Is Your Statistical Software FDA Validated for Medical Devices or Pharmaceuticals?
We're frequently asked whether Minitab has been validated by the U.S. Food and Drug Administration (FDA) for use in the pharmaceutical and medical device industries.
Minitab does extensive testing to validate our software internally, but Minitab’s statistical software is not—and cannot be—FDA-validated out-of-the-box.
It is a common misconception that software vendors can go through a certification process to achieve FDA software validation. It's simply not true.
Software vendors who claim their products are FDA-validated should be scrutinized. It is up to the software purchaser to validate software used in production or as part of a quality system for the “intended use” of the software. This is described in FDA’s Code of Federal Regulations Title 21 Part 820.70(i):
“When computers or automated data processing systems are used as part of production or the quality system, the manufacturer shall validate computer software for its intended use according to an established protocol. All software changes shall be validated before approval and issuance. These validation activities and results shall be documented.”
The FDA provides additional supportive information for medical device companies via Section 6 of “Validation of Automated Process Equipment and Quality System Software” in the Principles of Software Validation; Final Guidance for Industry and FDA Staff, January 11, 2002.
“The device manufacturer is responsible for ensuring that the product development methodologies used by the off-the-shelf (OTS) software developer are appropriate and sufficient for the device manufacturer's intended use of that OTS software. For OTS software and equipment, the device manufacturer may or may not have access to the vendor's software validation documentation. If the vendor can provide information about their system requirements, software requirements, validation process, and the results of their validation, the medical device manufacturer can use that information as a beginning point for their required validation documentation.”
There is good reason for the “intended use” guidance. Here is an example:
Company XYZ is using Minitab to estimate the probability of a defect in a manufacturing process. If the amount of an impurity exceeds 450 mg/mL, the product is considered defective. Let’s say they use Minitab’s Capability Analysis > Normal to perform the capability analysis.
In the first graph below, you can see the Ppk (1.26) and defect rate (82 defects per million) are quite good by most standards. However, this manufacturer would be misled into believing this is a good process based on these numbers.
Minitab has not calculated anything incorrectly, but since this data is non-normal, the wrong procedure was applied. If this was the only capability analysis available in Minitab, then the software would not be validated for non-normal capability analysis.
Fortunately, Minitab does have non-normal capability analysis. If the Capability Analysis > Nonnormal is chosen and an appropriate distribution is selected (Weibull in this case), the Ppk (0.69) and defect rate (8993 defects per million) are found to be poor, as shown in the following graph:
What Needs To Be Validated?
Software packages that are used to monitor the process and determine the quality level, such as Minitab, should be validated. To validate Minitab, you will need to document the “intended use.”
The validation for intended use consists of mapping the software requirements to test cases. Each requirement must trace to a test case. An auditor may find that a system “has not been validated” if a requirement is discovered without a test case.
You can use a Traceability Matrix to track your requirements and test cases.
A test case should contain:
- A test case description. For example, validate capability analysis for Non-Normal Data.
- Steps for execution. For example, go to Stat > Quality Tools > Capability Analysis > Nonnormal and enter the column to be evaluated and select the appropriate distribution.
- Test results (with screen shots).
- Test pass/fail determination.
- Tester signature and date.
Software Validation Warning Letters
Many warning letters received by manufacturers cite a violation of this regulation. Below is a section from a warning letter that refers to the failed validation of an off-the-shelf helpdesk software product, and a document management tool.
Failure to validate computer software for its intended use according to an established protocol when computers or automated data processing systems are used as part of production or the quality system as required by 21 CFR § 820.70(i). This was a repeat violation from a previous FDA-483 that was issued to your firm. For example:
A) Your firm uses off-the-shelf software (***** Help Desk) to manage customer support service calls and to maintain customer site configuration information; however, your firm failed to adequately validate this software in order to ensure that it will perform as intended in its chosen application. Specifically, your firm's validation did not ensure that the details screen was functioning properly as intended. The details screen is used to capture complaint details and complaint follow-up information which would include corrective and preventative actions performed by your firm when service calls are determined to be CAPA issues.
B) Off-the-shelf software (***************) is being used by your firm to manage your quality system documents for document control and approval. However, your firm has failed to adequately validate this software to ensure that it meets your needs and intended uses. Specifically, at the time of this inspection there were two different versions of your CAPA & Customer Complaint procedure, SOP-200-104; however, no revision history was provided on the *************** document history. Your firm has failed to validate the *************** software to meet your needs for maintaining document control and versioning.
Here are two more examples of software validation violations in an FDA warning letter:
“Failure to validate computer software for its intended use according to an established protocol when computers or automated data processing systems are used as part of production or the quality system, as required by 21 CFR 820.70(i).“ … “when requested no validation documentation to support the commercial off-the-shelf program (b)(4) used to capture complaints, returned merchandise and service requests was provided.”
“Failure to validate computer software for its intended use according to an established protocol when computers or automated data processing systems are used as part of production or the quality system, as required by 21 C.F.R. §820.70(i) (Production and Process Controls – Automated Processes).” … “the CAPA analysis of nonconformances, which is used at management meetings, is inadequate in that the report is computer-generated on a non-validated software system.”
Minitab’s Validation Resources
It's the responsibility of the software purchaser to validate software for its intended use. If you're using Minitab Statistical Software, we offer resources to help with your validation. You can download Minitab’s software validation kit here:
And you can find additional information about validating Minitab relative to the FDA guideline CFR Title 21 Part 11 at this link:
This software validation kit was created to help you understand how we validate Minitab Statistical Software for market readiness, and to confirm Minitab’s continued commitment to quality.
If you have any questions about our software validation process, please contact us.