1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice
You must be a registered member in order to post messages and view/download attached files in this forum.
Click here to register.

Part 11 Guidance /risk of including unqualified system/ids in a change request

Discussion in 'US Medical Device Regulations' started by km533, Feb 17, 2023.

  1. km533

    km533 New Member

    Joined:
    Feb 17, 2023
    Messages:
    2
    Likes Received:
    1
    Trophy Points:
    2
    Hi All,

    I manage QMS part for a biotech company and would like clarification/guidance with regards to IT change request.
    As a practise my company uses system id/numbering as part of describing a change request item.
    These ids/numbering are from a smartsheet tracker which is non qualified/validated system.
    Could someone provide guidance as to what risk/questions can be asked during FDA inspection related to these unqualified system ids/numbering?
     
    km533, Feb 17, 2023
    #1
  2. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    5,109
    Likes Received:
    2,562
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    Welcome km533. I’ve moved your post to a more relevant sub-forum. Someone will be along to reply, I expect.
     
    Andy Nichols, Feb 17, 2023
    #2
  3. Jennifer Kirley

    Jennifer Kirley Moderator Staff Member

    Joined:
    Jul 31, 2015
    Messages:
    1,071
    Likes Received:
    722
    Trophy Points:
    112
    Location:
    USA
    Welcome km533!

    The FDA has published guidance for software validation. See section 2.1 for the part that so many people need to understand in order to not overthink this requirement:
    What type of changes are being done in IT - do you create your own software for the device? If not, the type of application you describe sounds more like a log for tracking changes than anything affecting the medical device. If you were using Smartsheet to record and track the history of the device itself, that would be applicable to the requirement's scope.
     
    Jennifer Kirley, Feb 18, 2023
    #3
  4. yodon

    yodon Well-Known Member

    Joined:
    Aug 3, 2015
    Messages:
    198
    Likes Received:
    115
    Trophy Points:
    42
    To add on to the post @Jennifer Kirley made (in which her point about overthinking is spot on!!!), FDA also published a (draft) guidance on computer software assurance. There are no prescribed methods for validating non-product software and this, to me, really helps put those efforts in proper perspective.

    Regardless, you should always consider what happens if the software fails? Also consider basic security - can someone delete lines in the smartsheet (inadvertently or maliciously)? It just makes good business sense to consider risks with your applications and take appropriate measures to control them.

    You asked:

    That's really hard to answer since this gets into whether such aspects are inspector's "hotbuttons." Most of the inspectors that I have dealt with don't really dig in much here. If the use of software is brought up, they may well ask if it's validated and then drill down from there. Generally speaking, if you show your system is controlled, they may not look too closely.

    You mention Part 11 but it doesn't sound like this is either managing electronic records required by regulation or electronically signing any such record so I would not expect Part 11 to be applicable.
     
    yodon, Feb 20, 2023
    #4
    Andy Nichols likes this.
  5. km533

    km533 New Member

    Joined:
    Feb 17, 2023
    Messages:
    2
    Likes Received:
    1
    Trophy Points:
    2
    Thank you! This is very helpful!
     
    km533, Feb 21, 2023
    #5
    Andy Nichols likes this.