Home | Contact Us | Newsletter | Usersclub | Books | Audio Seminars

Can Vendors Provide 'FDA Compliant' Software?

Vendors of software and computer systems frequently advertise their products as 'FDA approved', 'FDA Compliant', 'Part 11 Compliant' or 'Certified for FDA Compliance". The questions is if such statements are accurate. There is no doubt that companies and individuals with little or no understanding of regulations and computer validation are impressed. They purchase software and install it and expect to pass FDA inspections.

Computer validation professionals are not impressed by such statements, even less FDA inspectors. Just the opposite happens: companies making such statements are easily recognized as having little or no knowledge about regulatory requirements. And FDA officials state that people need  to be wary of claims that a vendor may have that it is somehow FDA-approved. 'FDA compliance' does not only mean that software has the functionality, it also means that the software and complete system is installed, validated and operated in compliance with the regulations. This also means the operators should be trained to use the software in FDA compliant manner. The best a vendor can do is to state that the software has the technical functionality that will allow the user to operate the software and system in compliant manner.

Recommendations from an FDA/Industry-Training

This Question also came up during an FDA Industry Training back in 2003.

Question from the chairman: "Whenever there is a gap or a void in the market somebody jumps in and sells something. So the question gets to be - there are probably going to be, if there are not already, companies that will sell you systems that will help a company to comply with part 11 through encryption and so on. Does the FDA improve or endorse any of those?"

Answer from the FDA official: "No we don't. We don't get into that business. In the same manner that we don't approve or disapprove specifically equipment that companies use to manufacture FDA-regulated products. So people need to be wary of claims that a vendor may have that it is somehow FDA-approved. I think the best thing that a prospective vendor can do is simply compare and contrast the features that they have in their product with part 11 requirements and let a prospective buyer make up his own mind."
(Labcompliance Usersclub members can watch a video clip with this quote

Recommendations from Labcompliance

  • Users should write specifications for the intended system including user requirement specifications and functional specifications, or combine them in one document and call them system requirement specifications. In preparation for this users can ask the vendor if they can provide them with a list of functional specifications of the software.
  • Users should include regulatory requirements in the specifications, e.g., audit trail for 21 CFR Part 11.
  • Users should ask the vendor to respond to the specifications list. Answers related to regulations should include some statements on how requirements are met or or how services are delivered.
  • Users ask vendors about their software development processes and how the software has been qualified during development. Special focus should be on testing, because the more documented evidence of testing a user has on testing at the vendor site, the less testing is required at the user's site.
  • Users should ask vendors how they can assist a user during validation at the user's site. This could be test scripts, SOPs or services for complete IQ/OQ.
  • For vendors we recommend to prepare a table with regulatory requirements, e.g., 21 CFR Part 11 and a description of how each requirement is built into the software or delivered as a service.
  • Vendors should never advertise products as 'FDA approved' or 'FDA compliant' While they may impress companies with little experienced in computer validation, they will loose their reputation at more knowledgeable companies. Instead include phrases like: "Has functions to enable Part 11 compliance", "With built in functionality for GMP, GLP and Part 11", "Part 11 Ready",
  • Vendors should support their statements about functionality with a functional specifications document and technical papers describing in more detail how the functionality is built.

For more information on vendor/user relationship and to get SOPs on how to qualify vendors and to get reference papers on vendor contributions, we recommend to attend the audio seminars
Assessment of Software and Computer System Suppliers  and
How to get the most out of Supplier Support  for Equipment and Computer Validation


E-mail this page