FDA Recommends Risk-Based Approach for Software Quality Assurance (Thursday, September 15, 2022)
Validation of software used in manufacturing processes such as for automation or quality control functions should not only be validated prior to use, but also follow a life cycle testing program to maintain an acceptable level of assurance of quality performance. Basically, FDA expects a similar life-cycle approach for periodic testing of critical software as it requires of all process validations. There are two aspect of software quality, first its initial validation for a given functionality, and second continual performance over time. Not all software needs to undergo such risk-based periodic and repeated testing. Only software involved in critical functions such as that involved in automating production processes, inspection, testing, or collection of production or quality systems data are considered as directly involved in production and hence require additional testing. The assurance of the quality of the critical software should be evaluated using a risk-based approach which entails “systematically identifying reasonably foreseeable software failures, determining whether such a failure poses a high process risk, and systematically selecting and performing assurance activities commensurate with the medical device or process risk, as applicable.” The latest FDA guidance on the topic discusses the high process-risk events, the various kinds of testing - both scripted or unscripted tests, the documentation requirements, and examples of common risk assurance test programs. It is expected that such assurance testing would be done for all critical software irrespective of it is a self-generated customized software or commercial off-the-shelf software.
Dr. Mukesh Kumar
Founder & CEO, FDAMap
Linkedin: Mukesh Kumar, PhD, RAC