Biomedical Engineering Reference
In-Depth Information
validate the software and to maintain the validated state. Such gaps
should be measured against the requirements identifi ed below.
Following the package assessment, initial risk assessment, supplier
assessment and gap analysis, it will be possible to develop a suitable
validation plan. This will often be quite unlike the validation plan
prepared for a traditional commercial software package and regulated
companies need to be wary of trying to use a traditional validation plan
template, which may be unsuited to the purpose. It is important that the
validation plan refl ects the specifi c nature of and risks associated with
open source software, which is also why it is so important to involve
experienced validation resources in the planning.
21.5 Risk management and open
source software
As with any software application, in order to be cost-effective the
validation of open source software should take a risk-based approach.
This should follow established industry guidance such as ICH Q9, ISO
14971 or specifi cally the risk management approach described in
appendix M3 of the GAMP ® Guide.
An initial risk assessment should be conducted, as outlined in Figure 21.3,
to facilitate the validation planning as described above. This should
determine the overall risk severity of the open source software (with a focus
on risks to patient safety, product quality and data integrity) and should
consider the risks that result from both the package and supplier assessment.
As part of the implementation or adoption of open source software, a
detailed functional risk assessment should be conducted as described in
the GAMP ® Guide. This is the same process as for any other software
package and should focus on the risk severity of specifi c software
functions. This is in order to focus verifi cation activities on those software
functions that pose the highest risk.
However, with open source software, additional package and supplier
risks may need to be considered as outlined above. Although the nature of
the open source software will not change the risk severity, there may be
specifi c issues that affect risk probability or risk detectability. These include:
￿ ￿ ￿ ￿ ￿
an increased risk probability
￿ where novel open source software is being used,
￿ due to poor (or unknown) software quality,
 
Search WWH ::




Custom Search