February 2016 - Next Version of ISO 13485:2016
ISO/FDIS 13485 introduced new requirements to manufacturers of the medical device.It has a strong focus on the national regulatory requirements and, as a result, clarified the need to be in compliance with these, not just the standard alone. There is an emphasis on review of the impact of changes to regulatory requirements to products and processes in clause 4.1.4. Furthermore, it implements a risk based approach to the processes adopted by organisations.
"A risk based approach to the control of the appropriate processes needed for the QMS" (4.1.2(b)).
As a result, it is a requirement that the manufacturer defines how the risk is managed and how the risks from one process can affect other aspects of the QMS. One way to cover this mandate is to perform risk analysis on all the inputs/outputs of the processes in the process flow diagram to examine the impact that they could have on the QMS. Also, a new requirement to validate software used in the QMS was introduced;
“The organization shall document procedures for the validation of the application of computer software used in the quality management system. Such software applications shall be validated prior to initial use and, as appropriate, after changes to such software or its application.’
The specific approach and activities associated with software validation and revalidation shall be proportionate to the risk associated with the use of the software. Records of such activities shall be maintained. (4.1.6)”
For example, the validation of Microsoft Excel for a specific function will require a protocol to be written to check that your requirement is matched by the output of excel. You may determine that you need an Excel spreadsheet to:
- Allow data to be entered manually within a set range
- Allow data of a specific format to be imported
- Perform Calculations on the data
- Produce a graph of the resultant data
- Only allow specified users to change the template
To show compliance, you could write a validation protocol addressing each of these points, perform the validation based on the protocol and produce a simple report. If you use a dedicated QMS software provided by an external supplier then it might be worth contacting them to ask the best way to validate their software.