Quality management software validation in the iso 13485:2016

Medical Device manufacturers shall soon face relevant changes as provided for by the new European Regulation requiring, among other novelties, the validation of the quality management software.

ISO 13485:2016 also introduced the requirement of the quality management software with the aim of reconciling the medical device sector to the pharmaceutical sector, increasing manufacturing quality and therefore the safety of the final user. In fact, in the pharmaceutical sector, the requirement of the validation of the information system is being dealt with for a long time, in order to ensure the compliance with Annex 11 of the GMP and with 21 CFR part 11.

Under 4.1.6 of ISO 13485 it is required that companies shall document the procedures for the validation of the software used in the quality management. The validation shall be carried out before the initial use and, in case of changes, the software shall be revalidated.

What is the software validation?

Validation refers to that control process of a specific application to assess whether it is in compliance with its expected use, and in particular with the user needs, the safety issues and the applicable regulations.

Basically, the validation is used to verify that the software ‘does what it has to do’ and to prevent it from ‘doing things it should not be able to do’.

The same ISO 13485 defines that the validation technique should be in the function of the complexity and risk associated with the expected use.

This method could be selected among one of the following:

  • Full validation: high-risk complex software;
  • Partial validation: for research and pilot studies;
  • Perspective validation: for applications related to manufacturing, control and acquiring process;
  • Retrospective validation;
  • Cross validation;
  • Simultaneous validation.

Based on the selection made, the company shall release a quality procedure, or SOP, that should regulate the different steps of the validation process.

Which software are to be validated?

The software to be validated may include applications regarding for instance:

  • CRM systems, PLM systems, ERP systems for the parts concerning the design, manufacturing and delivery of medical devices;
  • Database managing systems;
  • Files for design operations;
  • Distribution software programs;
  • Issue tracking and complaint managing software;
  • Excel calculation sheets, especially if specific algorithms to manage critical operations related to Medical devices are included

The validation process should be documented, indicating the reasons and the criteria of the selection.

The most used guidelines to meet the requirements of the quality management system software validation are:

  • GAMP 5 (widely used in the pharmaceutical sector)
  • ISO/TR 80002–2:2017


The software validation, especially for small companies, can be difficult and expensive in terms of both time and money.

However, the software validation helps reducing risks and legal responsibilities, meeting the requirements of the ISO 13485 and providing proof that the information system is suitable for its scope.

Written by: Felisiano Cipressi