By

Brian Pate
The 2015 Amendment 1 update to IEC 62304 added a new clause that requires identification of “categories of defects associated with the selected programming technology” and providing analysis and other evidence demonstrating “that these defects do not contribute to unacceptable risk.”  Read a recent article on challenges with using C language.
Read More
For anyone involved in software development, the importance of software requirements cannot be minimized. Software requirements provide the definition and explanation of “what the software should do” and “how the software should behave.” The software engineers and developers use the requirements as input to the software design and coding process. The test developers also use...
Read More
Today, the German Federal Institute for Drugs and Medical Devices (BfArM) identified critical vulnerabilities in the Wind River VxWorks real-time operating system. Affected versions of VxWorks are: VxWorks 6.5 to 6.9 (End-of-Life) VxWorks 7 (SR540 and SR610) VxWorks 653 MCE 3.x (may be affected) They pointed out that VxWorks is used in many medical devices....
Read More
Some thoughts on Requirements … using the General Principles of Software Validation to help. Many times we struggle with creating software requirements and documenting them.  The FDA General Principles of Software Validation-Final Guidance helps set the FDA expectations in this area.  Section 4.1 of the guidance states: “A documented software requirements specification provides a baseline for both...
Read More
Patient Engagement Advisory Committee Meeting to Discuss Cybersecurity – September 10, 2019 On September 10, 2019 the FDA will hold a meeting of the Patient Engagement Advisory Committee. The committee provides advice to the FDA on complex issues relating to medical devices, the regulation of devices, and their use by patients. During the meeting the...
Read More
Dialog+ haemodialysis machines with software versions 9.xx (excluding versions 9.18, 9.1A, 9.1B) – software and hardware upgrade required (MDA/2019/024) Summary Manufactured by B. Braun Avitum AG – Malfunction of the temperature sensor can result in temperature of the dialysis fluid to be more than ±1°C outside the programmed values, which can lead to inadequate treatment....
Read More
Join the FDA and NITRD on July 17 for a Listening Session on Interoperability of Medical Devices On July 17, 2019, the U.S. Food and Drug Administration (FDA) and The Networking and Information Technology Research and Development Program (NITRD) will host a listening session on the interoperability of medical devices, data and platforms. During the...
Read More
The FDA is warning patients and health care providers that certain Medtronic MiniMed™ insulin pumps have potential cybersecurity risks. Patients with diabetes using these models should switch their insulin pump to models that are better equipped to protect against these potential risks.
Read More
This content is only available to Premium subscribers.  See our Subscribe page for information on subscriptions. As more "software as a medical device" (SaMD) applications are developed and marketed, there has been an increased focus on what activities and documentation are required for compliance with US medical device regulations and applicable ISO standards.  Along with...
Read More
May and June 2019 was a busy period for software related recalls – there were 28 recalls as you will see later in the Newsletter. As you plan your software quality assurance activities, we encourage review of published recalls and consider what steps you have in your process to prevent similar problems. Onward toward higher...
Read More
The US Defense Advanced Research Projects Agency (DARPA) have released a solicitation for the “Automated Rapid Certification of Software (ARCOS)” project.  The project goal is to automate system risk assessment based on software assurance.  The project recognizes that current practices in this area rely upon human judgement which can be prone to error but also...
Read More
Another useful reference for establishing a safety culture in your software organization. “The purpose of this Handbook is to define the NASA Safety Culture Program and to provide guidance in the development and implementation—sustainment, growth, and practice—of Safety Culture at the Center level. It defines the NASA Safety Culture Model, describes the Safety Culture Survey...
Read More
This content is only available to Premium subscribers.  See our Subscribe page for information on subscriptions. This template is conceived as a partial example template for a generic small device with embedded real time control. Explanatory comments are included in << comment >>. Other text is example definition that you should replace with your own...
Read More
This content is only available to Standards Navigator subscribers.  See our Subscribe page for information on subscriptions. A SoftwareCPR example for software release note and revision history.  Software Revision Level History Example
Read More
FDA announced the next phase of its Pre-Cert Test Plan implementation. Pre-Cert refers to the the pre-certification program that FDA’s Digital Health unit has been piloting. The program targets SaMD devices only at this time. This next phase seeks SaMD companies, willing to volunteer, that foresee a De Novo request or 510(k) submission within the...
Read More
COURSE DATES: June 4 – 6, 2019 TRAINING LOCATION: Boston, MA USA COST: 3 Full Days for $2,495.00 (Registration closes 5/30/2019) Get 24% off for 4 or more from same company registering with same payment! Registration link: https://events.eventzilla.net/e/62304-and-emerging-software-standards-training-course-2138720953 This three-day course provides a clear understanding of the 62304 standard for medical device software, FDA expectations...
Read More
This 62304 Conformance Checklist Tool is only available to Premium and higher subscribers.  See our Subscribe page for information on subscriptions. 62304 can provide an excellent framework from which to design a software process for medical device, medical mobile app, and/or HealthIT software.  62304 was created specifically for this type of software - it was not...
Read More
A 2015 article providing a review of the factors that contribute to a potentially insecure environment, together with the identification of the vulnerabilities, and why these vulnerabilities persist and what the solution space should look like.
Read More
Many years ago, Capers Jones, the software metrics guru, analyzed his database of thousands of software projects for the key factors affecting “real” software quality.  “Real” software quality relates to how the software actually performed and how robust in the field.   His list in priority order was: Programmer Application (domain) Experience Programmer Technical Experience Reuse...
Read More
In April 2019, FDA released a draft guidance providing manufacturers and FDA staff with detailed recommendations on assessing the technical performance of quantitative imaging devices and how the documentation from those assessments should be provided in premarket submissions. From a big picture perspective, one should remember the overall goal is to “provide performance specifications for...
Read More
John F. Murray, Jr, will be teaching at our June 4-6, 2019, FDA and 62304 Software course in Boston. Our course is designed to gain an understanding of how 62304 and other standards can be implemented efficiently and effectively while meeting FDA expectations as well.
Read More
The US FDA Center for Biologics Evaluation and Research (CBER) finalized the December 2017 draft guidance titled “Standards Development and the Use of Standards in Regulatory Submissions Reviewed in the Center for Biologics Evaluation and Research” today.  The guidance makes clear that CBER recognizes the value and proper usage of standards and further encourages the...
Read More
US FDA has proposed a new rule to exempt Cytometry instruments used for counting or characterizing cells (a well-understood and mature technology), from premarket notification requirements.  Cytometry instruments used for sorting or collecting cells, and instruments that are used as an automated hematology analyzer, or that perform automated differential cell counts, will still require premarket...
Read More
Today FDA qualified the Osirix CDE Software Module biomarker test for use by medical device developers to identify and enroll patients into Traumatic Brain Injury (TBI) studies.  This is the third qualification of a medical device development tool (MDDT) by the FDA, and the first of a software module biomarker test tool type. A biomarker...
Read More
Medical Device Development Tool (MDDT) Qualification The US FDA has provided guidance on the methods and approaches to qualify a medical device development tool so that medical device manufacturers or sponsors can use them to support the development and evaluation of medical devices.  The manufacturer is expected to ensure the tool produces “scientifically-plausible measurements” and...
Read More
Our March 2019 Newsletter has been published.  Learn of significant regulatory and standards related activity associated medical device software, medical mobile apps, and HealthIT software.  Also you can find dates for upcoming training opportunities.
Read More
For those currently or intending to distribute electronic labeling for their medical devices, be aware that in 2010 FDA issued a guidance entitled “Addition of URL to Electronic Product Labeling”.  This guidance contains a recommendation: “ …that manufacturers include their Uniform Resource Locator (URL) on their electronic product labels in addition to the requirements under...
Read More
What does one need to know about IEC 62304? In our 3-day 62304 Training course, we flow through the software development lifecycle drawing attention to requirements of the standard as well as related standards and always current FDA expectations from our experience.  The topics we plan to cover in our 2019 course are below. Topics: Regulatory...
Read More
On Jan 14, 2019, FDA recognized ANSI AAMI SW91:2018 Classification of defects in health software.  The FDA recognition statement for this standard does not indicate any specific use in premarket submissions or relevant FDA guidances. It simply states it supports existing policies.  This standard is lengthy and technical in terms of its approach to defect...
Read More
Through blog posts and downloadable content, Alan Kusinitz, Sherman Eagles, Brian Pate, and other SoftwareCPR® experts keep you informed of new developments in FDA Software Regulation, enforcement actions, ISO standards related to medical devices, and also gain access to a wide variety of training aides, document templates, and checklists! Download the attached form to learn more about the different SoftwareCPR® subscriptions...
Read More
The West Australian reported that two autonomous haulage systems (AHS) trucks experienced a collision when one of the trucks backed into the cab of the second truck that was stationary at the time.  This is of interest to us as the AHS trucks are software controlled and they crashed.  Clearly a failure mode.  The initial report is...
Read More
Came across this website that has some very detailed “commandments” for software development at their company.  A surprisingly lengthy list of dos and don’ts related to coding, testing, designing, estimating, and managing the software lifecycle.  Does your company have anything written?  I often find that each company has some “lore” – some practices that characterize...
Read More
The US FDA issued the final guidance for industry, “The Least Burdensome Provisions: Concept and Principles.”  This guidance is intended to accurately reflect Congress’ intent by describing the guiding principles and recommended approach for FDA staff and industry to facilitate consistent application of least burdensome principles.  FDA Least Burdensome Final Guidance
Read More
FDA issued a Safety Communication on January 31, 2019, (see Safety Communication Link) warning of the risk of air being introduced in a blood vessel (air-in-line) and air embolism for infusion pumps, fluid warmers, rapid infusers, and accessory devices.  This communication is directed toward users (both clinical and service personnel) and patients.  However, what can system architects,...
Read More
Does FDA accept regulatory submissions for medical devices and SaMD that have software developed using agile methods? What about IEC 62304 compliance?  Can agile and lean approaches to software development be compliant? On February 18th and 19th, 2019, we will explore those topics and more at our 2019 “Being Agile & Compliant” public training course. ...
Read More
COURSE DATES: February 18 – 19, 2019 TRAINING LOCATION: Tampa, Florida, USA COST: 2 Full Days for $2,495.00 January Registration Discount of 10% available through Jan 19, 2019. Extended to 1/25/2019. Ask about our multi-student discount as well! Meet our newest partner, John Murray, at the course! Download registration form Only a limited number of...
Read More
The Verily Study Watch is a device worn on the wrist that digitizes patient physiologic measurements and processes the raw data through algorithms both on the wrist worn device and additional processing when communicated to cloud based computing systems.  The idea is that the Verily watch would be worn similar (or as!) a consumer device...
Read More
(January 7, 2019)— John F. Murray, Jr, of Mount Airy, MD USA, has joined Crisis Prevention and Recovery LLC (DBA SoftwareCPR ®) as a partner. John retired from the US Food and Drug Administration in December 2018 after 32 years of federal service. For 25 years at FDA, John focused on FDA regulated software and...
Read More
Clearly one of the great struggles with medical device product design is to understand and finely tune the design input for our devices.  It is difficult but the payoff can be great when done well – pays off with development efficiency, greater certainty with safety risk control, and ultimately in customer satisfaction. In our training...
Read More
It is always good to remind ourselves of exactly what the regulation says – often our corporate procedures can become “bloated” and lead some to believe that some specific activities and/or types of deliverables are required by the regulations.
Read More
One of the most difficult challenges for medical device and HealthIT manufacturers is to properly "level" the design requirements for their medical device systems such that it is clear when it comes to design validation versus design verification.
Read More
FDA released a new draft guidance today entitled, “Clarification of Radiation Control Regulations For Manufacturers of Diagnostic X-Ray Equipment Draft Guidance for Industry and Food and Drug Administration Staff“, dated December 17, 2018.  A few things to note related to software: On line 370, question 16, FDA addresses the question of the use of software...
Read More
Certainly everyone with any connection to information technology and networked devices is concerned with cybersecurity. However, often we just miss the basics – we do not practice good cyber hygiene. While not intended to be comprehensive or state-of-the-art, here are some security basics (or as some call it, “cyber hygiene”) that one should consider when developing...
Read More
FDA issued a draft guidance for prescription POC (Point-of-care) entitled “Blood Glucose Monitoring Test Systems for Prescription Point-of-Care Use.” This draft guidance document provides recommendations to industry about the types of information to include in their premarket submissions for blood glucose monitoring systems used for diabetes management in the health care prescription POC settings. This guidance...
Read More
Glanced through the latest FDA warning letters today.  From the FDA Medical Device & Radiological Health Operations West/Division 3 I see the inspector pointing out “This design validation also fails to include software validation [emphasis mine] to assure software will perform as intended and will not prevent safe operation by the user.”   Of course this is...
Read More
The Food and Drug Administration (FDA or the Agency) is announcing the establishment of a docket to solicit public comment on a proposed framework for regulating software applications disseminated by or on behalf of drug sponsors for use with one or more of their prescription drug products. Recognizing the opportunities for increased use of digital...
Read More
FDA released a final guidance "Benefit-Risk Factors to Consider When Determining Substantial Equivalence in Premarket Notifications 510(k) with Different Technological Characteristics" dated Sept. 25, 2018.  This guidance applies only to devices with similar intended use and if the different technological characteristics do not raise different questions of Safety and Effectiveness.  Read the full guidance at...
Read More
FDA has posted their FY 2019 Proposed Guidance Development list with priorities. A link is provided below but here is the “A” list items: Final Guidance Topics Consideration of Uncertainty in Making Benefit-Risk Determinations in Medical Device Premarket Approvals, De Novo Classifications, and Humanitarian Device Exemptions Unique Device Identification: Policy Regarding Compliance Dates for Class...
Read More
Pharmaceutical Laboratories and Consultants, Inc. Date:8/29/18 This warning letter summarizes significant violations of current good manufacturing practice (CGMP) regulations for finished pharmaceuticals. See 21 CFR, parts 210 and 211. Because your methods, facilities, or controls for manufacturing, processing, packing, or holding do not conform to CGMP, your drug products are adulterated within the meaning of...
Read More
Company:  Draeger Medical, Inc. Date of Enforcement Report:  6/27/2018 PRODUCT Apollo Anesthesia Machine; Cat. no. 8605310 Product Usage:  Indicated as a continuous flow anesthesia system. The Apollo may be used for manually assisted or automatic ventilation, delivery of gases and anesthetic vapor, and monitoring of oxygen and CO2 concentration, breathing pressure, respiratory volume, and anesthetic agent concentration and identification....
Read More
1 2

Need Your Input!

We have been researching where and when to hold our next 3-day 62304/FDA training course and we want your feedback!
1) Does the location in the US for a public course matter to you … for example, west coast (e.g., San Francisco area) vs. east coast (e.g., Boston)?
2) What locations do you prefer?
3) Would you prefer just the 3-day FDA/62034 course or to have the option of a full week 3-day course followed by cybersecurity 1-day, and a usability 1-day?
4) What other countries would you want to see our course offered publicly?
5) What are best two months of the year for the course?  What are the least favored (not workable) months?
Please respond by email to

office@softwarecpr.com by Sep 25, 2019 if possible!

Corporate Office

15148 Springview St
Tampa, FL 33624
USA
+1-781-721-2921
Partners located in the US (CA, FL, MA, MN) and Italy.