I had always been under the impression that there was an expectation by the
FDA that Source Code Reviews would be performed on all systems. Personally
I thought this was always somewhat over the top. I think the requirement
for source code reviews should be based on :
- Supplier's experience with the product / system - i.e. have they ever
implemented the system before ? How many times and in what industries. Is
the code totally bespoke or made up from "standard" modules with proven
history ?
- For existing systems, the requirement should be based on some form of
system performance appraisal (Performance Review). What is the point in
performing a review on a system that has been trouble free for the last 10
years ?
It seems more valuable to me to perform source code reviews when there are
known problems with the system. At Bovis Tanvec, we do perform Source Code
reviews, but often they can only be simple checks for adherance to
programming standards, namely correct naming conventions, annotations and
commenting.
I would appreciate any comments on this.
--------------------------------------------
Ian Dangerfield
idangerfield@tanvec.com
Bovis Tanvec Ltd
--------------------------------------------
|