Presentation is loading. Please wait.

Presentation is loading. Please wait.

Orcanos Café עידכונים ודרישות חדשות בתחום התוכנה למיכשור רפואי, ובנושא פיתוח תוכנה רפואית ב- Mobile Orcanos Dec. 2013.

Published byMarquez Tea Modified over 10 years ago

Similar presentations

Presentation on theme: "Orcanos Café עידכונים ודרישות חדשות בתחום התוכנה למיכשור רפואי, ובנושא פיתוח תוכנה רפואית ב- Mobile Orcanos Dec. 2013."— Presentation transcript:

1 Orcanos Café עידכונים ודרישות חדשות בתחום התוכנה למיכשור רפואי, ובנושא פיתוח תוכנה רפואית ב- Mobile Orcanos Dec. 2013

2 Copyright SoftQuest Systems 2013 2 Software Development and Validation – Updated Status Mike Ze evi SoftQuest Systems www.softquest.co.il email: mikez@softquest.co.il

3 Copyright SoftQuest Systems 2013 3 Topics What is the issue? What is the issue? Standards and guidances Standards and guidances Verification and Validation Verification and Validation SOUP SOUP General and summary General and summary

4 Copyright SoftQuest Systems 2013 Software Failures Responsible for 24% of all Medical Device Recalls Software Failures Responsible for 24% of all Medical Device Recalls The absence of solid architecture and "principled engineering practices" in software development affects a wide range of medical devices, with potentially life-threatening consequences. The absence of solid architecture and "principled engineering practices" in software development affects a wide range of medical devices, with potentially life-threatening consequences. 4 FDA Annual Report 2011

5 Copyright SoftQuest Systems 2013 FDA Annual Report 2011 The agency has come under fire in recent years for not holding manufacturers' accountable for insecure or poorly written software. The agency has come under fire in recent years for not holding manufacturers' accountable for insecure or poorly written software. "Manufacturers are responsible for identifying risks and hazards associated with medical device software (or) firmware, including risks related to security, and are responsible for putting appropriate mitigations in place to address patient safety." "Manufacturers are responsible for identifying risks and hazards associated with medical device software (or) firmware, including risks related to security, and are responsible for putting appropriate mitigations in place to address patient safety." 5

6 Copyright SoftQuest Systems 2013 Software in the Medical Device Medical Device Software can be part of the medical device itself part of the medical device itself an accessory to the medical device an accessory to the medical device the medical device itself the medical device itself 6

7 Copyright SoftQuest Systems 2013 7 FDA Software Development Standards General Principles of Software Validation, FDA, CDRH, 11/1/02 General Principles of Software Validation, FDA, CDRH, 11/1/02 Guidance for the Content of Premarket Submissions for Software Contained in Medical Devices, FDA, CDRH, 11/5/05 Guidance for the Content of Premarket Submissions for Software Contained in Medical Devices, FDA, CDRH, 11/5/05 Off-The-Shelf Software Use in Medical DevicesFDA, CDRH, 9/9/99 Off-The-Shelf Software Use in Medical DevicesFDA, CDRH, 9/9/99

8 Copyright SoftQuest Systems 2013 62304 Edition 1 – –Approved 2006 – –FDA approved it as a consensus standard – –CE approved as standard for software development Edition 2 – –Should be released Q1/2014 – –Interim updates for future major release – –Advance draft copy available – –Adds flow for determining Software Safety Classification – –Relates to validation of legacy software –Miscellaneous clarifications and technical changes 8

9 Copyright SoftQuest Systems 2013 62304 Continued Capability assessment will become a separate Technical Report Capability assessment will become a separate Technical Report Assessment TR expected during 2014 Assessment TR expected during 2014 Second edition expected 2015/2016 Second edition expected 2015/2016 9

10 Copyright SoftQuest Systems 2013 60601 3 rd edition released 2005 Amendment 1 released 7/12 – –Known as edition 3.1 – –Risk management according to IEC 14971:2007 – –Software development lifecycle according to IEC 62304:2006 – –Usability engineering according to IEC 62366:2007 10

11 Copyright SoftQuest Systems 2013 Risk Management Standards ISO 14971:2007, Second edition, Medical devices – Application of risk management to medical devices ISO 14971:2007, Second edition, Medical devices – Application of risk management to medical devices EN 2009, EN 2012 updates EN 2009, EN 2012 updates ISO/TR 24971:2013, Medical devices - Guidance on the application of ISO 14971 ISO/TR 24971:2013, Medical devices - Guidance on the application of ISO 14971 OD-2044 Ed. 2.0, Evaluation of Risk Management in medical electrical equipment OD-2044 Ed. 2.0, Evaluation of Risk Management in medical electrical equipment 11

12 Copyright SoftQuest Systems 2013 82304-1 IEC 82304-1 Health Software IEC 82304-1 Health Software – –Draft status –Draft copy available –standalone health software (software intended to be used specifically for maintaining or improving health of individual persons, or the delivery of care) –Relates to standalone health software (software intended to be used specifically for maintaining or improving health of individual persons, or the delivery of care) –Should be released during 2014 12

13 Copyright SoftQuest Systems 2013 Medical Device Data Systems - MDDS 21 CFR 880.6310, Medical Device Data Systems, FDA 21 CFR 880.6310, Medical Device Data Systems, FDA –Hardware or software products that transfer, store, convert formats, and display medical device data SW87:2012, Application of quality management system concepts to medical device data systems SW87:2012, Application of quality management system concepts to medical device data systems 13

14 Copyright SoftQuest Systems 2013 Agile Software Development AAMI TIR45:2012, Guidance on the use of agile practices in the development of medical device software 14

15 Copyright SoftQuest Systems 2013 80002-1 IEC TIR 80002-1:2009 Medical device software - Part 1: Guidance on the application of ISO 14971 to medical device software IEC TIR 80002-1:2009 Medical device software - Part 1: Guidance on the application of ISO 14971 to medical device software –Released in 2009 –Relates to the software risk analysis on the operational software in the formal risk management process 15

16 Copyright SoftQuest Systems 2013 80002-2 IEC/TIR 80002-2, Validation of software for regulated processes IEC/TIR 80002-2, Validation of software for regulated processes –Draft, due to be released in 2014 –Current guidance is TIR36:2007 16

17 Copyright SoftQuest Systems 2013 Mobile Medical Applications Mobile Medical Applications, FDA, CDRH, 25/9/13 Mobile Medical Applications, FDA, CDRH, 25/9/13 What is a mobile medical application? What is a mobile medical application? – –Mobile apps are software programs that run on smartphones and other mobile communication devices. They can also be accessories that attach to a smartphone or other mobile communication devices, or a combination of accessories and software. – –Mobile medical apps are medical devices that are mobile apps, meet the definition of a medical device and are an accessory to a regulated medical device or transform a mobile platform into a regulated medical device. 17

18 Copyright SoftQuest Systems 2013 Mobile Medical Applications - Continued The FDA is taking a tailored, risk-based approach that focuses on the small subset of mobile apps that meet the regulatory definition of device and that: – –are intended to be used as an accessory to a regulated medical device, or – –transform a mobile platform into a regulated medical device. – –Mobile apps span a wide range of health functions. While many mobile apps carry minimal risk, those that can pose a greater risk to patients will require FDA review. 18

19 Copyright SoftQuest Systems 2013 80001 Application of risk management for IT-networks incorporating medical devices Application of risk management for IT-networks incorporating medical devices IEC 80001-1:2010, Part 1: Roles, responsibilities and activities IEC 80001-1:2010, Part 1: Roles, responsibilities and activities IEC 80001-2-1:2012, Part 2-1: Step by step risk management of medical IT-networks - Practical applications and examples IEC 80001-2-1:2012, Part 2-1: Step by step risk management of medical IT-networks - Practical applications and examples IEC 80001-2-2:2012, Part 2-2: Guidance for the disclosure and communication of medical device security needs, risks and controls IEC 80001-2-2:2012, Part 2-2: Guidance for the disclosure and communication of medical device security needs, risks and controls IEC 80001-2-3:2012, Part 2-3: Guidance for wireless networks IEC 80001-2-3:2012, Part 2-3: Guidance for wireless networks IEC 80001-2-4:2012, Part 2-4: General implementation guidance for Healthcare Delivery Organizations IEC 80001-2-4:2012, Part 2-4: General implementation guidance for Healthcare Delivery Organizations 19

20 Copyright SoftQuest Systems 2013 FDA Guidances Content of Premarket Submissions for Management of Cybersecurity in Medical Devices, draft, 14/6/13 Content of Premarket Submissions for Management of Cybersecurity in Medical Devices, draft, 14/6/13 Radio Frequency Wireless Technology in Medical Devices, 14/8/13 Radio Frequency Wireless Technology in Medical Devices, 14/8/13 Global Unique Device Identification Database (GUDID) – draft, 9/13 Global Unique Device Identification Database (GUDID) – draft, 9/13 20

21 Copyright SoftQuest Systems 2013 Patient-Centric Integrated Clinical Environment (ICE) ASTM F2761-09 (2013), Medical Devices and Medical Systems Essential safety requirements for equipment comprising patient-centric integrated clinical environment (ICE) Part 1: General requirements for network control ASTM F2761-09 (2013), Medical Devices and Medical Systems Essential safety requirements for equipment comprising patient-centric integrated clinical environment (ICE) Part 1: General requirements for network control 21

22 Copyright SoftQuest Systems 2013 Future Software TIRs AAMI TIR on Guidance on Health Software Safety and Assurance AAMI TIR on Classification of defects contributing to unacceptable risk in health software 22

23 Copyright SoftQuest Systems 2013 Software Verification and Validation Verification – provides objective evidence that the design outputs of a particular phase of the software development life cycle meet all of the specified requirements for that phase; did we build the software correctly? Verification – provides objective evidence that the design outputs of a particular phase of the software development life cycle meet all of the specified requirements for that phase; did we build the software correctly? Validation – confirmation by examination and provision of objective evidence that software specifications conform to user needs and intended uses, and that the particular requirements implemented through software can be consistently fulfilled; did we build the correct software? Validation – confirmation by examination and provision of objective evidence that software specifications conform to user needs and intended uses, and that the particular requirements implemented through software can be consistently fulfilled; did we build the correct software? 23

24 Copyright SoftQuest Systems 2013 24 Software Validation Review Model To ensure that the software validation regulatory requirement has been met To ensure that the software validation regulatory requirement has been met To ensure that the software validation is sufficient based upon the complexity and risk of the software To ensure that the software validation is sufficient based upon the complexity and risk of the software

25 Copyright SoftQuest Systems 2013 Additional Issues Process and documentation Process and documentation SOUP SOUP Source code Source code Security and Cybersecurity Security and Cybersecurity Mobile apps Mobile apps Internet Internet...... 25

26 Copyright SoftQuest Systems 2013 SOUP – Software SOUP – Software Of Unknown Provenance Legacy software in the organization Legacy software in the organization Software developed for other projects in the organization Software developed for other projects in the organization Procured software without source code Procured software without source code Open source software Open source software 26

27 Copyright SoftQuest Systems 2013 27 FDA Issues – Source Code The FDA have requested from companies to submit their source code for review or submit the SCA Report The code is reverse engineered to show the detailed design, which is then reviewed by the FDA The code is analyzed using a Static Analysis tool, which serves as a basis to conclude if the code is safe

28 Copyright SoftQuest Systems 2013 28 FDA - Static Analysis There are a number of tools that the FDA uses, including: There are a number of tools that the FDA uses, including: Coverity, Polyspace, Parasoft, PQRA, Klocwork, Grammatech, Code Sonar If a recognized static code analysis tools is used in the project, the report may be submitted instead of the source code. If a recognized static code analysis tools is used in the project, the report may be submitted instead of the source code. According to various sources, the probability of the FDA requesting the source code for infusion pump software is high. According to various sources, the probability of the FDA requesting the source code for infusion pump software is high.

29 Copyright SoftQuest Systems 2013 29 Looking Ahead Have a good software process defined in a procedure that is practical and affordable Have a good software process defined in a procedure that is practical and affordable Even if using sub-contractors, have them work according to your defined software procedure, and monitor their work Even if using sub-contractors, have them work according to your defined software procedure, and monitor their work Software documentation should be correct, concise, compliant, controlled and complete Software documentation should be correct, concise, compliant, controlled and complete

30 Copyright SoftQuest Systems 2013 30 Summary Software in medical devices should be related to seriously Software in medical devices should be related to seriously Documentation and testing are closely reviewed Documentation and testing are closely reviewed Do it right and don t overkill Do it right and don t overkill Define the process and work accordingly Define the process and work accordingly Use professionals Use professionals

Download ppt "Orcanos Café עידכונים ודרישות חדשות בתחום התוכנה למיכשור רפואי, ובנושא פיתוח תוכנה רפואית ב- Mobile Orcanos Dec. 2013."

Similar presentations

Writing Good Use Cases - Instructor Notes

Writing Good Use Cases - Instructor Notes
Requirements Engineering Processes – 2

Requirements Engineering Processes – 2
Software Requirements

Software Requirements
1 Senn, Information Technology, 3 rd Edition © 2004 Pearson Prentice Hall James A. Senns Information Technology, 3 rd Edition Chapter 7 Enterprise Databases.

1 Senn, Information Technology, 3 rd Edition © 2004 Pearson Prentice Hall James A. Senns Information Technology, 3 rd Edition Chapter 7 Enterprise Databases.
© Copyright 2006 FPT Software 1 © FPT SOFTWARE – TRAINING MATERIAL – Internal use 04e-BM/NS/HDCV/FSOFT v2/3 How to work in Fsoft project Authors: KienNT.

© Copyright 2006 FPT Software 1 © FPT SOFTWARE – TRAINING MATERIAL – Internal use 04e-BM/NS/HDCV/FSOFT v2/3 How to work in Fsoft project Authors: KienNT.
Building a Cradle-to-Grave Approach with Your Design Documentation and Data Denise D. Dion, EduQuest, Inc. and Gina To, Breathe Technologies, Inc.

Building a Cradle-to-Grave Approach with Your Design Documentation and Data Denise D. Dion, EduQuest, Inc. and Gina To, Breathe Technologies, Inc.
Requirements Engineering Process

Requirements Engineering Process
Chapter 24 Quality Management.

Chapter 24 Quality Management.
Assurance Services Independent professional services that “improve the quality of information, or its context, for decision makers” Assurance service encompass.

Assurance Services Independent professional services that “improve the quality of information, or its context, for decision makers” Assurance service encompass.
Chapter 1 The Study of Body Function Image PowerPoint

Chapter 1 The Study of Body Function Image PowerPoint
1 Copyright © 2013 Elsevier Inc. All rights reserved. Appendix 01.

1 Copyright © 2013 Elsevier Inc. All rights reserved. Appendix 01.
Medical devices: Application of risk management to medical devices

Medical devices: Application of risk management to medical devices
2 Session Objectives Increase participant understanding of effective financial monitoring based upon risk assessments of sub-grantees Increase participant.

2 Session Objectives Increase participant understanding of effective financial monitoring based upon risk assessments of sub-grantees Increase participant.
1 Introduction to Safety Management April 2006. 2 Objective The objective of this presentation is to highlight some of the basic elements of Safety Management.

1 Introduction to Safety Management April Objective The objective of this presentation is to highlight some of the basic elements of Safety Management.
On the relationship between ISO/DTS29321 and ISO14971 & Japans Comments for new draft & amended clause 8 final of ISO/DTS29321 3/5/2008 JAHIS.

On the relationship between ISO/DTS29321 and ISO14971 & Japans Comments for new draft & amended clause 8 final of ISO/DTS /5/2008 JAHIS.
Objectives To introduce software project management and to describe its distinctive characteristics To discuss project planning and the planning process.

Objectives To introduce software project management and to describe its distinctive characteristics To discuss project planning and the planning process.
The Implementation Structure DG AGRI, October 2005

The Implementation Structure DG AGRI, October 2005
The Managing Authority –Keystone of the Control System

The Managing Authority –Keystone of the Control System
WHO Good Distribution Practices for Pharmaceutical Products

WHO Good Distribution Practices for Pharmaceutical Products
Module N° 7 – Introduction to SMS

Module N° 7 – Introduction to SMS

Similar presentations

Ads by Google