How Ketryx validates Ketryx and packages the evidence your QMS relies on

Why do customers request validation

Standards, regulations, and guidances such as ISO 13485, 21 CFR 820, and the FDA Guidance on Computer Software Assurance for Production and Quality System Software require validation of any software used within development and quality systems of medical devices. Because software errors can lead to significant patient risk, validation provides documented confidence that tools are reliable, function as intended, and consistently produce correct results across their lifecycle.

To meet these regulatory expectations and accelerate their own adoption of Ketryx, many customers request our validation package. It gives their teams turnkey, audit-ready documentation that dramatically reduces the time, effort, and cost typically required to validate a new system. This helps teams onboard faster, streamline compliance activities, and lower the burden on internal resources.

How do we validate Ketryx

Ketryx validates the Ketryx Platform under a UL-certified quality management system and ships every major and minor release with a customer‑shareable validation package. Most customers either accept Ketryx’s validation as supplier documentation or add a light layer of internal, use‑case testing. This page summarizes the approach and what you’ll receive. 

Why our validation is trustworthy

Ketryx operates under an ISO 13485– UL-certified quality management system  and aligns day‑to‑day lifecycle practices with IEC 62304 and ISO 14971. Our releases are validated continuously; the evidence is version‑controlled, independently reviewed by Quality, and preserved with immutable audit trails. Validation documents are ready for auditors and easy to file in your validated‑tools or supplier records. 

Ketryx is also developed, maintained, and deployed using Ketryx itself, strengthening our own processes, accelerating product improvement, and helping us identify new opportunities to support customers.

For a deeper narrative and the decision framework behind this approach, see the companion post, “How to Validate Ketryx.”

Common paths customers take

Customers typically rely on our UL-issued certifications to complete a vendor assessment before adopting Ketryx. Our certification to ISO 13485, IEC 62304, and ISO 14971 demonstrates that Ketryx operates under a mature, externally validated quality management system.

Because Ketryx aligns with key medical device standards and delivers transparent, continuously validated releases, it is generally considered a low-risk vendor. In line with CSA guidance, vendor assessments should be tailored to the level of risk. Depending on your intended use of Ketryx, the scope of your risk assessment may vary.

Many customers simply accept Ketryx’s validation because Ketryx operates under a UL certified QMS and aligns day‑to‑day lifecycle practices with IEC 62304 and ISO 14971. With Ketryx as a validated supplier, audit ready validation documentation along with rationale can be used as an effective package. 

Some teams prefer to layer in a small amount of use‑case testing in addition to Ketryx validation, this is helpful to confirm a few business‑critical flows without recreating the entire validation. These teams reference the Ketryx package as the foundation and run a few workflow checks that are specific to their configuration, often around roles, permissions, or key integrations. 

Both paths are fast and transparent. 

What’s in the customer validation package

Your validation package includes the following as versioned PDFs and Excel files:

• The Requirements Traceability Matrix references use‑case requirements to their design inputs, outputs, and verification and validation tests, allowing you to see coverage and results at a glance. 
• The Release Notes explain the version, deployment date, notable changes, known limitations, and any migration or rollback information so you can understand exactly what shipped in plain language. 
• The Software Requirements Specification (use‑case only) captures testable use cases and behavioral expectations that define your intended use; it deliberately excludes confidential design inputs/outputs and architecture details. 
• Finally, the Testing Report provides the narrative of execution: the manual and automated runs mapped to the scoped use cases; the objective results; any defects discovered with their resolution; and the final disposition. 

Together, these documents tell an audit‑ready story for each Ketryx release.

Our validation approach (how we get there)

We start with intended use and risk. That lens determines the scope of validation, what matters for safety, data integrity, and regulatory compliance, and keeps the effort focused on outcomes that auditors and end users care about. From there, we maintain a controlled set of customer‑facing use‑case requirements as the externally shareable subset of the SRS. These use cases are linked end‑to‑end to configuration items, tests, and releases so that every change has traceable evidence behind it. Execution is proportional to risk and combines manual and automated testing, with special attention to roles, permissions, and electronic signatures. Quality independently reviews the evidence and records the release decision. When changes occur, we scale revalidation by impact: low‑risk updates still preserve the validated state and audit trail, while higher‑impact changes prompt deeper verification.

How to adopt this

To use Ketryx’s validation package, within your QMS file Ketryx validation certifications along with the RTM, SRS (use‑case only), Testing Report, and Release Notes for the relevant version, then add a short rationale stating that this evidence is sufficient for your intended use and risk profile. 

If you prefer to layer in a small amount of use‑case testing in addition to Ketryx validation, identify three to five workflows you rely on, run them in your configured environment, and record the outcomes, brief notes or screenshots are enough. Reference Ketryx’s package as the baseline and conclude with whether any additional mitigation is required. This keeps your effort lean while giving stakeholders high confidence.

We update the documents for every major and minor release, and auditors routinely accept them as supplier documentation when paired with your short internal rationale. If you rely heavily on integrations such as Jira or GitHub, include a quick check of those paths in your light validation layer. 

Talk to us

If you’d like a short walkthrough of our approach to validation, get in touch. Current customers can request our validation documentation here. We’ll provide the latest RTM, SRS (use‑case only), Testing Report, and Release Notes for the current release, along with guidance on how teams typically file and reference these materials.