SoftwareCPR Standards Update September 2014

Medical device software- The IMDRF working group on Software as a Medical Device (SaMD) has a working draft of their final classification document and has submitted their presentation slides for the IMDRF meeting in Washington in September. It is interesting that in the current draft a standardalone software could be embedded in a medical device provided it is running on a general purpose computer platform.

Medical Devices
– AAMI has circulated for vote the draft technical information report TIR 38 – Medical Device Safety Assurance Case Report Guidance. The TIR provides guidance for the development of safety cases for the design of a medical device. It includes guidance on how to integrate existing medical device risk management processes with safety cases.-
– A draft technical report IEC 60601-4-3 Guidance and interpretation – Considerations of unclear or unaddressed safety aspects in the third edition of IEC 60601-1 and proposals for new requirements has been circulated for vote. This technical report contains a series of recommendations in response to questions of interpretation of the third edition of IEC 60601-1. Almost all of these recommendations pertain to basic safety. One question asked about the reference to IEC 62304:2006 that is contained in clause 14 after the amendment to IEC 62304 is completed which will address legacy software. The response was that because 60601-1 has a gap regarding legacy software, risk management should be used which should be based on the state of the art, which means that the newer versions of 62304 should be taken into account.

Quality
– Draft for vote of a new version of ISO 9000 – Quality management systems -Fundamentals and vocabulary.
– Draft for vote of a new version of ISO 9001 – Quality management systems – Requirements.

Security
– Preliminary draft technical specification ISO 33050-4 – A process reference model for information security management. The PRM specified in this Technical Specification describes the processes including the information security management system (ISMS) processes implied by ISO/IEC 27001.
– Preliminary draft technical specification ISO 33070-4 – A process capability assessment model for Information Security Management.
– defines an exemplar PAM that meets the requirements of ISO/IEC 33004 and that supports the performance of an assessment by providing indicators for guidance on the interpretation of the process purposes and outcomes as defined in ISO/IEC TS 33050-4 and the process attributes as defined in ISO/IEC 33020;

Software Engineering
– Committee draft of ISO 25011 -Service Quality Model. T
– Final draft of ISO/IEC 26531 – Content management for product lifecycle, user, and service management documentation.
– Draft for vote of ISO 29119-5 – Software Testing – Part 5: Keyword-Driven Testing.
– Committee draft of ISO 25022 – Measurement of quality in use.
– Final draft of ISO 23026 – Engineering and management of websites for systems, software, and services information. T
– Final draft of ISO 16350 – Application management. This International Standard provides a common framework for establishing the processes, tasks and activities of service providers that enhance, maintain and/or renew applications or application objects after the initial development
– Draft technical report ISO 12182 – Framework for categorization of IT systems and software, and guide for applying it.

SoftwareCPR Training Courses:

IEC 62304 and other emerging standards for Medical Device and HealthIT Software

Our flagship course for preparing regulatory, quality, engineering, operations, and others for the activities and documentation expected for IEC 62304 conformance and for FDA expectations. The goal is to educate on the intent and purpose so that the participants are able to make informed decisions in the future.  Focus is not simply what the standard says, but what is meant and discuss examples and approaches one might implement to comply.  Special deep discount pricing available to FDA attendees and other regulators.

3-days onsite with group exercises, quizzes, examples, Q&A.

Instructor: Brian Pate

Next public offering:  TBD

Email training@softwarecpr.com to request a special pre-registration discount.  Limited number of pre-registration coupons.

Registration Link:

TBD

 


 

Being Agile & Yet Compliant (Public or Private)

Our SoftwareCPR unique approach to incorporating agile and lean engineering to your medical device software process training course is now open for scheduling!

  • Agile principles that align well with medical
  • Backlog management
  • Agile risk management
  • Incremental and iterative software development lifecycle management
  •  Frequent release management
  • And more!

2-days onsite (4 days virtual) with group exercises, quizzes, examples, Q&A.

Instructors: Mike Russell, Ron Baerg

Next public offering: March 7 & 28, 2024

Virtual via Zoom

Registration Link:

Register Now

 


 

Medical Device Cybersecurity (Public or Private)

This course takes a deep dive into the US FDA expectations for cybersecurity activities in the product development process with central focus on the cybersecurity risk analysis process. Overall approach will be tied to relevant standards and FDA guidance documentation. The course will follow the ISO 14971:2019 framework for overall structure but utilize IEC 62304, IEC 81001-5-1, and AAMI TIR57 for specific details regarding cybersecurity planning, risk characterization, threat modeling, and control strategies.

2-days onsite with group exercises, quizzes, examples, Q&A.

Instructor: Dr Peter Rech, 2nd instructor (optional)

Next public offering:  TBD

Corporate Office

15148 Springview St.
Tampa, FL 33624
USA
+1-781-721-2921
Partners located in the US (CA, FL, MA, MN, TX) and Canada.