Tool Validation Requirements for Medical Device Development
Inadequate tool validation is a frequent citation in FDA warning letters, as it is commonly overlooked by medical device manufacturers. Regulatory requirements for tool validation applies equally to off-the-shelf tools as well as home-grown tools.
This article summarizes the related regulations and provides an outline for a risk-based approach to tool validations.
Related FDA regulations:
Regulation / Guidance
21 CFR 820
Quality System Regulation
Sec. 70 - Production and process controls
(i) Automated processes. When computers or automated data processing systems are used as part of production or the quality system, the manufacturer shall validate computer software for its intended use according to an established protocol. All software changes shall be validated before approval and issuance. These validation activities and results shall be documented.
Sec. 75 - Process validation
(a) Where the results of a process cannot be fully verified by subsequent inspection and test, the process shall be validated with a high degree of assurance and approved according to established procedures. The validation activities and results, including the date and signature of the individual(s) approving the validation and where appropriate the major equipment validated, shall be documented.
Guidance: General Principles of Software Validation; Final Guidance for Industry and FDA Staff (2002)
Any software used to automate device design or testing falls under this requirement for validation.
The device manufacturer retains the ultimate responsibility for ensuring that the production and quality system software is validated according to a written procedure for the particular intended use; and will perform as intended in the chosen application.
AAMI TIR36:2007 Validation of software for regulated processes
Entire guidance covering validation confidence-building, critical thinking, risk management and other common tools.
Contact a Tool Validation Expert Today:
When properly conducted tool validation documentation formally describes a tool's capabilities and limitations relative to its intended use and operating environment. The validation documentation will need to include objective evidence to demonstrate verification of the process outputs from each stage of the tool’s software life cycle (e.g. requirements, design, implementation, testing) meet the predetermined inputs, and the outcome of risk assessment driving requirements (e.g. for risk mitigations) and validation testing. For off-the-shelf software where the manufacturer may not have access to the vendor’s software validation documentation, in this case, according to FDA, the manufacturer has an obligation to perform sufficient "black-box" testing to ensure the tool meets its intended use and user needs in its operating evirnoment.
"Tool validation requirements equally apply to Off-The-Shelf (OTS) software tools."
It is important to note that even if the OTS vendor has provided validation evidence, the device manufacturer has ultimate responsibility to ensure that the software is suitable for their particular intended use, and should perform additional validation testing in the context of their own process.
Tool Validation Testing needs to be determined by a risk-based approach. The typical steps involved for a typical tool validation includes the following;
Define the tool's intended use;
Perform a risk analysis on the tool, relative to its intended use;
Create validation objective evidence with full traceability to user requirements and applicable regulatory requirements (e.g. Part 11 compliance).
Monitor the effectiveness of the tool in its operating environment, performing periodic risk reviews (e.g. assessment of known anomalies, security patches, etc.).
Tool Validation Insights...
* Templates available for complete tool validation documentation - including 21 CFR Part 11 compliance