September 2020 Standards Navigator Report

This September 2020 Standards Navigator Report content is only available to Standards Navigator subscribers.  See our Subscribe page for information on subscriptions.

SoftwareCPR Standards Navigator Report provides information and tools related to standards that play a significant role in health software and software intensive medical devices. In addition to information on existing standards, SoftwareCPR Standards Navigator keeps you up to date on new standards activity and gives you expert insight into future changes to existing standards.

Recent standards and regulatory activity

When travel began to be restricted in early March due to COVID-19, all standards meetings through August were cancelled. In-person meetings have now been cancelled through the end of the year. During April the leadership of standards committees and working groups planned how to continue work without the in-person meetings that typically are used to achieve consensus. In May and June the new plans for virtual work were initiated. It seems the usual slow period during July and August was even slower than usual this year due to the need to work virtually. Work that has been done will mostly wait until the virtual committee meetings are held in October before documents are circulated. Quite a few documents are expected to be circulated before the end of the year. These include new drafts of IEC 62304 2nd edition, IEC 80001-1 2nd edition, IEC 81001-1, IEC 81001-5-1 and others.

Medical devices

  • The IEC medical device advisory group on software and networks has been revised to include artificial intelligence. Member countries have been asked to make new nominations for members of this group.
  • Amendment 1 to IEC 62366, Application of usability engineering to medical devices has been approved and published.

Medical device software

  • The Joint Working Group (JWG) developing the second edition of IEC 62304 has proposed resolution of the issues raised in the draft that passed in IEC but failed in ISO. A new draft version is expected to be circulated for another vote after the October meeting of the JWG. Major changes to the previous draft will be:
    • ISO 14971 will no longer be required, but there will still be a requirement for a process for managing risks. This requirement is extended to manage risks associated with security. A new section will be added to the development process for determining initial risk analysis for process rigor level.
    • The requirement to use IEC 62366 will be removed from the general requirements and usability requirements will be added to the development process
    • Safety classification will be renamed Process rigor level
  • A revision of the first part of the AAMI series on Health IT Software and Systems (AAMI HIT1000- 1:202x Safety and effectiveness of health IT software and systems—Part 1: Fundamental concepts, principles, and requirements) has been approved by the AAMI HIT committee. This part addresses fundamental concepts, principles, and requirements. This revision will now have a public review and be balloted as a full American National Standard.

 

Security

  • A new committee draft of IEC 81001-5-1 Security Activities in the product life cycle is available. This draft will be voted on as a draft international standard. This ballot is the last chance for technical comments. The standard defines the life cycle requirements for development and maintenance of health software, including medical devices, needed to support conformity to IEC 62443-4-1 – taking the specific needs for health software into account. Requirements are arranged in the ordering of IEC 62304. Implementing the processes, activities and tasks specified in this document is sufficient to implement the process requirements of IEC 62443-4-1. The specifications for Annex E may be implemented in order to achieve full conformity to IEC 62443-4-1.

 

Artificial Intelligence

  • A new draft technical report, ISO 24291 Applications of artificial intelligence in medicine is expected to be circulated before the end of 2020.

SoftwareCPR Training Courses:

IEC 62304 and other emerging standards for Medical Device and HealthIT Software

Our flagship course for preparing regulatory, quality, engineering, operations, and others for the activities and documentation expected for IEC 62304 conformance and for FDA expectations. The goal is to educate on the intent and purpose so that the participants are able to make informed decisions in the future.  Focus is not simply what the standard says, but what is meant and discuss examples and approaches one might implement to comply.  Special deep discount pricing available to FDA attendees and other regulators.

3-days onsite with group exercises, quizzes, examples, Q&A.

Instructor: Brian Pate

Next public offering:  TBD

Email training@softwarecpr.com to request a special pre-registration discount.  Limited number of pre-registration coupons.

Registration Link:

TBD

 


 

Being Agile & Yet Compliant (Public or Private)

Our SoftwareCPR unique approach to incorporating agile and lean engineering to your medical device software process training course is now open for scheduling!

  • Agile principles that align well with medical
  • Backlog management
  • Agile risk management
  • Incremental and iterative software development lifecycle management
  •  Frequent release management
  • And more!

2-days onsite (4 days virtual) with group exercises, quizzes, examples, Q&A.

Instructors: Mike Russell, Ron Baerg

Next public offering: March 7 & 28, 2024

Virtual via Zoom

Registration Link:

Register Now

 


 

Medical Device Cybersecurity (Public or Private)

This course takes a deep dive into the US FDA expectations for cybersecurity activities in the product development process with central focus on the cybersecurity risk analysis process. Overall approach will be tied to relevant standards and FDA guidance documentation. The course will follow the ISO 14971:2019 framework for overall structure but utilize IEC 62304, IEC 81001-5-1, and AAMI TIR57 for specific details regarding cybersecurity planning, risk characterization, threat modeling, and control strategies.

2-days onsite with group exercises, quizzes, examples, Q&A.

Instructor: Dr Peter Rech, 2nd instructor (optional)

Next public offering:  TBD

Corporate Office

15148 Springview St.
Tampa, FL 33624
USA
+1-781-721-2921
Partners located in the US (CA, FL, MA, MN, TX) and Canada.