“Specifically, your firm has not conducted quality audits and established adequate procedures for … acceptance activities and computer software validation … your firm has not established written procedures describing how it evaluates, verifies or validates, documents, and approves design changes. Failure to validate software used as part of production and quality system for its intended use according to an established protocol, and failure to document the results of the software validation, as required by 21 C.F.R. § 820.70(i). FDA 483 Item 8. Specifically, your firm has not maintained documentation of the validation of the computer software used to (a) receive encrypted patient treatment data and decrypt/encrypt it; (b) convert decrypted patient treatment data into […] codes that are converted into […] codes that are then sent to your contract manufacturer’s […] milling machine to produce the compensators.”
View the original warning letter.
“you have not provided verification and validation data to demonstrate the software revision will be effective over the life of the device. In your response to this warning letter, please provide the verification and validation plans and reports for Software [redacted]”
View the original warning letter.
Failure to establish design change control procedures for the identification, documentation, validation and/or verification, review, and approval of design changes before implementation. [21 CFR § 820.30(i)] Specifically, between 2003 and 2006, design changes were made to the Secure Safety Insert System. The molding operation was changed to improve the visibility of the biohazard symbol on the cap; the interlock of the cap into the tube was changed to improve the pull strength testing; and short caps were added to accommodate different size syringes. Verifications and/or validations, design reviews, design releases, and design approvals were not performed for any of these changes.
View the original warning letter.
“Failure to establish and maintain procedures for validating the device design, including software validation , as required by 21 CFR 820.30(g). For example, your firm provided no documentation of validation of the embedded software in the SAFERsleep device.”
View the original warning letter.
Failure to establish and maintain adequate procedures for validating the device design to include software validation and risk analysis, as required by 21 CFR 820.30(g). For example, [redacted] Software Development Manager, indicated the diagnostic algorithm system for the PAD software was enhanced to version [redacted] from [redacted] in September 2007, to include the Arabic and Persian languages. The pediatric capability transfer for the PAD device was conducted on 1/18/07, and 2/19/07. Your validation protocol ( [redacted]) failed to document how you validated the software upgrade or how you validated the pediatric capability transfer. 2. Failure to establish and maintain adequate procedures for acceptance of incoming product to include inspection, testing, or other verification as conforming to specified requirements, as required by 21 CFR 820.80(b). For example: a) The Heartsine Samaritan AED System Traveler form ( [redacted]) indicates that Internal Inspection and In QAT testing was not performed for serial numbers [redacted] and [redacted]. Additionally, the required Monitoring Mode for steps [redacted] through [redacted] was not performed for serial number [redacted] b) The Heartsine Samaritan PAD Unit [redacted] form ( [redacted]) indicates that Internal Inspection and In QAT testing was not performed for serial number [redacted] c) The Heartsine Samaritan PAD [redacted] Page ( [redacted]) indicates that [redacted] Inspection and Inspection of [redacted] were not performed for serial numbers [redacted] and [redacted]”
View the original warning letter.
All study data are handled and controlled by your Study Coordinator, who enters the data into an electronic data base. There is no audit trail or log of data changes that are made to the information in the database. Data cannot be verified against source records, since such records are not maintained.”
View the original warning letter.
Failure to adequately establish and maintain procedures for validating the device design, as required by 21 CFR820.30(g). For example:
a. Device software validation is incomplete. For example, the documentation of the external validation testing for the [redacted] Scanner conducted by a Canadian site in 2005 reveals incomplete sections rating the effectiveness of the scanner.
b. Discrepancies that were noted at the completion of design validation are not addressed. For example, the final validation report for the [redacted] noted an issue regarding “streak” artifacts at one of the clinical sites; however, there was no further documented evaluation of this artifact to include significance and potential risk prior to the finalization of the design validation and commercial distribution.
View the original warning letter.
No approval signatures and dates were documented for the Validation Report , [redacted]. The only approval signatures that were documented were that of the [redacted] and [redacted] from Isotron Ireland. 6. Failure to adequately establish and maintain procedures to control all documents to assure that all documents meet the requirements of this part. Those documents should include the signature of the individual(s) approving the documents and shall be documented, as required by 21 CFR 820.40(a).
View the original warning letter.
Failure to adequately establish and maintain procedures for software validation and to perform risk analysis, where appropriate, as required by 21 CFR 820.30(g). For example: a. Design validation of device software was not performed for some versions of the software and is inadequate for other versions. Specifically, your firm has not conducted validation of your [redacted] Software after changes to the software’s functionality have been made from your first distribution of Version [redacted] through your current Version [redacted]. Also your firm’s most current software validation of the [redacted] Software [redacted] Platform is inadequate in that the validation that was conducted for Version [redacted] consisted primarily of functional testing (black-box testing) and lacks other elements of software validation including structural testing (white-box testing).
View the original warning letter.
Your firm failed to establish and maintain adequate procedures to control design validation , including software validation and risk analysis, where appropriate, as required by 21 CFR 820.30(g). For example: a. Because you failed to follow your procedure, the acceptance criteria were not complete prior to the performance of validation activities. Specifically, [redacted] for ECAT scanners introduced an error in the scan start time used in the decay correction algorithm. This error was most pronounced in the TTTT/EEEE mode which was not tested during the validation of the software update.
View the original warning letter.