從一八年概念提出��,到二二年草稿版二十幾頁���,再到今天終版四十頁頁��,雖然最后只有cdrh和cber參與,雖然主要只適用與醫(yī)療器械和qms體系系統(tǒng)��,但是這是行業(yè)的一大步,讓人亢奮
Table of Contents
目錄
I. Introduction .................................................................................................................4
I. 引言.............................................................................................................................4
II. Background ...............................................................................................................5
II. 背景.............................................................................................................................5
III. Scope ..........................................................................................................................6
III. 范圍.................................................................................................................................6
IV. Definitions ...................................................................................................................7
IV. 定義...............................................................................................................................7
V. Computer Software Assurance ..................................................................................8
V. 計算機軟件保障...............................................................................................................8
A. Computer Software Assurance Risk Framework ...................................................8
A. 計算機軟件保障風險框架.............................................................................................8
(1) Identifying the Intended Use .................................................................................9
(1) 識別預(yù)期用途........................................................................................9
(2) Determining the Risk-Based Approach ...............................................................11
(2) 確定基于風險的方法......................................................................11
(3) Production or Quality System Software Changes ............................................14
(3) 生產(chǎn)或質(zhì)量體系軟件變更......................................................14
(4) Determining the Appropriate Assurance Activities ..........................................14
(4) 確定適當?shù)谋U匣顒?...................................................14
(5) Additional Considerations for Assurance Activities ........................................17
(5) 保障活動的其他考慮因素..................................................17
(6) Establishing the Appropriate Record ..................................................................19
(6) 建立適當?shù)挠涗?.........................................................................19
B. Considerations for Electronic Records Requirements .........................................23
B. 電子記錄要求的考慮因素...................................................23
Appendix A. Examples ...................................................................................................26
附錄A. 示例.................................................................................................................26
Example 1: Nonconformance Management System ...............................................26
示例1:不合格品管理系統(tǒng).................................................................26
Example 2: Learning Management System (LMS) ...................................................30
示例2:學(xué)習管理系統(tǒng)(LMS)..................................................................30
Example 3: Business Intelligence Applications ....................................................33
示例3:商業(yè)智能應(yīng)用程序........................................................................33
Example 4: Software as a Service (SaaS) Product Life Cycle Management System (PLM) ...37
示例4:軟件即服務(wù)(SaaS)產(chǎn)品生命周期管理系統(tǒng)(PLM) ...37
I. Introduction ................................................................................................4
I. 引言...............................................................................................................4
FDA is issuing this guidance to provide recommendations on computer software assurance for computers and automated data processing systems used as part of medical device production or the quality system. This guidance:
FDA發(fā)布本指南,旨在為用于醫(yī)療器械生產(chǎn)或質(zhì)量系統(tǒng)的計算機及自動化數(shù)據(jù)處理系統(tǒng)提供計算機軟件保障方面的建議。本指南:
• Describes "computer software assurance" as a risk-based approach to establish confidence in the automation used for production or quality systems, and identifies where additional rigor may be appropriate; and
• 將“計算機軟件保障”描述為一種基于風險的方法���,用于建立對生產(chǎn)或質(zhì)量系統(tǒng)所用自動化手段的信心���,并指出在哪些情況下可能需要采取更嚴格的措施�����;以及
• Describes various methods and testing activities that may be applied to establish computer software assurance and provide objective evidence to fulfill regulatory requirements, such as computer software validation requirements in quality system obligations, including requirements in 21CFR Part 820 (hereafter referred to as "Part 820").
• 介紹了可用于建立計算機軟件保障并提供客觀證據(jù)以滿足法規(guī)要求的各種方法和測試活動�����,例如滿足質(zhì)量體系義務(wù)中的計算機軟件驗證要求�����,包括21CFR第820部分(以下簡稱“第820部分”)中的要求�����。
This guidance supplements FDA's guidance, "General Principles of Software Validation" (hereafter referred to as the "Software Validation guidance"), except this guidance supersedes Section 6: Validation of Automated Process Equipment and Quality System Software of the Software Validation guidance.
本指南是對FDA《軟件驗證通用原則》(以下簡稱“軟件驗證指南”)的補充�����,但本指南取代了軟件驗證指南中第6節(jié)“自動化工藝設(shè)備及質(zhì)量系統(tǒng)軟件的驗證”���。
For the current edition of the FDA-recognized consensus standard referenced in this document, see the FDA Recognized Consensus Standards Database.
有關(guān)本文件中引用的FDA認可共識標準的最新版本,請參見《FDA認可共識標準數(shù)據(jù)庫》��。
In general, FDA's guidance documents do not establish legally enforceable responsibilities. Instead, guidances describe the Agency's current thinking on a topic and should be viewed only as recommendations, unless specific regulatory or statutory requirements are cited. The use of the word should in Agency guidances means that something is suggested or recommended, but not required.
一般而言��,F(xiàn)DA指南文件并不設(shè)定具有法律強制執(zhí)行力的責任��。相反�����,指南闡述了FDA對某一主題的當前觀點���,除非引用了具體的法規(guī)或法定要求���,否則應(yīng)僅視為建議���。FDA指南中使用“應(yīng)”(should)一詞表示某事被建議或推薦,但并非強制要求�����。
II. Background .................................................................................................5
II. 背景................................................................................................................5
FDA envisions a future state where the medical device ecosystem is inherently focused on device features and manufacturing practices that promote product quality and patient safety.
FDA 設(shè)想未來的醫(yī)療器械生態(tài)系統(tǒng)將聚焦于能夠促進產(chǎn)品質(zhì)量和患者安全的器械特性和生產(chǎn)實踐���。
FDA has sought to identify and promote successful manufacturing practices and help device manufacturers raise their manufacturing quality level.
FDA 致力于識別和推廣成功的生產(chǎn)實踐���,幫助器械制造商提升其生產(chǎn)質(zhì)量水平。
In doing so, one goal is to help manufacturers produce high-quality medical devices that align with the laws and regulations implemented by FDA.
為此��,目標之一是幫助制造商生產(chǎn)出符合 FDA 法律法規(guī)要求的高質(zhì)量醫(yī)療器械��。
Compliance with quality system obligations including those in Part 820 is required for manufacturers of finished medical devices to the extent they engage in operations to which those obligations apply.
成品醫(yī)療器械制造商必須遵守質(zhì)量體系義務(wù)�����,包括第 820 部分中的要求��,只要其從事適用這些義務(wù)的操作。
Quality system obligations include requirements for medical device manufacturers to develop, conduct, control, and monitor production processes to ensure that a device conforms to its specifications, including requirements for manufacturers to validate computer software used as part of production or the quality system for its intended use.
質(zhì)量體系義務(wù)要求醫(yī)療器械制造商開發(fā)��、實施�����、控制和監(jiān)控生產(chǎn)過程���,以確保器械符合其規(guī)范,包括驗證用于生產(chǎn)或質(zhì)量系統(tǒng)的計算機軟件是否適用于其預(yù)期用途��。
The recommendations on computer software assurance in this guidance are intended to promote product quality and patient safety, and correlate to higher-quality outcomes.
本指南中關(guān)于計算機軟件保障的建議旨在促進產(chǎn)品質(zhì)量和患者安全��,并與更高質(zhì)量的結(jié)果相關(guān)聯(lián)�����。
This guidance addresses practices relating to computers and automated data processing systems used as part of production or the quality system.
本指南涉及用于生產(chǎn)或質(zhì)量系統(tǒng)的計算機和自動化數(shù)據(jù)處理系統(tǒng)的實踐��。
In recent years, advances in manufacturing technologies, including the adoption of automation, robotics, simulation, and other digital capabilities, have allowed manufacturers to reduce sources of error, optimize resources, and reduce patient risk.
近年來��,包括自動化�����、機器人、仿真和其他數(shù)字化能力在內(nèi)的制造技術(shù)進步�����,使制造商能夠減少錯誤來源�����、優(yōu)化資源并降低患者風險���。
FDA recognizes the potential for these technologies to provide significant benefits for enhancing the quality, availability, and safety of medical devices, and has undertaken several efforts to help foster the adoption and use of such technologies.
FDA 認識到這些技術(shù)在提升醫(yī)療器械質(zhì)量���、可及性和安全性方面具有顯著潛力,并已采取多項措施促進這些技術(shù)的采用和使用�����。
Specifically, FDA has engaged with stakeholders via the Medical Device Innovation Consortium (MDIC), site visits to medical device manufacturers, and benchmarking efforts with other industries (e.g., automotive, consumer electronics) to keep abreast of the latest technologies and to better understand stakeholders' challenges and opportunities for further advancement.
具體而言�����,F(xiàn)DA 通過醫(yī)療器械創(chuàng)新聯(lián)盟(MDIC)��、對醫(yī)療器械制造商的現(xiàn)場訪問以及與其他行業(yè)(如汽車���、消費電子)的對標工作���,與利益相關(guān)方保持溝通�����,以緊跟最新技術(shù)并更好地理解其在進一步推進中的挑戰(zhàn)與機遇��。
As part of these ongoing efforts, medical device manufacturers have expressed a desire for greater clarity regarding the Agency's expectations for software validation for computers and automated data processing systems used as part of production or the quality system.
在這些持續(xù)努力中�����,醫(yī)療器械制造商表示,希望 FDA 能更明確地說明其對用于生產(chǎn)或質(zhì)量系統(tǒng)的計算機和自動化數(shù)據(jù)處理系統(tǒng)的軟件驗證期望��。
Given the rapidly changing nature of software, manufacturers have also expressed a desire for a more iterative, agile approach for validation of computer software used as part of production or the quality system.
鑒于軟件變化迅速�����,制造商還希望采用更迭代���、更敏捷的方法來驗證用于生產(chǎn)或質(zhì)量系統(tǒng)的計算機軟件�����。
Traditionally, software validation has often been accomplished via software testing and other verification activities conducted at each stage of the software development life cycle.
傳統(tǒng)上���,軟件驗證通常通過在軟件開發(fā)生命周期的每個階段進行軟件測試和其他驗證活動來完成�����。
However, as explained in FDA's Software Validation guidance, software testing alone is often insufficient to establish confidence that the software is fit for its intended use.
然而���,正如 FDA 的《軟件驗證指南》中所述,僅依靠軟件測試往往不足以建立對軟件適用于其預(yù)期用途的信心�����。
Instead, the Software Validation guidance recommends that "software quality assurance" focus on preventing the introduction of defects into the software development process, and it encourages use of a risk-based approach for establishing confidence that software is fit for its intended use.
相反��,《軟件驗證指南》建議“軟件質(zhì)量保證”應(yīng)專注于防止在軟件開發(fā)過程中引入缺陷��,并鼓勵采用基于風險的方法來建立對軟件適用于其預(yù)期用途的信心��。
FDA believes that applying a risk-based approach to computer software used as part of production or the quality system would better focus manufacturers' quality assurance activities to help ensure product quality while helping to fulfill validation requirements.
FDA 認為���,對用于生產(chǎn)或質(zhì)量系統(tǒng)的計算機軟件采用基于風險的方法�����,將有助于制造商更有針對性地開展質(zhì)量保證活動�����,在確保產(chǎn)品質(zhì)量的同時��,幫助滿足驗證要求���。
For these reasons, FDA is providing recommendations on computer software assurance for computers and automated data processing systems used as part of medical device production or the quality system.
因此�����,F(xiàn)DA 就用于醫(yī)療器械生產(chǎn)或質(zhì)量系統(tǒng)的計算機和自動化數(shù)據(jù)處理系統(tǒng)的計算機軟件保障提供建議���。
FDA believes that these recommendations will help foster the adoption and use of innovative technologies that promote patient access to high-quality medical devices and help manufacturers to keep pace with the dynamic, rapidly changing technology landscape, while promoting compliance with laws and regulations implemented by FDA.
FDA 相信��,這些建議將有助于促進創(chuàng)新技術(shù)的采用和使用���,使患者能夠獲得高質(zhì)量的醫(yī)療器械���,并幫助制造商跟上動態(tài)、快速變化的技術(shù)環(huán)境��,同時促進遵守 FDA 實施的法律法規(guī)。
III. Scope .....................................................................................................6
III. 范圍...............................................................................................................6
This guidance provides recommendations regarding computer software assurance for computers or automated data processing systems used as part of production or the quality system for medical devices.
本指南為用于醫(yī)療器械生產(chǎn)或質(zhì)量系統(tǒng)的計算機或自動化數(shù)據(jù)處理系統(tǒng)提供計算機軟件保障方面的建議��。
This guidance is not intended to provide a complete description of all software validation principles. FDA has previously outlined principles for software validation, including managing changes as part of the software life cycle, in FDA's Software Validation guidance. This guidance applies the risk-based approach to software validation discussed in the Software Validation guidance to production or quality system software. This guidance additionally discusses specific risk considerations, acceptable testing methods, and efficient generation of objective evidence for production or quality system software through the life cycle of the medical device.
本指南并不旨在對所有軟件驗證原則進行完整描述�����。FDA此前已在《軟件驗證指南》中概述了軟件驗證原則�����,包括將變更管理作為軟件生命周期的一部分��。本指南將《軟件驗證指南》中討論的基于風險的軟件驗證方法應(yīng)用于生產(chǎn)或質(zhì)量系統(tǒng)軟件�����。本指南進一步討論了特定風險考慮��、可接受的測試方法���,以及在醫(yī)療器械整個生命周期內(nèi)為生產(chǎn)或質(zhì)量系統(tǒng)軟件高效生成客觀證據(jù)的方法���。
This guidance does not provide recommendations for the design verification or validation requirements for device software functions, which are software functions that meet the definition of a device under section 201(h) of the Federal Food, Drug, and Cosmetic Act (FD&C Act). For more information regarding FDA's recommendations for the validation of medical device software, see the Software Validation guidance.
本指南不為器械軟件功能(即符合《聯(lián)邦食品、藥品和化妝品法》(FD&C Act)第201(h)條所定義器械的軟件功能)的設(shè)計驗證或確認要求提供建議��。有關(guān)FDA對醫(yī)療器械軟件驗證的建議,請參見《軟件驗證指南》���。
IV. Definitions .................................................................................................7
IV. 定義.............................................................................................................7
Note: The following definitions apply for the purposes of this guidance. Some definitions originate from other FDA sources (e.g., Software Validation guidance) and are applicable in those instances.
注:以下定義適用于本指南���。部分定義源自其他FDA文件(如《軟件驗證指南》),并在相應(yīng)情況下適用�����。
Cloud Computing (Cloud): Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.
云計算(云): 云計算是一種模式�����,用于實現(xiàn)無處不在���、便捷��、按需的網(wǎng)絡(luò)訪問�����,可訪問共享的可配置計算資源池(如網(wǎng)絡(luò)、服務(wù)器��、存儲、應(yīng)用程序和服務(wù))��,這些資源可以快速配置和釋放��,且管理開銷或服務(wù)提供商交互最小�����。
This cloud model is composed of five essential characteristics: on-demand self-service, broad network access, resource pooling, rapid elasticity, and measured service. The cloud is composed of three service models: Software as a Service (SaaS), Platform as a Service (PaaS), and Infrastructure as a Service (IaaS). The cloud model is also composed of four deployment models: private cloud, community cloud, public cloud, and hybrid cloud.
該云模式由五個基本特征組成:按需自助服務(wù)�����、廣泛的網(wǎng)絡(luò)訪問�����、資源池化��、快速彈性和可計量服務(wù)��。云由三種服務(wù)模式組成:軟件即服務(wù)(SaaS)���、平臺即服務(wù)(PaaS)和基礎(chǔ)設(shè)施即服務(wù)(IaaS)���。云還包括四種部署模式:私有云���、社區(qū)云��、公有云和混合云���。
Infrastructure as a Service (IaaS): The capability provided to the consumer is to provision processing, storage, networks, and other fundamental computing resources where the consumer is able to deploy and run arbitrary software, which can include operating systems and applications. The consumer does not manage or control the underlying cloud infrastructure but has control over operating systems, storage, and deployed applications; and possibly limited control of select networking components (e.g., host firewalls).
基礎(chǔ)設(shè)施即服務(wù)(IaaS): 向消費者提供的能力是配置處理���、存儲��、網(wǎng)絡(luò)和其他基本計算資源��,消費者可在此之上部署和運行任意軟件,包括操作系統(tǒng)和應(yīng)用程序�����。消費者不管理或控制底層云基礎(chǔ)設(shè)施���,但可控制操作系統(tǒng)��、存儲和已部署的應(yīng)用程序���,并可能對部分網(wǎng)絡(luò)組件(如主機防火墻)有有限控制權(quán)。
Platform as a Service (PaaS): The capability provided to the consumer is to deploy onto the cloud infrastructure consumer-created or acquired applications created using programming languages, libraries, services, and tools supported by the provider. The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, or storage, but has control over the deployed applications and possibly configuration settings for the application-hosting environment.
平臺即服務(wù)(PaaS): 向消費者提供的能力是將消費者創(chuàng)建或獲取的應(yīng)用程序部署到云基礎(chǔ)設(shè)施上��,這些應(yīng)用程序使用提供商支持的編程語言���、庫�����、服務(wù)和工具編寫���。消費者不管理或控制底層云基礎(chǔ)設(shè)施(包括網(wǎng)絡(luò)、服務(wù)器��、操作系統(tǒng)或存儲)���,但可控制已部署的應(yīng)用程序���,并可能對應(yīng)用程序托管環(huán)境的配置設(shè)置有控制權(quán)���。
Software as a Service (SaaS): The capability provided to the consumer is to use the provider's applications running on a cloud infrastructure. The applications are accessible from various client devices through either a thin client interface, such as a web browser (e.g., email), or a program interface. The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, storage, or even individual application capabilities, with the possible exception of limited user-specific application configuration settings.
軟件即服務(wù)(SaaS): 向消費者提供的能力是使用提供商在云基礎(chǔ)設(shè)施上運行的應(yīng)用程序。這些應(yīng)用程序可通過各種客戶端設(shè)備訪問���,例如通過瘦客戶端界面(如網(wǎng)頁瀏覽器��,如電子郵件)或程序接口��。消費者不管理或控制底層云基礎(chǔ)設(shè)施(包括網(wǎng)絡(luò)���、服務(wù)器、操作系統(tǒng)�����、存儲��,甚至單個應(yīng)用程序功能)��,可能僅對有限的用戶特定應(yīng)用程序配置設(shè)置有控制權(quán)���。
V. Computer Software Assurance ..................................................................8
V. 計算機軟件保障..............................................................................................8
Computer software assurance is a risk-based approach for establishing and maintaining confidence that software is fit for its intended use.
計算機軟件保障是一種基于風險的方法�����,用于建立并維持對軟件適用于其預(yù)期用途的信心�����。
This approach considers the risk of compromised safety and/or quality of the device (should the software fail to perform as intended) to determine the level of assurance effort and activities appropriate to establish confidence in the software.
該方法考慮了軟件未能按預(yù)期運行時可能對器械安全性和/或質(zhì)量造成的風險��,以確定建立軟件信心所需的保障工作和活動的適當水平��。
Because the computer software assurance effort is risk-based, it follows a least-burdensome approach, where the burden of validation is no more than necessary to address the risk.
由于計算機軟件保障工作基于風險�����,因此遵循最小負擔原則�����,即驗證負擔不超過應(yīng)對風險所必需的程度�����。
Such an approach supports the efficient use of resources, in turn promoting product quality.
這種方法支持資源的高效利用�����,從而促進產(chǎn)品質(zhì)量��。
In addition, computer software assurance establishes and maintains that the software used in production or the quality system is in a state of control throughout its life cycle ("validated state").
此外��,計算機軟件保障確保用于生產(chǎn)或質(zhì)量系統(tǒng)的軟件在其整個生命周期內(nèi)處于受控狀態(tài)(即“已驗證狀態(tài)”)���。
This is important because manufacturers increasingly rely on computers and automated processing systems to monitor and operate production, alert responsible personnel, and transfer and analyze production data, among other uses.
這一點很重要���,因為醫(yī)藥廠家越來越依賴計算機和自動化處理系統(tǒng)來監(jiān)控和操作生產(chǎn)、提醒相關(guān)人員���、傳輸和分析生產(chǎn)數(shù)據(jù)等��。
By allowing manufacturers to leverage principles such as risk-based testing, unscripted testing, continuous performance monitoring, and data monitoring, as well as validation activities performed by other entities (e.g., developers, suppliers, cloud service providers), the computer software assurance approach provides flexibility and agility in helping to provide assurance that the software maintains a validated state consistent with applicable quality system obligations.
通過允許制造商利用基于風險的測試�����、非腳本化測試��、持續(xù)性能監(jiān)控和數(shù)據(jù)監(jiān)控等原則�����,以及由其他實體(如開發(fā)者��、供應(yīng)商���、云服務(wù)提供商)執(zhí)行的驗證活動�����,計算機軟件保障方法在確保軟件保持與適用質(zhì)量體系義務(wù)一致的驗證狀態(tài)方面提供了靈活性和敏捷性�����。
Software that is fit for its intended use and that maintains a validated state should perform as intended, helping to ensure that finished devices will be safe and effective and in compliance with regulatory requirements (see 21 CFR 820.1(a)(1)).
適用于其預(yù)期用途并保持驗證狀態(tài)的軟件應(yīng)按預(yù)期運行,有助于確保成品器械安全有效�����,并符合法規(guī)要求(見21 CFR 820.1(a)(1))��。Section V outlines a risk-based framework for computer software assurance.第V節(jié)概述了計算機軟件保障的基于風險的框架��。
A. Computer Software Assurance Risk Framework ........................................8
A. 計算機軟件保障風險框架................................................................................8
The following approach is intended to help manufacturers establish a risk-based framework for computer software assurance throughout the software's life cycle. The approach outlined can be applied, but is not limited, to automation tools (e.g., BOTS or automatic workflows), data analytic tools, artificial intelligence/machine learning tools, and cloud computing when used as part of production or the quality system.
以下方法旨在幫助制造商在軟件的整個生命周期內(nèi)建立基于風險的計算機軟件保障框架�����。所述方法可應(yīng)用于(但不限于)自動化工具(如機器人或自動工作流)�����、數(shù)據(jù)分析工具��、人工智能/機器學(xué)習工具以及在用于生產(chǎn)或質(zhì)量系統(tǒng)時的云計算�����。
Examples of applying this risk framework to various computer software assurance situations are provided in Appendix A.
本附錄 A 提供了將該風險框架應(yīng)用于各種計算機軟件保障情境的示例�����。
(1) Identifying the Intended Use ...................................................................9
(1) 識別預(yù)期用途........................................................................................9
The regulation requires manufacturers to validate software that is used as part of production or the quality system for its intended use (see 21CFR 820.70(i)). This includes various cloud computing models related to computerized systems, such as IaaS, PaaS, and SaaS.
法規(guī)要求制造商驗證用于生產(chǎn)或質(zhì)量系統(tǒng)的軟件是否適用于其預(yù)期用途(見21CFR 820.70(i))�����。這包括與計算機化系統(tǒng)相關(guān)的各種云計算模式�����,如IaaS、PaaS和SaaS���。
To determine whether the requirement for validation applies, manufacturers must determine whether the software is or will be used as part of production or the quality system (whether directly or to support production or the quality system).
為確定是否適用驗證要求�����,制造商必須確定該軟件是否正在或?qū)⒈挥糜谏a(chǎn)或質(zhì)量系統(tǒng)(無論是直接用于還是支持生產(chǎn)或質(zhì)量系統(tǒng))���。
Software with the following intended uses is considered to be used directly as part of production or the quality system:
具有以下預(yù)期用途的軟件被視為直接用于生產(chǎn)或質(zhì)量系統(tǒng)的一部分:
Software intended for automating production processes, inspection, testing, or the collection and processing of production data; and
用于自動化生產(chǎn)過程��、檢驗��、測試或生產(chǎn)數(shù)據(jù)收集和處理的軟件�����;以及
Software intended for automating quality system processes, collection and processing of quality system data, or maintaining a quality record established under applicable quality system obligations.
用于自動化質(zhì)量體系過程���、質(zhì)量體系數(shù)據(jù)收集和處理,或維護根據(jù)適用質(zhì)量體系義務(wù)建立的質(zhì)量記錄的軟件。
Software with the following intended uses is considered to be used to support production or the quality system:
具有以下預(yù)期用途的軟件被視為支持生產(chǎn)或質(zhì)量系統(tǒng):
Software intended for use as development tools that test or monitor software systems or that automate testing activities for the software used as part of production or the quality system; and
用作開發(fā)工具的軟件�����,用于測試或監(jiān)控系統(tǒng)��,或為用于生產(chǎn)或質(zhì)量系統(tǒng)的軟件自動執(zhí)行測試活動�����;以及
Software intended for automating general record-keeping for production or the quality system that is not part of the quality record.
用于自動化生產(chǎn)或質(zhì)量系統(tǒng)的一般記錄保存�����,且該記錄不屬于質(zhì)量記錄部分的軟件���。
Both kinds of software are used as part of production or the quality system and must be validated under 21CFR 820.70(i).
上述兩類軟件均作為生產(chǎn)或質(zhì)量系統(tǒng)的一部分使用,必須根據(jù)21CFR 820.70(i)進行驗證�����。
On the other hand, software with the following intended uses generally is not considered to be used as part of production or the quality system, such that the requirement for validation in 21 CFR 820.70(i) would not apply:
另一方面���,具有以下預(yù)期用途的軟件通常不被視為用于生產(chǎn)或質(zhì)量系統(tǒng)的一部分�����,因此不適用21 CFR 820.70(i)中的驗證要求:
Software intended for management of general business processes or operations not specific to production or the quality system, such as email or accounting applications; and
用于管理非特定于生產(chǎn)或質(zhì)量體系的一般業(yè)務(wù)流程或操作的軟件���,例如電子郵件或會計應(yīng)用程序;以及
Software intended for establishing or supporting infrastructure not specific to production or the quality system, such as networking, user authentication, or continuity of operations (e.g., backup and restore).
用于建立或支持非特定于生產(chǎn)或質(zhì)量體系的基礎(chǔ)設(shè)施��,例如網(wǎng)絡(luò)���、用戶身份驗證或業(yè)務(wù)連續(xù)性(如備份和恢復(fù))的軟件��。
FDA recommends manufacturers focus on the intended use of the software when considering cloud computing models, as not all cloud computing models are "directly" used as part of production or the quality system.
FDA建議制造商在考慮云計算模式時��,重點關(guān)注軟件的預(yù)期用途�����,因為并非所有云計算模式都被“直接”用于生產(chǎn)或質(zhì)量系統(tǒng)��。
For example, an IaaS cloud storage solution falls into the category of infrastructure, but may be used to store quality records established under applicable quality system obligations, in which case the IaaS cloud storage solution would be considered to be used directly as part of production or the quality system.
例如���,IaaS云存儲解決方案屬于基礎(chǔ)設(shè)施類別��,但可用于存儲根據(jù)適用質(zhì)量體系義務(wù)建立的質(zhì)量記錄���,在此情況下,IaaS云存儲解決方案將被視為直接用于生產(chǎn)或質(zhì)量系統(tǒng)的一部分�����。
In this example, FDA recommends manufacturers focus the assurance effort on the features or functions relevant to the integrity of the records and 21 CFR Part 11 requirements applicable to the records intended to be stored.
在此示例中�����,F(xiàn)DA建議制造商將保障工作重點放在與記錄完整性相關(guān)的功能或特性上���,以及適用于擬存儲記錄的21 CFR第11部分要求���。
Conversely, an IaaS cloud storage solution may support infrastructure to store production and process data; this would not be considered an established quality system record.
相反,IaaS云存儲解決方案可能支持用于存儲生產(chǎn)和過程數(shù)據(jù)的基礎(chǔ)設(shè)施�����;這不被視為已建立的質(zhì)量體系記錄��。
In this example, the IaaS cloud storage solution does not support production or the quality system, and the requirement for validation in 21 CFR 820.70(i) would not apply.
在此示例中,IaaS云存儲解決方案不支持生產(chǎn)或質(zhì)量系統(tǒng)��,因此不適用21 CFR 820.70(i)的驗證要求�����。
When storage of data in the cloud is independent of whether or not the data is part of the quality record, it is the manufacturer's obligation to determine what the appropriate level of risk is for that application.
當云中的數(shù)據(jù)存儲與數(shù)據(jù)是否屬于質(zhì)量記錄無關(guān)時���,制造商有責任確定該應(yīng)用程序的適當風險水平。
Manufacturers may consider a least-burdensome approach to assuring the IaaS cloud storage solution is adequate for their business.
制造商可考慮采用最小負擔的方法來確保IaaS云存儲解決方案足以滿足其業(yè)務(wù)需求���。
FDA recognizes that software used in production or the quality system is often complex and comprised of multiple features, functions, and operations; software may have one or more intended uses depending on the individual features, functions, and operations of that software.
FDA認識到���,用于生產(chǎn)或質(zhì)量系統(tǒng)的軟件通常較為復(fù)雜,由多個特性��、功能和操作組成���;根據(jù)軟件的具體特性��、功能和操作���,軟件可能具有一個或多個預(yù)期用途。
In cases where the individual features, functions, and operations of the software have different roles within production or the quality system, they may present different risks with different levels of validation effort.
在軟件的各個特性、功能和操作在生產(chǎn)或質(zhì)量系統(tǒng)中承擔不同角色的情況下��,它們可能帶來不同的風險��,并需要不同程度的驗證工作�����。
FDA recommends that manufacturers examine the intended uses of the individual features, functions, and operations to facilitate development of a risk-based assurance strategy.
FDA建議制造商審查各個特性���、功能和操作的預(yù)期用途�����,以促進制定基于風險的保障策略��。
Manufacturers may decide to conduct different assurance activities for individual features, functions, or operations as related to the intended use.
制造商可決定針對與預(yù)期用途相關(guān)的各個特性�����、功能或操作�����,開展不同的保障活動�����。
For example, a commercial off-the-shelf (COTS) spreadsheet software may be comprised of various functions with different intended uses.
例如��,一款商用現(xiàn)成(COTS)電子表格軟件可能由具有不同預(yù)期用途的多種功能組成��。
When utilizing the basic input functions of the COTS spreadsheet software for an intended use of documenting the time and temperature readings for a curing process, a manufacturer may not need to perform additional assurance activities beyond those conducted by the COTS software developer and initial installation and configuration.
當將COTS電子表格軟件的基本輸入功能用于記錄固化過程的時間和溫度讀數(shù)時�����,制造商可能無需開展超出COTS軟件開發(fā)商已完成的初始安裝和配置之外的額外保障活動��。
The intended use of the software, "documenting readings," only supports maintaining a record of the process information and poses a low process risk.
該軟件的預(yù)期用途“記錄讀數(shù)”僅用于維護過程信息的記錄��,構(gòu)成較低的過程風險���。
As such, initial activities such as the successful vendor assessment and software installation and configuration may be sufficient to establish that the software is fit for its intended use and maintains a validated state.
因此,成功的供應(yīng)商評估以及軟件的安裝和配置等初始活動���,可能足以確立軟件適用于其預(yù)期用途并保持驗證狀態(tài)�����。
However, if a manufacturer also utilizes built-in functions of the COTS spreadsheet to create custom formulas that are directly used in production or the quality system, then additional risks and data integrity considerations may be present.
然而��,如果制造商還利用COTS電子表格的內(nèi)置功能創(chuàng)建直接用于生產(chǎn)或質(zhì)量系統(tǒng)的自定義公式�����,則可能存在額外的風險和數(shù)據(jù)完整性考慮�����。
For example, if a custom formula automatically calculates time and temperature statistics to monitor the performance and suitability of the curing process, then additional validation by the manufacturer might be necessary.
例如�����,如果某個自定義公式自動計算時間和溫度統(tǒng)計數(shù)據(jù)以監(jiān)控固化過程的性能和適用性���,則可能需要制造商進行額外的驗證��。
For the purposes of this guidance, we describe and recommend a computer software assurance framework where manufacturers examine the intended uses of the individual features, functions, or operations of the software.
就本指南而言���,我們描述并推薦一種計算機軟件保障框架,制造商在該框架下審查軟件的各個特性���、功能或操作的預(yù)期用途��。
However, in simple cases where software has only one intended use (e.g., if all of the features, functions, and operations within the software share the same intended use), manufacturers may not find it helpful to examine each feature, function, and operation individually.
然而���,在軟件僅有一個預(yù)期用途的簡單情況下(例如���,軟件內(nèi)的所有特性、功能和操作共享相同的預(yù)期用途)�����,制造商可能認為逐一審查每個特性��、功能和操作并無幫助��。
In such cases, manufacturers may develop a risk-based approach and consider assurance activities based on the intended use of the software overall.
在此類情況下���,制造商可制定基于風險的方法,并基于軟件整體的預(yù)期用途考慮保障活動���。
FDA recommends that manufacturers document their decision-making process for determining whether a software feature, function, or operation is or will be used as part of production or the quality system through their quality management system.
FDA建議制造商通過其質(zhì)量管理體系��,記錄其確定某個軟件特性���、功能或操作是否正在或?qū)⒈挥糜谏a(chǎn)或質(zhì)量系統(tǒng)的決策過程。
(2) Determining the Risk-Based Approach ..................................................11
(2) 確定基于風險的方法......................................................................11
Once a manufacturer has determined that a software feature, function, or operation is or will be used as part of production or the quality system, FDA recommends using a risk-based analysis to determine appropriate assurance activities.
一旦制造商確定某個軟件特性�����、功能或操作正在或?qū)⒈挥糜谏a(chǎn)或質(zhì)量系統(tǒng),F(xiàn)DA建議采用基于風險的分析來確定適當?shù)谋U匣顒印?/span>
Broadly, this risk-based approach entails systematically identifying reasonably foreseeable software failures, determining whether such a failure poses a high process risk, and systematically selecting and performing assurance activities commensurate with the medical device or process risk, as applicable.
總體而言�����,這種基于風險的方法包括:系統(tǒng)地識別合理可預(yù)見的軟件故障��,確定此類故障是否構(gòu)成高過程風險���,并系統(tǒng)地選擇和執(zhí)行與醫(yī)療器械或過程風險相稱的保障活動���。
Manufacturers should select an appropriate frequency for performing assurance activities based on their risk-based analysis and accounting for their processes and procedures, as appropriate for the software and assurance activities being performed.
制造商應(yīng)根據(jù)其基于風險的分析,并結(jié)合其過程和程序���,為所執(zhí)行的軟件和保障活動選擇適當?shù)膱?zhí)行頻率�����。
Note that conducting a risk-based analysis for computer software assurance for production or quality system software, as described in this guidance, is distinct from performing a risk analysis for a medical device as described in ISO 14971:2019.
請注意�����,本指南所述的針對生產(chǎn)或質(zhì)量系統(tǒng)軟件的計算機軟件保障的風險分析�����,不同于ISO 14971:2019中描述的醫(yī)療器械風險分析���。
The risk-based analysis for production or quality system software focuses on
那些可能影響或阻止軟件按預(yù)期運行的因素�����,如系統(tǒng)配置和管理���、系統(tǒng)安全性、數(shù)據(jù)完整性���、數(shù)據(jù)存儲���、數(shù)據(jù)傳輸或操作錯誤。
生產(chǎn)或質(zhì)量系統(tǒng)軟件的基于風險的分析聚焦于可能影響或阻止軟件按預(yù)期運行的因素�����,例如系統(tǒng)配置與管理�����、系統(tǒng)安全性���、數(shù)據(jù)完整性��、數(shù)據(jù)存儲��、數(shù)據(jù)傳輸或操作錯誤�����。
A risk-based analysis for production or quality system software should consider which failures are reasonably foreseeable (as opposed to likely) and the risks resulting from each such failure.
對生產(chǎn)或質(zhì)量系統(tǒng)軟件的基于風險的分析應(yīng)考慮哪些故障是合理可預(yù)見的(而非可能發(fā)生)��,以及每種故障所帶來的風險�����。
For example, in a risk-based analysis a manufacturer may consider the risks resulting from a power outage, which may not be likely to occur but is reasonably foreseeable to occur over the life cycle of a production or quality system.
例如���,在基于風險的分析中,制造商可考慮停電帶來的風險�����,停電可能不太可能發(fā)生��,但在生產(chǎn)或質(zhì)量系統(tǒng)的生命周期內(nèi)是合理可預(yù)見的。
This guidance discusses both process risks and medical device risks. A process risk refers to the potential to compromise production or the quality system. A medical device risk refers to the potential for a device to harm the patient or user.
本指南討論了過程風險和醫(yī)療器械風險���。過程風險指對生產(chǎn)或質(zhì)量系統(tǒng)造成損害的潛在可能性��。醫(yī)療器械風險指器械對患者或用戶造成傷害的潛在可能性���。
When discussing medical device risks, this guidance focuses on the medical device risk resulting from a quality problem that compromises safety.
在討論醫(yī)療器械風險時,本指南聚焦于因質(zhì)量問題導(dǎo)致安全性受損而產(chǎn)生的醫(yī)療器械風險���。
Specifically, FDA considers a software feature, function, or operation to pose a high process risk when its failure to perform as intended may result in a quality problem that foreseeably compromises safety, meaning a medical device risk.
具體而言���,當某個軟件特性、功能或操作未能按預(yù)期運行可能導(dǎo)致質(zhì)量問題��,從而可預(yù)見地損害安全性(即醫(yī)療器械風險)時�����,F(xiàn)DA認為其構(gòu)成高過程風險�����。
This process risk identification step focuses only on the process, as opposed to the medical device risk posed to the patient or user.
此過程風險識別步驟僅聚焦于過程本身��,而非對患者或用戶構(gòu)成的醫(yī)療器械風險�����。
Examples of software features, functions, or operations that are generally high process risk are those that:
通常屬于高過程風險的軟件特性���、功能或操作包括:
Maintain process parameters (e.g., temperature, pressure, or humidity) that affect the physical properties of product or manufacturing processes identified as essential to device safety;
維護影響產(chǎn)品物理特性或制造過程的過程參數(shù)(如溫度�����、壓力或濕度)�����,且這些參數(shù)被確定為對器械安全至關(guān)重要�����;
Measure, inspect, analyze and/or determine acceptability of product or process with limited or no additional human awareness or review;
在幾乎或完全無需人工意識或?qū)彶榈那闆r下���,測量��、檢驗�����、分析和/或確定產(chǎn)品或過程的可接受性��;
Perform process corrections or adjustments of process parameters based on data monitoring or automated feedback from other process steps without additional human awareness or review;
在幾乎或完全無需人工意識或?qū)彶榈那闆r下�����,根據(jù)數(shù)據(jù)監(jiān)控或其他過程步驟的自動反饋執(zhí)行過程糾正或?qū)^程參數(shù)進行調(diào)整�����;
Produce instructions for use or other labeling provided to patients and users that are necessary for safe operation of the medical device; and/or
生成提供給患者和用戶的使用說明或其他標簽�����,這些對于醫(yī)療器械的安全操作是必需的�����;和/或
Automate surveillance, trending, or tracking of data that the manufacturer identifies as essential to device safety (e.g., cybersecurity).
自動化監(jiān)控���、趨勢分析或跟蹤制造商確定為對器械安全至關(guān)重要的數(shù)據(jù)(如網(wǎng)絡(luò)安全)���。
In contrast, FDA considers a software feature, function, or operation not to pose a high process risk when its failure to perform as intended would not result in a quality problem that foreseeably compromises safety.
相反�����,當某個軟件特性、功能或操作未能按預(yù)期運行不會導(dǎo)致可預(yù)見地損害安全性的質(zhì)量問題�����,F(xiàn)DA認為其不構(gòu)成高過程風險��。
This includes situations where failure to perform as intended would not result in a quality problem, as well as situations where failure may result in a quality problem that does not foreseeably lead to compromised safety.
這包括未能按預(yù)期運行不會導(dǎo)致質(zhì)量問題的情況�����,以及可能導(dǎo)致質(zhì)量問題但不會可預(yù)見地導(dǎo)致安全性受損的情況�����。
Examples of software features, functions, or operations that generally are not high process risk include those that:
通常不屬于高過程風險的軟件特性���、功能或操作包括:
Collect and record data from the process for monitoring and review purposes that do not have a direct impact on production or process performance;
為監(jiān)控和審查目的收集和記錄過程數(shù)據(jù)�����,且對生產(chǎn)或過程性能無直接影響�����;
Are used as part of the quality system for Corrective and Preventive Actions (CAPA) routing, automated logging/tracking of complaints, automated change control management, or automated procedure management;
用作質(zhì)量體系的一部分��,用于糾正和預(yù)防措施(CAPA)流轉(zhuǎn)�����、投訴的自動記錄/跟蹤���、自動變更控制管理或自動程序管理���;
Are intended to manage data (process, store, and/or organize data), automate an existing calculation, increase process monitoring, or provide alerts relevant to managing data when an exception occurs in an established process; and/or
旨在管理數(shù)據(jù)(處理、存儲和/或組織數(shù)據(jù))��、自動化現(xiàn)有計算��、增強過程監(jiān)控或在已建立過程中發(fā)生異常時提供與數(shù)據(jù)管理相關(guān)的警報���;和/或
Are used to support production or the quality system, as explained in Section V.A.1.
如第V.A.1節(jié)所述�����,用于支持生產(chǎn)或質(zhì)量系統(tǒng)��。
FDA acknowledges that process risks associated with software used as part of production or the quality system are on a spectrum, ranging from high process risk to low process risk.
FDA承認���,用于生產(chǎn)或質(zhì)量系統(tǒng)的軟件相關(guān)過程風險處于一個范圍內(nèi)���,從高過程風險到低過程風險。
Manufacturers should determine the risk of each software feature, function, or operation as the risk falls on that spectrum, depending on the intended use of the software.
制造商應(yīng)根據(jù)軟件的預(yù)期用途��,確定每個軟件特性���、功能或操作在該風險范圍內(nèi)的風險水平。
FDA is primarily concerned with the review and assurance for those software features, functions, and operations that are high process risk because a failure also poses a medical device risk.
FDA主要關(guān)注對那些構(gòu)成高過程風險的軟件特性��、功能和操作的審查和保障���,因為其故障也會構(gòu)成醫(yī)療器械風險�����。
For the purposes of this guidance, FDA presents the process risks in a binary manner, "high process risk" and "not high process risk."
就本指南而言�����,F(xiàn)DA以二元方式呈現(xiàn)過程風險���,即“高過程風險”和“非高過程風險”��。
A manufacturer may still determine that a process risk is, for example, "moderate," "intermediate," or even "low" for purposes of determining assurance activities; in such a case, the portions of this guidance concerning "not high process risk" would apply.
制造商仍可判定某一過程風險為“中等”��、“中等偏低”或甚至“低”�����,以用于確定保障活動���;在此情況下,本指南中關(guān)于“非高過程風險”的部分將適用���。
As discussed in Section V.A.4 below, assurance activities should be conducted for software that is "high process risk" commensurate with the medical device risk and "not high process risk" commensurate with the process risk.
如下文第V.A.4節(jié)所述�����,對“高過程風險”軟件應(yīng)開展與其醫(yī)療器械風險相稱的保障活動��,對“非高過程風險”軟件應(yīng)開展與其過程風險相稱的保障活動���。
Example: An Enterprise Resource Planning (ERP) Management system contains a feature that automates manufacturing material restocking.示例:某企業(yè)資源計劃(ERP)管理系統(tǒng)中有一項功能,可自動進行生產(chǎn)物料補貨��。
This feature automates material ordering and delivery to appropriate production operations.
該功能可自動將物料訂購并交付至相應(yīng)的生產(chǎn)環(huán)節(jié)。
However, a qualified person checks the materials before their use in production.
然而���,在生產(chǎn)使用前��,會有合格人員對物料進行檢查��。
The failure of this feature to perform as intended may result in a mix-up in restocking and delivery, which would be a quality problem because the wrong materials would be restocked and delivered.
如果該功能未按預(yù)期運行��,可能導(dǎo)致補貨和交付錯誤�����,從而引發(fā)質(zhì)量問題,因為錯誤的物料將被補貨和交付���。
However, the delivery of the wrong materials to the qualified person should result in the rejection of those materials before use in production; as such, the quality problem should not foreseeably lead to compromised safety.
然而��,錯誤物料交付給合格人員后���,應(yīng)在使用前被拒絕,因此該質(zhì)量問題不會可預(yù)見地導(dǎo)致安全性受損���。
The manufacturer identifies this as an intermediate (not high) process risk and determines assurance activities commensurate with the process risk.
制造商將其識別為中等(非高)過程風險�����,并確定與過程風險相稱的保障活動��。
The manufacturer has performed an evaluation of the ERP vendor, the ERP system information, and has configured the ERP system for its operations.
制造商已評估ERP供應(yīng)商�����、ERP系統(tǒng)信息���,并為其運營配置了ERP系統(tǒng)�����。
The manufacturer implements any remaining assurance activities associated with the material order and delivery automation.
制造商實施了與物料訂購和交付自動化相關(guān)的剩余保障活動���。
Example: A similar feature in another ERP management system performs the same tasks as in the previous example except that it also automates checking the materials before their use in production.
示例:另一ERP管理系統(tǒng)中的類似功能執(zhí)行與前述相同的任務(wù),此外還可在生產(chǎn)使用前自動檢查物料��。
A qualified person does not check the material first.
合格人員不再先行檢查物料��。
The manufacturer identifies this as a high process risk because the failure of the feature to perform as intended may result in a quality problem that foreseeably compromises safety.
制造商將其識別為高過程風險��,因為該功能未按預(yù)期運行可能導(dǎo)致質(zhì)量問題��,從而可預(yù)見地損害安全性。
As such, the manufacturer will determine assurance activities that are commensurate with the related medical device risk.
因此�����,制造商將確定與相關(guān)醫(yī)療器械風險相稱的保障活動��。
The manufacturer has previously performed assurance activities on the material identification data system, the automated material scanning systems (barcode scanners), evaluated the ERP vendor/information, and has configured the ERP system for their operations.
制造商此前已對物料識別數(shù)據(jù)系統(tǒng)��、自動化物料掃描系統(tǒng)(條碼掃描器)執(zhí)行保障活動�����,評估了ERP供應(yīng)商/信息�����,并為其運營配置了ERP系統(tǒng)�����。
The manufacturer implements any remaining assurance activities associated with the ordering and delivery automation.
制造商實施了與訂購和交付自動化相關(guān)的剩余保障活動���。
Example: An ERP management system contains a feature to automate product delivery.
示例:某ERP管理系統(tǒng)中有一項功能,可自動進行產(chǎn)品交付�����。
The medical device risk depends upon, among other factors, the correct product being delivered to the device user.
醫(yī)療器械風險取決于多個因素,其中包括是否將正確的產(chǎn)品交付給器械用戶�����。
A failure of this feature to perform as intended may result in a delivery mix-up, which would be a quality problem that foreseeably compromises safety; as such, the manufacturer identifies this as a high process risk.
如果該功能未按預(yù)期運行���,可能導(dǎo)致交付錯誤���,這將是一個可預(yù)見地損害安全性的質(zhì)量問題;因此�����,制造商將其識別為高過程風險��。
Since the failure would compromise safety, the manufacturer will next determine the related increase in medical device risk and identify the assurance activities that are commensurate with the medical device risk.
由于該故障將損害安全性��,制造商接下來將確定相關(guān)醫(yī)療器械風險的增加�����,并識別與醫(yī)療器械風險相稱的保障活動。
In this case, the manufacturer has not already implemented any of the identified assurance activities, so the manufacturer implements all of the assurance activities identified in the analysis.
在此情況下���,制造商尚未實施任何已識別的保障活動�����,因此其實施了分析中識別的所有保障活動�����。
Example: An automated graphical user interface (GUI) function in the production software is used for developing test scripts based on user interactions and to automate future testing of modifications to the user interface of a system used in production.
示例:生產(chǎn)軟件中的自動化圖形用戶界面(GUI)功能用于基于用戶交互開發(fā)測試腳本���,并自動化未來對生產(chǎn)系統(tǒng)用戶界面修改的測試。
A failure of this GUI function to perform as intended may result in implementation disruptions and software updates to the production system being delayed, but in this case, these errors should not foreseeably lead to compromised safety because the GUI function operates in a separate test environment.
如果該GUI功能未按預(yù)期運行��,可能導(dǎo)致實施中斷和生產(chǎn)系統(tǒng)軟件更新延遲���,但在此情況下��,這些錯誤不會可預(yù)見地導(dǎo)致安全性受損���,因為GUI功能在獨立的測試環(huán)境中運行���。
The manufacturer identifies this as a low (not high) process risk and determines assurance activities that are commensurate with the process risk.
制造商將其識別為低(非高)過程風險���,并確定與過程風險相稱的保障活動��。
The manufacturer already undertakes some of those identified assurance activities so implements the remaining identified assurance activities.
制造商已執(zhí)行部分已識別的保障活動���,因此其實施了剩余已識別的保障活動。
(3) Production or Quality System Software Changes ................................14
(3) 生產(chǎn)或質(zhì)量體系軟件變更......................................................14
For devices with approved premarket approval applications (PMA) or humanitarian device exemptions (HDE), PMA/HDE supplements are not required for changes to the manufacturing procedure or method of manufacturing that do not affect the safety or effectiveness of the device if they are reported to FDA in a periodic report (usually referred to as an annual report).
對于已獲得上市前批準申請(PMA)或人道主義器械豁免(HDE)的器械�����,如制造程序或制造方法的變更不影響器械的安全性或有效性��,且已在定期報告(通常稱為年度報告)中向FDA報告���,則無需提交PMA/HDE補充申請�����。
PMA/HDE supplements also are not required for modifications to manufacturing procedures or methods of manufacture that affect the safety and effectiveness of the device; these are submitted in a 30-day notice.
對于影響器械安全性和有效性的制造程序或制造方法的修改�����,也無需提交PMA/HDE補充申請���;這些變更以30天通知的形式提交���。
Changes to the manufacturing procedure or method of manufacturing may include changes to software used in production or the quality system.
制造程序或制造方法的變更可能包括用于生產(chǎn)或質(zhì)量系統(tǒng)的軟件的變更。
For an addition or change to software used in production or the quality system of devices with approved PMAs or HDEs, FDA recommends that manufacturers apply the principles outlined above in Section V.A.2 in determining whether the change may affect the safety or effectiveness of the device.
對于已獲得批準的PMA或HDE的器械,其用于生產(chǎn)或質(zhì)量系統(tǒng)的軟件的增加或變更,F(xiàn)DA建議制造商在確定該變更是否可能影響器械的安全性或有效性時�����,應(yīng)用上文第V.A.2節(jié)所述的原則。
In general, if a change may result in a quality problem that foreseeably compromises safety, then it should be submitted in a 30-day notice.
一般而言��,如果某一變更可能導(dǎo)致可預(yù)見地損害安全性的質(zhì)量問題��,則應(yīng)以30天通知的形式提交��。
If a change would not result in a quality problem that foreseeably compromises safety, then the change may be appropriate to report in an annual report.
如果某一變更不會導(dǎo)致可預(yù)見地損害安全性的質(zhì)量問題��,則該變更可在年度報告中報告�����。
For example, a Manufacturing Execution System (MES) may be used to manage workflow, track progress, record data, and establish alerts or thresholds based on validated parameters, which are part of maintaining the quality system.
例如,制造執(zhí)行系統(tǒng)(MES)可用于管理工作流�����、跟蹤進度�����、記錄數(shù)據(jù)�����,并基于已驗證的參數(shù)建立警報或閾值���,這些是維護質(zhì)量體系的一部分。
Failure of such an MES to perform as intended may disrupt operations but not affect the process parameters established to produce a safe and effective device.
此類MES未能按預(yù)期運行可能會擾亂操作���,但不會影響為生產(chǎn)安全有效器械而建立的過程參數(shù)�����。
Changes affecting these MES operations are generally submitted in annual reports.
影響這些MES操作的變更通常在年度報告中提交��。
In contrast, an MES used to automatically control and adjust established critical production parameters (e.g., temperature, pressure, process time) may be a change to a manufacturing procedure that affects the safety or effectiveness of the device.
相反���,用于自動控制和調(diào)整已建立的關(guān)鍵生產(chǎn)參數(shù)(如溫度���、壓力、過程時間)的MES可能是影響器械安全性或有效性的制造程序的變更�����。If so, changes affecting
this specific operation would be submitted in a 30-day notice.
如是���,影響此特定操作的變更應(yīng)以30天通知的形式提交���。
(4) Determining the Appropriate Assurance Activities ...............................14
(4) 確定適當?shù)谋U匣顒?...................................................14
Once the manufacturer has determined whether a software feature, function, or operation poses a high process risk (a quality problem that may foreseeably compromise safety), the manufacturer should identify the assurance activities commensurate with the medical device risk or the process risk.
一旦制造商確定某一軟件特性、功能或操作是否構(gòu)成高過程風險(即可能導(dǎo)致可預(yù)見地損害安全性的質(zhì)量問題)�����,制造商應(yīng)識別與其醫(yī)療器械風險或過程風險相稱的保障活動���。
In cases where the quality problem may foreseeably compromise safety (high process risk), the level of assurance should be commensurate with the medical device risk.
在質(zhì)量問題可能可預(yù)見地損害安全性(高過程風險)的情況下��,保障水平應(yīng)與其醫(yī)療器械風險相稱��。
In cases where the quality problem may not foreseeably compromise safety (not high process risk), the level of assurance rigor should be commensurate with the process risk.
在質(zhì)量問題不會可預(yù)見地損害安全性(非高過程風險)的情況下�,保障嚴謹程度應(yīng)與其過程風險相稱。
In either case, heightened risks of software features, functions, or operations generally entail greater rigor for assurance efforts (i.e., a greater amount of objective evidence).
無論哪種情況��,軟件特性�、功能或操作的風險越高,通常意味著保障工作需要更高的嚴謹性(即更多的客觀證據(jù))����。
Conversely, relatively low risk (i.e., not high process risk) of compromised safety and/or quality generally entails less collection of objective evidence for the computer software assurance effort.
相反��,相對較低的風險(即非高過程風險)對安全性和/或質(zhì)量的損害通常意味著計算機軟件保障工作所需收集的客觀證據(jù)較少��。
A software feature, function, or operation that could lead to severe harm to a patient or user would generally be high medical device risk.
可能導(dǎo)致患者或用戶嚴重傷害的軟件特性����、功能或操作通常屬于高醫(yī)療器械風險。
In contrast, a feature, function, or operation that would not foreseeably lead to severe harm would likely not be high medical device risk.
相反��,不會可預(yù)見地導(dǎo)致嚴重傷害的特性����、功能或操作可能不屬于高醫(yī)療器械風險。
In either case, the risk of the software's failure to perform as intended is commensurate with the resulting medical device risk.
無論哪種情況��,軟件未能按預(yù)期運行的風險與其導(dǎo)致的醫(yī)療器械風險相稱��。
If the manufacturer determined that the software feature, function, or operation does not pose a high process risk (i.e., it would not lead to a quality problem that foreseeably compromises safety), the manufacturer should consider the risk relative to the process (i.e., production or the quality system).
如果制造商確定該軟件特性、功能或操作不構(gòu)成高過程風險(即不會導(dǎo)致可預(yù)見地損害安全性的質(zhì)量問題)����,制造商應(yīng)考慮其與過程(即生產(chǎn)或質(zhì)量體系)相關(guān)的風險。
This is because the failure would not compromise safety, so the failure would not introduce additional medical device risk.
這是因為故障不會損害安全性����,因此不會引入額外的醫(yī)療器械風險。
For example, a function that collects and records process data for review would pose a lower process risk than a function that determines acceptability of product prior to human review.
例如��,與在人工審查前確定產(chǎn)品可接受性的功能相比����,收集和記錄過程數(shù)據(jù)以供審查的功能所構(gòu)成的過程風險較低。
Types of manual or automated testing that may be considered as part of the assurance activities commonly performed by manufacturers include, but are not limited to, the following:
制造商通?�?煽紤]的保障活動中的手動或自動測試類型包括但不限于以下內(nèi)容:
Unscripted testing: Dynamic testing in which the tester's actions are not prescribed by written instructions in a test case.
非腳本化測試: 測試人員的行為不受測試用例中書面指令規(guī)定的動態(tài)測試��。
Scenario Testing (Also referred to as Ad-Hoc Testing): A specification-based test case design technique based on exercising sequences of interactions between the test item and other systems.
場景測試(也稱為臨時測試): 一種基于規(guī)范的測試用例設(shè)計技術(shù)����,基于測試項與其他系統(tǒng)之間的交互序列進行測試����。
Experience-based testing: Class of test case design techniques based on using the experience of testers to generate test cases.
基于經(jīng)驗的測試: 基于測試人員經(jīng)驗生成測試用例的測試用例設(shè)計技術(shù)類別�。
Error guessing: A test design technique in which test cases are derived on the basis of the tester's knowledge of past failures or general knowledge of failure modes.
錯誤猜測: 基于測試人員對過去故障的了解或?qū)收夏J降耐ㄓ弥R來推導(dǎo)測試用例的測試設(shè)計技術(shù)。
Exploratory testing: Experience-based testing in which the tester spontaneously designs and executes tests based on the tester's existing relevant knowledge, prior exploration of the test item, and heuristic "rules of thumb" regarding common software behaviors and types of failure.
探索性測試: 基于經(jīng)驗的測試����,測試人員基于現(xiàn)有相關(guān)知識、對測試項的先前探索以及關(guān)于常見軟件行為和故障類型的啟發(fā)式“經(jīng)驗法則”自發(fā)地設(shè)計和執(zhí)行測試�。
Scripted testing: Testing in which test cases are recorded and can then be executed manually or automatically using an automated testing tool.
腳本化測試: 測試用例被記錄下來的測試,可手動執(zhí)行�,也可使用自動化測試工具自動執(zhí)行。
This guidance describes a risk-based approach manufacturers may consider in meeting regulatory requirements.
本指南描述了一種基于風險的方法�,制造商可考慮將其用于滿足法規(guī)要求。
It is not an exhaustive list of software testing methods and principles.
它并非軟件測試方法和原則的詳盡清單�。
FDA recognizes that there are software testing methods and approaches, beyond those referenced.
FDA 認識到,除本指南引用內(nèi)容外��,還存在其他軟件測試方法和途徑�。
For example, the "Cybersecurity in Medical Devices: Quality System Considerations and Content of Premarket Submission" guidance, which is applicable to devices with cybersecurity considerations and describes recommendations regarding the cybersecurity information to be submitted for devices under certain premarket submission types, includes recommendations for cybersecurity testing used to demonstrate the effectiveness of design controls.
例如,《醫(yī)療器械網(wǎng)絡(luò)安全:質(zhì)量體系考量及上市前提交資料內(nèi)容》指南適用于涉及網(wǎng)絡(luò)安全考慮的器械�,并說明了針對某些上市前提交類型所需網(wǎng)絡(luò)安全信息的建議�,其中包括用于證明設(shè)計控制有效性的網(wǎng)絡(luò)安全測試建議��。
Manufacturers may consider utilizing the cybersecurity testing methods described in that guidance when conducting the assurance activities described in this guidance, as appropriate.
制造商在開展本指南所述保障活動時����,可酌情考慮使用該指南中描述的網(wǎng)絡(luò)安全測試方法。
In general, FDA recommends that manufacturers apply principles of risk-based testing in which the management, selection, prioritization, and use of testing activities and resources are consciously based on corresponding types and levels of analyzed risk to determine the appropriate activities.
總體而言�,F(xiàn)DA 建議制造商采用基于風險的測試原則,即對測試活動及資源的管理�、選擇、優(yōu)先級排序和使用�,應(yīng)有意識地依據(jù)所分析風險的類型和級別,來確定適當?shù)幕顒印?/span>
For high process risk software features, functions, and operations, manufacturers may choose to consider more rigor such as the use of scripted testing or a hybrid approach of scripted testing and unscripted testing, scaled as appropriate, when determining their assurance activities.
對于高過程風險的軟件特性��、功能及操作����,制造商在確定保障活動時����,可選擇采用更嚴謹?shù)姆椒ǎ缡褂媚_本化測試����,或腳本化測試與非腳本化測試相結(jié)合的混合方法�,并根據(jù)需要調(diào)整規(guī)模��。
In contrast, for software features, functions, and operations that are not high process risk, manufacturers may consider using unscripted testing methods such as scenario testing, error-guessing, exploratory testing, or a combination of methods that is suitable for the risk.
相反����,對于非高過程風險的軟件特性、功能及操作����,制造商可考慮使用非腳本化測試方法,如場景測試��、錯誤猜測�、探索性測試,或結(jié)合使用適合該風險水平的多種方法��。
The testing examples discussed for high process risk and not high process risk are not exclusive to those categories.
針對高過程風險與非高過程風險所討論的測試示例����,并非僅適用于這些類別。
Manufacturers should apply the principles of risk-based testing to determine the appropriate type of testing to perform.
制造商應(yīng)運用基于風險的測試原則��,來確定應(yīng)執(zhí)行的具體測試類型��。
For example, unscripted testing may be better suited to assure the software performs as intended even for high process risk features, functions, and operations.
例如����,非腳本化測試可能更適合確保軟件按預(yù)期運行�,即便對于高過程風險的特性�、功能和操作也是如此。
Conversely, a manufacturer may find it more effective and efficient to develop scripted testing and automate it for not high process risk features, functions, and operations.
反之��,制造商可能會發(fā)現(xiàn)�,為非高過程風險的特性、功能和操作開發(fā)腳本化測試并實現(xiàn)自動化����,更為有效和高效。
(5) Additional Considerations for Assurance Activities ..............................17
(5) 保障活動的其他考慮因素..................................................17
When deciding on the appropriate assurance activities, manufacturers should consider whether there are any additional controls or mechanisms in place throughout the quality system that may decrease the impact of compromised safety and/or quality if failure of the software feature, function, or operation were to occur.
在確定適當?shù)谋U匣顒訒r����,制造商應(yīng)考慮質(zhì)量體系中是否已建立其他控制或機制,以在軟件特性��、功能或操作發(fā)生故障時降低對安全性和/或質(zhì)量的影響�。
For example, as part of a comprehensive assurance approach, manufacturers can leverage the following to reduce the effort of additional assurance activities:
例如,作為全面保障方法的一部分�,制造商可利用以下方式減少額外保障活動的工作量:
Activities and established processes that provide control in production or fully verify processes in which software is involved.
在生產(chǎn)中提供控制或完全驗證涉及軟件的過程的已建立活動和過程。
Established purchasing control processes for selecting and monitoring software vendors.
用于選擇和監(jiān)控軟件供應(yīng)商的已建立采購控制過程�。
Additional process controls, including activities to reduce cybersecurity exposure, that have been incorporated throughout production.
已納入整個生產(chǎn)過程中的額外過程控制�,包括降低網(wǎng)絡(luò)安全風險的活動�。
The data and information periodically or continuously collected by the software for the purposes of monitoring or detecting issues and anomalies in the software after implementation.
軟件在實施后定期或持續(xù)收集的用于監(jiān)控或檢測軟件中問題和異常的數(shù)據(jù)和信息����。
The use of tools supporting software development and system life cycle activities (e.g., bug, anomaly tracking, requirement traceability tools) for the assurance of software used in production or as part of the quality system whenever possible.
在可能的情況下,使用支持軟件開發(fā)和系統(tǒng)生命周期活動的工具(如缺陷��、異常跟蹤��、需求可追溯性工具)來保障用于生產(chǎn)或作為質(zhì)量系統(tǒng)一部分的軟件�。
The use of testing and results done in iterative cycles and continuously throughout the life cycle of the software used in production or as part of the quality system.
在用于生產(chǎn)或作為質(zhì)量系統(tǒng)一部分的軟件的生命周期內(nèi),以迭代周期持續(xù)進行測試并使用測試結(jié)果�。
FDA recognizes that manufacturers may have limited access to information from the software vendor as part of an assessment and recommends manufacturers establish and apply a risk-based analysis of the software vendor as part of their assurance approach.
FDA認識到,制造商在評估過程中可能無法獲得軟件供應(yīng)商的全部信息�,建議制造商建立并應(yīng)用對軟件供應(yīng)商的基于風險的分析,作為其保障方法的一部分�。
The manufacturer's assessment may consider various sources of information when deciding the appropriate level of control for the software vendor (e.g., purchasing controls).
制造商在確定對軟件供應(yīng)商的適當控制水平時,其評估可考慮多種信息來源(如采購控制)�。
To evaluate the vendor's capabilities, whether cloud-based, on premise, or a hybrid, the manufacturer may consider activities including but not limited to:
為評估供應(yīng)商的能力,無論是基于云��、本地部署還是混合模式����,制造商可考慮開展包括但不限于以下活動:
Onsite audits of the vendor, if applicable. FDA acknowledges that it may not be feasible or appropriate for a device manufacturer to audit the software vendor. Manufacturers may consider any alternative combination of information, as applicable, in a risk-based analysis of the controls and capabilities of the software vendor;
如適用,可對供應(yīng)商進行現(xiàn)場審計�。FDA 認可����,對于器械制造商而言��,對軟件供應(yīng)商進行審計可能并不可行或不合適����。制造商可在對軟件供應(yīng)商控制措施和能力進行基于風險的分析時,酌情考慮任何其他信息組合方式��;
Review of the vendor's accreditations and certifications (e.g., Service Organization Controls reports), and industry standard certifications (e.g., ISO certifications);
審查供應(yīng)商的認可和認證(例如服務(wù)組織控制報告)以及行業(yè)標準認證(例如 ISO 認證)��;
Review of the vendor's practices and documentation for software development, software quality assurance, cybersecurity (e.g., security risk assessments, threat modeling, security design reviews, software bill of materials (SBOM), and testing) and risk mitigation; and
審查供應(yīng)商在軟件開發(fā)����、軟件質(zhì)量保證、網(wǎng)絡(luò)安全(例如安全風險評估��、威脅建模����、安全設(shè)計評審、軟件物料清單(SBOM)和測試)以及風險緩解方面的實踐和文件�;以及
Review of the vendor's or software's data integrity capabilities or controls such as, but not limited to:
審查供應(yīng)商或軟件的數(shù)據(jù)完整性能力或控制措施��,包括但不限于:
Retaining records, archiving data, and generating accurate and complete copies of records;
保留記錄�、歸檔數(shù)據(jù)以及生成準確完整的記錄副本��;
Securing data at rest and in transit (i.e., maintaining secure, computer-generated, time-stamped audit trails of users' actions and changes to data, encrypting data); and/or
保護靜態(tài)和傳輸中的數(shù)據(jù)(即維護安全�、計算機生成�、帶時間戳的用戶操作和數(shù)據(jù)更改審計跟蹤,加密數(shù)據(jù))��;和/或
Establishing and maintaining access controls, electronic signature controls and authorization checks for users' actions.
建立和維護用戶操作的訪問控制����、電子簽名控制以及授權(quán)檢查。
A manufacturer should establish and maintain within its procedures the requirements it has for suppliers on the basis of their ability to meet specified requirements and define the type and extent of control to be exercised over the product, services, and suppliers.
制造商應(yīng)在其程序中建立并維護對供應(yīng)商的要求�,這些要求應(yīng)基于供應(yīng)商滿足規(guī)定要求的能力,并明確對產(chǎn)品����、服務(wù)和供應(yīng)商所實施控制的類型和程度。
Manufacturers should consider appropriate sources of information regarding the vendor in their evaluation decision.
制造商在評估決策中應(yīng)考慮有關(guān)供應(yīng)商的適當信息來源����。
FDA recommends that manufacturers establish a risk-based approach to the evaluation of the vendor of software or service, the evaluation activities, and the appropriate objective evidence to retain.
FDA 建議制造商建立基于風險的方法,用于評估軟件或服務(wù)供應(yīng)商��、評估活動以及應(yīng)保留的適當客觀證據(jù)��。
For example, supporting software, as referenced in Section V.A.1, often carries lower risk, such that the assurance effort may generally be reduced accordingly.
例如��,第 V.A.1 節(jié)所述的支持軟件通常風險較低�,因此其保障工作量可相應(yīng)減少。
Because assurance activities used "directly" in production or the quality system often inherently cover the performance of supporting software, assurance that this supporting software performs as intended may be sufficiently established by leveraging vendor evaluation and validation records, software installation, or software configuration, such that additional assurance activities (e.g., scripted or unscripted testing) may be unnecessary.
由于“直接”用于生產(chǎn)或質(zhì)量系統(tǒng)的保障活動通常已涵蓋支持軟件的性能����,因此通過利用供應(yīng)商評估和驗證記錄����、軟件安裝或配置�,足以確立支持軟件按預(yù)期運行的保障,無需開展額外保障活動(如腳本化或非腳本化測試)。
Example: A CAPA automation system is being written in Java script and a debugger tool is used to set up breakpoints and step through the code. Once the code is debugged, all the debugger content is removed prior to implementation.
示例:某 CAPA 自動化系統(tǒng)使用 JavaScript 編寫,調(diào)試工具用于設(shè)置斷點并逐步執(zhí)行代碼。代碼調(diào)試完成后,所有調(diào)試內(nèi)容在實施前均被移除�。
In this situation, the debugger tool is used to assist a software developer during the coding of a quality system but is not subject to quality system obligations because the COTS tool, which is not integrated with production or the quality system, is not used as part of production or the quality system.
在此情況下��,調(diào)試工具用于在質(zhì)量體系編碼過程中協(xié)助軟件開發(fā)人員,但由于該商用現(xiàn)成(COTS)工具未與生產(chǎn)或質(zhì)量體系集成��,也不作為生產(chǎn)或質(zhì)量體系的一部分使用����,因此不受質(zhì)量體系義務(wù)約束。
FDA recommends manufacturers establish a least-burdensome approach to ensure the tool performs as intended.
FDA 建議制造商建立最小負擔方法��,以確保該工具按預(yù)期運行����。
(6) Establishing the Appropriate Record .................................................19
(6) 建立適當?shù)挠涗?.........................................................................19
When establishing the record, the manufacturer should capture sufficient objective evidence to demonstrate that the software feature, function, or operation was assessed and performs as intended.
在建立記錄時��,制造商應(yīng)收集足夠的客觀證據(jù)����,以證明該軟件特性�、功能或操作已得到評估��,并按預(yù)期運行�。
In general, FDA recommends the record include the following:
一般而言����,F(xiàn)DA建議記錄應(yīng)包括以下內(nèi)容:
The intended use of the software feature, function, or operation;
該軟件特性、功能或操作的預(yù)期用途;
The result of the risk-based analysis of the software feature, function, or operation; and
對該軟件特性����、功能或操作的基于風險的分析結(jié)果;以及
Documentation of the assurance activities conducted, including:
所開展保障活動的文件�,包括:
A description of the testing conducted based on the assurance activity.
基于保障活動所開展測試的描述。
Issues found during testing (e.g., deviations, defects, and/or failures).
測試過程中發(fā)現(xiàn)的問題(如偏差��、缺陷和/或故障)�。
A conclusion statement declaring acceptability of the software for its intended use.
聲明該軟件適用于其預(yù)期用途的結(jié)論性說明。
If issues were found, FDA recommends including resolution of issues found as part of the conclusion statement.
如發(fā)現(xiàn)問題��,F(xiàn)DA建議在結(jié)論性說明中包括對所發(fā)現(xiàn)問題的解決方案��。
Record of who performed testing/assessment and date the testing/assessment was performed.
測試/評估執(zhí)行人員及測試/評估日期的記錄��。
Established review and approval when appropriate (e.g., when necessary, a signature and date of an individual with signatory authority).
在適當時建立審查和批準(例如��,必要時由有簽字權(quán)的人員簽字并注明日期)��。
Documentation of assurance activities need not include more evidence than necessary to show that the software feature, function, or operation performs as intended for the risk identified.
保障活動的文件無需包含超出證明該軟件特性����、功能或操作按預(yù)期運行所必需的證據(jù)。
FDA recommends the record retain sufficient details of the assurance activity to serve as a baseline for improvements or as a reference point if issues occur.
FDA建議記錄應(yīng)保留保障活動的足夠細節(jié)�,以作為改進的基線或出現(xiàn)問題時的參考點。
Advances in digital technology may allow for manufacturers to leverage digital retention of results, automated traceability, automated testing, and electronic capture of work performed as objective evidence.
數(shù)字技術(shù)的進步可能使制造商能夠利用結(jié)果的數(shù)字化保留��、自動化可追溯性����、自動化測試以及對所執(zhí)行工作的電子捕獲作為客觀證據(jù)。
As a least-burdensome approach, FDA recommends incorporating the use of digital records, such as system logs, audit trails, and other data generated and maintained by the software, as opposed to paper documentation, screenshots, or duplicating results already digitally retained by the software when establishing the record associated with the assurance activities.
作為最小負擔方法����,F(xiàn)DA建議在建立與保障活動相關(guān)的記錄時,使用數(shù)字記錄�,如系統(tǒng)日志、審計跟蹤以及軟件生成和維護的其他數(shù)據(jù)����,而非紙質(zhì)文件、屏幕截圖或重復(fù)軟件已數(shù)字保留的結(jié)果����。
When using digital records, FDA recommends manufacturers consider the intended use and the need for accuracy, reliability, integrity, availability, and authenticity of the record as part of the risk-based assurance approach.
在使用數(shù)字記錄時,F(xiàn)DA建議制造商考慮記錄的預(yù)期用途以及對記錄的準確性����、可靠性、完整性����、可用性和真實性的需求����,作為基于風險的保障方法的一部分�。
Table 1 provides some examples of ways to implement and develop the record when using the risk-based testing approaches, including testing approaches identified in Section V.A.4 above.
表1提供了在使用基于風險的測試方法(包括上文第V.A.4節(jié)所述測試方法)時,如何實施和形成記錄的一些示例��。
Manufacturers may use alternative approaches and provide different documentation so long as their approach satisfies applicable legal documentation requirements.
制造商可采用其他方法并提供不同文件����,只要其方法滿足適用法規(guī)文件要求即可。
Table 1 – Examples of Assurance Activities and Records
表1 – 保障活動與記錄示例
|
Assurance Activity 保障活動 |
Test Plan 測試計劃 |
Test Results 測試結(jié)果 |
Record (Including Digital) 記錄(含數(shù)字記錄) |
|
Scripted Testing: Robust 腳本化測試:穩(wěn)健型 |
• Test objectives 測試目標 |
• Result record obtained for each test case 所獲結(jié)果記錄覆蓋每個用例 |
• Intended use 預(yù)期用途 |
|
• Test cases (step-by-step procedure) 測試用例(分步程序) |
• Details regarding any failures/deviations found 任何失效/偏差的詳情 |
• Result of risk-based analysis 基于風險的分析結(jié)果 |
|
• Expected results 預(yù)期結(jié)果 |
• Result for each test case 每個用例的結(jié)果 |
• Detailed report of testing performed 所執(zhí)行測試的詳細報告 |
|
|
• Issues found 發(fā)現(xiàn)的問題 |
|
|
|
• Conclusion declaring acceptability of the software for its intended use, including the resolution or appropriate risk justification of issues found 聲明軟件適用于預(yù)期用途的結(jié)論��,包括對發(fā)現(xiàn)問題的處理或適當風險論證 |
|
|
|
• Record of who performed testing and the date the testing was performed 測試執(zhí)行人及日期記錄 |
|
|
|
• Established review and approval when appropriate 適當時的評審與批準記錄 |
|
|
|
Independent review and approval of test plan when appropriate 適當時對測試計劃的獨立評審與批準 |
|
|
|
Assurance Activity 保障活動 |
Test Plan 測試計劃 |
Test Results 測試結(jié)果 |
Record (Including Digital) 記錄(含數(shù)字記錄) |
|
Scripted Testing: Limited 腳本化測試:有限型 |
• Limited test cases (step-by-step procedure) identified 限定數(shù)量的測試用例(分步程序) |
• Result record obtained for each test case 所獲結(jié)果記錄覆蓋每個用例 |
• Intended use 預(yù)期用途 |
|
• Expected results 預(yù)期結(jié)果 |
• Details regarding any failures/deviations found 任何失效/偏差的詳情 |
• Result of risk-based analysis 基于風險的分析結(jié)果 |
|
|
• Result for each test case 每個用例的結(jié)果 |
• Summary description of testing performed 所執(zhí)行測試的概要描述 |
|
|
• Issues found 發(fā)現(xiàn)的問題 |
|
|
|
• Conclusion declaring acceptability of the software for its intended use, including the resolution or appropriate risk justification of issues found 聲明軟件適用于預(yù)期用途的結(jié)論�,包括對發(fā)現(xiàn)問題的處理或適當風險論證 |
|
|
|
• Record of who performed testing and date the testing was performed 測試執(zhí)行人及日期記錄 |
|
|
|
• Established review and approval when appropriate 適當時的評審與批準記錄 |
|
|
|
• Identify unscripted testing applied 指明所應(yīng)用的非腳本化測試 |
|
|
|
• Independent review and approval of test plan when appropriate 適當時對測試計劃的獨立評審與批準 |
|
Assurance Activity 保障活動 |
Test Plan 測試計劃 |
Test Results 測試結(jié)果 |
Record (Including Digital) 記錄(含數(shù)字記錄) |
|
Unscripted Testing: Scenario Testing 非腳本化測試:場景測試 |
• Testing of features and functions with no test plan 無測試計劃下對特性與功能的測試 |
• Details regarding any failures/deviations found 任何失效/偏差的詳情 |
• Intended use 預(yù)期用途 |
|
• Issues found 發(fā)現(xiàn)的問題 |
• Result of risk-based analysis 基于風險的分析結(jié)果 |
|
• Conclusion declaring acceptability of the software for its intended use, including the resolution or appropriate risk justification of issues found 聲明軟件適用于預(yù)期用途的結(jié)論,包括對發(fā)現(xiàn)問題的處理或適當風險論證 |
• Summary description of features and functions tested, and testing performed 被測特性與功能及所執(zhí)行測試的概要描述 |
|
• Record of who performed testing and date the testing was performed 測試執(zhí)行人及日期記錄 |
|
|
• Established review and approval when appropriate 適當時的評審與批準記錄 |
|
|
Assurance Activity 保障活動 |
Test Plan 測試計劃 |
Test Results 測試結(jié)果 |
Record (Including Digital) 記錄(含數(shù)字記錄) |
|
Unscripted Testing: Error Guessing 非腳本化測試:錯誤猜測 |
• Testing of failure-modes with no test plan 無測試計劃下對失效模式的測試 |
• Details regarding any failures/deviations found 任何失效/偏差的詳情 |
• Intended use 預(yù)期用途 |
|
• Issues found 發(fā)現(xiàn)的問題 |
• Result of risk-based analysis 基于風險的分析結(jié)果 |
|
• Conclusion declaring acceptability of the software for its intended use, including the resolution or appropriate risk justification of issues found 聲明軟件適用于預(yù)期用途的結(jié)論�,包括對發(fā)現(xiàn)問題的處理或適當風險論證 |
• Summary description of failure-modes tested, and testing performed 被測失效模式及所執(zhí)行測試的概要描述 |
|
• Record of who performed testing and date the testing was performed 測試執(zhí)行人及日期記錄 |
|
|
• Established review and approval when appropriate 適當時的評審與批準記錄 |
|
|
Assurance Activity 保障活動 |
Test Plan 測試計劃 |
Test Results 測試結(jié)果 |
Record (Including Digital) 記錄(含數(shù)字記錄) |
|
Unscripted Testing: Exploratory Testing 非腳本化測試:探索性測試 |
• Establish high level test plan objectives with pass/fail criteria for each objective (no step-by-step procedure is necessary) 為每個目標建立高層級測試計劃目標及通過/失敗準則(無需分步程序) |
• Details regarding any failures/deviations found 任何失效/偏差的詳情 |
• Intended use 預(yù)期用途 |
|
• Issues found 發(fā)現(xiàn)的問題 |
• Result of risk-based analysis 基于風險的分析結(jié)果 |
|
• Conclusion declaring acceptability of the software for its intended use, including the resolution or appropriate risk justification of issues found 聲明軟件適用于預(yù)期用途的結(jié)論,包括對發(fā)現(xiàn)問題的處理或適當風險論證 |
• Summary description of the objectives tested, and testing performed 被測目標及所執(zhí)行測試的概要描述 |
|
• Record of who performed testing and date the testing was performed 測試執(zhí)行人及日期記錄 |
|
|
• Established review and approval when appropriate 適當時的評審與批準記錄 |
|
The following is an example of a record of assurance in a scenario where a manufacturer has developed a spreadsheet with the intended use of collecting and graphing nonconformance data stored in a controlled system for monitoring purposes.
以下示例展示了某制造商開發(fā)的一款電子表格的保障記錄����,該表格用于收集和繪制受控系統(tǒng)中存儲的不合格數(shù)據(jù)以供監(jiān)控。
In this example, the manufacturer has established additional process controls and inspections that ensure non-conforming product is not released.
在此示例中�,制造商已建立額外的過程控制和檢查,確保不會放行不合格產(chǎn)品��。
In this case, failure of the spreadsheet to perform as intended would not result in a quality problem that foreseeably leads to compromised safety, so the spreadsheet would not pose a high process risk.
在此情況下,電子表格未按預(yù)期運行不會導(dǎo)致可預(yù)見地損害安全性的質(zhì)量問題�,因此該表格不構(gòu)成高過程風險。
The manufacturer conducted rapid exploratory testing of specific functions used in the spreadsheet to ensure that analyses can be created, read, updated, and/or deleted.
制造商對電子表格中使用的特定功能進行了快速探索性測試�,以確?���?梢詣?chuàng)建、讀取��、更新和/或刪除分析�。
During exploratory testing, all calculated fields updated correctly except for one deviation that occurred during the testing of the update.
在探索性測試期間,除更新測試中出現(xiàn)的一處偏差外�,所有計算字段均正確更新。
In this scenario, the record would be documented as follows:
在此情形下�,記錄應(yīng)如下所示:Intended Use:
預(yù)期用途:
The spreadsheet is intended for use in collecting and graphing nonconformance data stored in a controlled system for monitoring purposes; as such, it is used as part of production or the quality system.
該電子表格用于收集和繪制受控系統(tǒng)中存儲的不合格數(shù)據(jù)以供監(jiān)控;因此����,它作為生產(chǎn)或質(zhì)量體系的一部分使用。
Because of this use, the spreadsheet is different from similar software used for business operations such as for accounting.
由于此用途����,該電子表格不同于用于業(yè)務(wù)運營(如會計)的類似軟件。
Risk-Based Analysis:
基于風險的分析:
In this case, the software is only used to collect and display data for monitoring nonconformances, and the manufacturer has established additional process controls and inspections to ensure that nonconforming product is not released.
在此情況下�,軟件僅用于收集和顯示監(jiān)控不合格數(shù)據(jù)����,且制造商已建立額外的過程控制和檢查�,確保不合格產(chǎn)品不會被放行。
Therefore, failure of the spreadsheet to perform as intended should not result in a quality problem that foreseeably leads to compromised safety.
因此����,電子表格未按預(yù)期運行不應(yīng)導(dǎo)致可預(yù)見地損害安全性的質(zhì)量問題。
As such, the software does not pose a high process risk, and the assurance activities should be commensurate with the process risk.
因此����,該軟件不構(gòu)成高過程風險,保障活動應(yīng)與過程風險相稱��。
Tested:Spreadsheet X, Version 1.2
測試對象: 電子表格 X�,版本 1.2T
est type:Unscripted testing – exploratory testing
測試類型: 非腳本化測試 – 探索性測試
Goal: Ensure that analyses can be correctly created, read, updated, and deleted
目標: 確保可以正確創(chuàng)建��、讀取����、更新和刪除分析
Testing objectives and activities:
測試目標與活動:
Create new analysis: Passed
創(chuàng)建新分析:通過
Read data from the required source: Passed
從所需源讀取數(shù)據(jù):通過
Update data in the analysis: Failed due to input error, then passed re-test
更新分析中的數(shù)據(jù):因輸入錯誤失敗����,重新測試后通過
Delete data: Passed
刪除數(shù)據(jù):通過
Verify through observation that all calculated fields correctly update with changes: Passed with noted deviation
通過觀察驗證所有計算字段隨更改正確更新:通過(注明偏差)
Deviation:
偏差:
During the testing of the update, when the user inadvertently input text into an updatable field requiring numeric data, the associated row showed an immediate error.
在更新測試中�,當用戶不慎在要求數(shù)字的可更新字段中輸入文本時�,相關(guān)行立即顯示錯誤。
Conclusion:
結(jié)論:
The spreadsheet is acceptable for its intended use.
該電子表格適用于其預(yù)期用途��。
Incorrectly inputting text into the field is immediately visible and does not impact the intended use.
字段中輸入文本的錯誤立即可見�,不影響預(yù)期用途。
A new validation rule was placed on the field to permit only numeric data inputs.
已對該字段添加新驗證規(guī)則�,僅允許數(shù)字輸入�。
The testing was performed again with the validation rule and the update passed all testing objectives.
在添加驗證規(guī)則后再次測試,更新通過所有測試目標�。
No additional errors were observed in the spreadsheet functions after the validation rule was implemented.
實施驗證規(guī)則后,電子表格功能中未觀察到其他錯誤��。
When/Who:July 9, 2024, by Jane Smith
時間/人員: 2024年7月9日�,Jane Smith
B. Considerations for Electronic Records Requirements .............................23
B. 電子記錄要求的考慮因素...................................................23
Manufacturers have expressed confusion and concern regarding the application of 21CFR Part 11, Electronic Records; Electronic Signatures, to computers or automated data processing systems used as part of production or the quality system.
制造商對將21CFR第11部分《電子記錄;電子簽名》應(yīng)用于用于生產(chǎn)或質(zhì)量系統(tǒng)的計算機或自動化數(shù)據(jù)處理系統(tǒng)表示困惑和擔憂��。
Manufacturers should refer to the "Part 11, Electronic Records; Electronic Signatures – Scope and Application" guidance (hereafter referred to as the "Electronic Records guidance"), when determining whether and how to apply 21CFR Part 11 (hereafter referred to as "Part 11").
制造商在確定是否以及如何應(yīng)用21CFR第11部分(以下簡稱“第11部分”)時�,應(yīng)參考《第11部分,電子記錄�;電子簽名——范圍和應(yīng)用》指南(以下簡稱“電子記錄指南”)。
The regulations in Part 11 set forth the criteria under which FDA considers electronic records, electronic signatures, and handwritten signatures executed to electronic records to be trustworthy, reliable, and generally equivalent to paper records and handwritten signatures executed on paper.
第11部分的法規(guī)規(guī)定了FDA認為電子記錄��、電子簽名以及對電子記錄的手寫簽名可信��、可靠,并通常與紙質(zhì)記錄和手寫簽名具有同等效力的標準����。
In general, Part 11 applies to records in electronic form that are created, modified, maintained, archived, retrieved, or transmitted under any records requirements set forth in Agency regulations.
一般而言,第11部分適用于根據(jù)FDA法規(guī)中的任何記錄要求以電子形式創(chuàng)建�、修改、維護��、歸檔或傳輸?shù)挠涗洝?/span>
Part 11 also applies to electronic records submitted to the Agency under requirements of the FD&C Act and the Public Health Service Act (PHS Act), even if such records are not specifically identified in Agency regulations.
第11部分還適用于根據(jù)《FD&C法案》和《公共衛(wèi)生服務(wù)法》(PHS法案)要求向FDA提交的電子記錄����,即使這些記錄未在FDA法規(guī)中明確列出。
The underlying requirements set forth in the FD&C Act, PHS Act, and FDA regulations (other than Part 11) are referred to as "predicate rules."
《FD&C法案》��、《PHS法案》和FDA法規(guī)(第11部分除外)中規(guī)定的基本要求被稱為“前置規(guī)則”��。
In addition, where electronic signatures and their associated electronic records meet the requirements of Part 11, FDA will generally consider the electronic signatures to be equivalent to full handwritten signatures, initials, and other general signings as required by agency regulations.
此外��,如果電子簽名及其相關(guān)電子記錄符合第11部分的要求�,F(xiàn)DA通常將認為電子簽名等同于法規(guī)要求的全名手寫簽名、首字母縮寫及其他一般簽署��。
For computer software used as part of production or the quality system, the applicable predicate rules include those under Part 820.
對于用于生產(chǎn)或質(zhì)量系統(tǒng)的計算機軟件����,適用的前置規(guī)則包括第820部分中的要求��。
A document required under Part 820—including, but not necessarily limited to, a document Part 820 requires to bear a signature—and maintained in electronic form would generally be an "electronic record" under Part 11.
根據(jù)第820部分要求提供的文件——包括但不限于第820部分要求簽名的文件——如以電子形式維護��,通常屬于第11部分下的“電子記錄”��。
To determine when a record is required under Part 820, manufacturers should consider, among other things, whether the record would be necessary as evidence to document required validation.
為確定何時需要根據(jù)第820部分提供記錄����,制造商應(yīng)考慮����,除其他事項外�,該記錄是否為記錄所需驗證所必需的證據(jù)。
If a manufacturer maintains in electronic form a document required under Part 820, then Part 11 generally applies.
如果制造商以電子形式維護根據(jù)第820部分要求提供的文件��,則通常適用第11部分��。
As discussed in the Electronic Records guidance, FDA intends to exercise enforcement discretion regarding specific Part 11 requirements for validation of computerized systems used to create, modify, maintain, or transmit electronic records.
如《電子記錄指南》所述����,F(xiàn)DA打算對用于創(chuàng)建、修改����、維護或傳輸電子記錄的計算機化系統(tǒng)的驗證方面的特定第11部分要求行使執(zhí)法自由裁量權(quán)�。
But the enforcement discretion policy described in the Electronic Records guidance expressly does not apply to the validation requirement for computer software used as part of production or the quality system arising under 21CFR 820.70(i).
但《電子記錄指南》所述的執(zhí)法自由裁量政策明確不適用于根據(jù)21CFR 820.70(i)產(chǎn)生的用于生產(chǎn)或質(zhì)量系統(tǒng)的計算機軟件的驗證要求��。
This guidance recommends that manufacturers base their approach to computer software assurance on a justified and documented risk assessment and a determination of the potential of the system to affect product quality, patient safety, and record integrity.
本指南建議制造商在開展計算機軟件保障時����,以有正當理由并記錄的風險評估以及對系統(tǒng)可能影響產(chǎn)品質(zhì)量、患者安全和記錄完整性的潛力的判定為基礎(chǔ)��。
Manufacturers may utilize a least-burdensome, risk-based approach outlined in this guidance to provide assurance that the software that maintains electronic records subject to Part 11 performs as intended.
制造商可利用本指南所述的最小負擔����、基于風險的方法,為確保維護受第11部分約束的電子記錄的軟件按預(yù)期運行提供保障�。
Appendix A. Examples
附錄A 示例
The examples in this section outline possible application of the principles in this guidance to various software assurance situations.
本節(jié)示例概述了本指南原則在不同軟件保障情境中的可能應(yīng)用。
Example 1: Nonconformance Management System
示例1:不合格品管理系統(tǒng)
A manufacturer has purchased and configured COTS software for automating their nonconformance process and is applying a risk-based approach for computer software assurance in its implementation. The software is intended to manage the nonconformance process electronically.
某制造商已購買并配置商用現(xiàn)成(COTS)軟件�,用于自動化其不合格品處理流程,并在實施中采用基于風險的計算機軟件保障方法����。該軟件旨在以電子方式管理不合格品處理流程。
As part of the assurance activities, the manufacturer performs a thorough assessment of the software vendor that includes:
作為保障活動的一部分��,制造商對軟件供應(yīng)商進行了全面評估�,包括:
Evaluation of the vendor's software development life cycle,
評估供應(yīng)商的軟件開發(fā)生命周期,
Review of the vendor's quality management system and relevant certifications, and
審查供應(yīng)商的質(zhì)量管理體系及相關(guān)認證,以及
Review of vendor's cybersecurity documentation and life cycle management plans as well as relevant certifications.
審查供應(yīng)商的網(wǎng)絡(luò)安全文件及生命周期管理計劃及相關(guān)認證�。
Based on the manufacturer's established SOP for evaluating suppliers, the vendor's capability to meet the manufacturer's requirements are deemed acceptable for the software's intended use. The manufacturer maintains a record of the evaluation according to their established purchasing control procedures.
根據(jù)制造商已建立的供應(yīng)商評估SOP,供應(yīng)商滿足制造商要求的能力被認為適用于該軟件的預(yù)期用途��。制造商根據(jù)其已建立的采購控制程序保存評估記錄�。
The following features, functions, or operations were considered by the manufacturer in developing a risk-based assurance strategy:
制造商在制定基于風險的保障策略時考慮了以下特性、功能或操作:
Table 2. Computer Software Assurance Example for a Nonconformance Management System
表2 不合格品管理系統(tǒng)計算機軟件保障示例表格復(fù)制
|
Features, Functions, or Operations 特性�、功能或操作 |
Intended Use of the Features, Functions or Operations 特性、功能或操作的預(yù)期用途 |
Risk-Based Analysis 基于風險的分析 |
Assurance Activities 保障活動 |
Establishing the appropriate record 建立適當記錄 |
|
Access Control, User Management, and Notification Functions |
Manage user access/workflow/training notifications |
Impact integrity, not safety → Not high process risk |
Vendor + system assessment; unscripted error-guessing tests |
記錄同表2結(jié)構(gòu) |
|
訪問控制��、用戶管理與通知功能 |
管理用戶訪問/工作流/培訓(xùn)通知 |
影響記錄完整性����,不危及安全 → 非高過程風險 |
供應(yīng)商+系統(tǒng)評估;非腳本化錯誤猜測測試 |
同左記錄結(jié)構(gòu) |
Record-keeping and Reporting Functions| Capture training evidence; generate reports for review | Same risk conclusion as above | Vendor assessment + unscripted "break-the-system" tests
| 同左記錄結(jié)構(gòu) | | 記錄與報告功能 | 捕獲培訓(xùn)證據(jù)�;生成報告供審查 | 同上風險結(jié)論 | 供應(yīng)商評估+非腳本化“破壞系統(tǒng)”測試 | 同左記錄結(jié)構(gòu) |
Example 3: Business Intelligence Applications
示例3:商業(yè)智能應(yīng)用程序
A medical device manufacturer has decided to implement a commercial business intelligence solution for data mining, analytics, and reporting. The software is intended to better understand product and process performance over time, to identify improvement opportunities.
某醫(yī)療器械制造商決定實施商用商業(yè)智能解決方案,用于數(shù)據(jù)挖掘��、分析和報告��。該軟件旨在更好地理解產(chǎn)品和過程隨時間的性能��,以識別改進機會�。
As part of the assurance activities, the manufacturer performs a thorough assessment of the software vendor that includes:
作為保障活動的一部分�,制造商對軟件供應(yīng)商進行了全面評估,包括:
Evaluation of the vendor's software development life cycle,
評估供應(yīng)商的軟件開發(fā)生命周期,
Review of the vendor's quality management system and relevant certifications, and
審查供應(yīng)商的質(zhì)量管理體系及相關(guān)認證��,以及
Review of vendor's cybersecurity documentation and life cycle management plans as well as relevant certifications.
審查供應(yīng)商的網(wǎng)絡(luò)安全文件及生命周期管理計劃及相關(guān)認證�。
Based on the manufacturer's established SOP for evaluating suppliers, the vendor's capability to meet the manufacturer's requirements are deemed acceptable for the software intended use. The manufacturer maintains a record of the evaluation according to their established purchasing control procedures.
根據(jù)制造商已建立的供應(yīng)商評估SOP,供應(yīng)商滿足制造商要求的能力被認為適用于該軟件的預(yù)期用途�。制造商根據(jù)其已建立的采購控制程序保存評估記錄。
In addition to the vendor assessment, the following features, functions, or operations were considered by the manufacturer in developing a risk-based assurance strategy:
除供應(yīng)商評估外�,制造商在制定基于風險的保障策略時考慮了以下特性、功能或操作:
Table 4. Computer Software Assurance Example for a Business Intelligence Application
表4 商業(yè)智能應(yīng)用程序計算機軟件保障示例表格復(fù)制
|
Features, Functions, or Operations 特性�、功能或操作 |
Intended Use of the Features, Functions or Operations 特性、功能或操作的預(yù)期用途 |
Risk-Based Analysis 基于風險的分析 |
Assurance Activities 保障活動 |
Establishing the appropriate record 建立適當記錄 |
|
Connectivity Functions |
Ensure secure/robust connection to data sources; maintain data integrity; prevent corruption. |
Failure could lead to inaccurate trending → High process risk. |
Vendor assessment + detailed scripted protocol with repeatability tests. |
Documents intended use, risk analysis, detailed protocol, pass/fail per case, issues, signatory review. |
|
連接功能 |
確保安全/穩(wěn)健連接數(shù)據(jù)源����;維護數(shù)據(jù)完整性;防止損壞�。 |
失效或致趨勢分析不準確 → 高過程風險。 |
供應(yīng)商評估+詳細腳本化方案含可重復(fù)性測試����。 |
記錄預(yù)期用途、風險分析�、詳細方案、逐例通過/失敗����、問題����、簽字評審����。 |
User Help Feature | Provide help menu for users. | Unlikely to result in quality problem → Not high process risk. | No additional assurance beyond vendor assessment.
| 記錄同表2結(jié)構(gòu)。 | | 用戶幫助功能 | 為用戶提供幫助菜單����。 | 不太可能引發(fā)質(zhì)量問題 → 非高過程風險。 | 除供應(yīng)商評估外無需額外保障�。 | 同左記錄結(jié)構(gòu)。 |
|Reporting Functions | Query data, perform analysis, generate visuals/summaries for monitoring/review. | No direct impact on production → Not high process risk. | Leverage vendor validation; vendor assessment + system install.
| 同左記錄結(jié)構(gòu)��。 | | 報告功能 | 查詢數(shù)據(jù)��、執(zhí)行分析�、生成可視化/摘要供監(jiān)控/審查。 | 對生產(chǎn)無直接影響 → 非高過程風險��。 | 利用供應(yīng)商驗證����;供應(yīng)商評估+系統(tǒng)安裝����。 | 同左記錄結(jié)構(gòu)�。 |
Example 4: Software as a Service (SaaS) Product Life Cycle Management System (PLM)
示例4:軟件即服務(wù)(SaaS)產(chǎn)品生命周期管理系統(tǒng)(PLM)
A medical device manufacturer has decided to implement a SaaS-based Product Life Cycle Management System (PLM). While the PLM SaaS solution has the capability to automate the management of various life cycle stages of a product development, the manufacturer intends to use the solution for broad project management. The SaaS PLM is intended to automate the intake of project requirements, develop project plans, monitor/track project execution, and maintain relevant records, signatures, and deliverables upon project closing. This intended use of the system does not directly impact patient safety or product quality but does maintain a quality system record where integrity of the data is needed. The manufacturer does not need any customization of the “out-of-the-box” capabilities of the SaaS product and only needs to perform basic standard configuration of the SaaS product (e.g., user roles, accounts).
某醫(yī)療器械制造商決定實施基于SaaS的產(chǎn)品生命周期管理(PLM)系統(tǒng)��。盡管PLM SaaS解決方案具備自動化管理產(chǎn)品開發(fā)各生命周期階段的能力����,制造商仍打算將該解決方案用于廣泛的項目管理。SaaS PLM旨在自動化項目需求收集�、制定項目計劃、監(jiān)控/跟蹤項目執(zhí)行����,并在項目結(jié)束時維護相關(guān)記錄、簽名和交付成果��。該系統(tǒng)的預(yù)期用途不會直接影響患者安全或產(chǎn)品質(zhì)量��,但會維護需要數(shù)據(jù)完整性的質(zhì)量體系記錄��。制造商無需對SaaS產(chǎn)品的“開箱即用”功能進行任何定制�,只需執(zhí)行SaaS產(chǎn)品的基本標準配置(如用戶角色、賬戶)��。
As part of the assurance activities, the manufacturer performs a thorough assessment of the SaaS vendor that includes:
作為保障活動的一部分����,制造商對SaaS供應(yīng)商進行了全面評估����,包括:
Evaluation of the vendor's software development life cycle,
評估供應(yīng)商的軟件開發(fā)生命周期�,
Review of the vendor's quality management system and relevant certifications,
審查供應(yīng)商的質(zhì)量管理體系及相關(guān)認證,
Review of vendor's cybersecurity documentation and life cycle management plans as well as relevant certifications, and
審查供應(yīng)商的網(wǎng)絡(luò)安全文件及生命周期管理計劃及相關(guān)認證����,以及
Review of the vendor's infrastructure support including availability and reliability.
審查供應(yīng)商的基礎(chǔ)設(shè)施支持,包括可用性和可靠性��。
Based on the manufacturer's established SOP for evaluating suppliers, the vendor's capability to meet the manufacturer's requirements are deemed acceptable for the software intended use. The manufacturer maintains a record of the evaluation according to their established purchasing control procedures. The manufacturer also establishes a service agreement with the SaaS vendor that includes requirements for security, data integrity, privacy, availability, change management, and business continuity.
根據(jù)制造商已建立的供應(yīng)商評估SOP����,供應(yīng)商滿足制造商要求的能力被認為適用于該軟件的預(yù)期用途����。制造商根據(jù)其已建立的采購控制程序保存評估記錄。制造商還與SaaS供應(yīng)商建立了服務(wù)協(xié)議����,其中包括對安全性、數(shù)據(jù)完整性�、隱私、可用性�、變更管理和業(yè)務(wù)連續(xù)性的要求。
Automatic Updates:
自動更新:
The SaaS vendor provides the manufacturer documentation summarizing the changes, testing, and testing results of all automatic updates made to the SaaS system functions identified by the manufacturer as part of the service agreement. The manufacturer performs an assessment of the changes and the effect they may have on the intended use. The manufacturer performs risk-based assurance testing of the changes appropriate to the impact identified. The manufacturer maintains a record summarizing the risk assessment of the change and any assurance activities performed.
SaaS供應(yīng)商向制造商提供文件��,總結(jié)制造商在服務(wù)協(xié)議中確定的SaaS系統(tǒng)功能所進行的所有自動更新的變更�、測試和測試結(jié)果。制造商對這些變更及其對預(yù)期用途可能產(chǎn)生的影響進行評估����。制造商根據(jù)識別的影響進行基于風險的保障測試。制造商保存一份記錄����,總結(jié)對變更的風險評估和所開展的任何保障活動。Table 5.
Computer Software Assurance Example for SaaS PLM
表5 SaaS PLM計算機軟件保障示例表格復(fù)制
|
Features, Functions, or Operations 特性����、功能或操作 |
Intended Use of the Features, Functions or Operations 特性、功能或操作的預(yù)期用途 |
Risk-Based Analysis 基于風險的分析 |
Assurance Activities 保障活動 |
Establishing the appropriate record 建立適當記錄 |
|
Project Initiation and Planning Function |
Automate creation of project data record, assign roles, intake key data, develop project plan, monitor changes. |
Failure impacts QS record integrity, not safety → Not high process risk. |
Vendor + service agreement assessment; config verification + exploratory UAT. |
Documents intended use, risk analysis, test summary, issues, conclusion, tester/date. |
|
項目啟動與規(guī)劃功能 |
自動化創(chuàng)建項目數(shù)據(jù)記錄����、分配角色����、錄入關(guān)鍵數(shù)據(jù)��、制定項目計劃����、監(jiān)控變更����。 |
失效影響質(zhì)量體系記錄完整性�,不危及安全 → 非高過程風險�。 |
供應(yīng)商+服務(wù)協(xié)議評估;配置驗證+探索性UAT��。 |
記錄預(yù)期用途�、風險分析����、測試概要、問題�、結(jié)論、測試人/日期��。 |
Electronic Signature Function | Capture/store electronic signature meeting Part 11 requirements. | Failure may delay compliance but not foreseeably compromise safety → Not high process risk. | Vendor assessment + scenario testing with users. |
同上����,含功能符合性結(jié)論。 | | 電子簽名功能 | 捕獲/存儲符合第11部分要求的電子簽名�。 |失效或延遲合規(guī)�,但不會可預(yù)見地危害安全 → 非高過程風險��。 | 供應(yīng)商評估+與用戶進行場景測試��。| 同上����,增加功能符合性結(jié)論。 |
|Access Control and Traceability Functions | Control user roles/permissions; log access/changes; produce time-stamped reports. | Significant impact on intended use; QS integrity issue only → Not high process risk. | Config verification + automated test script + exploratory UAT on reporting. | Documents intended use, risk analysis, automated script summary, issues, conclusion, tester/date. |
| 訪問控制與可追溯性功能 | 控制用戶角色/權(quán)限��;記錄訪問/更改����;生成帶時間戳報告。 | 對預(yù)期用途影響顯著����;僅質(zhì)量體系完整性問題 → 非高過程風險。 | 配置驗證+自動化測試腳本+對報告進行探索性UAT。 | 記錄預(yù)期用途��、風險分析��、自動化腳本概要�、問題、結(jié)論�、測試人/日期。
京公網(wǎng)安備11010802046783號