The Food and Drug Administration (FDA or the Agency), the US regulating authority in the sphere of healthcare products, has published a guidance document dedicated to the software validation principles.
Table of Contents
The document provides additional clarifications regarding existing regulatory requirements concerning software validation, as well as recommendations to be taken into consideration by medical device manufacturers (software developers) intended to place their software products on the US market. It is important to mention that FDA guidance documents are non-binding in their legal nature and are neither intended to introduce new rules nor to impose new obligations, but to assist in interpreting current regulatory requirements set for by the applicable legislation and ensuring compliance thereto. Moreover, the authority also mentions that an alternative approach could be applied, provided such an approach complies with the respective regulatory requirements and has been agreed with the authority in advance.
User Site Testing
Apart from testing to be carried out by a medical device manufacturer (software developer), the FDA guidance also describes the most important aspects related to the user site testing which, according to the document, constitutes an essential part of the software validation. In this respect, the authority states the following: the Quality System regulation requires installation and inspection procedures (including testing where appropriate) as well as documentation of inspection and testing to demonstrate proper installation; likewise, manufacturing equipment must meet specified requirements, and automated systems must be validated for their intended use.
The authority further mentions that there are a lot of terms used to describe user site testing. According to the guidance, the concept of user site testing covers, inter alia, such terms as beta test, site validation, user acceptance test, installation verification, and installation testing. In general, this applies to testing which is carried out at a user’s site using the actual hardware and software. Hence, the main criterion is that such testing should be carried out outside the developer’s controlled environment. Thus, in the case of user site testing, the software in question is subject to testing in the environment in which it is intended to be used and could be performed as either actual or simulated use.
The scope of the present FDA guidance covers any type of user site testing. At the same time, the authority also mentions that in certain cases additional requirements could be applied about site validation. Hence, it is the responsibility of an interested party to contact the respective division of the regulating authority to clarify the applicable requirements and ensure they are followed.
The testing itself should be carried out strictly by the appropriate plan. Upon completion, an acceptance should take place. All testing procedures should be duly documented, together with the information regarding test input data and the results obtained. In particular, it is necessary to include evidence demonstrating that the equipment used has been deployed properly to ensure its correct operations as intended by the manufacturer. When developing a testing plan, an interested party should analyze potential operating conditions and consider them when determining the testing schedule to ensure all important aspects are duly covered.
The authority also mentions that some of the evaluations that have been performed earlier by the software developer at the developer’s site should be repeated at the site of actual use; these may include tests for a high volume of data, heavy loads or stresses, security, fault testing (avoidance, detection, tolerance, and recovery), error messages, and implementation of safety requirements. According to the guidance, some of the data sets to be used for such testing could be provided by the manufacturer.
Another important aspect highlighted in the guidance is related to the human factor. In particular, the authority states that apart from ensuring the product operates as intended, it is also necessary to ensure its potential users could use it properly. According to the document, such an evaluation is intended to demonstrate that the users can perform the intended functions and respond in an appropriate and timely manner to all alarms, warnings, and error messages.
The records to be performed during the testing should cover all the aspects related to the way the product operates, including both correct performance and performance issues identified.
Depending on the way the user site testing is performed, the initial manufacturer of the product could be either involved or not involved. In the latter case, it becomes especially important to ensure the staff engaged in testing is familiar with testing methodologies.
According to the guidance, the typical tasks to be covered by the user site testing include the following ones:
- Acceptance Test Execution;
- Test Results Evaluation;
- Error Evaluation/Resolution;
- Final Test Report.
Maintenance and Software Changes
When describing the software maintenance and specific aspects associated thereto, the authority mentions that the term itself is used in a different meaning in comparison to its use in the context of hardware devices due to the difference like failures that may occur. In the case of hardware products, maintenance stands for the procedures to be performed to prevent issues and include the replacement of components or corrective changes. At the same time, software maintenance includes corrective, perfective, and adaptive maintenance but does not include preventive maintenance actions or software components replacement.
According to the guidance, to correct the issues identified, the software developer may introduce the respective changes, which would be considered corrective maintenance. In case the changes are intended to improve the overall performance of the product, they would be considered perfective maintenance; while the ones intended to ensure correct operations of the software in a changing environment are adaptive maintenance.
Irrespective of the particular stage at which the changes are introduced (e.g., in the course of the initial development process or after the product is placed on the market), they should be subject to a rigorous assessment to evaluate the impact they cause on the safety and performance of the product in general. Apart from this, it is also necessary to ensure the changes themselves are implemented correctly.
The scope of validation activities to be undertaken depends on the type of changes and the nature of the component affected, as well as the way this component impacts the operations of the device. To ensure the effectiveness of this process, complete and detailed enough documentation is required. According to the guidance, documentation should describe the structure of the product and the way its components are connected and interact with each other. Hence, the complexity of a validation process and the efforts needed would depend on the availability of software documentation.
In summary, the present FDA guidance covers the most important aspects related to user site testing, as well as changes to the software and the way they should be assessed. The document highlights the key points to be considered to ensure the accuracy and reliability of testing results, and also to comply with the respective regulatory requirements.
Sources:
How Can RegDesk Help?
RegDesk is a next-generation web-based software for medical device and IVD companies. Our cutting-edge platform uses machine learning to provide regulatory intelligence, application preparation, submission, and approvals management globally. Our clients also have access to our network of over 4000 compliance experts worldwide to obtain verification on critical questions. Applications that normally take 6 months to prepare can now be prepared within 6 days using RegDesk Dash(TM). Global expansion has never been this simple.