I received an interesting comment to my previous post on securing intellectual property, the question being whether TFS meets the requirement of FDA compliance.
Let’s think about it for a second. What kind of software is FDA concerned with? Software used in or with medical devices, which obviously does not include TFS or say, Visual Studio compiler.
But FDA does recognize the importance of tools used in process of development of medical software. As part of FDA software validation process (as described in General Principles of Software Validation document), the tools of trade needs to be validated as well:
Software tools are frequently used to design, build, and test the software that goes into an automated medical device. Many other commercial software applications, such as word processors, spreadsheets, databases, and flowcharting software are used to implement the quality system. All of these applications are subject to the requirement for software validation, but the validation approach used for each application can vary widely.
So you will say – you still have to do that validation whatever it might be (and if you have any past experience with medical software, you are probably not too excited about the prospect). Not exactly – because one has to draw a line somewhere.
Do you have to validate OS you use for development? C++ compiler you are using? That surely would be too much work, and FDA recognizes that, defining that the degree of validation for off-the-shelf software applications used in quality process depends – depends on risk posed by the specific software usage, role of the software in the process, vendor supplied information etc. (for more details, have a look at “Validation of off-the-shelf software and automated equipment”)
While I do not mean that your regulatory guys do not earn their bread and butter, the whole standard thing seems to be a little bit overrated. FDA is not that much of a boogeyman – for example, one of the principles of software validation document mentioned above is “least burdensome approach”. Meaning that the quality of the software is not necessarily measured by the weight of the documents you produce :).
And getting back to initial question – does TFS meet FDA compliance criteria? Yes it does, but specifics differ depending on TFS place in software development process and on how your regulatory read FDA documentation (with the latter usually being responsible for most grief; that’s why I recommend reading FDA guidelines yourself – to get magic out of the process and ask the educated questions).
And if anything, FDA documents are probably making much more sense than some unregulated documents I came across.