Software V&V and CyberSecurity

Software V&V

Whether it be by way of measuring vital signs by monitors, the use of pumps, pacemakers or defibrillators or simply by the use of software in the manipulation, analysis or verification of data, imagery generating, measurements, identification of targeted regions and analysis (use of a signal or alarm) of results, all equipment must be operational, effective and reliable at all times, otherwise the patients’ health will undoubtedly be affected.

Consequently, the verification and validation of software is a critical element in obtaining the best possible performance of the products enumerated above and for meeting technical, regulatory, and standards-based requirements.

Moreover, new sentences in the ISO 13485:2016 specifically Clause 4.1.6. have caused quite some turmoil in the medical device industry. They specify that all computer systems involved in the life cycle of a medical device must be validated. This includes not only process software, but also other software such as DMS and QM solutions.

LOK North America possesses all the necessary assets to guide its clients in assuring a viable and stable operation of their software or any other software that the industry’s manufacturers may develop or use in the life cycle of their products, the whole in view of commercializing their medical device in the near future.

In practical terms:

  • In respect of products per se, we may accompany our clients in the validation and verification of many systems or Software as Medical Devices (SaMD); ranging from colonoscopy systems to software dedicated to the manipulation, analysis, verification of patients’ data as well as Artificial Intelligence and machine learning driven SaMDs.
  • In respect to computer systems used in the quality management system, LOK North America can assist clients with the creation of procedures and SOPs to document the validation of computer software used in production, help with the verification and validation of such computer software and adapt their process specifications to the new requirements and train their employees.


Regulators around the world have started to set regulatory requirements regarding cybersecurity and data privacy. We are ready to assist you tackle cybersecurity and data privacy risks and in the implementation of USA, European and Canadian Cyber security requirements for medical devices. In practical terms, this includes:

  • Development of SOPs specific to HIPAA, PI PEDA and GDPR requirements
  • Suppliers Qualifications and Audit
  • Assessment of cybersecurity risks
  • Identify gaps in IT security and architecture and provide recommendations