Software validation simple explained

Software validation refers to the documented process of the software life cycle that covers all development phases of a software product. This process begins with planning and requirements management and extends through specification and coding to test procedures and the release of the product.

Software validation is important for two main reasons:

Patient safety

It ensures that the software is suitable for the intended use and functions reliably and error-free. This avoids errors and quality losses and ensures maximum patient safety.

Regulations

It ensures that the legal and regulatory requirements of sensitive industries are met, for example FDA 22 CFR Part 11.

Computer system validation looks at all aspects of a computer system. In addition to the software, this also includes hardware, networks and interfaces. This ensures that all affected components function reliably.

Software validation, on the other hand, only looks at the software application itself. It checks whether it fulfills the defined requirements and is suitable for the purpose. Software validation is therefore a component of computer system validation.

1. Requirements analysis: Functional and non-functional requirements are defined and documented during the requirements analysis.
2. Selection of the software to be validated: In the second step, the company determines which solutions are to be validated.
3. Risk assessment: The risks involved in software validation are then considered and evaluated with the aim of identifying and eliminating sources of error.
4. Test planning and execution: In the course of test planning, test cases are created that cover all previously defined requirements. The tests take place in different environments, e.g. integration and system tests.
5. Documentation: In order to meet the obligation to provide evidence, the tests are documented and the results are checked. It is assessed whether the software meets the requirements and whether errors have been rectified.
6. Acceptance and release: A comprehensive validation report is created as part of the acceptance and release process. It certifies that the software meets all set standards.

A proven and recognized procedure for software validation is the V-model, which follows a proven validation plan.

ISO 13485 plays an essential role for software validation in medical devices. It defines which requirements apply to a quality management system for the development and use of medical devices and regulates the process validation for the software used. This mainly concerns the following points:

• Software must be introduced in the medical device sector in a validated manner.
• Software validation must ensure patient safety and guarantee that it meets the defined requirements.
• Software validation must be comprehensively documented.
• Risk management must be an integral part of software validation.
• Software must be validated throughout its entire life cycle.

Software validation plays a major role in the pharmaceutical industry, as it ensures patient safety. To this end, it checks and regulates that the development, production, storage and quality control of products are carried out properly and professionally. Software validation is also essential in order to meet the strict legal and regulatory requirements for pharmaceutical companies.

The initial process validation takes place when software is introduced. If significant changes are subsequently made, revalidation is necessary. This is regularly the case with validated software in the public cloud in particular. In order to reliably guarantee the required security, regular software validation checks must also be carried out.

Software validation takes place in cooperation with all parties involved in a company. Who these are varies depending on the industry, company size and regulatory requirements. Typically, however, people from the quality management, IT and compliance departments as well as the specialist departments that will use the software are part of the implementation project.

Yaveon's industry-specific ERP is specifically designed to meet the needs of the process manufacturing industry and is seamlessly integrated into Microsoft ERP Business Central. The special solution has been developed specifically for the requirements of the regulated environment in strict compliance with GAMP 5, meets the key points of the GMP requirements and fulfills all requirements for software validation - even in the public cloud. Combined with expert implementation by experienced Yaveon consultants, the implementation is carried out securely, efficiently and in compliance with regulations.

Software verification checks whether software has been developed and implemented in accordance with the defined specifications. To this end, it focuses on ensuring that the required designs and specifications have been implemented correctly and appropriately. Typically, unit tests and integration tests are used for this purpose.

Software validation, on the other hand, checks that the solution is suitable for the intended purpose. The focus here is on functionality, which is tested by means of user tests or simulations.

If software is developed with end-to-end documentation, it is known as standard software. On the one hand, this serves quality assurance in software development and reduces the implementation effort when introducing software in regulated industries (especially pharma and medtech).

The documentation of the individual software releases must be comprehensible and complete. The software developer must also define their own internal standards and implement them in accordance with current quality management requirements.

A so-called release cycle comprises the following steps:

1. Release planning: defining the functions of a software release based on customer requirements, market analyses and internal priorities.
2. Functional specification: Description of the software functions from the user's perspective. Basis for testing and process validation of customer requirements.
3. Technical specifications: Conversion of the functional requirements into technical details such as architecture, interfaces, data models and processes.
4. Development: Implementation of the functions in source code by the development team in compliance with defined standards.
5. Code review: Review of the source code by other team members to ensure code quality, compliance with standards and error prevention.
6. Functional testing: Comparison of the implemented functions with the functional specification to ensure correct software functionality, e.g. through manual or automated tests.
7. Release creation: Compilation of the software into a deliverable version, including installation packages, release notes and documentation.
8. Release approval: Formal approval of the release for delivery by authorized bodies. Review of test results and risk assessment if required.
9. Recording and correction of errors: Identification, documentation and correction of errors from tests or after the release. Corrections are integrated into future releases or hotfixes.

If the release cycles are developed according to a documented, comprehensible scheme, this can also be referred to as a pre-validated system. This makes it easier for customers to introduce the software, as the standard functions have already been pre-tested. As a rule, these standard functions then only need to be tested in the process context, which significantly reduces the implementation effort, especially in a validated environment.