SoftwareCPR Standards Update September 2014

Medical device software- The IMDRF working group on Software as a Medical Device (SaMD) has a working draft of their final classification document and has submitted their presentation slides for the IMDRF meeting in Washington in September. It is interesting that in the current draft a standardalone software could be embedded in a medical device provided it is running on a general purpose computer platform.

Medical Devices
– AAMI has circulated for vote the draft technical information report TIR 38 – Medical Device Safety Assurance Case Report Guidance. The TIR provides guidance for the development of safety cases for the design of a medical device. It includes guidance on how to integrate existing medical device risk management processes with safety cases.-
– A draft technical report IEC 60601-4-3 Guidance and interpretation – Considerations of unclear or unaddressed safety aspects in the third edition of IEC 60601-1 and proposals for new requirements has been circulated for vote. This technical report contains a series of recommendations in response to questions of interpretation of the third edition of IEC 60601-1. Almost all of these recommendations pertain to basic safety. One question asked about the reference to IEC 62304:2006 that is contained in clause 14 after the amendment to IEC 62304 is completed which will address legacy software. The response was that because 60601-1 has a gap regarding legacy software, risk management should be used which should be based on the state of the art, which means that the newer versions of 62304 should be taken into account.

– Draft for vote of a new version of ISO 9000 – Quality management systems -Fundamentals and vocabulary.
– Draft for vote of a new version of ISO 9001 – Quality management systems – Requirements.

– Preliminary draft technical specification ISO 33050-4 – A process reference model for information security management. The PRM specified in this Technical Specification describes the processes including the information security management system (ISMS) processes implied by ISO/IEC 27001.
– Preliminary draft technical specification ISO 33070-4 – A process capability assessment model for Information Security Management.
– defines an exemplar PAM that meets the requirements of ISO/IEC 33004 and that supports the performance of an assessment by providing indicators for guidance on the interpretation of the process purposes and outcomes as defined in ISO/IEC TS 33050-4 and the process attributes as defined in ISO/IEC 33020;

Software Engineering
– Committee draft of ISO 25011 -Service Quality Model. T
– Final draft of ISO/IEC 26531 – Content management for product lifecycle, user, and service management documentation.
– Draft for vote of ISO 29119-5 – Software Testing – Part 5: Keyword-Driven Testing.
– Committee draft of ISO 25022 – Measurement of quality in use.
– Final draft of ISO 23026 – Engineering and management of websites for systems, software, and services information. T
– Final draft of ISO 16350 – Application management. This International Standard provides a common framework for establishing the processes, tasks and activities of service providers that enhance, maintain and/or renew applications or application objects after the initial development
– Draft technical report ISO 12182 – Framework for categorization of IT systems and software, and guide for applying it.

Upcoming Training

Agile Methods for Medical Device and Health IT Software

One day course that expands on the software risk management topics covered in our IEC 62304 and other Emerging Standards for Medical Device and HealthIT Software course. Essentially the same topics are covered but in greater depth with more attention to hands-on analysis of examples.

Email for more info.

Corporate Office

15148 Springview St
Tampa, FL 33624
Partners located in the US (CA, FL, MA, MN) and Italy.