The difference between validation and verification, especially in the context of Software as a Medical Device (SaMD), can be quite nuanced and often confuses many. This is largely due to the fact that various regulatory bodies like the FDA, and international standards such as IEC 62304 and IEC 82304-1, may use these terms in slightly different contexts.
In essence, verification and validation are two critical components of the product development process, each serving distinct purposes.
Verification is an activity that checks whether the software was developed according to the specified requirements. It typically involves code review, unit testing, integration testing, functional testing, and system testing. The aim is to ensure that the software product has been implemented correctly, following the predefined specifications. For example, in the context of a defibrillator, a verification test could check if the device generates the current at the defined strength, which is a basic requirement for it to function.
On the other hand, validation is an activity that confirms whether the software product meets the user’s needs and fulfills its intended purpose in the real world. This usually involves user site testing, which could encompass beta tests, site validation, user acceptance tests, installation verification, and installation testing. Additionally, validation could include usability engineering studies or human factors studies, as well as clinical evaluations or studies to demonstrate the safety and effectiveness of the medical device. For instance, in the case of an AI SaMD, it might involve demonstrating that the AI is effective in diagnosing certain conditions.
Using the defibrillator example again, validation could mean testing the device in the actual user environment (like a hospital) to ensure it performs as intended and meets the user’s needs.
The FDA’s guidance document on General Principles of Software Validation encapsulates both verification and validation activities under the term “software validation”. This is because it seeks to provide guidance on the principles that should be applied during the development or use of the software to ensure that the expected benefit is fulfilled. Thus, in the FDA’s context, software validation includes both traditional verification activities (such as unit testing, integration testing, etc.) and user site testing, which aligns more closely with the concept of validation in the IEC standards.
In conclusion, verification confirms that the product was built right (i.e., it meets the specified requirements), whereas validation ensures that the right product was built (i.e., it fulfills the user’s needs and objectives).