General Principles of Software Validation

General Principles of Software Validation

One of the most important references in creating a software development lifecycle process to assure software quality is the FDA guidance document, “General Principles of Software Validation.”  This guidance document has been around for many years.  The current version, 2.0, was released in 2002.  To many in the industry, this guidance is simply referred to as the “GPSV.”

The guidance has a self-stated purpose to provide “validation principles that the FDA considers to be applicable to:

  1. the validation of medical device software or
  2. the validation of software used to design, develop, or manufacture medical devices.”

Of course the agency has quite a challenge in providing these principles.  One challenge is that medical device software can range widely in complexity and safety risk.  Consider what validation principles might be applicable to software controlling hemodialysis sub-systems compared to software displaying a patient’s weight in a scale.  A second challenge is how software technology and methods can change rapidly – so principles must stand the test of time.  Our opinion is that the GPSV meets these challenges well.  It remains a solid text for orienting, on-boarding, and referencing for software validation.

You can download a copy here: 2002-01-General Principles of Software Validation-Final Guidance

Of course, IEC 62304 is the more current, state-of-the-art thinking in the area of medical device software process.  One should use IEC 62304 as the basis for software process but we would recommend exploring how the GPSV can give greater insight into greater software quality.  Just a quick example is “test types.”  This is not found in IEC 62304 but is an essential technique in test case design for developing high quality software.

If you are interested in learning more, consider our 62304-FDA Compliance Training and other courses.

About the author

Brian is a biomedical software engineer - whatever that is! Started writing machine code for the Intel 8080 in 1983. Still enjoys designing and developing code. But probably enjoys his garden more now and watching plants grow ... and grandkids grow!

SoftwareCPR Training Courses:

IEC 62304 and other emerging standards for Medical Device and HealthIT Software

Our flagship course for preparing regulatory, quality, engineering, operations, and others for the activities and documentation expected for IEC 62304 conformance and for FDA expectations. The goal is to educate on the intent and purpose so that the participants are able to make informed decisions in the future.  Focus is not simply what the standard says, but what is meant and discuss examples and approaches one might implement to comply.  Special deep discount pricing available to FDA attendees and other regulators.

3-days onsite with group exercises, quizzes, examples, Q&A.

Instructor: Brian Pate

Next public offering:  June 5-7, 2024
Boston, MA

Email to request a special pre-registration discount.  Limited number of pre-registration coupons.

Registration Link:

Register Now



Being Agile & Yet Compliant (Public or Private)

Our SoftwareCPR unique approach to incorporating agile and lean engineering to your medical device software process training course is now open for scheduling!

  • Agile principles that align well with medical
  • Backlog management
  • Agile risk management
  • Incremental and iterative software development lifecycle management
  •  Frequent release management
  • And more!

2-days onsite (4 days virtual) with group exercises, quizzes, examples, Q&A.

Instructors: Mike Russell, Ron Baerg

Next public offering: February 12-15, 2024

Virtual via Zoom

Registration Link:

Register Now



Medical Device Cybersecurity (Public or Private)

This course takes a deep dive into the US FDA expectations for cybersecurity activities in the product development process with central focus on the cybersecurity risk analysis process. Overall approach will be tied to relevant standards and FDA guidance documentation. The course will follow the ISO 14971:2019 framework for overall structure but utilize IEC 62304, IEC 81001-5-1, and AAMI TIR57 for specific details regarding cybersecurity planning, risk characterization, threat modeling, and control strategies.

2-days onsite with group exercises, quizzes, examples, Q&A.

Instructor: Dr Peter Rech, 2nd instructor (optional)

Next public offering:  TBD

Corporate Office

15148 Springview St.
Tampa, FL 33624
Partners located in the US (CA, FL, MA, MN, TX) and Canada.