By

Brian Pate
DATES:  February 4-6, 2020 COST: 3 Full Days for $2,595.00 (Registration closes 1/14/2020) Receive $300 discount with Premium-Individual subscription purchase (or $333 per person for Premium-Company subscription)! Volume Discount:  $450 off for multiple students from same company Register Now:  https://events.eventzilla.net/e/2020-softwarecpr-62304-and-emerging-software-standards-training-course–sunnyvale-ca-2138757731 This three-day course provides a clear understanding of the 62304 standard for medical device software, FDA...
Read More
This new draft guidance explains when a Type V DMF may be used to submit information regarding a combination product for which the Center for Drug Evaluation and Research (CDER) has primary jurisdiction (i.e., CDER-led combination product) and the device portion has electronics and/or software that is planned to be used as a platform, that is,...
Read More
The FDA and the NIH National Center for Advancing Translational Sciences (NCATS)/Office of Rare Diseases Research (ORDR) conducted this needs assessment to better understand unmet medical device needs for rare diseases – ultimately to raise public awareness of these unmet needs.  Let this motivate us all to explore, push limits, innovate, and invent.  Onward software...
Read More
URGENT/11 Cybersecurity Vulnerabilities in a Widely-Used Third-Party Software Component May Introduce Risks During Use of Certain Medical Devices The U.S. Food and Drug Administration (FDA) is informing patients, health care providers and facility staff, and manufacturers about cybersecurity vulnerabilities that may introduce risks for certain medical devices and hospital networks. The FDA is not aware...
Read More
August and September 2019 continued a busy trend of regulatory and compliance activity – there were 42 software related recalls!  We also announced our 2020 Public Training Course dates!  Onward to higher software quality – keep pressing forward!
Read More
The 2015 Amendment 1 update to IEC 62304 added a new clause that requires identification of “categories of defects associated with the selected programming technology” and providing analysis and other evidence demonstrating “that these defects do not contribute to unacceptable risk.”  Read a recent article on challenges with using C language.
Read More
For anyone involved in software development, the importance of software requirements cannot be minimized. Software requirements provide the definition and explanation of “what the software should do” and “how the software should behave.” The software engineers and developers use the requirements as input to the software design and coding process. The test developers also use...
Read More
Today, the German Federal Institute for Drugs and Medical Devices (BfArM) identified critical vulnerabilities in the Wind River VxWorks real-time operating system. Affected versions of VxWorks are: VxWorks 6.5 to 6.9 (End-of-Life) VxWorks 7 (SR540 and SR610) VxWorks 653 MCE 3.x (may be affected) They pointed out that VxWorks is used in many medical devices....
Read More
Some thoughts on Requirements … using the General Principles of Software Validation to help. Many times we struggle with creating software requirements and documenting them.  The FDA General Principles of Software Validation-Final Guidance helps set the FDA expectations in this area.  Section 4.1 of the guidance states: “A documented software requirements specification provides a baseline for both...
Read More
Patient Engagement Advisory Committee Meeting to Discuss Cybersecurity – September 10, 2019 On September 10, 2019 the FDA will hold a meeting of the Patient Engagement Advisory Committee. The committee provides advice to the FDA on complex issues relating to medical devices, the regulation of devices, and their use by patients. During the meeting the...
Read More
Dialog+ haemodialysis machines with software versions 9.xx (excluding versions 9.18, 9.1A, 9.1B) – software and hardware upgrade required (MDA/2019/024) Summary Manufactured by B. Braun Avitum AG – Malfunction of the temperature sensor can result in temperature of the dialysis fluid to be more than ±1°C outside the programmed values, which can lead to inadequate treatment....
Read More
Join the FDA and NITRD on July 17 for a Listening Session on Interoperability of Medical Devices On July 17, 2019, the U.S. Food and Drug Administration (FDA) and The Networking and Information Technology Research and Development Program (NITRD) will host a listening session on the interoperability of medical devices, data and platforms. During the...
Read More
The FDA is warning patients and health care providers that certain Medtronic MiniMed™ insulin pumps have potential cybersecurity risks. Patients with diabetes using these models should switch their insulin pump to models that are better equipped to protect against these potential risks.
Read More
This content is only available to Premium subscribers.  See our Subscribe page for information on subscriptions. As more "software as a medical device" (SaMD) applications are developed and marketed, there has been an increased focus on what activities and documentation are required for compliance with US medical device regulations and applicable ISO standards.  Along with...
Read More
May and June 2019 was a busy period for software related recalls – there were 28 recalls as you will see later in the Newsletter. As you plan your software quality assurance activities, we encourage review of published recalls and consider what steps you have in your process to prevent similar problems. Onward toward higher...
Read More
The US Defense Advanced Research Projects Agency (DARPA) have released a solicitation for the “Automated Rapid Certification of Software (ARCOS)” project.  The project goal is to automate system risk assessment based on software assurance.  The project recognizes that current practices in this area rely upon human judgement which can be prone to error but also...
Read More
Another useful reference for establishing a safety culture in your software organization. “The purpose of this Handbook is to define the NASA Safety Culture Program and to provide guidance in the development and implementation—sustainment, growth, and practice—of Safety Culture at the Center level. It defines the NASA Safety Culture Model, describes the Safety Culture Survey...
Read More
This content is only available to Premium subscribers.  See our Subscribe page for information on subscriptions. This template is conceived as a partial example template for a generic small device with embedded real time control. Explanatory comments are included in << comment >>. Other text is example definition that you should replace with your own...
Read More
This content is only available to Standards Navigator subscribers.  See our Subscribe page for information on subscriptions. A SoftwareCPR example for software release note and revision history.  Software Revision Level History Example
Read More
FDA announced the next phase of its Pre-Cert Test Plan implementation. Pre-Cert refers to the the pre-certification program that FDA’s Digital Health unit has been piloting. The program targets SaMD devices only at this time. This next phase seeks SaMD companies, willing to volunteer, that foresee a De Novo request or 510(k) submission within the...
Read More
COURSE DATES: June 4 – 6, 2019 TRAINING LOCATION: Boston, MA USA COST: 3 Full Days for $2,495.00 (Registration closes 5/30/2019) Get 24% off for 4 or more from same company registering with same payment! Registration link: https://events.eventzilla.net/e/62304-and-emerging-software-standards-training-course-2138720953 This three-day course provides a clear understanding of the 62304 standard for medical device software, FDA expectations...
Read More
This 62304 Conformance Checklist Tool is only available to Premium and higher subscribers.  See our Subscribe page for information on subscriptions. 62304 can provide an excellent framework from which to design a software process for medical device, medical mobile app, and/or HealthIT software.  62304 was created specifically for this type of software - it was not...
Read More
A 2015 article providing a review of the factors that contribute to a potentially insecure environment, together with the identification of the vulnerabilities, and why these vulnerabilities persist and what the solution space should look like.
Read More
Many years ago, Capers Jones, the software metrics guru, analyzed his database of thousands of software projects for the key factors affecting “real” software quality.  “Real” software quality relates to how the software actually performed and how robust in the field.   His list in priority order was: Programmer Application (domain) Experience Programmer Technical Experience Reuse...
Read More
In April 2019, FDA released a draft guidance providing manufacturers and FDA staff with detailed recommendations on assessing the technical performance of quantitative imaging devices and how the documentation from those assessments should be provided in premarket submissions. From a big picture perspective, one should remember the overall goal is to “provide performance specifications for...
Read More
John F. Murray, Jr, will be teaching at our June 4-6, 2019, FDA and 62304 Software course in Boston. Our course is designed to gain an understanding of how 62304 and other standards can be implemented efficiently and effectively while meeting FDA expectations as well.
Read More
The US FDA Center for Biologics Evaluation and Research (CBER) finalized the December 2017 draft guidance titled “Standards Development and the Use of Standards in Regulatory Submissions Reviewed in the Center for Biologics Evaluation and Research” today.  The guidance makes clear that CBER recognizes the value and proper usage of standards and further encourages the...
Read More
US FDA has proposed a new rule to exempt Cytometry instruments used for counting or characterizing cells (a well-understood and mature technology), from premarket notification requirements.  Cytometry instruments used for sorting or collecting cells, and instruments that are used as an automated hematology analyzer, or that perform automated differential cell counts, will still require premarket...
Read More
Today FDA qualified the Osirix CDE Software Module biomarker test for use by medical device developers to identify and enroll patients into Traumatic Brain Injury (TBI) studies.  This is the third qualification of a medical device development tool (MDDT) by the FDA, and the first of a software module biomarker test tool type. A biomarker...
Read More
Medical Device Development Tool (MDDT) Qualification The US FDA has provided guidance on the methods and approaches to qualify a medical device development tool so that medical device manufacturers or sponsors can use them to support the development and evaluation of medical devices.  The manufacturer is expected to ensure the tool produces “scientifically-plausible measurements” and...
Read More
Our March 2019 Newsletter has been published.  Learn of significant regulatory and standards related activity associated medical device software, medical mobile apps, and HealthIT software.  Also you can find dates for upcoming training opportunities.
Read More
For those currently or intending to distribute electronic labeling for their medical devices, be aware that in 2010 FDA issued a guidance entitled “Addition of URL to Electronic Product Labeling”.  This guidance contains a recommendation: “ …that manufacturers include their Uniform Resource Locator (URL) on their electronic product labels in addition to the requirements under...
Read More
What does one need to know about IEC 62304? In our 3-day 62304 Training course, we flow through the software development lifecycle drawing attention to requirements of the standard as well as related standards and always current FDA expectations from our experience.  The topics we plan to cover in our 2019 course are below. Topics: Regulatory...
Read More
On Jan 14, 2019, FDA recognized ANSI AAMI SW91:2018 Classification of defects in health software.  The FDA recognition statement for this standard does not indicate any specific use in premarket submissions or relevant FDA guidances. It simply states it supports existing policies.  This standard is lengthy and technical in terms of its approach to defect...
Read More
Through blog posts and downloadable content, Alan Kusinitz, Sherman Eagles, Brian Pate, and other SoftwareCPR® experts keep you informed of new developments in FDA Software Regulation, enforcement actions, ISO standards related to medical devices, and also gain access to a wide variety of training aides, document templates, and checklists! Download the attached form to learn more about the different SoftwareCPR® subscriptions...
Read More
The West Australian reported that two autonomous haulage systems (AHS) trucks experienced a collision when one of the trucks backed into the cab of the second truck that was stationary at the time.  This is of interest to us as the AHS trucks are software controlled and they crashed.  Clearly a failure mode.  The initial report is...
Read More
Came across this website that has some very detailed “commandments” for software development at their company.  A surprisingly lengthy list of dos and don’ts related to coding, testing, designing, estimating, and managing the software lifecycle.  Does your company have anything written?  I often find that each company has some “lore” – some practices that characterize...
Read More
The US FDA issued the final guidance for industry, “The Least Burdensome Provisions: Concept and Principles.”  This guidance is intended to accurately reflect Congress’ intent by describing the guiding principles and recommended approach for FDA staff and industry to facilitate consistent application of least burdensome principles.  FDA Least Burdensome Final Guidance
Read More
FDA issued a Safety Communication on January 31, 2019, (see Safety Communication Link) warning of the risk of air being introduced in a blood vessel (air-in-line) and air embolism for infusion pumps, fluid warmers, rapid infusers, and accessory devices.  This communication is directed toward users (both clinical and service personnel) and patients.  However, what can system architects,...
Read More
Does FDA accept regulatory submissions for medical devices and SaMD that have software developed using agile methods? What about IEC 62304 compliance?  Can agile and lean approaches to software development be compliant? On February 18th and 19th, 2019, we will explore those topics and more at our 2019 “Being Agile & Compliant” public training course. ...
Read More
COURSE DATES: February 18 – 19, 2019 TRAINING LOCATION: Tampa, Florida, USA COST: 2 Full Days for $2,495.00 January Registration Discount of 10% available through Jan 19, 2019. Extended to 1/25/2019. Ask about our multi-student discount as well! Meet our newest partner, John Murray, at the course! Download registration form Only a limited number of...
Read More
The Verily Study Watch is a device worn on the wrist that digitizes patient physiologic measurements and processes the raw data through algorithms both on the wrist worn device and additional processing when communicated to cloud based computing systems.  The idea is that the Verily watch would be worn similar (or as!) a consumer device...
Read More
(January 7, 2019)— John F. Murray, Jr, of Mount Airy, MD USA, has joined Crisis Prevention and Recovery LLC (DBA SoftwareCPR ®) as a partner. John retired from the US Food and Drug Administration in December 2018 after 32 years of federal service. For 25 years at FDA, John focused on FDA regulated software and...
Read More
Clearly one of the great struggles with medical device product design is to understand and finely tune the design input for our devices.  It is difficult but the payoff can be great when done well – pays off with development efficiency, greater certainty with safety risk control, and ultimately in customer satisfaction. In our training...
Read More
It is always good to remind ourselves of exactly what the regulation says – often our corporate procedures can become “bloated” and lead some to believe that some specific activities and/or types of deliverables are required by the regulations.
Read More
One of the most difficult challenges for medical device and HealthIT manufacturers is to properly "level" the design requirements for their medical device systems such that it is clear when it comes to design validation versus design verification.
Read More
FDA released a new draft guidance today entitled, “Clarification of Radiation Control Regulations For Manufacturers of Diagnostic X-Ray Equipment Draft Guidance for Industry and Food and Drug Administration Staff“, dated December 17, 2018.  A few things to note related to software: On line 370, question 16, FDA addresses the question of the use of software...
Read More
Certainly everyone with any connection to information technology and networked devices is concerned with cybersecurity. However, often we just miss the basics – we do not practice good cyber hygiene. While not intended to be comprehensive or state-of-the-art, here are some security basics (or as some call it, “cyber hygiene”) that one should consider when developing...
Read More
FDA issued a draft guidance for prescription POC (Point-of-care) entitled “Blood Glucose Monitoring Test Systems for Prescription Point-of-Care Use.” This draft guidance document provides recommendations to industry about the types of information to include in their premarket submissions for blood glucose monitoring systems used for diabetes management in the health care prescription POC settings. This guidance...
Read More
Glanced through the latest FDA warning letters today.  From the FDA Medical Device & Radiological Health Operations West/Division 3 I see the inspector pointing out “This design validation also fails to include software validation [emphasis mine] to assure software will perform as intended and will not prevent safe operation by the user.”   Of course this is...
Read More
1 2

Upcoming Training

62304, FDA, and Emerging Standards for Medical Device and HealthIT
Instructors:  Brian Pate, John F. Murray, Jr
Location: Sunnyvale, CA, USA
Dates:  February 4-6, 2020
Registration Link

Receive $300 discount with Premium-Individual subscription purchase (or $333 per person for Premium-Company subscription)!  Email training@softwarecpr.com
to receive discount

QSS Software Validation
Planned Instructors:  Brian Pate, John F. Murray, Jr
Location: Boston, MA, USA
Dates:  June 2-4, 2020
For info on this course, email training@softwarecpr.com

Corporate Office

15148 Springview St
Tampa, FL 33624
USA
+1-781-721-2921
Partners located in the US (CA, FL, MA, MN) and Italy.