eQMS validation

• Why a QMS software need to be validated?

• How can we validate this type of software?
• What are the elements that an auditor can review?
Why is validation of eQMS Software required?

ISO13485:2016 – 7.5.6
• ”…procedures for validation of computer software used in production and service provision and shall
be validated prior of initial use and after changes”

21CFR11 - Subpart B - Electronic Records Sec. 11.10

• “Persons who use closed systems to create, modify, maintain, or transmit electronic records shall
perform validation of systems to ensure accuracy, reliability, consistent intended performance, and the
ability to discern invalid or altered records”

Annex 11
• ”Computerised systems used as part of a GMP regulated activities should be validated and IT
infrastructure should be qualified”

Definition of validation:
”All activities that establish a level of confidence that the software is appropriate for its intended use and that
its trustworthy and reliable.” - ISO/TR 80002-2:2017
Two very different validation approaches

Initial validation and keeping everything stable and as-is: ”Changes are
cumbersome to handle”

• Re-validation is avoided and only done as a last option

• Preparedness for re-validation is low
• New needs that require changes cannot be met
• System becomes outdated as there is no willingness to implement changes. Patches with
corrections and improvements are often avoided.

Initial validation and procedures for validating needed changes focusing on

a updated risk management file: ”Changes are good”

• Procedures and forms for re-validation are prepared as the process is never ending – a
prepared format makes it doable
• Testing procedures/protocols and training when processes and functions changes are key
Validation Deliverables

Risk Analysis
Project & Regulatory Validation
Scope Definition Criticality Plan
Install Plan
Assessment

Quality System Design Executed IQs Training plan

Design of
Records and
Views

Risk management
Approved
Design Controls Configure Test Protocols
for OQ and PQ

Control of Manufacturing & Planning

Validation Test Executed OQ
Training
Records
Executed PQ

Change Control
Validation
Executed Cut Project End
Go live Over Plan
Audit report Report &
Report
Certificate
Regulations/guidelines when establishing an eQMS
• ISO13485:2016 (Medical devices - Quality management systems - Requirements for regulatory
purposes)
• ISO/TR 80002-2:2017 (Medical device software — Part 2: Validation of software for medical
device quality systems)
• 21CFR820 (US FDA Quality System Regulation)
• 21CFR11 (US FDA requirements for using electronic records and signatures)
• GAMP5 (A Risk-Based Approach to Compliant GxP Computerized Systems)
• Annex 11: Computerised Systems
• ISO14971:2012 (Risk management)
• IEC62304 (medical device software – software life cycle processes) is less relevant at its for
medical device software and medical devices that includes software – Not for QMS
About SimplerQMS: Packaged eQMS Solution

Ready-to-use QMS Processes

• Document Control / Versioning
• Non-Conformance, Complaints, CAPA’s, Audits
• Change Management
• Supplier & Equipment Management
• Etc..

Documentation & Training Testing & Validation

• User Training • Test Protocols
• Work Instructions • Validation Documentation
• Validated Hosting
Environment
Use the code ”EasyMedicalDevice” and get:

1. Free eQMS Checklist

2. Free One Hour Online Workshop with SimplerQMS

Contact SimplerQMS at:

www.simplerqms.com

info@simplerqms.com