By

Brian Pate
COURSE DATES: June 4 – 6, 2019 TRAINING LOCATION: Boston, MA USA COST: 3 Full Days for $2,495.00 Get 24% off for 4 or more from same company registering with same payment! Seats are still available — don’t miss this fantastic opportunity to learn the elements of a 62304 compliant SDLC and integrate the expectations...
Read More
A 2015 article providing a review of the factors that contribute to a potentially insecure environment, together with the identification of the vulnerabilities, and why these vulnerabilities persist and what the solution space should look like.
Read More
Many years ago, Capers Jones, the software metrics guru, analyzed his database of thousands of software projects for the key factors affecting “real” software quality.  “Real” software quality relates to how the software actually performed and how robust in the field.   His list in priority order was: Programmer Application (domain) Experience Programmer Technical Experience Reuse...
Read More
In April 2019, FDA released a draft guidance providing manufacturers and FDA staff with detailed recommendations on assessing the technical performance of quantitative imaging devices and how the documentation from those assessments should be provided in premarket submissions. From a big picture perspective, one should remember the overall goal is to “provide performance specifications for...
Read More
The US FDA Center for Biologics Evaluation and Research (CBER) finalized the December 2017 draft guidance titled “Standards Development and the Use of Standards in Regulatory Submissions Reviewed in the Center for Biologics Evaluation and Research” today.  The guidance makes clear that CBER recognizes the value and proper usage of standards and further encourages the...
Read More
US FDA has proposed a new rule to exempt Cytometry instruments used for counting or characterizing cells (a well-understood and mature technology), from premarket notification requirements.  Cytometry instruments used for sorting or collecting cells, and instruments that are used as an automated hematology analyzer, or that perform automated differential cell counts, will still require premarket...
Read More
Today FDA qualified the Osirix CDE Software Module biomarker test for use by medical device developers to identify and enroll patients into Traumatic Brain Injury (TBI) studies.  This is the third qualification of a medical device development tool (MDDT) by the FDA, and the first of a software module biomarker test tool type. A biomarker...
Read More
Medical Device Development Tool (MDDT) Qualification The US FDA has provided guidance on the methods and approaches to qualify a medical device development tool so that medical device manufacturers or sponsors can use them to support the development and evaluation of medical devices.  The manufacturer is expected to ensure the tool produces “scientifically-plausible measurements” and...
Read More
Our March 2019 Newsletter has been published.  Learn of significant regulatory and standards related activity associated medical device software, medical mobile apps, and HealthIT software.  Also you can find dates for upcoming training opportunities.
Read More
For those currently or intending to distribute electronic labeling for their medical devices, be aware that in 2010 FDA issued a guidance entitled “Addition of URL to Electronic Product Labeling”.  This guidance contains a recommendation: “ …that manufacturers include their Uniform Resource Locator (URL) on their electronic product labels in addition to the requirements under...
Read More
What does one need to know about IEC 62304? In our 3-day 62304 Training course, we flow through the software development lifecycle drawing attention to requirements of the standard as well as related standards and always current FDA expectations from our experience.  The topics we plan to cover in our 2019 course are below. Topics: Regulatory...
Read More
On Jan 14, 2019, FDA recognized ANSI AAMI SW91:2018 Classification of defects in health software.  The FDA recognition statement for this standard does not indicate any specific use in premarket submissions or relevant FDA guidances. It simply states it supports existing policies.  This standard is lengthy and technical in terms of its approach to defect...
Read More
Through blog posts and downloadable content, Alan Kusinitz, Sherman Eagles, Brian Pate, and other SoftwareCPR® experts keep you informed of new developments in FDA Software Regulation, enforcement actions, ISO standards related to medical devices, and also gain access to a wide variety of training aides, document templates, and checklists! Download the attached form to learn more about the different SoftwareCPR® subscriptions...
Read More
The West Australian reported that two autonomous haulage systems (AHS) trucks experienced a collision when one of the trucks backed into the cab of the second truck that was stationary at the time.  This is of interest to us as the AHS trucks are software controlled and they crashed.  Clearly a failure mode.  The initial report is...
Read More
Came across this website that has some very detailed “commandments” for software development at their company.  A surprisingly lengthy list of dos and don’ts related to coding, testing, designing, estimating, and managing the software lifecycle.  Does your company have anything written?  I often find that each company has some “lore” – some practices that characterize...
Read More
The US FDA issued the final guidance for industry, “The Least Burdensome Provisions: Concept and Principles.”  This guidance is intended to accurately reflect Congress’ intent by describing the guiding principles and recommended approach for FDA staff and industry to facilitate consistent application of least burdensome principles.  FDA Least Burdensome Final Guidance
Read More
FDA issued a Safety Communication on January 31, 2019, (see Safety Communication Link) warning of the risk of air being introduced in a blood vessel (air-in-line) and air embolism for infusion pumps, fluid warmers, rapid infusers, and accessory devices.  This communication is directed toward users (both clinical and service personnel) and patients.  However, what can system architects,...
Read More
Does FDA accept regulatory submissions for medical devices and SaMD that have software developed using agile methods? What about IEC 62304 compliance?  Can agile and lean approaches to software development be compliant? On February 18th and 19th, 2019, we will explore those topics and more at our 2019 “Being Agile & Compliant” public training course. ...
Read More
COURSE DATES: February 18 – 19, 2019 TRAINING LOCATION: Tampa, Florida, USA COST: 2 Full Days for $2,495.00 January Registration Discount of 10% available through Jan 19, 2019. Extended to 1/25/2019. Ask about our multi-student discount as well! Meet our newest partner, John Murray, at the course! Download registration form Only a limited number of...
Read More
The Verily Study Watch is a device worn on the wrist that digitizes patient physiologic measurements and processes the raw data through algorithms both on the wrist worn device and additional processing when communicated to cloud based computing systems.  The idea is that the Verily watch would be worn similar (or as!) a consumer device...
Read More
(January 7, 2019)— John F. Murray, Jr, of Mount Airy, MD USA, has joined Crisis Prevention and Recovery LLC (DBA SoftwareCPR ®) as a partner. John retired from the US Food and Drug Administration in December 2018 after 32 years of federal service. For 25 years at FDA, John focused on FDA regulated software and...
Read More
Clearly one of the great struggles with medical device product design is to understand and finely tune the design input for our devices.  It is difficult but the payoff can be great when done well – pays off with development efficiency, greater certainty with safety risk control, and ultimately in customer satisfaction. In our training...
Read More
It is always good to remind ourselves of exactly what the regulation says – often our corporate procedures can become “bloated” and lead some to believe that some specific activities and/or types of deliverables are required by the regulations.
Read More
One of the most difficult challenges for medical device and HealthIT manufacturers is to properly "level" the design requirements for their medical device systems such that it is clear when it comes to design validation versus design verification.
Read More
FDA released a new draft guidance today entitled, “Clarification of Radiation Control Regulations For Manufacturers of Diagnostic X-Ray Equipment Draft Guidance for Industry and Food and Drug Administration Staff“, dated December 17, 2018.  A few things to note related to software: On line 370, question 16, FDA addresses the question of the use of software...
Read More
Certainly everyone with any connection to information technology and networked devices is concerned with cybersecurity. However, often we just miss the basics – we do not practice good cyber hygiene. While not intended to be comprehensive or state-of-the-art, here are some security basics (or as some call it, “cyber hygiene”) that one should consider when developing...
Read More
FDA issued a draft guidance for prescription POC (Point-of-care) entitled “Blood Glucose Monitoring Test Systems for Prescription Point-of-Care Use.” This draft guidance document provides recommendations to industry about the types of information to include in their premarket submissions for blood glucose monitoring systems used for diabetes management in the health care prescription POC settings. This guidance...
Read More
Glanced through the latest FDA warning letters today.  From the FDA Medical Device & Radiological Health Operations West/Division 3 I see the inspector pointing out “This design validation also fails to include software validation [emphasis mine] to assure software will perform as intended and will not prevent safe operation by the user.”   Of course this is...
Read More
FDA released a final guidance "Benefit-Risk Factors to Consider When Determining Substantial Equivalence in Premarket Notifications 510(k) with Different Technological Characteristics" dated Sept. 25, 2018.  This guidance applies only to devices with similar intended use and if the different technological characteristics do not raise different questions of Safety and Effectiveness.  Read the full guidance at...
Read More
FDA has posted their FY 2019 Proposed Guidance Development list with priorities. A link is provided below but here is the “A” list items: Final Guidance Topics Consideration of Uncertainty in Making Benefit-Risk Determinations in Medical Device Premarket Approvals, De Novo Classifications, and Humanitarian Device Exemptions Unique Device Identification: Policy Regarding Compliance Dates for Class...
Read More
Pharmaceutical Laboratories and Consultants, Inc. Date:8/29/18 This warning letter summarizes significant violations of current good manufacturing practice (CGMP) regulations for finished pharmaceuticals. See 21 CFR, parts 210 and 211. Because your methods, facilities, or controls for manufacturing, processing, packing, or holding do not conform to CGMP, your drug products are adulterated within the meaning of...
Read More
Company:  Draeger Medical, Inc. Date of Enforcement Report:  6/27/2018 PRODUCT Apollo Anesthesia Machine; Cat. no. 8605310 Product Usage:  Indicated as a continuous flow anesthesia system. The Apollo may be used for manually assisted or automatic ventilation, delivery of gases and anesthetic vapor, and monitoring of oxygen and CO2 concentration, breathing pressure, respiratory volume, and anesthetic agent concentration and identification....
Read More
Prepared a visual aide (one of many we use in our training courses) of key Medical Devices Standards and FDA guidance related to software.  Enjoy! SoftwareCPR Sw Stds Guidances
Read More
"Based upon the company’s precertification level and the level of risk for the device, the product (or modifications to a product) may be able to go directly to market or undergo a streamlined submission review"
Read More
Cybersecurity firm Sophos published an article on Medical Device cybersecurity and David Overton of SoftwareCPR® suggested we post this as it may be of interest. David pointed out these statements: A significant percentage of medical devices are not secure. Most medical device manufacturers do not take serious steps to secure their devices for two reasons:...
Read More
We help you meet the intent of the rule -- not the hype
Read More
This content is only available to Premium and higher subscribers.  See our Subscribe page for information on subscriptions. Created a job aide which compares the IEC 62304 and IEC 82304 elements for requirements. This is only intended to be used as a starting point and requires interpretation based on knowledge of each standard and the type of...
Read More
This content is only available to Premium and higher subscribers.  See our Subscribe page for information on subscriptions. Use this as a starting point to gather information on the software development environment (and related information) as required in FDA's Guidance for Software Information to be included in open market submissions. It is only intended as a starting...
Read More
This content is only available to Premium and higher subscribers.  See our Subscribe page for information on subscriptions. A sample checklist for releasing or updating software is at the link provided. GoLiveiChecklistTrainingExample111115
Read More
Brian Pate of SoftwareCPR® writes: In May 2014, FDA offered further guidance to manufacturers regarding premarket submission information identifying cyber-security risks and hazards associated with their medical devices, and the responsibility for engineering appropriate risk controls to address patient safety and assure proper device performance. FDA encouraged manufacturers to report any cyber-security incidents that may...
Read More
Obviously, unit tests have their greatest value at the time of the development of the unit itself. Well-designed unit tests provide evidence that the unit performs its intended function, that the software design executes as intended, and allows the developer (or tester) to test the unit with inputs and states that may be difficult to...
Read More
This content is only available to Premium and higher subscribers.  See our Subscribe page for information on subscriptions. Prepared this example Device Risk Management SOP for the purpose of risk analysis training where the pros and cons could be further discussed.  This example is modeled on the approach required by ISO 14971 and expands on it with...
Read More
We hope you find this Regulatory Roadmap on HIPAA Privacy and Security useful.
Read More
Although the HIPAA Privacy Rule directly effects “Covered Entities” medical device and pharmaceutical manufacturers may be involved in inadvertent release of private patient information and must deal with requirements from their customers that are Covered Entities. It was reported that: Eli Lilly, already has settled with eight states and the Federal Trade Commission for $160,000...
Read More

CSV Training Course

Learn FDA expectations for software validation for computer systems, quality system software, manufacturing and production process software, and engineering tools. Email training@softwarecpr.com for more info.

Corporate Office

+1-781-721-2921
Partners located in the US (CA, FL, MA, MN, TN) and Italy.