Dismiss Notice
You must be a registered member in order to post messages and view/download attached files in this forum.
Click here to register.

Validation of Softwares

Discussion in 'ISO 9001:2015 - Quality Management Systems' started by jamescrockford, Nov 16, 2018.

  1. jamescrockford

    jamescrockford Active Member

    Joined:
    Aug 1, 2017
    Messages:
    62
    Likes Received:
    17
    Trophy Points:
    7
    Hi all,

    Our company is currently 9001 certified but some of our customer have 13485 and we are edging towards it also.

    We have been asked by one of our customers to create a validation master plan for softwares that we use that can affect the product/service we provide e.g. the software used by our support desk.

    Has anyone come across this before? We have been told the validating itself only need to be very basic but need a master plan and procedure for the process.

    Any help would be much appreciated as always.

    J
     
  2. John C. Abnet

    John C. Abnet Well-Known Member

    Joined:
    May 23, 2017
    Messages:
    176
    Likes Received:
    92
    Trophy Points:
    27
    Good day @jamescrockford;
    There is indeed a requirement in ISO 13485:2016.
    Specifically clause 4.1.6 states....

    4.1.6 The organization shall document procedures for the validation of the application of computer

    software used in the quality management system. Such software applications shall be validated pror to
    initial use and, as appropriate, after changes to such software or its application.
    The specific approach and activities associated with software validation and revalidation shall be
    proportionate to the risk associated with the use of the software.
    Records of such activities shall be maintained (see 4.2.5).

    While the ISO standard does not directly require your organization (i.e. "supplier") to comply with this, your customer is required to be responsible for the "evaluation and selection" of suppliers and to establish criteria for same. It is certainly within your customer's right to require compliance of clause 4.1.6 of their supply base, which I would assume is what they are doing.

    Notice that this is specified to be a risk based approach. A consideration is to identify all software which is utilized within the scope of your QMS (ERP for inventories and deliveries, spreadsheets within which their may be calculation formulas and/or macros, databases that track current revision of industry consensus standards, etc..etc..) Once that list is identified, a risk analysis (i.e. what's the potential impact to the customer if they do NOT perform as intended) can then be conducted. Once the priorities are established as result of risk, then your organization can determine which and what methods for validating (i.e. ensuring that they work as required/expected.)

    ISO 9000:2015 defines validation as...

    "confirmation, through the provision of objective evidence, that the requirements for a specific intended use or application have been fulfilled.'

    Hope this helps.

    Be well.



     
    Stanley and jamescrockford like this.
  3. jamescrockford

    jamescrockford Active Member

    Joined:
    Aug 1, 2017
    Messages:
    62
    Likes Received:
    17
    Trophy Points:
    7
    Hi John,

    This is very useful thank you.

    Completely agree with an understand what you are saying.

    My next question though, is around the how and the documentation required. On research I have found example validation master plans which is what our customer is looking for but also other templates such as validation protocols, reports and final reports, all of which would detail the validation activities and results. I'm concerned that this could be overkill though?
     
  4. Erickson Rabena

    Erickson Rabena Member

    Joined:
    Jul 9, 2018
    Messages:
    37
    Likes Received:
    5
    Trophy Points:
    7
    Does the software being used by your support desk have license and updated?

    Does your IT staff have preventive maintenance plan for all the software you are using in your company?

    If your answers to the questions above are YES then you have no problem conforming with the requirement.
     

Share This Page