By

Brian Pate
15
Nov

Things to Consider with Open Source

November 15, 2023
Interesting list from the Central Digital and Data Office of the U.K. Government on using open source development. They provide a handy checklist of things to consider when deciding on open source or proprietary software. https://www.gov.uk/guidance/be-open-and-use-open-source
Read More
11
Sep

62304/FDA Public Training Course – Boston – June 5-7, 2024

September 11, 2023
62304 Public Training Course Course Dates:  June 5-7, 2024 COST: 3 Full Days for $2,900.00 Limited number of Early Bird discount coupons available on a first come-first serve basis.  To obtain the coupon code, email your request to:  training@softwarecpr.com Register Now:  https://softwarecpr.regfox.com/2023-softwarecpr-62304-public-training-course This 62304 Public Training Course provides a clear understanding of the 62304 standard for medical...
Read More
09
Sep

Software Design Specifications

September 9, 2023
What does the US FDA expect in a premarket submission for description of the software design?  In the recent June 2023 Guidance for Industry and Food and Drug Administration Staff titled, “Content of Premarket Submissions for Device Software Functions,” the FDA gives the following guidance. For lower risk devices, the manufacturer is not required to...
Read More
04
Aug

OWASP Top 10 for LLM

August 4, 2023
The Open Worldwide Application Security Project (OWASP) released a white paper titled OWASP Top 10 for LLM.  The introduction states, The frenzy of interest of Large Language Models (LLMs) following of mass-market pre- trained chatbots in late 2022 has been remarkable. Businesses, eager to harness the potential of LLMs, are rapidly integrating them into their...
Read More
26
Jul

Former Employee Forges FDA Clearance Letters

July 26, 2023
A former employee forges FDA clearance letters at a Philadelphia-area medical device manufacturer.  Peter Stoll III pleaded guilty to one felony count of violating the Federal Food, Drug, and Cosmetic Act (FDCA) by causing the introduction of misbranded and adulterated medical devices into interstate commerce, in violation of 21 United States Code, Section 331(a) and 331(a)(2). ...
Read More
08
Jul

Software Risk Analysis

July 8, 2023
Software risk analysis requires consideration of both the development process itself and the runtime environment.
Read More
04
Jul

Software Design is a Prospective Activity

July 4, 2023
The recent FDA guidance, Content of Premarket Submissions for Device Software Functions (June 14, 2023), points out that software design is a prospective activity and should not be done in an ad-hoc or last-minute approach.
Read More
03
Jul

Software CAPA

July 3, 2023
#software #capa … Should a #medicaldevices manufacturer treat potential software design issues any different than any other product #quality issue?
Read More
27
Jun

Patient Matched Guides

June 27, 2023,
FDA released a draft guidance document for patient matched guides for orthopedic implants.  The guidance provides recommendations to manufacturers regarding the design-and-production process for these types of devices.  Patient matched guides, as the name implies, are unique to the patient and are created to assist pre-surgical planning.  The clinician is better able to visualize proper...
Read More
22
Jun

Design and Development Planning

June 22, 2023
The US regulations for design controls have requirements for design and development planning.  In fact, a design and development plan is an indication that a manufacturer has “exited” research phase activities and entered the development phase, and thus, design controls should be in place.  The regulation, 21 CFR 820.30(b), specifically states: Design and development planning....
Read More
22
Jun

Part 11 Application to Clinical Investigations

June 22, 2023
In March 2023, FDA released a draft guidance on Part 11 Application to Clinical Investigations.  The specific introduction in the guidance stated: This document provides guidance to sponsors, clinical investigators, institutional review boards(IRBs), contract research organizations (CROs), and other interested parties on the use of electronic systems, electronic records, and electronic signatures in clinical investigations...
Read More
13
Jun

Final Guidance on Content of Premarket Submissions for Device Software Functions

June 13, 2023
FDA releases Final Guidance on Content of Premarket Submissions for Device Software Functions.  This final guidance provides requirements for the recommended documentation manufacturers should include in premarket submissions for the FDA’s evaluation of the safety and effectiveness of device software functions. The guidance replaces the FDA’s Guidance for the Guidance for the Content of Premarket...
Read More
13
Jun

Windi Hary joins SoftwareCPR

June 13, 2023
Tampa, FL, May 10, 2023.  Crisis Prevention and Recovery, LLC, dba SoftwareCPR® announced today that Windi has joined SoftwareCPR® as a Partner. In her role, Windi will lead the expert regulatory and quality team, bringing a unique client-side perspective for both US, Canada, UK/EU, and Japan markets. Windi’s career path is one marked by a...
Read More
08
Jun

Warning Letter Analysis

June 8, 2023,
Our partner Windi Hary and I annotated a recent FDA Warning Letter.  There is much one can learn from Warning Letters and we highly encourage our clients to make review and analysis of warning letters a regular part of your quality program. Click here to download this teaching aid:  Warning Letter - iRhythm Technologies, Inc...
Read More
08
Jun

Automated Ejection Fraction SaMD De Novo

June 8, 2023
The FDA completed its review of an Automated Ejection Fraction SaMD De Novo leading to a new Class II code, ‘QVD.’  The FDA notice follows including the special controls. FDA Notice Re: DEN220063 Trade/Device Name: Caption Interpretation Automated Ejection Fraction Software Regulation Number: 21 CFR 892.2055 Regulation Name: Radiological machine learning-based quantitative imaging software with...
Read More
14
Mar

Unit Testing

March 14, 2023
I cannot agree more … “The more you can divide up the behavior of your app into components, the more effectively you can test that the behavior of your code meets the reference standards in all particulars as your project grows and changes. For a large project with many components, you’ll need to run a large number of tests to test...
Read More
26
Nov

MITRE Threat Modeling Playbook

November 26, 2022
This Playbook was prepared by The MITRE Corporation and the Medical Device Innovation Consortium using funds from the U.S. Food and Drug Administration in November 2021.  Download playbook here:  Playbook-for-Threat-Modeling-Medical-Devices-2021 The playbook is not prescriptive in that it does not describe one approach to be used when threat modeling medical devices. It is intended to...
Read More
11
Nov

Thoughts on Metrics

November 11, 2022
Just a few thoughts on metrics … specifically software metric.  A software metric defines a standard way of measuring some attribute of the software development process or an attribute of a software component. A software metric allows us to compare and evaluate one process or component with another, and plan to improve quality of a...
Read More
24
Oct

SaMD Risk Management Training

October 24, 2022
A course dedicated to “SaMD Risk Management Training?” Yes and much more! More discussion on Risk Management Training between our General Manager, Brian Pate, and our Partner, Dr. Peter Rech, regarding our January 2023 public training course on the application of ISO 14971 and IEC 62304 to system risk analysis and software risk analysis.  Our...
Read More
12
Oct

October – Cybersecurity Awareness Month

October 12, 2022
Since October is Cybersecurity Awareness Month, the US FDA released a new video to provide ideas and approaches for Healthcare Professionals (HCP) discuss and explain to patients, the concepts and methods for cybersecurity with regard to  interconnected medical devices.   The video titled, “xx,” is designed to promote, and perhaps facilitate, communication  between HCPs and patients....
Read More
10
Oct

Dr Rech on ISO 14971 Updates

October 10, 2022
I recently spoke with Dr. Peter Rech about the 2019 update to ISO 14971 as he and I prepare for our upcoming public training course on January 9-11, 2023, in Tampa, Florida USA.  Registration information can be found at this post: 14971 Risk Management Training Course If you would like more information on applying IEC 62304...
Read More
28
Sep

Hurricane Ian – Possible Disruptions

September 28, 2022
(Tampa, FL, September 28, 2022) – Crisis Prevention and Recovery, LLC is taking proactive steps to minimize impact to our clients from the landfall of Hurricane Ian in Southwest Florida.  With our corporate office in Tampa, Florida, it is likely that there could be loss of electrical power and/or internet in the next 24 to 72...
Read More
26
Jul

New Cybersecurity Standard

July 26, 2022
Recently, a new cybersecurity standard, IEC 81001-5-1:2021, Health software and health IT systems safety, effectiveness and security – Part 5-1: Security – Activities in the product life cycle, was released.  As the name implies, this standard addresses the overall software development lifecycle (SDLC) with regard to cybersecurity activities.  For medical device manufacturers, this is very...
Read More
14
Jul

Non-Medical Device Software

July 14, 2022
FDA is requesting input on patient safety, including best practices to promote patient safety, education, and competency, associated with Non-Medical Device Software – software excluded from the medical device definition by the 21st Century Cures Act.  Software professionals should take this opportunity to explain the risks associated with non-medical device software interacting with medical device...
Read More
20
Apr

2022 FDA Premarket Cybersecurity Guidance

April 20, 2022
FDA has released a new draft of Premarket Cybersecurity in Medical Devices:  Quality System Considerations and Content of Premarket Submissions.  Per the scope, this 2022 FDA Premarket Cybersecurity Guidance “is applicable to devices that contain software (including firmware) or programmable logic, as well as software as a medical device (SaMD). The guidance is not limited to devices...
Read More
29
Dec

Transition from Research

December 29, 2021,
When developing medical devices, a manufacturer may have difficulty knowing when (or what) the transition from research phase activities to design controls has begun.  Often this is due to the nature of research itself - one is exploring a concept or design approach that may or may not pan out in the end.  The US...
Read More
03
Dec

Post Market Risk Management

December 3, 2021
AAMI Post Market Risk Management Report
Read More
23
Nov

Code Review Basics

November 23, 2021,
This post discusses some code review basics - concepts and inspection ideas that one might use when performing a code review.  A code review is a technical verification activity.  The purpose is most often to identify coding errors against the design intent - one is verifying that the code actually accomplishes what that author intended....
Read More
04
Nov

Manufacture of Blood Components

November 4, 2021
Nothing software specific in this guidance, Manufacture-of-Blood-Components-Using-Pathogen-Reduction-Device-2021, but in the future one might envision that the validation and quality control could be automated by software. Purpose of the document is to provide guidance to establishments that collect or process blood and blood components, with recommendations for implementing a pathogen reduction device for the manufacture of...
Read More
30
Aug

SOUP – Can’t Live Without It!

August 30, 2021
Software of Unknown Provenance SOUP.  It is likely that you are familiar with the acronym, SOUP, in relation to medical device and Health IT software.  The medical device software standard IEC 62304, defines SOUP as a “software item that is: already developed and generally available and that has not been developed for the purpose of being...
Read More
28
Aug

FDA AI/ML Workshop

August 28, 2021
You may be interested in attending the FDA Virtual Public Workshop, “Transparency of Artificial Intelligence/Machine Learning-enabled Medical Devices,” planned for October 14, 2021.   Info on attending:  https://www.fda.gov/medical-devices/workshops-conferences-medical-devices/virtual-public-workshop-transparency-artificial-intelligencemachine-learning-enabled-medical-devices  
Read More
17
Aug

62304/FDA Public Training Course – Virtual

August 17, 2021
IEC 62304 and Emerging Standards for Medical Device and Health IT Software DATES:  Oct 19-21, 2021 Clock time each day:  8:30 am – 4:30 pm US Pacific COST: 3 Full Days for $2,100.00 (Early Bird discount: $1595 thru September 1, 2021) Special FDA / Government rate:  $500 (contact us at training@softwarecpr.com to qualify) Multi-student discounts available....
Read More
31
Jul

DNA Software Under Scrutiny

July 31, 2021
Probabilistic Genotyping Used for Criminal Prosecution In a recent article published on The Markup, software that is used to match DNA in criminal prosecution has come under scrutiny.  The software implements what is known as probabilistic genotyping, a method used when analyzing data that contains a mixture of DNA from multiple people.  The software uses complex...
Read More
25
Jul

Software Validation of Cloud Based Tools

July 25, 2021,
Most medical device manufacturers use many, many software programs, systems, or services to automate quality system This software is not to be confused with product software - that is, software that runs as part of a medical device.  Medical device in this context could be custom hardware devices or Software as a Medical Device (SaMD)....
Read More
25
Jul

General Principles of Software Validation

July 25, 2021,
One of the most important references in creating a software development lifecycle process to assure software quality is the FDA guidance document, “General Principles of Software Validation.”  This guidance document has been around for many years.  The current version, 2.0, was released in 2002.  To many in the industry, this guidance is simply referred to...
Read More
23
Jul

Retaining Training Data Sets

July 23, 2021,
As the use of Artificial Intelligence (AI) and machine learning methods expand in medical devices and HealthIT software, an oft asked question is whether the data sets used for training should be retained as part of the design history file (DHF) or other long term storage mechanisms.  SoftwareCPR partners Alan Kusinitz, Sherman Eagles, John Murray,...
Read More
02
May

Standards Navigator Benefits

May 2, 2021
Having trouble keeping up with standards activity? You are not alone!  The pace of new and emerging standards creates a challenge for even the most organized and well staffed software and quality assurance teams.  Whether it is digital health, risk management, software process, usability, or the ever challenging cybersecurity, being aware and understanding upcoming changes...
Read More
01
May

Standards Navigator

May 1, 2021
In addition to information on existing standards, the SoftwareCPR Standards Navigator subscription keeps you up to date on new standards activity and gives you expert insight into future changes to existing standards.  Draft standards are available on a limited basis to subscribers to provide input to SoftwareCPR for the purpose of developing a position or...
Read More
04
Apr

Challenges and benefits of the microservice architectural style

April 4, 2021
An excellent overview of the challenges and benefits of the Microservices architectural style of software application development.  While many of the factors discussed by the author (Dr. André Fachat, published January 30, 2019), these same factors can affect the safety and efficacy of a medical devices using this style.  The article consists of two parts:...
Read More
29
Mar

62304/FDA Public Training Course – Virtual – April 6-8, 2021

March 29, 2021
IEC 62304 and Emerging Standards for Medical Device and Health IT Software DATES:  April 6-8, 2021 Clock time each day:  8:30 am – 4:30 pm US EDT COST: 3 Full Days for $2,100.00 (Early Bird discount extended! $1795 thru April 3rd) Multi-student discounts available. Register at EventZilla:  https://events.eventzilla.net/e/2021-softwarecpr–iec-62304-and-emerging-standards-and-fda-expectations-for-medical-device-and-health-it-software-2138790469 This 62304 Public Training Course provides a...
Read More
05
Mar

Mike Russell joins SoftwareCPR as a partner

March 5, 2021
(March 1, 2021)— Mike Russell has joined Crisis Prevention and Recovery LLC (DBA SoftwareCPR ®) as a Partner. He is not new to the firm and industry, having assisted on many engagements in the last decade as an Affiliated Expert. He was also on the TIR working group that created the AAMI TIR45- 2012 Technical...
Read More
23
Nov

ISO 14971 Updated in 2019 Release

November 23, 2020,
This content is only available to our Premium subscribers. See our Subscribe page for information on subscriptions. ISO 14971 was updated and released in 2019.  We previously discussed the internal debate regarding ISO 14917 in this post ISO 14971 versus the EU Commission. There are several items to consider with the new update: Section 10.1 - “The manufacturer...
Read More
11
Nov

Celebrating Veterans Day!

November 11, 2020
At SoftwareCPR today, we honor our consultants that are also veterans who served in our US military! John Murray – US Navy Mike Russell – US Air Force Greg Sandoe – US Marine Corps Jordan Pate – US Army Paul Felten – US Army Thank you for your service!
Read More
30
Oct

Understanding OTS and SOUP

October 30, 2020
Understanding OTS and SOUP is very important in every lifecycle stages of medical device and HealthIT software development.  In the late 1990’s, the US FDA first published guidance documentation on the use of Off-The-Shelf (OTS) software in medical devices (or sometimes referred to as “OTSS”).  At that time, OTSS generally accounted for a very small...
Read More
22
Sep

SoftwareCPR 62366-1:2015, A1:2020 Checklist

September 22, 2020
This content is only available to our Premium subscribers. See our Subscribe page for information on subscriptions. Raffaele Caliri and Jordan Pate have recently updated our 62366-1 Assessment Checklist to align with the 2020 amendment.  This version of the standard has been pared down a bit and looks a lot different than the familiar 2008 version...
Read More
18
Sep

62304/FDA Public Training Course – Virtual – Sep 22-24, 2020

September 18, 2020
62304 Public Training Course DATES:  September 22-24, 2020 (Registration is open through September 21, 2020 as seats remain.) COST: 3 Full Days for $2,100.00 Company Discount:  First two students at full price and then 10% off for any others (up to course size limit) This 62304 Public Training Course provides a clear understanding of the...
Read More
22
Aug

SoftwareCPR August 2020 Newsletter

August 22, 2020
SoftwareCPR August 2020 Newsletter has been published.  FDA news, regulatory updates, new SoftwareCPR content, software recalls, and software warning letters.
Read More
20
Aug

My Software Is a Medical Device (SaMD). Now What?

August 20, 2020
My Software Is a Medical Device … if that’s you, check out this upcoming webinar.  Our very own John Murray will participate in a webinar on August 25, 2020, and join a roundtable discussion with Bakul Patel, Director, Division of Digital Health at FDA.  Shawnnah Monterrey, CEO @BeanStock Ventures will moderate the discussion. You can...
Read More
13
Jul

Amy Sellers joins SoftwareCPR

July 13, 2020
(July 13, 2020) Amy Sellers, of Tampa, FL, USA, has joined SoftwareCPR as a Regulatory Associate.  Amy recently received her J.D. from the University of Florida Levin College of Law. She has experience in regulatory pathway decisions, including analysis of intended use and product claims, as well as analysis of design changes against US regulations...
Read More
12
Jul

Software CAPA Can be Challenging

July 12, 2020,
This content is only available to our Premium subscribers.  See our Subscribe page for information on subscriptions. You are likely aware of the CAPA process overall and how it fits in to the quality management system for a medical device manufacturer or supplier.  Just the name itself, corrective and preventive action, describes one of the...
Read More
1 2 3

SoftwareCPR Training Courses:

IEC 62304 and other emerging standards for Medical Device and HealthIT Software

Our flagship course for preparing regulatory, quality, engineering, operations, and others for the activities and documentation expected for IEC 62304 conformance and for FDA expectations. The goal is to educate on the intent and purpose so that the participants are able to make informed decisions in the future.  Focus is not simply what the standard says, but what is meant and discuss examples and approaches one might implement to comply.  Special deep discount pricing available to FDA attendees and other regulators.

3-days onsite with group exercises, quizzes, examples, Q&A.

Instructor: Brian Pate

Next public offering:  June 5-7, 2024
Boston, MA

Email training@softwarecpr.com to request a special pre-registration discount.  Limited number of pre-registration coupons.

Registration Link:

Register Now

 

 

Being Agile & Yet Compliant (Public or Private)

Our SoftwareCPR unique approach to incorporating agile and lean engineering to your medical device software process training course is now open for scheduling!

  • Agile principles that align well with medical
  • Backlog management
  • Agile risk management
  • Incremental and iterative software development lifecycle management
  •  Frequent release management
  • And more!

2-days onsite (4 days virtual) with group exercises, quizzes, examples, Q&A.

Instructors: Mike Russell, Ron Baerg

Next public offering: Tuesday, January 23 through Friday, January 26 from at 11 am – 3 pm EST

Virtual via Zoom

Registration Link:

Register Now

 

 

Medical Device Cybersecurity (Public or Private)

This course takes a deep dive into the US FDA expectations for cybersecurity activities in the product development process with central focus on the cybersecurity risk analysis process. Overall approach will be tied to relevant standards and FDA guidance documentation. The course will follow the ISO 14971:2019 framework for overall structure but utilize IEC 62304, IEC 81001-5-1, and AAMI TIR57 for specific details regarding cybersecurity planning, risk characterization, threat modeling, and control strategies.

2-days onsite with group exercises, quizzes, examples, Q&A.

Instructor: Dr Peter Rech, 2nd instructor (optional)

Next public offering:  TBD

Corporate Office

15148 Springview St.
Tampa, FL 33624
USA
+1-781-721-2921
office@softwarecpr.com
Partners located in the US (CA, FL, MA, MN, TX) and Canada.