systems. Alfred Hunt Inspector. Wholesale Distribution Information Day, 28 th September Date Insert on Master Slide.

Optimize Enterprise Asset Productivity with Comprehensive Master Data Governance

Intro & Executive Summary

Quality Systems Manual

Beamex CMX Calibration Software and GAMP - Good Automated Manufacturing Practices

EU GMP - Annex 11 Computerised systems Versione corrente Nuova versione per commenti (emessa 8 aprile 2008)

Medical Device Solution

MDSAP Purchasing Process

AAMI Quality Systems White Paper

Strategies for Risk Based Validation of Laboratory Systems

Design Quality. Indu Lakshman

The Challenges of Life Science Software Validation: InfoStrength s Key Differentiator

Quality Management System

Streamline Retail Processes with State-of-the-Art Master Data Governance

COMPUTERISED SYSTEMS

Quality Management System

Managing Validation. Paperless Recorders

Compliance & Validation Validation of Software-as-a-Service (SaaS Solutions)

GxP Compliance for Computerized Systems

COMPUTERIZED SYSTEM VALIDATION (CSV) IMPLEMENTATION, DEMARCATION AND STRUCTURATION

9 Questions Food and Beverage Manufacturers Need to Ask About Their ERP

Regulatory Overview Annex 11 and Part 11. Sion Wyn Conformity +[44] (0)

EPICOR, INCORPORATED QUALITY ASSURANCE MANUAL

QUALITY MANUAL ISO 9001 QUALITY MANAGEMENT SYSTEM

GxP Auditing, Remediation, and Staff Augmentation

FDA 21 CFR Part 820 vs. ISO 13485:2016 Comparison Table created by greenlight.guru

COMPUTERIZED SYSTEM VALIDATION

Supplier Quality Survey. 1. Type of Business: g) Commodities supplied? Supplier Changes/comments: 2. Headcount breakdown by group: Purchasing

BHG Operational Awareness Program May 8, 1998 Configuration Management Revision 0 Page 1 of 11 CONFIGURATION MANAGEMENT

Outsource or in-house? The evolving role of analytical services in pharmaceutical manufacturing

BEST PRACTICES IN CYBER SUPPLY CHAIN RISK MANAGEMENT

Validation Documentation. Presented by John Montalto 27 March, 2013

Professional Engineers Using Software-Based Engineering Tools

Implement Effective Computer System Validation. Noelia Ortiz, MME, CSSGB, CQA

AS 9100 Rev C Quality Systems Manual AS-050C-QM

How To Build Compliant Documentation. as a. Medical Device Software Company

Computer System Validation Perform a Gap Analysis of your CSV Processes

DATA INTEGRITY ASSURANCE AS KEY FACTOR FOR SURVIVING CORPORATE AUDITS AND REGULATORY INSECTIONS

Establishing Free and Open Source Software Compliance Programs: Challenges and Solutions. By Ibrahim Haddad, Ph.D.

Contracts, Rights and Royalties. End-to-end management and monetization of your intellectual property

Prevent Quality System Deficiencies by Conducting Effective Internal Audits. Whitepaper

IMARC Research, Inc. Executive Summary. Independent. Monitoring. Auditing. Research. Consulting WE LL EARN YOUR APPROVAL.

Re: Comments to FDA re Guidance Document on Data Integrity and Compliance with CGMP

Automated data capture & document management - made simple!

November 12-15, 2018 ARIA Resort Las Vegas, NV Training Topics. Working Draft - Subject to Change

AAMI Quality Systems White Paper: Comparison of 21 CFR Part 820 to ISO 13485:2016 1

GAMP5 Validation for Dynamics 365

Software configuration management

Introduction to 21 CFR 11 - Good Electronic Records Management

e-validation Establish a Plan for a Paperless Validation Environment Ty Mew Ofni Systems Inc.

PRINTED COPY IS NOT CONTROLLED

Overview of Technical Skills and Competencies

Guidance on the Application. of ISO / IEC Accreditation International Association for Certifying Bodies

DORNERWORKS QUALITY SYSTEM

Legal Aspects of Software Agreements with Large Vendors. Robert Scott Scott & Scott, LLP

GxP Auditing, Remediation, and Quality System Resourcing

Sawdey Solution Services

EUROPEAN COMMISSION ENTERPRISE AND INDUSTRY DIRECTORATE-GENERAL. EudraLex The Rules Governing Medicinal Products in the European Union

ANCHOR ISO9001:2008 RPR-007 MARINE SERVICES ADDITIONAL PROCEDURE PRODUCT REALISATION

Approved Supplier Guidance

Unlocking the Expertise of the Extended Enterprise: Cimmetry Systems AutoVue Real-Time Collaboration

References Concept. Principle. EU Annex 11 US FDA , (g), (i), 11 Orlando Lopez 2/15/11. Old Annex 11.

Assignment #2 IE 2303/AME 2303 Spring 2012 Introduction to Manufacturing. Example Answers

Monroe Engineering is committed to customer satisfaction; we strive for Continuous Improvement in our products and our people.

Develop a Roadmap for the Implementation of a Global CSV Program. Eileen Cortes April 26, 2017

ISO 9001:2015 QUALITY MANAGEMENT SYSTEM POLICIES AND PROCEDURES

Software verification services for aerospace. »» Unit and integration testing. »» Timing analysis and optimization»» System and acceptance testing

BS EN ISO 9001 QUALITY ASSURANCE MANUAL


Managed Governance Services

Business Management System Manual Conforms to ISO 9001:2015 Table of Contents

Process development and basic GMP

siemens.com/simatic-it SIMATIC IT for Automotive Suppliers Answers for industry.

Transcription:

Medical Device Validation: How Vendors Can Assist their Customers by David A. Vogel, Ph.D. Intertech Engineering Associates, Inc. as published in Biomedical Instrumentation & Technology, November/December, 2007 Vendors can create a market advantage for themselves by helping their customers with validation efforts and regulatory requirements. By providing validated or partially validated software, vendors are helping their clients reduce their validation overhead in acquiring the software, thus reducing the overall ownership cost. The current Good Manufacturing Practices - Quality System Regulation 21 CFR 820 and ANSI/AAMI/ISO 13485:2003 - require medical device manufacturers, contract manufacturers, and specification developers to validate any software used in their devices or in the development or manufacture of a device. Suppliers of instruments or subsystems used by medical device manufacturers can create a market advantage for themselves by directing the validation efforts and assisting their customers with the regulatory requirements. The Challenge Manufacturers that use manufacturing and/or test instruments that rely on software as part of production or the quality system may be required by regulation to validate that software. This may include software embedded as part of the instrument or external software (including off-the-shelf software) that interacts with the instrument. This article relates only to software used by manufacturers in the design, development, manufacture, or control of quality of the device; it does not address software that is embedded in a medical device. Often, little information is available from the manufacturers to assist users in validating the instruments for their intended use. However, installation and operational qualification templates Intertech Engineering Associates, Inc. Address: Industry: Services: Skills: COMPANY PROFILE 100 Lowder Brook Avenue Suite 2500 Westwood, MA 02090 www.inea.com - (781) 801-1100 (Electro)Medical Devices Assessments Training Consulting Hands-on Engineering Product Design Risk Management Requirements Engineering Electronics Development Software Development Software Verification and Validation Production/Quality System Software Validation

and/or information are readily available from these suppliers. The performance qualification is commonly the responsibility of the end user after successful installation and operational qualifications. This creates an opportunity for system and instrumentation manufacturers to stand out in their competitive markets by assisting their users with their validation needs. Validation costs can easily exceed the purchase cost of the instrument or software. Whatever the suppliers of software-controlled instruments can do to reduce their customers cost of validation therefore reduces the overall cost of use of the system. This can be used as a marketing advantage and will eventually become a necessity to stay competitive in the medical device market. Regulatory Background Manufacturers are bound by a specific federal regulation on software found in manufacturing and quality systems. This regulation, found in the Federal Code (21 CFR 820.70(i)) section on medical device production and process controls, states: (i) Automated processes. When computers or automated data processing systems are used as part of the production or the quality system, the manufacturer shall validate computer software for its intended use according to an established protocol. All software changes shall be validated before approval and issuance. These validation activities and results shall be documented. FDA published General Principles of Software Validation; Final Guidance for Industry and FDA Staff - commonly referred to as the GPSV - in 2002 to expand on FDA s interpretation of all legislated software validation requirements relation to medical devices. Defining What is Regulated Manufacturers are encouraged - via master validation plan driven by cross-functional policy - to inventory the software used in a production, research, engineering, sales, or service facility. That inventory should include the intended use for each software item and delineate whether validation is necessary. If the software item is used to monitor or control part of the manufacturing process, design and development process, or any part of the quality system, it falls within the regulation. This includes software that is used in: The design and development of medical devices, such as computer-aided design (CAD) systems, compilers, test software, simulators, or code generators. The manufacture of medical devices, such as embedded machine tool software, machine vision quality control, robotics, or statistical process control software. The creation, maintenance, and control of quality data about medical devices, such as complainthandling systems, lot-tracking systems, training systems, quality control (QC) systems, or patient-tracking systems. The creation, maintenance, reporting, validation, and storage of electronic records and electronic signatures. Unregulated software can fall under the requirements of 820.70(i) by its association with other regulated software. A software item normally considered unregulated under these guidelines might produce data that are used by regulated software. The validation requirements of 820.70(i) may then apply to that formerly unregulated software item. The validation requirements in this case could be focused on the functionality of the (formerly unregulated) software item related to the creation, storage, manipulation, and security of that data used by the regulated software. The Customer s Validation Obligations Manufacturers have certain obligations for validating any applicable software used as part of production or the quality system. It is a popular misconception that validation is synonymous with testing. It is not. Software validation, as described by the GPSV includes many activities in addition to testing. Validation as recommended by FDA s GPSV includes the following components:

Determination of the software lifecycle Document intended use Risk analysis and risk management Configuration-management and version control Planning Technical evaluations and management reviews Testing Traceability Validation Ideas for Instrument Manufacturers Manufacturers need to plan how the validation guidelines apply to each software item. Since validation is to be proportional to the risk and complexity of the software s intended use, risk management is needed for all software items. Manufacturers need to address each of the components of validation. However, for embedded software that is acquired from an instrument vendor, the manufacturer has little control over or visibility into the software development process. Validating such software takes some creativity on the part of manufacturers. Make product validation profitable. Validating manufacturing and quality-system software is burdensome for manufacturers. They typical manufacturer user responsible for validation is not a software engineer, and is not familiar with software validation activities. Vendors of software-controlled instruments might profit by selling validation packages to their manufacturer customers. These packages might include partial validation documentation, training, and/ or consulting with manufacturer users on validating for their intended use. Providing validated or partially validated software can provide real marketing advantages for suppliers of software to the medical device industry. By reducing a manufacturer s validation overhead in acquiring a piece of software or software-controlled instrumentation, the overall cost of ownership is reduced. Implement design controls and validation practices. Instrument manufacturers can alleviate much of their customers validation obligation if they document that they have followed good software engineering practices, such as design controls, maintaining the equivalent of a design history file, and providing the components of validation under their control. The details of this are beyond the scope of this article, but are well documented in FDA guidelines. Verification Testing. Good software engineeringdevelopment practices depend on detailed requirements and functional specifications. Verifying the implementation of the software involves testing each requirement in the specifications for its existence and proper function. This testing should be documented in detailed test protocols. The instrument supplier cannot validate for the manufacturer user s intended use, but it can verify that the software correctly implements the requirements. Encourage audits. Instrument manufacturers usually consider detailed requirements, specifications, test protocols and results, evaluations, and review minutes dictated by a controlled design environment to be considered proprietary information. Encourage your manufacturer customers to audit your design process, making the validation and design control documentation available to them for viewing. This will satisfy some of your manufacturer customers obligations for validation. Such audits might also fit well with any ISO 9000 or ISO 13485 audits that the manufacturer s purchasing group may require. Make known defect lists available. Even a welltested instrument or software item is likely to have a list of residual defects at release whose resolution was deferred for future releases. After release to the field, the software users might discover additional defects. These defect lists should be made available to users and prospective users so that they can assess the risk of the defect in their intended use environment. Coach your customer. Instrument suppliers cannot take full responsibility for the validation of their embedded software used by manufacturers. Only the

user of the instrument can define his or her intended use. The risk associated with the instrument s use will depend on the intended use, so that too must be the responsibility of the manufacturer user. The instrument supplier has experience with the instrument and possibly experience with how manufacturers are using it. Instrument suppliers can coach their manufacturer users in identifying and documenting intended uses. Furthermore, instrument suppliers can leverage their knowledge of instrumentfailure modes to assist their manufacturer users in risk analysis and in identifying risk-control measures to manage the risk to acceptable levels. Partner with validation experts. Manufacturer users of software-driven instruments often are not software professionals and have no experience with software validation. Instrumentation suppliers may not have knowledge of the regulated medical device industry and may not have enough business in the medical device industry to develop in-house expertise. An outsourced validation expert can consult with the instrument supplier on improving internal software development processes to survive customer audits. Additionally, the validation expert can work with customers to assist them in final validation for their intended use. The instrument supplier benefits because validation no longer seems like an obstacle in the acquisition of the instrument. A Case in Point Take, for example, an intelligent motor that communicates with an external computer and is used to control part of the manufacturing process for a medical device. The motor itself has an embedded processor and software that takes electronic commands and converts them to motor movements. A manufacturer of an implanatable medical device wants to use the motors to automate the winding of a coil with a non-constant winding density along the axis of the coil. The winding profile is critical to the correct operation of the medical device into which the coil is embedded. The motor manufacturer should: As part of good engineering practice and design control, document product requirements, performance requirements, and limitations; specify the communications protocols between the motor and the external computer; and specify requirements of the software for the onboard microprocessor. Design verification-test protocols for the motor, specifically testing each requirement for the software. Tests should be executed and results formally documented. Prepare a known defect list from the results of the verification testing for any defects in the released product. Make all of the above results available to the customer. Proprietary information can be made available in audits. Conduct formal reviews of the design and implementation process and make the results of those proceedings available to customers. Any information that is considered to be proprietary can be provided during onsite audits only. All of the above items may be kept in a design history file that can be reviewed by customers and prospective customers. The medical device manufacturer should: Identify the intended use of the motor in the coil winding system. The intended use should be specific enough to know what performance requirements are expected of the motor. Consider how changes to the software embedded in the motor will be controlled. For example, what happens if a motor with Version 1.0 embedded software fails and is replaced with a new motor with Version 2.0 software? Is there a way to know? Who will be responsible for revalidating the new motor with the new software in the manufacturing system?

Conduct risk analysis for using the motors in the coil winder. Consider how the motor might fail in a way that the coil will be affected. Assign severity levels to the anticipated coil defects relative to the ultimate safety impact to the patient. Provide risk management for the more severe and/or probable risks. Determine how the failure modes could be detected or corrected as part of the overall manufacturing system. Conduct validation testing to provide a level of assurance that risky failure modes do not exist, that critical performance specifications can be met, and that any risk-control measures that are identified are in place and reduce the risk to an acceptable level. The above is an abbreviated itemization of tasks for the supplier of a software-controlled motor and the manufacturer user of the instrument. A competitive motor supplier that does not perform the validation tasks suggested above puts additional validation burdens on the manufacturer customer. Conversely, a competitive motor supplier that does perform the validation tasks suggested above and assists with some of the user s responsibilities by coaching, training, or consulting creates added value and a marketing advantage for its motor. In some cases, the manufacturer may be using an instrument for a non-critical purpose in the manufacturing process, or may be using it in a way in the process that 100% of all product is inspected and verified downstream in the process. In these situations a case can be made for reducing validation requirements. A supplier who can assist the user in this type of analysis and documentation can save the user considerable costs in unnecessary analysis and testing. obligated to validate any software that is used as part of production or the quality system. Suppliers can aid their manufacturer customers by getting their own software development processes under control and leaving a documented trail of activities (i.e., a design history). Proprietary information does not need to be published; it can be made available in an audit setting. Suppliers, however, cannot do it all for the manufacturers. Only the medical device manufacturer knows the intended use of the software, and the specific requirements they will demand of the software. The device manufacturer is the only one in the position to evaluate the risks associated with the use of the software and to know what controls they may exercise over that risk. A validation package is best when it covers activities from both the supplier and medical device manufacturing customer. Suppliers can make it easier and more cost effective for manufacturers to perform validation. Their efforts constitute both a value-added service and a marketing advantage for the supplier. Increasingly, manufacturers will insist that their suppliers take steps that will make life easier for them. An ounce of prevention on the supplier side will save a pound of effort for the manufacturer. Summing Up The points discussed in this article are specific to software used in the design or manufacture of medical devices that are used as part of production or the quality system. The main point is that manufacturers are legally

ABOUT THE AUTHOR: David Vogel is the founder and president of Intertech Engineering Associates, Inc. Dr. Vogel was a participant in a joint AAMI/FDA workgroup to develop a standard for Critical Device Software Validation which was subsequently included in the IEC 62304 Software Lifecycle Standard. He was also a participant on the joint AAMI/FDA workgroup to develop a Technical Information Report (TIR) for Medical Device Software Risk Management. Currently, Dr. Vogel is a member of the AAMI/FDA workgroup developing a TIR on Quality System Software Validation. A frequent lecturer for workshops and seminars on topics related to medical device development and validation, Dr. Vogel also is the author of numerous publications and holds several patents. Dr. Vogel received a bachelor s degree in electrical engineering from Massachusetts Institute of Technology. He earned a master s degree in biomedical engineering, a master s degree in electrical and computer engineering, and a doctorate in biomedical engineering from the University of Michigan. Intertech Service Offerings: Risk Analysis and Management Software Design and Development Electronic Design and Development Requirements Development and Management Documentation and Traceability Verification and Validation Evaluations, Reviews, Inspections Planning Project Management Compliance Consulting and Training Manufacturing and Quality System Software Validation Leverage INTERTECH s expertise to: Reduce Project Risk Shorten Time to Market Cut Development and Test Cost Assure Quality Products ABOUT INTERTECH: Intertech Engineering Associates has been helping medical device manufacturers bring their products to market since 1982. Through a distinct top-down service model, Intertech offers highlevel consulting and hands-on engineering. By balancing technical expertise and practical business experience, we support clients through all phases of product development. While we do make your job easier, Intertech exists not to replace but to partner with clients to help balance the concerns of quality, time and cost. With considerable experience in FDA regulatory compliance, our time-tested development process can anticipate and solve problems inexpensively on the planning board rather than through costly solutions later in the development, test, or postdeployment phases. By using deliberate processes, Intertech ensures an improvement in quality and can build client expertise. Call us today for more information or a free consultation at 781.801.1100 INTERTECH Engineering Associates, Inc. 100 Lowder Brook Drive Suite 2500 Westwood, MA 02090 USA www.inea.com - info@inea.com - Tel: (781) 801-1100 - Fax: (781) 801-1108

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback