General Principles of Software Validation

General Principles of Software Validation

One of the most important references in creating a software development lifecycle process to assure software quality is the FDA guidance document, “General Principles of Software Validation.”  This guidance document has been around for many years.  The current version, 2.0, was released in 2002.  To many in the industry, this guidance is simply referred to as the “GPSV.”

The guidance has a self-stated purpose to provide “validation principles that the FDA considers to be applicable to:

  1. the validation of medical device software or
  2. the validation of software used to design, develop, or manufacture medical devices.”

Of course the agency has quite a challenge in providing these principles.  One challenge is that medical device software can range widely in complexity and safety risk.  Consider what validation principles might be applicable to software controlling hemodialysis sub-systems compared to software displaying a patient’s weight in a scale.  A second challenge is how software technology and methods can change rapidly – so principles must stand the test of time.  Our opinion is that the GPSV meets these challenges well.  It remains a solid text for orienting, on-boarding, and referencing for software validation.

You can download a copy here: 2002-01-General Principles of Software Validation-Final Guidance

Of course, IEC 62304 is the more current, state-of-the-art thinking in the area of medical device software process.  One should use IEC 62304 as the basis for software process but we would recommend exploring how the GPSV can give greater insight into greater software quality.  Just a quick example is “test types.”  This is not found in IEC 62304 but is an essential technique in test case design for developing high quality software.

If you are interested in learning more, consider our 62304-FDA Compliance Training and other courses.

About the author

Brian Pate helps medical device companies achieve efficient and FDA regulatory compliant product development to produce higher quality and clinically valued software. He began his career in clinical research in 1985 with the Department of Anesthesiology at UAB developing closed-loop control systems for the automated delivery of gases and control. In 1990, he made the switch from university research to the medical device industry designing control systems, communication interfaces, user interface, and other software for real-time embedded systems and clinical information systems, working for medical device companies including Johnson & Johnson, Baxter Healthcare, and GE Medical. Today, he is a Partner and the General Manager of Crisis Prevention and Recovery LLC (dba SoftwareCPR®), a general-purpose regulatory consulting firm that is recognized globally for their expertise with standards and national regulations pertaining to medical device, mobile medical app, and HealthIT software. He has taught the AAMI/FDA course on Software Regulation to FDA Reviewers at FDA and is currently the lead faculty for the public version of that course taught annually along with FDA staff. Brian served on the AAMI/FDA TIR working group that created AAMI TIR32 Guidance on the application of ISO 14971 to Software (later superseded by IEC 80002-1). He later served on the original AAMI/FDA working group that created the AAMI TIR45-2012 TIR Guidance on the use of Agile practices in the development of medical device software and is currently the co-chair leading the creation of the 2nd edition of TIR45. He has served as faculty for all offerings of the AAMI/FDA Compliant Use of Agile Methods public course. Brian also served as an instructor for the AAMI Design Controls course. He is also a member of the Underwriters’ Laboratories Standards Technical Panel 5500, Remote Software Updates. He now serves as a member of the AAMI Software Committee.

Latest News!

Updated Risk Management training course now available.  Includes:

  • Coverage of ISO 14971, IEC 62304; amd1, and IEC/TR 80002-1.
  • Why FMEA is incomplete for medical device risk management.
  • How to perform software hazards analysis.
  • And more!

3-days onsite with group exercises, quizzes, examples, Q&A.  Contact

Corporate Office

15148 Springview St.
Tampa, FL 33624
Partners located in the US (CA, FL, MA, MN, TX) and Canada.