Software V&V "In Brief"

To summarize:

0.  Download FDA SW Guidance documents, especially: 

"Guidance for the Content of Premarket Submissions for Software Contained in Medical Devices", and obtain / generate / group documentation per Table 3 (for all SW V&V, not just devices / 510(k)s:

https://www.fda.gov/medicaldevices/deviceregulationandguidance/guidancedocuments/ucm089543.htm

1.  Establish risk to patient by your company's / product's activities addressed by the software (Level of Concern, ISO 14971/ FMEAs...);

2. Develop a Project Plan (phases, milestones, tasks ...; timelines; responsibilities; I prefer the Gantt chart done on a spreadsheet); 

2.  List all your requirements for the software (the SRS), including applicable 21 CFR 11 (e-records / e-sigs); and cybersecurity if networked (especially firewalls, training to prevent opening unknown links, etc). 

3. Write an introductory narrative explaining the system and your validation approach; Write test cases to address all the requirements, e.g., IQ (for installation / hardware meets software rqmts ...), OQ (all software modules exist and initialize and shut down properly; 21 CFR Part 11 issues, especially limited access, audit trail / change history, names tied to files, date / time stamping, and cybersecurity (if networked), ..., PQ to repeatedly challenge key operations, especially addressing "allowable worst case" variables (I usually have one PQ for each allowable variable, e.g., 24/7 shifts(if that's what's used for this product's routine production = 1 (or more) PQ for day, 1 for swing, 1 for night, 1 for weekend/Sunday, and 1 for next holiday (the PQ test cases are the same, only the shift changes for each PQ); if validating software used by the company on different hardware platforms, use 1 PQ for each hardware platform / operating system, e.g., 1 PQ for an I phone, 1 for an Android, 1 for an I Pad, 1 for a Windows Tablet, and so on.

4.  Extract proofs for each test case from retroactive files (for preexisting systems); perform any additional test cases proactively (or all for new or remodeled systems);

5.  Compile all the above and other documentation (11 categories) into a Test Report / SW V&V File, and sign off.  Most documents can be generated in a word processing app.  Initial /date any copies.

jel@jelincoln.com

Updated 10/20/2021; 09/06/2023

See also entry of 05/23/2022 on Requirements Validation. 

The Guidance Document on software and 510(k) submissions has recently been revised - among other changes there are now only 10 categories. - JEL 09/19/2023