Computer System Validation is the submission of evidence of the objective testing of a computer system. This involves demonstrating that the requirements for a specified use or intended application are met in everyday operation (ISO 13485:2016).
In simple terms, the computer should do what it is intended to do. Although each user has different requirements, it is important that the very processes that are asked of the computer function smoothly.
Quality management in the field of CSV works in a similar way in medical technology. QM specialists are currently facing new tasks and challenges, which include ISO 13485:2016 in chapters 4.1.6, 7.5.2.1 and 8.2.3.
A recent seleon project on computer system validation explains the steps and tasks: Starting with setting up the complete validation process, the evaluation criteria must then be defined, and finally the formal paperwork must be significantly expanded and integrated into the existing process world. This is followed by the identification of the systems to be validated.
A new feature of ISO 13485:2016 is the expansion of the systems to be considered, i.e. software and hardware. The ISO standard is roughly aligned with the FDA level: While “only” production and service processes were required to date, this requirement now applies to all QM system processes.
In the project described, a corresponding inventory was created, which lists all systems and software products. Based on the process, it is checked which of the software and hardware is used and which functions are to be critically evaluated and may lead to a risk.
If a report is generated and published automatically, the requirement is significantly higher than if there is a manual testing step in between.
Modeling in CAD is relatively uncritical; perhaps also the creation of an associated drawing derivation. However, the publication of the drawing (printout, PDF creation) must be ensured – everything that is on the CAD drawing must also be included on the printout/PDF, because the finisher wants to be able to work exactly according to it.
However, it does not stop at one time, because validation must be seen as an ongoing process: Imagine one of the computers in production breaks down and needs to be replaced. Validation goes into the next round: Is the computer absolutely identical? Is it running the same operating system in the same version? Are the programs compatible?
The number of contingencies requires experience and know-how. Each individual requirement needs explicit analysis and validation and objective proof from specialists.
Links to the topic:
FDA 21 CFR part 11
FDA 21 CFR part 820
EN ISO 13485:2016
FDA Guidance Document on Software Validation
GAMP 5 (Non-binding guidance document)
Please note that all statements and listings are not intended to be complete, are without guarantee and are for informational purposes only.
