Assurance Cases

Medical Device Summit West, San Francisco, CA. June 13, 2013

Erik Hilliard, Director of Business Development

What we do:o System development and test

Software and Electronics Experts Any Phase

o Risk planning and hazard identificationo DHF Remediationo Project Rescueo Quality System Consulting

300+ Projects, 100+ Clients

Who is Sterling?

ISO 13485FM 543438

Registered

IEC 62304 Compliant

Your Partner in Medical Device Development

There when you need us!

Assurance Cases Background • Based on the new draft guidance for Infusion Pumps

from the FDA, manufacturers recommended to use assurance cases (report) to demonstrate substantial equivalence.

• FDA expects technology changes… Under 513(i)(1)(A) of the Act, demonstrate new or changed device is as safe and effective as predicate

• Use of assurance cases is used to organize and dictate the content of 510(k) premarket submissions for infusion pumps to satisfy this requirement

Assurance Case• Formal method demonstrating validity of a

claim by providing a convincing argument supported by evidence

• It is risk based and uses the scientific method to help discuss and draw conclusions based on statistical measurements of the reliability of the system.

• Assurance case addressing safety is a safety case

Elements of an Assurance Case• Claim

– Statement about property of system (a requirement…)• Evidence

– Information demonstrating validity of claim• Argument

– Links the evidence to the claim… Arguments may introduce sub-claims

• Presentation of Information Already Gathered?– System Architecture (Hardware and Software + Integration)– Do your Design Outputs Meet the Design Inputs? – Change Tracking and the Effect of those Changes on Design?

Hazard AnalysisThe assurance cases starts with the analysis of hazards or hazardous situations.• Mitigated hazard or situation = Claim• What makes the system safe?• Extrapolate those properties into safety requirements

• Supported in Different Formats– Narrative– Graphical– Tabular

Evidence• Types

– Requirements Validation– Requirements Satisfaction– Requirements Traceability

• Is– Test Data– Results of experiment– Analysis– Compliance with Standards

Evidence

• Suitability– Relevance– Trustworthy– Independence

• Support– Single– Linked

Arguments

• Linkage– Links the Evidence to the Claim

• Description of what is being proved (the claim)• Identify Items of Evidence along with the

Reasoning (Conclusion)• May introduce sub-claims (which will require

more evidence and arguments)• State the Assumptions!

Logical Schema Approach• As detailed by Richard Chapman, FDA

• Each claim;– must have at least 1 child argument– can have zero or more subsidiary child claims – must have no child evidence

• Each argument– Must have one or more parent claims– Must have one or more child evidence– Can have zero or more child claims

• Each bit of evidence– must have one or more parent arguments– must have no child evidence, child claims or child arguments

Example• Battery Power Nearing Exhaustion

– Claim : Multi-Level Warnings Based on Time Remaining• First Warning with x minutes to go• Second Warning with y minutes to go• Final Alarm at exhaustion; possible switchover to reserve battery

– Evidence • System Verification Test• User Impact Test

– Arguments – Ensuring the Evidence covers the Claim for Multiple Potential Causes

• Battery Profile Change – Level of Charge/Discharge Changes over Time• Different Use Scenarios

Battery Safety Assurance

ARGUMENT

First level notification/warning allows user ample time to

charge batteries/connect to line power.

CLAIM

Warning Shall Occur When Battery

Remaining is < X but > Y

EVIDENCE

User Impact Testing showed user reacted to warning to rectify issue

ARGUMENT

Multiple Batteries Used With Differerent Ages Will Show Battery Usage Does Not Affect the Trigger

of the Alarm

EVIDENCE

System Verification Test IDs xyz123, xyz124,

xyz125

CLAIM

Higher Priority Warning Shall Occur

When Battery Remaining is < Y but > Z

ARGUMENT

Different Load Usage Will Show Battery Usage Does Not Affect the

Trigger of the Alarm

EVIDENCE

System Verification Test IDs abc123, abc124,

abc125

Risk Management and Assurance Case

• Assurance Case is a methodology that has a set of disciplines to structurally demonstrate that a safety claim is fulfilled.

• Risk Management is a systematic life cycle process to identify, control, and evaluate safety risks (as defined by your QMS).

Tools to Help: GessNetGessNet provides a powerful all-in-one environment to develop and maintain risk management file through the product life cycle, and integrate safety assurance case into the risk management process.

Erik HilliardDirector of Business DevelopmentSterling Medical Devices201-227-7569 x155ehilliard@sterlingmedicaldevices.comwww.sterlingmedicaldevices.com

Assurance Cases