Let's be honest – the vast majority of software engineers are numbers people. What they're good at – and indeed what they earn their money doing – is creating solutions out of data, programmes and figures, not dealing with nuances and interpretation of language. But when it comes to the testing of medical device software, language is important, in particular the distinction between 'validation' and 'verification'.

The US Food & Drug Administration (FDA) in its 2002 General Principles of Software Validation points out that many software engineering articles and textbooks use the terms verification and validation interchangeably. Alternatively, software verification, validation and testing (known as VV&T) are commonly seen as a single concept, with no distinction made between the three terms.

But, while the FDA does make it clear in its guidance that these are, and should be treated as, separate and distinct terms, it does not emphasise this difference, meaning that, for many firms creating medical device software, particularly newcomers to what is a burgeoning industry, what is in fact a very important distinction can sometimes get lost.

"The document does not do a good job of differentiating actual verification and validation activities," warns medical device software engineer Robert Nadler. "It just calls everything validation."

The FDA, to be fair, in the guidance defines software verification as being the process that "provides objective evidence that the design outputs of a particular phase of the software development life cycle meet all of the specified requirements for that phase". Software validation, by comparison, it argues "is a part of the design validation for a finished device, but is not separately defined in the Quality System regulation".

Therefore, for purposes of the General Principles of Software Validation, the FDA argues software validation to be the "confirmation by examination and provision of objective evidence that software specifications conform to user needs and intended uses, and that the particular requirements implemented through software can be consistently fulfilled".

How well do you really know your competitors?

Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.

View profiles in store

Company Profile – free sample

Thank you!

Your download email will arrive shortly

Not ready to buy yet? Download a free sample

We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form

By GlobalData

Submit

UK USA Afghanistan Åland Islands Albania Algeria American Samoa Andorra Angola Anguilla Antarctica Antigua and Barbuda Argentina Armenia Aruba Australia Austria Azerbaijan Bahamas Bahrain Bangladesh Barbados Belarus Belgium Belize Benin Bermuda Bhutan Bolivia Bonaire, Sint Eustatius and Saba Bosnia and Herzegovina Botswana Bouvet Island Brazil British Indian Ocean Territory Brunei Darussalam Bulgaria Burkina Faso Burundi Cambodia Cameroon Canada Cape Verde Cayman Islands Central African Republic Chad Chile China Christmas Island Cocos Islands Colombia Comoros Congo Democratic Republic of the Congo Cook Islands Costa Rica Côte d"Ivoire Croatia Cuba Curaçao Cyprus Czech Republic Denmark Djibouti Dominica Dominican Republic Ecuador Egypt El Salvador Equatorial Guinea Eritrea Estonia Ethiopia Falkland Islands Faroe Islands Fiji Finland France French Guiana French Polynesia French Southern Territories Gabon Gambia Georgia Germany Ghana Gibraltar Greece Greenland Grenada Guadeloupe Guam Guatemala Guernsey Guinea Guinea-Bissau Guyana Haiti Heard Island and McDonald Islands Holy See Honduras Hong Kong Hungary Iceland India Indonesia Iran Iraq Ireland Isle of Man Israel Italy Jamaica Japan Jersey Jordan Kazakhstan Kenya Kiribati North Korea South Korea Kuwait Kyrgyzstan Lao Latvia Lebanon Lesotho Liberia Libyan Arab Jamahiriya Liechtenstein Lithuania Luxembourg Macao Macedonia, The Former Yugoslav Republic of Madagascar Malawi Malaysia Maldives Mali Malta Marshall Islands Martinique Mauritania Mauritius Mayotte Mexico Micronesia Moldova Monaco Mongolia Montenegro Montserrat Morocco Mozambique Myanmar Namibia Nauru Nepal Netherlands New Caledonia New Zealand Nicaragua Niger Nigeria Niue Norfolk Island Northern Mariana Islands Norway Oman Pakistan Palau Palestinian Territory Panama Papua New Guinea Paraguay Peru Philippines Pitcairn Poland Portugal Puerto Rico Qatar Réunion Romania Russian Federation Rwanda Saint Helena, Ascension and Tristan da Cunha Saint Kitts and Nevis Saint Lucia Saint Pierre and Miquelon Saint Vincent and The Grenadines Samoa San Marino Sao Tome and Principe Saudi Arabia Senegal Serbia Seychelles Sierra Leone Singapore Slovakia Slovenia Solomon Islands Somalia South Africa South Georgia and The South Sandwich Islands Spain Sri Lanka Sudan Suriname Svalbard and Jan Mayen Swaziland Sweden Switzerland Syrian Arab Republic Taiwan Tajikistan Tanzania Thailand Timor-Leste Togo Tokelau Tonga Trinidad and Tobago Tunisia Turkey Turkmenistan Turks and Caicos Islands Tuvalu Uganda Ukraine United Arab Emirates US Minor Outlying Islands Uruguay Uzbekistan Vanuatu Venezuela Vietnam British Virgin Islands US Virgin Islands Wallis and Futuna Western Sahara Yemen Zambia Zimbabwe Kosovo

Industry * Academia & Education Aerospace, Defense & Security Agriculture Asset Management Automotive Banking & Payments Chemicals Construction Consumer Foodservice Government, trade bodies and NGOs Health & Fitness Hospitals & Healthcare HR, Staffing & Recruitment Insurance Investment Banking Legal Services Management Consulting Marketing & Advertising Media & Publishing Medical Devices Mining Oil & Gas Packaging Pharmaceuticals Power & Utilities Private Equity Real Estate Retail Sport Technology Telecom Transportation & Logistics Travel, Tourism & Hospitality Venture Capital

Tick here to opt out of curated industry news, reports, and event updates from Medical Device Network.

Submit and download

Visit our Privacy Policy for more information about our services, how we may use, process and share your personal data, including information of your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.

Key differences between validation and verification

Verification tests whether: a product delivers the required functionality to the customer.

Validation tests whether: the functionality of a product, as defined through verification, is the intended behaviour of that product.

Testing for verification typically requires: reviews and evaluation of documentation and plans, evaluation of any codes and specifications, running through of checklists, walk-throughs of the software and inspection meetings. Verification will normally take place before validation, not vice versa.

Testing for validation typically requires: actual testing of the software itself, normally once any verification process has been completed.

Objective evidence for software testing

In more detail, the FDA argues that software verification is the process of providing objective evidence that the design outputs of a particular phase of the software development lifecycle meet all of the specified requirements for that phase. Software verification, it adds, looks for consistency, completeness, and correctness of the software and its supporting documentation, as it is being developed, and provides support for a subsequent conclusion that software is validated.

Software testing is one of many verification activities, as are static and dynamic analyses, code and document inspections and walkthroughs, among other techniques. What the FDA means, through its definition of software validation above, by contrast, is that software validation activities may occur during, as well as at the end of the software development lifecycle to ensure that all requirements have been fulfilled.

Since software is usually part of a larger hardware system, the validation of software typically includes evidence that all software requirements have been implemented correctly and completely, and that they are traceable to system requirements. A conclusion that software is validated, stresses the FDA, is highly dependent on comprehensive software testing, inspections, analyses and other verification tasks performed at each stage of the software development lifecycle.

"Testing of device software functionality in a simulated use environment, and user site testing are typically included as components of an overall design validation program for a software automated device," it emphasises.

However, the FDA is realistic enough to recognise that a developer cannot test forever. In large measure, therefore, software validation is a matter of developing a "level of confidence" that the device meets all requirements and user expectations for the software automated functions and features of the device. Measures such as defects found in specifications documents, estimates of defects remaining, testing coverage, among other techniques, are all therefore integral to developing an acceptable level of confidence before shipping the product.

But, stresses Nadler, this is a nuance that is more often than not lost on software developers. Software vocabulary is constantly changing and, certainly, has changed a lot since the 2002 publication of the guidance.

The issue, he argues, is much more important than an arcane debate over semantics. It is about communicating to developers that software testing needs to incorporate both elements: verification and validation. "The fact that the FDA does not particularly distinguish between validation and verification within its syntax is not really the issue," he explains. "The issue is to create a distinction between the intent of the testing, so it is clear what it is you are supposed to be doing in terms of verification and validation.

"The problem is that for engineers or quality systems people putting together procedures, you have to look very closely at what the intended process is rather than the words they are using. It is all a question of interpretation. It is not that the FDA needs to rewrite its documents, what is needed really is more of a distinction between the documents," he adds.

"Verification is answering the question of whether the engineer has built the product right, but that does not answer the question of whether or not the right product has been built, which is completely different. You can build the right product according to the specification but you still have to ask the question whether it is the right product, and the testing requirement for these questions will be different.

"A medical device software developer, for example, has to put together tests that will answer those questions. So it is about answering 'what do you need the product to do?' as well as whether it meets all the regulatory specifications."

Nadler explains that the biggest problem in the lack of distinction between these two phrases is for those companies that have not been in the medical device industry before and are coming into it. In developing software that may have a medical device application, companies have to be prepared to encounter and go through a level of scrutiny and testing that can be immense.

"Validation and verification are part of a much broader quality systems issue, an issue that has to be put into place company-wide," he explains. "If your company or organisation has not developed medical devices you will need to be putting in place the quality systems to answer both these questions and produce the documents that address all these issues. Verification and validation can, in this sense, be a very big issue.

"Putting in place validation and verification processes, particularly when you have not done it before, can be hard and you have to spend time on it and pay close attention to the details. You have to understand the validation and verification intent and not just get caught up in the vocabulary issues. The reality is that it is a much broader issue than just creating software for medical devices."

Regulatory hurdles and tough scrutiny

Anyone creating and developing medical device software needs to come into it with their eyes fully open and recognise the regulatory and oversight hurdles – including verification and validation – they will need to jump, Nadler says. "The scrutiny of software over the past 25 years has become much tougher," he concludes. "Just as the industry has changed, so the FDA has put more scrutiny on to it. Your models of software development need to take into account issues of validation and verification.

"We of course do not know where the FDA is going to go with respect to software testing in the future. Either way, software engineers need to be aware of the broader picture and, hopefully, the vocabulary that describes this will in time become more precise. If you are going to develop FDA-regulated software you have to have a quality system in place that you can follow and which covers these issues. You have to have high-quality, reliable software."

Sign up for our daily news round-up!

Give your business an edge with our leading industry insights.

Sign up