5 Things You Didn’t Know About FDA Data-Driven Software Validation

Big data has been very important for the software validation process used by the FDA.
fda and data-driven validation
Shutterstock Photo License - By Sergei Domashenko

Data analytics has been very important for the FDA. They have used big data in many of their regulatory approaches. One example is with software validation.

Big data has been instrumental in the software development process. A number of software developers are using data analytics and machine learning technology to improve the quality of their products and expedite the development of their applications.

Software validation by the Food and Drug Administration (FDA) is a vital step in the oversight process towards ensuring the systems your organization uses when manufacturing and distributing regulated products are of the highest quality.  The FDA has used data analytics technology to streamline their process and drastically reduce the risk of missing anything pertinent. Of course, this approval isn’t just good for meeting regulatory compliance, it is also a prudent business practice that any organization can implement to enhance quality standards and ensure its critical software is up to the task. In short, big data has been invaluable in helping the FDA ensure all software meets expectations.

It shouldn’t be surprising that the FDA is using big data to improve software validation. They have already been relying on it to improve food and beverage labeling, which is just as important.

However, the FDA requirements for validating quality system software with its data analytics approach can be quite confusing. The FDA doesn’t explicitly specify how the validation should be conducted. It doesn’t help that the recommendations published by the FDA are rather complicated and painfully long.

We will walk you through 5 key points you should know about the FDA data-driven process towards software validation.

What is FDA Software Validation and How Does Data Analytics Come Into Play?

Popularly referred to as computer system validation, FDA software validation is when an organization demonstrates that its software does what it was designed to do.  The process involves confirmation and documentation that the computer software can consistently and accurately produce results that preset guidelines for quality management and compliance purposes.

The validation is an integral part of overall software quality control, and also encompasses software verification. In the latter case, the computer system or piece of software is gauged against a series of preset specifications.

1. How do you validate FDA-regulated software? 

Although the FDA publishes general recommendations, it doesn’t spell out step-by-step how organizations should validate their software.  The FDA usually doesn’t know the ins and outs of your software, so they cannot determine how the final validation results will appear.

It is up to each organization to explain to the FDA how they plan to validate the quality of their systems and, more importantly, provide documentation proving that they have validated their software.  It doesn’t matter if you created your software in-house or sourced it from a third-party vendor. It is not the vendor’s responsibility to carry out the FDA software validation.

It is important to understand that the FDA uses data analytics tools to assess the quality of your software applications. You should try to use your own data analytics applications that emulate their process to make sure it meets their expectations.

2. What types of software does the FDA require to be validated?

Before you start adapting big data technology to screen your own software applications, you should find out if they will be required to be validated in the first place. You can still use a data analytics approach to evaluate your software to improve its quality, but it won’t be as necessary.

The FDA generally requires validating of software used for manufacture, quality assurance control, design, labeling, packaging, installation, storage, and servicing of all products or devices geared towards human use. They often include quality system software, such as software for maintenance management systems, calibration management, quality management, clinical data tracking, labeling, warehouse scanning, document management, and design.

3. FDA software is crucial for highly regulated industries

Are you wondering who needs to validate their software?  All organizations and businesses that comply with FDA guidelines, regulations, and best practices must validate any piece of software that could potentially effect their product’s effectiveness, safety, and quality. Naturally, this stipulation targets highly regulated industries and organizations, such as:

Research laboratories: Labs involved in Research & Development or the testing of biopharmaceuticals and medical devices must validate their software. In doing so, they help ensure their research results, tests, and clinical records are accurate, repeatable, and verifiable. 

Records generated, processed, or stored by these software systems will be used by regulators like the FDA to review clinical trials, conduct audits, and approve new drugs based on their safety and efficacy findings.

For instance, the FDA had to go through large volumes of research and clinical trial data provided by pharmaceutical companies Pfizer, Moderna, and Johnson & Johnson to approve their Covid-19 vaccines. If any software involved in the research and development of the vaccines weren’t validated, that could put the company at loggerheads with the FDA when it comes to authenticity.

Medical devices: There are two broad categories of software that pertain to the medical device industry.  One group entails software used in quality control or the production of medical devices, while the other consists of software found in the medical device itself. The FDA software validation is mandatory in either case, which makes sense considering that medical device software vulnerabilities can have devastating consequences.

Pharmaceutical industry: This is another highly regulated industry where software plays a significant role in ensuring product safety, quality, and efficacy.  In this sector, the FDA focuses on validating software used in quality control and the manufacture of pharmaceutical products and ingredients.

Other industries: According to Dickson, FDA software validation can be incredibly beneficial for players in the manufacturing, aerospace, healthcare, and agriculture industries. 

4. What are FDA software validation requirements?

It pays to remember that the FDA usually doesn’t know how you plan to use your software until you tell them.  Your validation plan must, therefore, clearly define the purpose of your software. 

The plan should include quality guidelines and specifications that define software success. It should also state how the software system will be used to produce and distribute your product and ensure quality and safety.

However, there are only two clear-cut requirements for FDA software validation.  First: the processes you use and products you produce must stick to standards set by the FDA for inventory and production management.  Second: more importantly, you must document each software validation step.

Other general requirements range from software installation and operational qualifications to performance qualification requirements. For instance, to validate your software for performance qualification, you must verify and document that it works as expected under real-world conditions.

Your data-driven validation process needs to take all of this into account. You must create your own data analytics framework that encompasses all of these variables.

5. Using the 4Q Lifecycle Model can help facilitate FDA software validation

Let’s face the facts; the FDA requirements, guidance, and best practices for software validation can seem daunting; data-driven software validation is in and of itself a complex process. 

Thankfully, the FDA software validation process can be broken into an easy-to-understand format called the 4Q Lifecycle Model.  As the name implies, it’s a four-stage process that walks you through testing your software and documenting the results. 

Here’s a quick rundown of the 4Q Lifecycle Model:

DQ (Design Qualification): The vendor usually handles this part (if you procured your software from a third-party vendor).  It provides the documentation for operational specifications, functional specification, software requirements, and design specs.

IQ (Installation Qualification): Tests and documentation carried out at this stage will help demonstrate that your software has been installed properly per your user requirements and specs.

OQ (Operational Qualification): At this stage, your tests will show that your software will work the way it was designed to do (i.e., as per security capabilities and features defined in the DQ)

 PQ (Performance Qualification): This is an extrapolation of the third stage of operational quality.  At this stage, you must demonstrate that the software will perform as intended.