Waqas Imam During manufacturing, a medical device is either in the final stage of manufacturing (finished goods) or in the semi-finished goods stage. Industrial processes in medical device manufacturing facilities convert raw materials into semi-finished materials, and semi-finished goods to finished goods. The results from the industrial process are verified by an inspection or some predefined quality tests, in order to demonstrate that the process has produced an output (in-process or final) that meets the specified requirements. The question arises – what should we do with processes whose outputs cannot be verified (due to destructive testing, unverified product characteristics, or expensive inspection)? The solution to this problem is process validation. Thus, ISO 13485:2016, under clause 7.5.6, mandates that organizations validate those processes for which verification is not possible.
Validation shows the capability of industrial processes to attain planned results consistently. Validation can be avoided in processes where the organization performs 100% inspection of product outputs, or they can fully verify the results of processes based on valid statistical rationale. According to ISO 13485:2016, organizations must validate computer software used in production or service provision of medical devices, as well as processes like sterilization and sterile barrier systems.
Management of process validation by ISO 13485
By performing validation, an organization can make sure that the processes can produce the planned results consistently. ISO 13485 helps organizations by requiring them to do the following:
Identify processes with unverified outputs. The first step for organizations to validate their processes is to identify processes where outputs cannot be verified. The organization should make a list of such processes where verification is not possible.
Document procedures for validation of processes. The organization should document a procedure that explains the validation of processes, along with defined responsibilities. An organization can document a procedure by inclusion of the following:
- Criterion that defines the review and approval process of the validation program.
- Equipment qualification, also known as installation qualification, to show that the equipment is conforming at the installation stage, and is qualified with the help of the equipment manufacturer’s approved specifications. It is the initial qualification of the equipment for the provision of necessary services.
- Personnel qualification, which means that the operators who are supposed to run the equipment are well-qualified based on trainings, practical performance evaluations, etc.
- Utilization of testing methods and criterion for acceptance of process; for example, on a heat sealing machine for a finished package, seal strength can be a testing method, whereas acceptance of the process can be enumerated in terms of design requirements of the product, e.g., seal strength design tolerance of 3kg ± 1 kg. Testing is usually carried out on extreme cases; for example, in the case of a heat sealing machine, maximum dimensions and minimum dimensions of the package to be sealed are the extreme inputs for the process.
- A sampling plan should be identified for validation testing. The sampling plan should include sample size (number of items to be tested during validation) and acceptance criterion (number of items to be passed to make the process validated), and should be created based on valid rationale that is based on process-induced risk to the patient. High-risk processes should dictate a tightened sampling plan.
- Records for all the activities in the process validation cycle, including the approved specification records, testing records, review and approval records, training records, etc. Records should be legible, and traceable with samples and validation activity.
- The criterion for which there is a need for revalidation, for example, some defined number of units of production, change in process or machinery, after a certain time interval, etc.
- If the process is being changed, the approving authority for the change has to be defined.
Document procedures for validation of computer software. The organization should create a procedure that explains the validation of computer software used in production of medical devices and related services, along with defined responsibilities. The procedure can include the frequency of software validation, which is based on the level of risk that may affect the ability of the product to meet the desired specifications. Records of the software validation results shall be maintained, along with a conclusion and, if required, necessary actions from the validation. Records of validation results can include screenshots of software inputs and outputs during validation testing and a list of actions arising from validation results.
Document procedures for validation of sterilization and sterile barrier systems. The organization should develop a procedure that describes the validation of sterilization and sterile barrier systems, along with defined responsibilities. Sterilization is the process of removing biological agents from medical devices, whereas a sterile barrier system is the system that protects sterilized medical devices from biological agents during packaging, storage, and distribution. Both of these processes must be validated before implementation of the process or any changes being made to it. The ISO 11607 standard (Packaging for terminally sterilized medical devices) provides specifications of test methods for materials, sterile barrier systems, and packaging systems that are projected to maintain the sterility of terminally sterilized medical devices until the point of application. Therefore, the procedure should also be compliant with ISO 11607 for providing a robust validation of sterile barrier systems. Records of validation for both sterilization and sterile barrier systems must be maintained (e.g., gross leak detection test, dye penetration test, seal strength test, or burst test). Learn more about the sterilization process in the article How to manage the medical device sterilization process according to ISO 13485.
Process validation – A discipline for medical device manufacturers
Process validation is vital for medical device manufacturers, and can be thought of as a stand-alone discipline. ISO 13485 has specifically mandated requirements for process validation, for identifying the processes where verification cannot be done, for processes affected by computer software in production, and for sterilization and sterile barrier systems. Process validation helps organizations to avoid uncertainty in the production of sensitive devices, and for critical value-added services like computer software and sterilization.
Process validation enables organizations to ensure that processes operate effectively and do not produce defective outputs. Therefore, validated processes have qualified personnel, qualified equipment, process parameter controls, and additional record-keeping protocols. The fulfillment of ISO 13485 process validation requirements gives manufacturers, suppliers, and customers the necessary confidence to keep the business cycle running.
Use this free Diagram of ISO 13485:2016 Implementation Process to plan implementation of production process validation.
