medical device software: a regulatory update - · pdf file–iec 82304-1 •legacy...
TRANSCRIPT
Medical Device Software: A Regulatory Update
Pieter de Vries 9 December 2014
Today’s presentation
• Software validation
– IEC 82304-1
• Legacy software
– IEC 62304 Amd.-1
9 December 2014 2 MDProject - Pieter de Vries
MDD (M5) – E.R. 12.1a
“…the software must be validated according to the state of the art, taking into account the principles of development lifecycle, risk management, validation and verification…”
3 9 December 2014 MDProject - Pieter de Vries
How to address ER 12.1a?
• Typically: IEC 62304
But….
9 December 2014 4
ER# Description Applicable? Applied standard Evidence
12.1a must be validated Y EN 62304:2006 Software Test Report
MDProject - Pieter de Vries
Validation
• Confirmation, through the provision of objective evidence, that the requirements for a specific intended use or application have been fulfilled
(ISO 9000)
5 9 December 2014 MDProject - Pieter de Vries
ISO 13485
• Shall be performed …. to ensure that validation the resulting product is capable of meeting the requirements for the specified application or intended use
• Validation shall be completed prior to the delivery or implementation of the product
9 December 2014 6 MDProject - Pieter de Vries
QSR
• Validation shall be performed under defined operating conditions
• Validation shall ensure that devices conform to defined user needs and intended uses
• Validation shall include testing under actual or simulated use conditions
7 9 December 2014 MDProject - Pieter de Vries
9 December 2014 8 MDProject - Pieter de Vries
Validation vs. Verification
Verification: We have built the product right
Validation: We have built the right product
9 9 December 2014 MDProject - Pieter de Vries
Why is validation important?
• Software failures responsible for 24% of all medical device recalls (FDA, 2011):
– Complexity of user interface
– Complexity of software
– Software reuse and SOUP
– Unrealistic risk assessments
10 9 December 2014 MDProject - Pieter de Vries
IEC 82304-1: Health software
• Product standard for standalone software
• Intended to cover aspects that were not covered by IEC 62304
9 December 2014 11 MDProject - Pieter de Vries
62304 vs. 82304-1
12 9 December 2014
Validation PRD
MDProject - Pieter de Vries
Health software
• Software intended to be used specifically for managing, maintaining or improving health of individual persons, or the delivery of care
9 December 2014 13 MDProject - Pieter de Vries
Health
• State of complete physical, mental and social well-being and not merely the absence of disease or infirmity
(WHO 1946)
9 December 2014 14 MDProject - Pieter de Vries
Examples in scope
• SW for individuals in fitness centres
• Training plan SW for rehabilitation purposes
• SW for finding best conception moment
• HIS (ZIS) / LIS / RIS
• Mobile Apps
9 December 2014 15 MDProject - Pieter de Vries
3-Steps approach
• Step 1: Document Requirement Specification
• Step 2: Apply IEC 62304
• Step 3: Validation plan + execute + report
• The report shall be reviewed by the management
• Validation manager approves the report by signing it
9 December 2014 16 MDProject - Pieter de Vries
Validation considerations
• Where?
• What?
• Who?
• Test methods?
• Number?
9 December 2014 17 MDProject - Pieter de Vries
Usability validation
9 December 2014 18 MDProject - Pieter de Vries
Conclusions IEC 82304-1
• Product standard
• Fills the gaps of IEC 62304
• Principles can be used as of tomorrow
9 December 2014 19 MDProject - Pieter de Vries
Today’s presentation
• Software validation
– IEC 82304-1
• Legacy software
– IEC 62304 Amd.-1
9 December 2014 20 MDProject - Pieter de Vries
Changes in Amd. 1
• Software safety classification
• Technical clarifications
• Legacy software
• In parallel, the 2nd edition of IEC 62304 is under development
9 December 2014 21 MDProject - Pieter de Vries
Legacy software
• Software that was created before 62304
• Two options:
– Follow clauses 4..9
– Plan B (Annex E)
• Manufacturers need to demonstrate compliance with IEC 62304 also for legacy software
9 December 2014 22 MDProject - Pieter de Vries
3-Steps approach
• Step 1: Perform a gap analysis of available documentation generated during the original development process of the legacy software
• Step 2: Evaluate post-production information
9 December 2014 23 MDProject - Pieter de Vries
Step 3
• Determine and perform the necessary actions:
– Determine software safety classification
– Document SRS on functional level, include risk control measures
– Test against SRS
– Perform retrospective risk assessment
9 December 2014 24 MDProject - Pieter de Vries
Modifications
• Any modifications made to the legacy software shall follow maintenance requirements of the standard (clause 6)
9 December 2014 25 MDProject - Pieter de Vries
Conclusions IEC 62304 Amd. 1
• How to deal with legacy software
• Technical clarifications
• Software safety classification
9 December 2014 26 MDProject - Pieter de Vries
Thank you for your attention!
27 9 December 2014 MDProject - Pieter de Vries