By

Brian Pate
This content is only available to our Premium subscribers. See our Subscribe page for information on subscriptions. ISO 14971 was updated and released in 2019.  We previously discussed the internal debate regarding ISO 14917 in this post ISO 14971 versus the EU Commission. There are several items to consider with the new update: Section 10.1 - “The manufacturer...
Read More
At SoftwareCPR today, we honor our consultants that are also veterans who served in our US military! John Murray – US Navy Mike Russell – US Air Force Greg Sandoe – US Marine Corps Jordan Pate – US Army Paul Felten – US Army Thank you for your service!
Read More
Understanding OTS and SOUP is very important in every lifecycle stages of medical device and HealthIT software development.  In the late 1990’s, the US FDA first published guidance documentation on the use of Off-The-Shelf (OTS) software in medical devices (or sometimes referred to as “OTSS”).  At that time, OTSS generally accounted for a very small...
Read More
This content is only available to our Premium subscribers. See our Subscribe page for information on subscriptions. Raffaele Caliri and Jordan Pate have recently updated our 62366-1 Assessment Checklist to align with the 2020 amendment.  This version of the standard has been pared down a bit and looks a lot different than the familiar 2008 version...
Read More
62304 Public Training Course DATES:  September 22-24, 2020 (Registration is open through September 21, 2020 as seats remain.) COST: 3 Full Days for $2,100.00 Company Discount:  First two students at full price and then 10% off for any others (up to course size limit) This 62304 Public Training Course provides a clear understanding of the...
Read More
SoftwareCPR August 2020 Newsletter has been published.  FDA news, regulatory updates, new SoftwareCPR content, software recalls, and software warning letters.
Read More
My Software Is a Medical Device … if that’s you, check out this upcoming webinar.  Our very own John Murray will participate in a webinar on August 25, 2020, and join a roundtable discussion with Bakul Patel, Director, Division of Digital Health at FDA.  Shawnnah Monterrey, CEO @BeanStock Ventures will moderate the discussion. You can...
Read More
(July 13, 2020) Amy Sellers, of Tampa, FL, USA, has joined SoftwareCPR as a Regulatory Associate.  Amy recently received her J.D. from the University of Florida Levin College of Law. She has experience in regulatory pathway decisions, including analysis of intended use and product claims, as well as analysis of design changes against US regulations...
Read More
This content is only available to our Premium subscribers.  See our Subscribe page for information on subscriptions. You are likely aware of the CAPA process overall and how it fits in to the quality management system for a medical device manufacturer or supplier.  Just the name itself, corrective and preventive action, describes one of the...
Read More
FDA released a new guidance document titled, “Nonbinding Feedback After Certain FDA Inspections of Device Establishments, Guidance for Industry and Food and Drug Administration Staff.  This guidance was issued on April 22, 2020.  The background on the guidance states, “Timely nonbinding feedback can help device firms determine whether proposed actions to address inspectional observations are...
Read More
U.S. Food and Drug Administration (FDA) issued this immediately in effect guidance: Enforcement Policy for Infusion Pumps and Accessories During the Coronavirus Disease 2019 (COVID- 19) Public Health Emergency.  FDA believes the policy set forth in this guidance may help address these urgent public health concerns by helping to expand the availability and remote capabilities...
Read More
On February 25-26, 2020 the U.S. Food and Drug Administration (FDA) held a public workshop to discuss the “Evolving Role of Artificial Intelligence in Radiological Imaging.” The comment period for the public workshop is extended to June 30, 2020, in response to requests for an extension to allow stakeholders additional time to submit comments.
Read More
Today (25 March 2020), the Commission announced that work on a proposal to postpone the date of application for the Medical Device Regulation (MDR) for one year is ongoing. The decision was reached with patient health and safety as a guiding principle.  
Read More
FDA has issued a final order to reclassify: medical image analyzers applied to mammography breast cancer ultrasound breast lesions radiograph lung nodules radiograph dental caries detection all which are post-amendments class III devices (regulated under product code MYN), into class II (special controls), subject to premarket notification. These devices are intended to direct the clinician’s...
Read More
December 26, 2019 Excerpts from warning letter of interest to software professionals: “The inspection also revealed that your … LED light therapy devices are adulterated within the meaning of section 501(h) of the Act, 21 U.S.C. § 351(h), in that the methods used in, or the facilities or controls used for, their manufacture, packing, storage,...
Read More
Kicking off the new year with regulatory and standards updates.  New public courses in 2020!
Read More
FDA is raising awareness among health care providers and facility staff that cybersecurity vulnerabilities in certain GE Healthcare Clinical Information Central Stations and Telemetry Servers may introduce risks to patients while being monitored.  Per the FDA notice: “A security firm has identified several vulnerabilities in certain GE Healthcare Clinical Information Center workstations and Telemetry Servers,...
Read More
This "FDA GPSV Traceability Expectations" post is only available to Premium subscribers. See our Subscribe page for information on subscriptions. Going way back to the late 1990's, FDA had an expectation that safe and effective software would require a well thought out development lifecycle that includes many activities designed to ensure the correctness and robustness...
Read More
How do I know if my device or my software is a medical device? Watch this helpful video and learn about the 513(g) process as well.  SoftwareCPR can help you plan your regulatory strategy and handle your regulatory submissions.  We would be delighted to help!
Read More
62304 Public Training Course DATES:  February 4-6, 2020 (REGISTRATION extended through January 18, 2020) COST: 3 Full Days for $2,595.00 (Registration extended through 1/18/2020) Volume Discount:  $450 off for 4 or more students from same company Register Now:  https://events.eventzilla.net/e/2020-softwarecpr-62304-and-emerging-software-standards-training-course–sunnyvale-ca-2138757731 This 62304 Public Training Course provides a clear understanding of the 62304 standard for medical device software,...
Read More
The Institute of Electrical and Electronics Engineers (IEEE) has approved a proposal to develop a standard for safety considerations in automated vehicle (AV) decision-making.  Purportedly, the “forthcoming IEEE standard will provide a useful tool to answer the question of what it means for an AV to drive safely,” according to the lead convener.  With technology...
Read More
ISO 14971 Risk Analysis Identifying safety risks in medical devices is a challenging and laborious process.  The process standard, ISO 14971, is a systematic, total product risk management lifecycle process to identify, control, and evaluate risk, where risk is defined as the combination of severity of the harm (to people, property, or environment) and probability...
Read More
This new draft guidance explains when a Type V DMF may be used to submit information regarding a combination product for which the Center for Drug Evaluation and Research (CDER) has primary jurisdiction (i.e., CDER-led combination product) and the device portion has electronics and/or software that is planned to be used as a platform, that is,...
Read More
The FDA and the NIH National Center for Advancing Translational Sciences (NCATS)/Office of Rare Diseases Research (ORDR) conducted this needs assessment to better understand unmet medical device needs for rare diseases – ultimately to raise public awareness of these unmet needs.  Let this motivate us all to explore, push limits, innovate, and invent.  Onward software...
Read More
URGENT/11 Cybersecurity Vulnerabilities in a Widely-Used Third-Party Software Component May Introduce Risks During Use of Certain Medical Devices The U.S. Food and Drug Administration (FDA) is informing patients, health care providers and facility staff, and manufacturers about cybersecurity vulnerabilities that may introduce risks for certain medical devices and hospital networks. The FDA is not aware...
Read More
August and September 2019 continued a busy trend of regulatory and compliance activity – there were 42 software related recalls!  We also announced our 2020 Public Training Course dates!  Onward to higher software quality – keep pressing forward!
Read More
The 2015 Amendment 1 update to IEC 62304 added a new clause that requires identification of “categories of defects associated with the selected programming technology” and providing analysis and other evidence demonstrating “that these defects do not contribute to unacceptable risk.”  Read a recent article on challenges with using C language.
Read More
For anyone involved in software development, the importance of software requirements cannot be minimized. Software requirements provide the definition and explanation of “what the software should do” and “how the software should behave.” The software engineers and developers use the requirements as input to the software design and coding process. The test developers also use...
Read More
Today, the German Federal Institute for Drugs and Medical Devices (BfArM) identified critical vulnerabilities in the Wind River VxWorks real-time operating system. Affected versions of VxWorks are: VxWorks 6.5 to 6.9 (End-of-Life) VxWorks 7 (SR540 and SR610) VxWorks 653 MCE 3.x (may be affected) They pointed out that VxWorks is used in many medical devices....
Read More
Some thoughts on Requirements … using the General Principles of Software Validation to help. Many times we struggle with creating software requirements and documenting them.  The FDA General Principles of Software Validation-Final Guidance helps set the FDA expectations in this area.  Section 4.1 of the guidance states: “A documented software requirements specification provides a baseline for both...
Read More
Patient Engagement Advisory Committee Meeting to Discuss Cybersecurity – September 10, 2019 On September 10, 2019 the FDA will hold a meeting of the Patient Engagement Advisory Committee. The committee provides advice to the FDA on complex issues relating to medical devices, the regulation of devices, and their use by patients. During the meeting the...
Read More
Dialog+ haemodialysis machines with software versions 9.xx (excluding versions 9.18, 9.1A, 9.1B) – software and hardware upgrade required (MDA/2019/024) Summary Manufactured by B. Braun Avitum AG – Malfunction of the temperature sensor can result in temperature of the dialysis fluid to be more than ±1°C outside the programmed values, which can lead to inadequate treatment....
Read More
Join the FDA and NITRD on July 17 for a Listening Session on Interoperability of Medical Devices On July 17, 2019, the U.S. Food and Drug Administration (FDA) and The Networking and Information Technology Research and Development Program (NITRD) will host a listening session on the interoperability of medical devices, data and platforms. During the...
Read More
The FDA is warning patients and health care providers that certain Medtronic MiniMed™ insulin pumps have potential cybersecurity risks. Patients with diabetes using these models should switch their insulin pump to models that are better equipped to protect against these potential risks.
Read More
This content is only available to Premium subscribers.  See our Subscribe page for information on subscriptions. As more "software as a medical device" (SaMD) applications are developed and marketed, there has been an increased focus on what activities and documentation are required for compliance with US medical device regulations and applicable ISO standards.  Along with...
Read More
May and June 2019 was a busy period for software related recalls – there were 28 recalls as you will see later in the Newsletter. As you plan your software quality assurance activities, we encourage review of published recalls and consider what steps you have in your process to prevent similar problems. Onward toward higher...
Read More
The US Defense Advanced Research Projects Agency (DARPA) have released a solicitation for the “Automated Rapid Certification of Software (ARCOS)” project.  The project goal is to automate system risk assessment based on software assurance.  The project recognizes that current practices in this area rely upon human judgement which can be prone to error but also...
Read More
Another useful reference for establishing a safety culture in your software organization. “The purpose of this Handbook is to define the NASA Safety Culture Program and to provide guidance in the development and implementation—sustainment, growth, and practice—of Safety Culture at the Center level. It defines the NASA Safety Culture Model, describes the Safety Culture Survey...
Read More
This content is only available to Premium subscribers.  See our Subscribe page for information on subscriptions. This template is conceived as a partial example template for a generic small device with embedded real time control. Explanatory comments are included in << comment >>. Other text is example definition that you should replace with your own...
Read More
This content is only available to Standards Navigator subscribers.  See our Subscribe page for information on subscriptions. A SoftwareCPR example for software release note and revision history.  Software Revision Level History Example
Read More
FDA announced the next phase of its Pre-Cert Test Plan implementation. Pre-Cert refers to the the pre-certification program that FDA’s Digital Health unit has been piloting. The program targets SaMD devices only at this time. This next phase seeks SaMD companies, willing to volunteer, that foresee a De Novo request or 510(k) submission within the...
Read More
COURSE DATES: June 4 – 6, 2019 TRAINING LOCATION: Boston, MA USA COST: 3 Full Days for $2,495.00 (Registration closes 5/30/2019) Get 24% off for 4 or more from same company registering with same payment! Registration link: https://events.eventzilla.net/e/62304-and-emerging-software-standards-training-course-2138720953 This three-day course provides a clear understanding of the 62304 standard for medical device software, FDA expectations...
Read More
This 62304 Conformance Checklist Tool is only available to Premium and higher subscribers.  See our Subscribe page for information on subscriptions. 62304 can provide an excellent framework from which to design a software process for medical device, medical mobile app, and/or HealthIT software.  62304 was created specifically for this type of software - it was not...
Read More
A 2015 article providing a review of the factors that contribute to a potentially insecure environment, together with the identification of the vulnerabilities, and why these vulnerabilities persist and what the solution space should look like.
Read More
Many years ago, Capers Jones, the software metrics guru, analyzed his database of thousands of software projects for the key factors affecting “real” software quality.  “Real” software quality relates to how the software actually performed and how robust in the field.   His list in priority order was: Programmer Application (domain) Experience Programmer Technical Experience Reuse...
Read More
In April 2019, FDA released a draft guidance providing manufacturers and FDA staff with detailed recommendations on assessing the technical performance of quantitative imaging devices and how the documentation from those assessments should be provided in premarket submissions. From a big picture perspective, one should remember the overall goal is to “provide performance specifications for...
Read More
John F. Murray, Jr, will be teaching at our June 4-6, 2019, FDA and 62304 Software course in Boston. Our course is designed to gain an understanding of how 62304 and other standards can be implemented efficiently and effectively while meeting FDA expectations as well.
Read More
The US FDA Center for Biologics Evaluation and Research (CBER) finalized the December 2017 draft guidance titled “Standards Development and the Use of Standards in Regulatory Submissions Reviewed in the Center for Biologics Evaluation and Research” today.  The guidance makes clear that CBER recognizes the value and proper usage of standards and further encourages the...
Read More
US FDA has proposed a new rule to exempt Cytometry instruments used for counting or characterizing cells (a well-understood and mature technology), from premarket notification requirements.  Cytometry instruments used for sorting or collecting cells, and instruments that are used as an automated hematology analyzer, or that perform automated differential cell counts, will still require premarket...
Read More
Today FDA qualified the Osirix CDE Software Module biomarker test for use by medical device developers to identify and enroll patients into Traumatic Brain Injury (TBI) studies.  This is the third qualification of a medical device development tool (MDDT) by the FDA, and the first of a software module biomarker test tool type. A biomarker...
Read More
1 2

Upcoming Training

Agile Methods for Medical Device and Health IT Software

One day course that expands on the software risk management topics covered in our IEC 62304 and other Emerging Standards for Medical Device and HealthIT Software course. Essentially the same topics are covered but in greater depth with more attention to hands-on analysis of examples.

Email training@softwarecpr.com for more info.

Corporate Office

15148 Springview St
Tampa, FL 33624
USA
+1-781-721-2921
Partners located in the US (CA, FL, MA, MN) and Italy.