Software Verification vs. Validation

For some reason it just really bugs me that these two terms are incorrectly interchanged so frequently.

Part of the problem is that the document General Principles of Software Validation; Final Guidance for Industry and FDA Staff (2002) does not do a good job of differentiating actual verification and validation activities. They just call everything validation.

The recent MD&DI article Building Quality into Medical Device Software provides a pretty good overview of the these regulatory requirements, but is a another case in point.  The article talks about "software validation" at every step just like the FDA document.

Another similar article on this subject is Software Validation: Turning Concepts into Business Benefits.  It is also confused. e.g. (my highlight):

... software validation involves the execution of tests designed to cover each of the specific system requirements.

No, testing specific requirements is a verification activity! It's no wonder most people are confused.

These definitions, Difference between Verification and Validation, are better as they highlight the sequencing of activities:

Verification takes place before validation, and not vice versa. Verification evaluates documents, plans, code, requirements, and specifications. Validation, on the other hand, evaluates the product itself.

From here (warning PDF):
verification vs. validation

Validation activities (usability testing, user feedback, etc.) are much harder to define, execute, and document properly than most verification testing.

Here are the golden rules:

Verificationwas the product built right?

Validation: was the right product built?

I guess I should get over it...

UPDATE (5/12/09):  Good definitions from here: Diagnosing Medical Device Software Defects Using Static Analysis:

Verification and validation are terms that are often used in software. However, it is important to understand the difference between these two distinct but complementary activities. Software verification provides objective evidence that the design outputs of a particular phase of the software development life cycle meet all of the specified requirements for that phase by checking for consistency, completeness, and correctness of the software and its supporting documentation. Validation, on the other hand, is the confirmation by examination and provision of objective evidence that software specifications conform to user needs and intended uses, and that the particular requirements implemented through software can be consistently fulfilled.

UPDATE (8/6/09):  The importance of proper V&V can not be overstated. The FDA is watching: FDA still enforcing regulations for validation of enterprise software.

UPDATE (2/11/10): I just noticed that the guidance document link on the FDA site was changed and fixed it. When I reviewed the document I found that even though it was "issued" in Jan. 2002 it had been recently updated (11/6/09). The later sections (4, 5, and 6) still use the term validation generically, but the updated document does distinguish between verification and validation:

3.1.2 Verification and Validation

The Quality System regulation is harmonized with ISO 8402:1994, which treats "verification" and "validation" as separate and distinct terms. On the other hand, many software engineering journal articles and textbooks use the terms "verification" and "validation" interchangeably, or in some cases refer to software "verification, validation, and testing (VV&T)" as if it is a single concept, with no distinction among the three terms.

Software verification provides objective evidence that the design outputs of a particular phase of the software development life cycle meet all of the specified requirements for that phase. Software verification looks for consistency, completeness, and correctness of the software and its supporting documentation, as it is being developed, and provides support for a subsequent conclusion that software is validated. Software testing is one of many verification activities intended to confirm that software development output meets its input requirements. Other verification activities include various static and dynamic analyses, code and document inspections, walkthroughs, and other techniques.

Software validation is a part of the design validation for a finished device, but is not separately defined in the Quality System regulation. For purposes of this guidance, FDA considers software validation to be "confirmation by examination and provision of objective evidence that software specifications conform to user needs and intended uses, and that the particular requirements implemented through software can be consistently fulfilled." In practice, software validation activities may occur both during, as well as at the end of the software development life cycle to ensure that all requirements have been fulfilled.

This entry was posted in FDA, Software Quality and tagged . Bookmark the permalink.

28 Responses to Software Verification vs. Validation

  1. Illes says:

    So can we say that validation checks if the product requirements (derived user/marketing/manufacturing/servicing/etc requirements) were fulfilled or not?

  2. andy says:

    I’d say yes and no, validation is confirming that your system requirements are in line with what the users need (and want). You can build the worlds greatest notepad application, but it isn’t valid if the users really need/want “paint”…

    The notepad can be verified as consistent with the requirements, but it won’t be valid.

  3. Mike Tymm says:

    At another level, how do you differentiate between the “validation” of the product and software requirements, and the “verification” of the product software design. Do you consider this one activity or two? An implementation may meet the written requirements, but not the specified design, or vice versa.

  4. Bob says:

    @Mike The two activities are very different because the questions you’re asking are different. As you said, it is very possible that verification is successful (the product was built to spec.) but validation fails because the wrong product was built. This of course means that the requirements did NOT match the intended use of the device. This is why it’s critically important to that the two questions be considered separately.

  5. Biswajit Dey says:

    So, Can I say that Verification is what we are technically reviewing / testing the product at our end, while the Validation is testing done by the Client end of the same product

  6. andy says:

    @Biswajit:
    Not really – well you could, but it would be poor work practice (in my opinion). Performing V&V only at the end (which you seem to be implying) means that you could spend quite a lot of time building the completely wrong product, because your specs are wrong.

    V&V should be performed continuously throughout the development process so the correct any deviation (from both the indented product and the spec) at the earliest time possible.

    This is of course a question of development methodology and is definitively a matter of “to each his own”. There are best practices, but no gold standards…

    However, it seems that software developers have to reminded of the two v’s every now and then…

  7. Biswajit Dey says:

    Thanks Andy…that was great, but I wanted to have one more clarification, that, in a development life cycle for any phase if I reviewing any work product technically / non-technically at my end, is that is Verification process & if the same thing is performed by the client for the same phase, is that is a Validation process.?

  8. Biswajit Dey says:

    Can any one of you confirm me about the above statement ?

  9. Bob says:

    @Biswajit The whole point of differentiating verification and validation is to make sure the right questions are being asked. As Andy said, there is no gold standard for how this is done. All the FDA cares about is that these questions are adequately answered.

  10. Prashant says:

    Biswajit, Verification & Validation (V&V) is a job that is defined for two different departments, Verification is always carried out by Developers where as Validation is carried out by Testers.
    In case developer is not available then tester may do the Verification if she/he has some technical hands.

    In SDLC for any phase if u r reviewing any work product technically / non-technically at us end, It is Verification/Validation respectively.
    ur Q) If the same thing is performed by the client for the same phase, is that is a Validation process.?
    A) Client will not see the product Technically (check the code until n unless client is technical) and hence can not conduct Verifcation, so It would always be Validation.

  11. Ramesh chandran says:

    Verification means checking whether the product is going to meet the requirement, checking involves reviews, meetings etc.

    Validation means checking whether the product meets the requirement, here checking means different types of testing.

  12. MK says:

    OK, so which is a correct line in a test case?
    Verify the date must be entered in the mm/dd/yyyy format?

    or

    Validate that the date must be entered in the mm/dd/yyyy format?

  13. DL says:

    Verification: “have we built the system right?”

    Validation: “have we built the right system?”

  14. Sam says:

    Only if the product is Right(Valid) , we should build it in a Right Way(Verify).
    There is no use in Building a Wrong product(Validation) in a Right way(Verification).

  15. James says:

    When I worked for a medical device company, I believe we used “verify” at multiple points. For example, the design was verified against the requirements and software was verified against the design. We tested that system-level requirements were met by running a system verification test of the completed product. Validation, on the other hand, was done by “real” end users (in controlled settings) and was only done on the final product (although the testing was sometimes limited to a single (new) feature).

  16. Tom says:

    I’ve worked at a med device company as well and their quality system differentiates between the two. However, in practice, when you hear the term V&V it almost ALWAYS means verification. Using the common definitions of the terms, validation should have been performed WAY before the first software drop to T&E – and T&E are generally NOT the right people to evaluate usefulness to the end user. They are not system analysts and typically have no contact with the users. Honestly, if you’ve already built your system before you realize the system requirements don’t meet the real user needs…well, someone should lose their job. There is no reason to wait until the System Testing phase to make that determination.

  17. Van says:

    Remember the Phrase: “The END justifies the MEAN” ? It was meant to say, as long as you can achieve the END result, you can do whatever you want. In QA, specifically V&V, we are saying to pass Quality Assurance, “The right END must be achieved through the right MEAN”

    In the context of QA, you don’t want just to assert you have arrived at the END result, you also want to ensure the WAY you achieve it complies with specific standards, rules, the right ingredients set forth.

    All definitions on Verification/Validation do not have anything wrong. They just keep listing the objects that would goes behind these two verbs, such as some artifacts, without stressing the fact that the artifacts goes behind Verification is associated with the method/way/ingredients, whereas the artifacts goes behind the verb Validate is associated with the end product that is produced by the method/way/ingredients!

    They just do not delivery the intended IMPACT for understanding like this: “You VALIDATE the END, and you VERIFY the MEAN”

  18. Pingback: To Validate and Verify: Software Issues Solved | Bob on Medical Device Software

  19. Pingback: The Software Quality Balancing Act | Bob on Medical Device Software

  20. Jet says:

    So verification is the process of validation. You verify the requirements are met to confirm the product was developed correctly.

  21. Alexey says:

    Guys, it is impossible to distinguish them. When you test software, you test it against requirements (written or implied). If written requirements do not agree with intended use, this is requirements verification, not validation. There is no point in two terms.

  22. Hi there, You have done a great job. I will certainly digg it and personally suggest to my friends. I am sure they will be benefited from this site.

  23. Rickson says:

    Hi guys.
    Thank you for that informative blog.

    Could you please give some more examples for SW validation techniques? I guess fault injection belongs to those. But what else?

  24. Tom Mariner says:

    Verification — prove the product or product part met the requirements or mitigated a risk. (and vice versa — developers can’t just put in a feature.)

    Validation proves the product is fit for clinical use. And remember to cover normal and abnormal cases and have it done by somebody schooled in the medical art.

  25. Stefan says:

    Hi. Qualification: I just started reading QA terminology a few days back.

    Bob said above part of the problem is that many sources do not properly use the terms. I believe the other part is the terms themselves. Outside of software QA, ‘validation’ and ‘verification’ definitions are very, very close. QA conventions attach esoteric definitions to each term that are subtly different than the standard definitions, yet still similar to each other.

    Ouch!

    So, use terms that stress the differences, and don’t muddle the differences by sounding so similar to the untrained ear.

    Terms, not words, would be an improvement. For example:

      verification >> software-accuracy-determination*, and
      validation >> specification-conformance-determination**.

    Ugly and awkward, but way better than short and confusing.

    And, I’m sure my naive attempt will catch on, and QA will forever be changed 🙂

    * So, does the software and all documents along the way accurately meet the requirements, regardless of whether or not the requirements properly describe the desired product? The developers answer this.

    ** And, do the specifications, including requirements, properly describe the desired product? The users answer this.

  26. shibu kallidukkil says:

    The ultimate goal of the verification activities is to confirm by objective evidence through testing of the design outputs and interim design outputs,and design reviews that the design outputs and interim design outputs meet the design input (functional and operational) requirements.

    The ultimate goal of validation activities are confirmation by examination and provision of objective evidence that final device conform to user needs and intended uses.

  27. Robert says:

    Hi,
    I am preparing for QA exam and one of the topics is verification and validation. However they define it this way
    “Verification answers, “Did we build the right system?” Validations answers, “Did we build the system right?”

    This does not seem right and every site I find, including this one tells me the same. Help would be appreciated.

    Thank you,
    Robert

  28. Pingback: Full Cycle Teams in a FDA regulated setting | Bob on Medical Device Software

Leave a Reply

Your email address will not be published. Required fields are marked *