Thomas is an expert in Supply Chain and Manufacturing Optimization with more than 10 years of experience originating from Medical Device and High-Tech & Electronic Industries. He comes with a background as an Electronics engineer, complemented with a Master in Technology Management. Thomas has held positions in multinational corporations such as Nilfisk, heading the internal optimization program as well as the supply chain organization.
The Big Lie of Pre-validated Systems
I have now been working with the development, implementation, and sale of software solutions in the medical device industry for almost 20 years, and there is one question that has always come from customers. Now, with the increased use of SaaS solutions, the question comes even more often. As in always.
And this question is: “Is your solution pre-validated?”
And my answer is always the same: “No”
Then the follow-up from the customer is usually: “But your competitors’ system is pre-validated?”
There is no such thing as a pre-validated system!
So, is it possible to get a pre-validated system? The answer to this is: “No!”
A system cannot be pre-validated. The medical device manufacturer will have to go through the process of validating that the system works as accepted and fulfills the requirements of the customer. As a software vendor, it is impossible for us to validate the system for our end users' intended use, as we do not control it.
If we look at the guidance from MHRA (Medicines and Healthcare products Regulatory Agency), this is what it states:
“Computerised systems should comply with regulatory requirements and associated guidance. These should be validated for their intended purpose which requires an understanding of the computerized system’s function within a process.
For this reason, the acceptance of vendor supplied validation data in isolation of system configuration and users intended use is not acceptable. In isolation from the intended process or end-user IT infrastructure, vendor testing is likely to be limited to functional verification only and may not fulfil the requirements for performance qualification.
Functional verification demonstrates that the required information is consistently and completely presented. Validation for intended purpose ensures that the steps for generating the custom report accurately reflect those described in the data checking SOP and that the report output is consistent with the procedural steps for performing the subsequent review.”
You can find the guidance here (the quote above is taken from p.19).
And if we take a look at what the FDA states with regards to this there are several interesting sections to look at. In the General Principles for Software Validation, you will find:
“A device manufacturer may conduct a validation using their own personnel or may depend on a third party such as the equipment/software vendor or a consultant. In any case, the device manufacturer retains the ultimate responsibility for ensuring that the production and quality system software:
- is validated according to a written procedure for the particular intended use; and
- will perform as intended in the chosen application.”
You can find the guidance here (the quote above is taken from p.32).
As it states here, the actual validation can be outsourced to a third party to do, but it is still the device manufactures responsibility, and the manufacturers' intended use and requirements the system should be validated against.
Using the vendor documentation
Another section in the same document talks about using the vendor's documentation. And this is what we have been practicing for 25 years. To supply our customers with our documentation so that they can use that as a starting point for their own documentation. But the actual documentation is still the manufacturer's responsibility.
“If the vendor can provide information about their system requirements, software requirements, validation process, and the results of their validation, the medical device manufacturer can use that information as a beginning point for their required validation documentation.”
You can find the guidance here (the quote above is taken from p.33).
You can read more about the FDA guidance for system validation on pages 30-33 of the following document.
But, what about the EU?
So that was the UK and the US. Then what about the EU? Is it more relaxed here? Can I get a pre-validated system if in the EU? No! You cannot!
The EudraLex states in Annex 11:
“Documentation supplied with commercial off-the-shelf products should be reviewed by regulated users to check that user requirements are fulfilled.”
Find it on p.2 in this document.
So, it seems clear when you read the different guidance documents, that you cannot get a pre-validated system, you still have the responsibility and will have to make sure it is validated towards your own requirements.
Dear colleagues, stop lying!
But still, so many of our competitors say that their systems are pre-validated, and a lot of customers will believe them and expect the same from all vendors.
So, when we tell our customers you cannot get a pre-validated system, they naturally get confused and don’t know what to think.
Many customers, therefore, opt for the “pre-validated” solution because it means less internal cost doing that. But that is a dangerous thing to do. Because as it is clearly stated above it is always, always the device manufacturer's responsibility to make sure that the system works as intended for them.
So, I would like to ask my colleagues in the industry to please stop lying and stating that your systems are pre-validated. They are not.