Hello, All,
We have an coding engineer with on-site support, he customized our design system by himself.
As a customization system, our IT engineers want to do code review and provide a report on it, but we don’t know what is the minimum requirement from regulatory view?
Anybody can help advise this?
Thanks in advance!
Jasmine
There’s no regulatory requirement specifically for code reviews that I’m aware of. Your question is a bit troubling in that it sounds like you want to throw “action” at a problem rather than have a well though-out V&V process.
There are numerous reasons why you might do a code review, including: assessment of compliance to coding standards, verification of low-level requirements (e.g., algorithms), supplemental verification support for safety-critical code, etc. What you do needs to be outlined in your Software Development Plan, elaborated further in your V&V plan, and then executed as planned.
If you do perform code reviews, it would be considered a design review / V&V activity so all procedural aspects apply (i.e., the unit under test / review needs to be baselined / configuration controlled, the review team identified, actions from the review captured and tracked to closure, etc.).
Hello, Mr. Yodon,
Thanks for your useful information.
By the way, could you please advise what is the meaning of V&V plan? (Validation and Verification Plan?)
Regards,
Jasmine
If you are talking about software that is or is in a medical device, you will need to have a plan for how Verification (confirmation by objective evidence that the requirements are met) and Validation (confirmation by objective evidence that user needs / intended use is met) will be conducted. This Plan outlines test approaches (which might include code reviews / inspections!), test materials required, environment, etc. This was my initial impression of what you were asking about but I may have jumped to a conclusion too soon.
If you are talking about software that is used in the manufacturing process (or supports the Quality System in some manner), the verification and validation are typically addressed through a Validation Master Plan (high-level approach), a Validation Plan (specific approach to how the system is validated), and then protocols.
These are pretty fundamental concepts. I don’t mean to sound harsh but if you don’t have anyone at your company that understands these, you may want to consider getting some outside help to provide guidance to ensure proper compliance.