Would your Non-Product Software PASS an FDA Audit?
Are you at Risk of Non-Compliance…for Non-Product Software Tool Validation?
How do you know if you’re fully compliant?
What we’ve observed.
Because we provide QMS Support to Biotech, Pharma & Medical Device companies, we’ve observed an increase in FDA Auditors cracking down on this Industry Risk.
What is the problem, exactly?
Companies that use non-compliant software to support design or production of their medical device products.
The biggest challenge is awareness – most of these companies are completely unaware their non-product software requires Intended Use Validation.
Non-product software tool validation is also known as Intended Use Validation (IUV) and it’s extremely important to get this right.
Definition: Intended Use Validation (IUV)
Required for software applications used to support product design or production, when the software applications are not customer facing or sold to end users.
Per FDA & ISO:
- 21 CFR 820.30(f)
- 21 CFR 820.70(i)
- ISO 14971
Types of Software Applications Requiring IUV
- Commercial Off The Shelf (COTS)
- Home Grown – built In House
Examples of software requiring IUV
- All QMS Processes (electronic and/or manual)
- All Production Processes (electronic and/or manual)
- Defect Tracking Systems
- Document Control Applications
- QMS Software Applications
- Training Programs
- Complaint Tracking Software
- Inventory Control
Most Common Mistakes & FDA Responses
Mistakes
- Lack of IUV understanding
- verification vs validation
- mixing v and v in plan and/or final report
- unsure where IQ/OQ/PQ fit into the process
- Non existent or incomplete IUV Plan
- Incomplete IUV Report
FDA Audit Responses for In-House Built Software per FDA.GOV
- “The testing is incomplete; note that process validation testing (IQ/OQ/PQ) are not the same as verification and validation testing…”
- “Update your risk documentation to include risks associated with the performance needs of the system, and include the mitigations you implemented to reduce those risks to acceptable levels…”
The Penalty
If you have non-compliant software applications, there are real world consequences:
- Non-Compliance
- 483 Observation(s)
- Warning Letter(s)
- Recall(s)
- Consent Decree(s)
- Recall(s)
- Warning Letter(s)
- Failed Audits
- Delayed Product Release
- 483 Observation(s)
- Customer Complaints
- Unsatisfactory operational performance
- Lose a solid client to a “compliant” competitor
- Be reported to the FDA for non-compliance by your client
- CMO’s
- Suppliers
- Extended Development Effort
- Ineffective QMS functions
- Personnel Frustration
Typical Non-Compliant Manufacturers:
- Non Active Medical Devices
- Dental Alloys
- Disposable Syringes
- Needles & Infusion Sets
- Contact Lenses
- Dialysers
- Bone Screws
- Blood Bags
- Cardiovascular Implants
- Neurosurgical Implants
- Combination Products
- Biotech
- Diagnostic
- Genomics
- Pharmaceuticals
- Drugs
- Vaccines
- Etc
Additional (Non-Compliant) Companies:
- Contract Manufacturing Organizations (CMO)
- Suppliers
Least Problematic Companies
- Active Medical Devices
- Infusion Pumps
- Pacemakers
- Patient Ventilators
- Anesthesia Delivery Systems
Here’s what we hear the most:
- “We didn’t realize this was required…”
- “We don’t need IUV conducted – we’re not a software company”
- “There IS no difference between Verification & Validation”
- “We know what we’re supposed to do we just haven’t documented it yet – why all the fuss?”
- “We don’t like it when you use terms we don’t understand!” (actually said to us)
- Verification
- User Needs
The Solution:
Set up a Free Consultation so our Quality Process expert can review your situation and provide a recommended solution in order to set you up for 100% FDA Compliance.
If you have an Audit coming up, (or a submittal with IUV), let us help you pass the Audit – just like we’ve helped our clients!