Validation of compiler and IDE - Why, when and how to? - Part 3
Coming back to the discussion about validating compilers and IDE, here are a few more comments I have on this topic.
I had the feedback of some readers who told me that it was perceived as mandatory to validate development tools.
No, this is not what I wanted to say!
Regulatory requirement in production process
Regulations require validating software involved in processes, but in a limited scope:
- 21.CFR.820.70 (a) requires monitoring and controlling production processes, and
- 21.CFR.820.70 (i) requires validating automated data processing systems,
- FDA guidance: General Principles of Software Validation provides guidance on the validation of automated process equipment and quality system software,
- In Europe, the regulation relies on the ISO 13485 standard, which has section 7.5 about validation of production processes, and their software.
Thus, these regulations and guidances are about production processes, only.
No regulatory requirement in development process
There's no regulatory requirement either in 21.CFR.820, or Medical Devices European Directive, for example, which tells you to validate software development tools.
There's no normative requirement either in IEC 62304, or more generally in ISO 13485.
Thus, validating tools used in a software development process is not mandatory.
The decision to validate development tools is only based on the conclusions of the risk assessment of the development process.