06
Feb
2003

MAK-SYSTEM S.A. International Group

0

Company: MAK-SYSTEM S.A. International GroupProduct: Progesa Soundex file module
Date: 02/06/2003

All users are not notified of existing problems or fixes until a user encounters the problem. Software corrections are only provided to the user that discovered and reported the problem and not to other users of the computer system/software. For example

There were no established procedures for the control and distribution of software fixes to assure that all revised programs required for a particular fix were included and installed on a customer’s system, in that a customer reported a problem concerning a product transformation error due to a missing software routine.

Failure to establish and maintain procedures for analyzing processes, work operations, concessions, quality audit reports, quality records, service records, complaints, returned product, and other sources of quality data to identify existing and potential causes of nonconforming product, or other quality problems, in that SOP I1901-8, Instruction for Trace_Err File, dated September 1, 2002, did not address the frequency of the receipt and the timeframe for review of customers trace error files. Trace error files document system/database errors that have occurred while using the Progesa software. [21 CFR 820.100(a)(1)]

Failure to establish and maintain procedures for receiving, reviewing, and evaluating complaints by a formally designated unit, in that types of customer requests were not appropriately categorized, as required in standard operating procedure (SOP) I1901-3, Maintenance Department Internal Instructions, in the _____ database, which is used to track the receipt and resolution of software problems, software installation, and inquiries. Numerous reports that should have been categorized as “anomalies” or “bugs” were inappropriately noted as “miscellaneous”. There are _____types of reports noted in the SOP: _____ During the inspection, the FDA investigator reviewed 100 reports from one customer that were categorized and entered into the _____ database as “miscellaneous” type. Of the 100 reports reviewed, 29 reports were identified as being incorrectly categorized (26 reports should have been categorized as anomalies and 3 reports should have been categorized as bugs). [21 CFR 820.198(a)]

Failure to verify and validate the corrective and preventive action to ensure that such action is effective and does not adversely affect the finished device, in that there was no assurance that validation of the corrective action for problem report 20010309/015, which documented a problem concerning the loss of the autologous label designation following a blood unit modification, was effective. The software correction was provided to the reporting user in April 2001. The corrective action was incomplete since it only addressed three of the four possible codes for field 7 in the _____table, and resulted in the removal of the reserved flag in field 18 of the _____ table. [21 CFR 820.100(a)(4)]

Issuer: Center for Biologics Evaluation and Research (CBER)

About the author

Amy enjoys researching and writing about developments in medical technology and how that intersects with US law. She received her J.D. from the University of Florida Levin College of Law in 2020 and now works as a Regulatory Associate for SoftwareCPR®, a general-purpose regulatory consulting firm that is recognized globally for their expertise with standards and national regulations pertaining to medical device, mobile medical app, and HealthIT software.

SoftwareCPR Training Courses:

IEC 62304 and other emerging standards for Medical Device and HealthIT Software

Our flagship course for preparing regulatory, quality, engineering, operations, and others for the activities and documentation expected for IEC 62304 conformance and for FDA expectations. The goal is to educate on the intent and purpose so that the participants are able to make informed decisions in the future.  Focus is not simply what the standard says, but what is meant and discuss examples and approaches one might implement to comply.  Special deep discount pricing available to FDA attendees and other regulators.

3-days onsite with group exercises, quizzes, examples, Q&A.

Instructor: Brian Pate

Next public offering:  TBD

Email training@softwarecpr.com to request a special pre-registration discount.  Limited number of pre-registration coupons.

Registration Link:

TBD

 

 

Being Agile & Yet Compliant (Public or Private)

Our SoftwareCPR unique approach to incorporating agile and lean engineering to your medical device software process training course is now open for scheduling!

  • Agile principles that align well with medical
  • Backlog management
  • Agile risk management
  • Incremental and iterative software development lifecycle management
  •  Frequent release management
  • And more!

2-days onsite (4 days virtual) with group exercises, quizzes, examples, Q&A.

Instructors: Mike Russell, Ron Baerg

Next public offering: March 7 & 28, 2024

Virtual via Zoom

Registration Link:

Register Now

 

 

Medical Device Cybersecurity (Public or Private)

This course takes a deep dive into the US FDA expectations for cybersecurity activities in the product development process with central focus on the cybersecurity risk analysis process. Overall approach will be tied to relevant standards and FDA guidance documentation. The course will follow the ISO 14971:2019 framework for overall structure but utilize IEC 62304, IEC 81001-5-1, and AAMI TIR57 for specific details regarding cybersecurity planning, risk characterization, threat modeling, and control strategies.

2-days onsite with group exercises, quizzes, examples, Q&A.

Instructor: Dr Peter Rech, 2nd instructor (optional)

Next public offering:  TBD

Corporate Office

15148 Springview St.
Tampa, FL 33624
USA
+1-781-721-2921
office@softwarecpr.com
Partners located in the US (CA, FL, MA, MN, TX) and Canada.