Validating software process
Although it’s required, the FDA does not specifically tell companies how to validate.
Companies are required to explain how they intend to validate their software and show evidence it has been validated the way it was explained.
In other words, software validation 1) ensures that the software has been installed correctly, 2) ensures that the product will actually meet the user’s needs, and 3) confirms that the product, as installed, fulfills its intended use and functions properly.
The FDA recommends that companies pursue the “least burdensome approach.” But how do they do that?
If the vendor can provide information about their system requirements, software requirements, validation process, and the results of their validation, the medical device manufacturer can use that information as a beginning point for their required validation documentation.” There is good reason for the “intended use” guidance.
Here is an example: Company XYZ is using Minitab to estimate the probability of a defect in a manufacturing process.
At its core, validation is documenting that a process or system meets its pre-determined specification and quality attributes.
Specifically, at the time of this inspection there were two different versions of your CAPA & Customer Complaint procedure, SOP-200-104; however, no revision history was provided on the “Failure to validate computer software for its intended use according to an established protocol when computers or automated data processing systems are used as part of production or the quality system, as required by 21 CFR 820.70(i).“ … §820.70(i) (Production and Process Controls – Automated Processes).” …
“when requested no validation documentation to support the commercial off-the-shelf program (b)(4) used to capture complaints, returned merchandise and service requests was provided.”“Failure to validate computer software for its intended use according to an established protocol when computers or automated data processing systems are used as part of production or the quality system, as required by 21 C. “the CAPA analysis of nonconformances, which is used at management meetings, is inadequate in that the report is computer-generated on a non-validated software system.” It's the responsibility of the software purchaser to validate software for its intended use.
This was a repeat violation from a previous FDA-483 that was issued to your firm.
For example: A) Your firm uses off-the-shelf software (***** Help Desk) to manage customer support service calls and to maintain customer site configuration information; however, your firm failed to adequately validate this software in order to ensure that it will perform as intended in its chosen application.