Computer Software Assurance

Hi All,

Was looking at some other thread (can't find it now), that FDA is pushing Computer Software Assurance (CSA). I know that it is pretty new direction, but anyone got got experience or is doing that? Would that fulfil the software validation requirement for ISO 13485?

On the MDIC presentations page (the folks sponsoring the CSA initiative), at least Gilead, J&J, Fresenius, Medtronic, Boston Scientific, and Lantheus have all deployed the CSA approach. (I'm sure that in those bigger companies, it's not deployed worldwide but they're still using it somewhere.)

There's nothing specifically saying WHAT the approach for software validation needs to be so this is certainly defensible. You'll still establish a risk-based approach using CSA, employing appropriate techniques based on risk.

From memory: 13485 says that QMS software validation is to be proportionate to the risk associated with the use of the software, which is precisely the direction the CSA quidance (from FDA) was going.

If there is a subtle point it is that medical device manufacturers subject to 13485 will typically also try to respect 14971... however: QMS risk is not typically the same as risk to patients, users, or other stakeholders per 14971. The CSA (draft) guidance was going to make this more obvious.