Warning Letter – Inadequate software validation

March 2, 2020

Excerpts from a warning letter of interest to software professionals:

1.b. Validation of device software is inadequate and is incomplete. Specifically, your firm did not conduct or document the results of software requirement specification and software design specification in your software verification and validation report for your Class II Swaive Thermometer. The verification and validation report did not document the results of the following requirements:

i. Display temperature data and warning when low voltage alarm exhibits, object’s temperature over range, ambient temperature over range
ii. Execution of mathematics operation
iii. Display information on 3×12 LCD display with 4 decimal digits and 5 icons
iv. Display “LO BAT” when the battery voltage is below 2.4V
v. Display “AH” when the ambient temperature is higher than 40ºC and “AL” when the ambient temperature is lower than 10ºC.
vi. Display “_ _ _E” when the object’s temperature is higher than 42.2ºC

The response dated November 13, 2019 is not adequate. Per your firm’s software verification and validation report, section 7 includes a table of design requirements, design specifications, verification and validation test requirements; and section 10 includes a table of the measurement test report with the test description, criteria, test results (°C) and remarks (P/F). The design requirements in section 7 state an object can be measured from (b)(4) at an environment from (b)(4). The verification and validation test requirements in section 7 state “Measure blackbody temperatures in different ambient temperatures. These states should include the extreme conditions:” blackbody: (b)(4) at ambient temperatures (b)(4) and (b)(4) and black body (b)(4) at ambient temperatures (b)(4) and (b)(4). This test is to ensure the software executes mathematical operations correctly under extreme conditions and normal conditions and the mitigates the hazard of displaying error temperature data due to incorrect mathematical protocol. These specifications are confusing as the design requirement for the ambient temperature should be (b)(4), but the verification requirements for ambient temperature are (b)(4).

In your response, you note that your firm did not document the results of software verification for the software design requirements and specifications. On November 5, 2019 your firm conducted a software verification and provided the results in document CAPA2. The report does not address all design requirements such as the testing at extreme temperatures, nor does it provide the measured temperatures throughout testing to determine if the design specification was met.

c. Your firm’s Risk Management Report, Version (b)(4), dated January 05, 2019, for Swaive Thermometer is inadequate and is incomplete, in that it did not identify all potential failure modes/ risk mitigations for:

– Storage or operation outside prescribed environmental conditions
– Incorrect measurements
– Sharp edges
– Inadequate packaging
– Issues with embedded software

These were not considered for possible hazards and contributing factors associated with the device risks; however, they were identified in the firm’s test reports and software verification report as potential failures modes.


See the complete Warning Letter at this link.

Remote Webmeeting Assessments

SoftwareCPR can provide remote offsite assessments to support virtual offices.  Our consultants can utilize webmeeting tools to walk your teams through assessments such as:

  • 62304 compliance
  • Regulatory submission pre-review
  • Software risk analysis
  • Cybersecurity process and validation
  • Overall ISO 14971 risk management
  • Overview of software regulation with John Murray

Email office@softwarecpr.com
for more info!

Corporate Office

15148 Springview St
Tampa, FL 33624
Partners located in the US (CA, FL, MA, MN) and Italy.