By

Brian Pate
FDA released a new guidance document titled, “Nonbinding Feedback After Certain FDA Inspections of Device Establishments, Guidance for Industry and Food and Drug Administration Staff.  This guidance was issued on April 22, 2020.  The background on the guidance states, “Timely nonbinding feedback can help device firms determine whether proposed actions to address inspectional observations are...
Read More
U.S. Food and Drug Administration (FDA) issued this immediately in effect guidance: Enforcement Policy for Infusion Pumps and Accessories During the Coronavirus Disease 2019 (COVID- 19) Public Health Emergency.  FDA believes the policy set forth in this guidance may help address these urgent public health concerns by helping to expand the availability and remote capabilities...
Read More
On February 25-26, 2020 the U.S. Food and Drug Administration (FDA) held a public workshop to discuss the “Evolving Role of Artificial Intelligence in Radiological Imaging.” The comment period for the public workshop is extended to June 30, 2020, in response to requests for an extension to allow stakeholders additional time to submit comments.
Read More
Today (25 March 2020), the Commission announced that work on a proposal to postpone the date of application for the Medical Device Regulation (MDR) for one year is ongoing. The decision was reached with patient health and safety as a guiding principle.  
Read More
FDA has issued a final order to reclassify: medical image analyzers applied to mammography breast cancer ultrasound breast lesions radiograph lung nodules radiograph dental caries detection all which are post-amendments class III devices (regulated under product code MYN), into class II (special controls), subject to premarket notification. These devices are intended to direct the clinician’s...
Read More
December 26, 2019 Excerpts from warning letter of interest to software professionals: “The inspection also revealed that your … LED light therapy devices are adulterated within the meaning of section 501(h) of the Act, 21 U.S.C. § 351(h), in that the methods used in, or the facilities or controls used for, their manufacture, packing, storage,...
Read More
Kicking off the new year with regulatory and standards updates.  New public courses in 2020!
Read More
FDA is raising awareness among health care providers and facility staff that cybersecurity vulnerabilities in certain GE Healthcare Clinical Information Central Stations and Telemetry Servers may introduce risks to patients while being monitored.  Per the FDA notice: “A security firm has identified several vulnerabilities in certain GE Healthcare Clinical Information Center workstations and Telemetry Servers,...
Read More
This "FDA GPSV Traceability Expectations" post is only available to Premium subscribers. See our Subscribe page for information on subscriptions. Going way back to the late 1990's, FDA had an expectation that safe and effective software would require a well thought out development lifecycle that includes many activities designed to ensure the correctness and robustness...
Read More
How do I know if my device or my software is a medical device? Watch this helpful video and learn about the 513(g) process as well.  SoftwareCPR can help you plan your regulatory strategy and handle your regulatory submissions.  We would be delighted to help!
Read More
62304 Public Training Course DATES:  February 4-6, 2020 (REGISTRATION extended through January 18, 2020) COST: 3 Full Days for $2,595.00 (Registration extended through 1/18/2020) Volume Discount:  $450 off for 4 or more students from same company Register Now:  https://events.eventzilla.net/e/2020-softwarecpr-62304-and-emerging-software-standards-training-course–sunnyvale-ca-2138757731 This 62304 Public Training Course provides a clear understanding of the 62304 standard for medical device software,...
Read More
The Institute of Electrical and Electronics Engineers (IEEE) has approved a proposal to develop a standard for safety considerations in automated vehicle (AV) decision-making.  Purportedly, the “forthcoming IEEE standard will provide a useful tool to answer the question of what it means for an AV to drive safely,” according to the lead convener.  With technology...
Read More
ISO 14971 Risk Analysis Identifying safety risks in medical devices is a challenging and laborious process.  The process standard, ISO 14971, is a systematic, total product risk management lifecycle process to identify, control, and evaluate risk, where risk is defined as the combination of severity of the harm (to people, property, or environment) and probability...
Read More
This new draft guidance explains when a Type V DMF may be used to submit information regarding a combination product for which the Center for Drug Evaluation and Research (CDER) has primary jurisdiction (i.e., CDER-led combination product) and the device portion has electronics and/or software that is planned to be used as a platform, that is,...
Read More
The FDA and the NIH National Center for Advancing Translational Sciences (NCATS)/Office of Rare Diseases Research (ORDR) conducted this needs assessment to better understand unmet medical device needs for rare diseases – ultimately to raise public awareness of these unmet needs.  Let this motivate us all to explore, push limits, innovate, and invent.  Onward software...
Read More
URGENT/11 Cybersecurity Vulnerabilities in a Widely-Used Third-Party Software Component May Introduce Risks During Use of Certain Medical Devices The U.S. Food and Drug Administration (FDA) is informing patients, health care providers and facility staff, and manufacturers about cybersecurity vulnerabilities that may introduce risks for certain medical devices and hospital networks. The FDA is not aware...
Read More
August and September 2019 continued a busy trend of regulatory and compliance activity – there were 42 software related recalls!  We also announced our 2020 Public Training Course dates!  Onward to higher software quality – keep pressing forward!
Read More
The 2015 Amendment 1 update to IEC 62304 added a new clause that requires identification of “categories of defects associated with the selected programming technology” and providing analysis and other evidence demonstrating “that these defects do not contribute to unacceptable risk.”  Read a recent article on challenges with using C language.
Read More
For anyone involved in software development, the importance of software requirements cannot be minimized. Software requirements provide the definition and explanation of “what the software should do” and “how the software should behave.” The software engineers and developers use the requirements as input to the software design and coding process. The test developers also use...
Read More
Today, the German Federal Institute for Drugs and Medical Devices (BfArM) identified critical vulnerabilities in the Wind River VxWorks real-time operating system. Affected versions of VxWorks are: VxWorks 6.5 to 6.9 (End-of-Life) VxWorks 7 (SR540 and SR610) VxWorks 653 MCE 3.x (may be affected) They pointed out that VxWorks is used in many medical devices....
Read More
Some thoughts on Requirements … using the General Principles of Software Validation to help. Many times we struggle with creating software requirements and documenting them.  The FDA General Principles of Software Validation-Final Guidance helps set the FDA expectations in this area.  Section 4.1 of the guidance states: “A documented software requirements specification provides a baseline for both...
Read More
Patient Engagement Advisory Committee Meeting to Discuss Cybersecurity – September 10, 2019 On September 10, 2019 the FDA will hold a meeting of the Patient Engagement Advisory Committee. The committee provides advice to the FDA on complex issues relating to medical devices, the regulation of devices, and their use by patients. During the meeting the...
Read More
Dialog+ haemodialysis machines with software versions 9.xx (excluding versions 9.18, 9.1A, 9.1B) – software and hardware upgrade required (MDA/2019/024) Summary Manufactured by B. Braun Avitum AG – Malfunction of the temperature sensor can result in temperature of the dialysis fluid to be more than ±1°C outside the programmed values, which can lead to inadequate treatment....
Read More
Join the FDA and NITRD on July 17 for a Listening Session on Interoperability of Medical Devices On July 17, 2019, the U.S. Food and Drug Administration (FDA) and The Networking and Information Technology Research and Development Program (NITRD) will host a listening session on the interoperability of medical devices, data and platforms. During the...
Read More
The FDA is warning patients and health care providers that certain Medtronic MiniMed™ insulin pumps have potential cybersecurity risks. Patients with diabetes using these models should switch their insulin pump to models that are better equipped to protect against these potential risks.
Read More
This content is only available to Premium subscribers.  See our Subscribe page for information on subscriptions. As more "software as a medical device" (SaMD) applications are developed and marketed, there has been an increased focus on what activities and documentation are required for compliance with US medical device regulations and applicable ISO standards.  Along with...
Read More
May and June 2019 was a busy period for software related recalls – there were 28 recalls as you will see later in the Newsletter. As you plan your software quality assurance activities, we encourage review of published recalls and consider what steps you have in your process to prevent similar problems. Onward toward higher...
Read More
The US Defense Advanced Research Projects Agency (DARPA) have released a solicitation for the “Automated Rapid Certification of Software (ARCOS)” project.  The project goal is to automate system risk assessment based on software assurance.  The project recognizes that current practices in this area rely upon human judgement which can be prone to error but also...
Read More
Another useful reference for establishing a safety culture in your software organization. “The purpose of this Handbook is to define the NASA Safety Culture Program and to provide guidance in the development and implementation—sustainment, growth, and practice—of Safety Culture at the Center level. It defines the NASA Safety Culture Model, describes the Safety Culture Survey...
Read More
This content is only available to Premium subscribers.  See our Subscribe page for information on subscriptions. This template is conceived as a partial example template for a generic small device with embedded real time control. Explanatory comments are included in << comment >>. Other text is example definition that you should replace with your own...
Read More
This content is only available to Standards Navigator subscribers.  See our Subscribe page for information on subscriptions. A SoftwareCPR example for software release note and revision history.  Software Revision Level History Example
Read More
FDA announced the next phase of its Pre-Cert Test Plan implementation. Pre-Cert refers to the the pre-certification program that FDA’s Digital Health unit has been piloting. The program targets SaMD devices only at this time. This next phase seeks SaMD companies, willing to volunteer, that foresee a De Novo request or 510(k) submission within the...
Read More
COURSE DATES: June 4 – 6, 2019 TRAINING LOCATION: Boston, MA USA COST: 3 Full Days for $2,495.00 (Registration closes 5/30/2019) Get 24% off for 4 or more from same company registering with same payment! Registration link: https://events.eventzilla.net/e/62304-and-emerging-software-standards-training-course-2138720953 This three-day course provides a clear understanding of the 62304 standard for medical device software, FDA expectations...
Read More
This 62304 Conformance Checklist Tool is only available to Premium and higher subscribers.  See our Subscribe page for information on subscriptions. 62304 can provide an excellent framework from which to design a software process for medical device, medical mobile app, and/or HealthIT software.  62304 was created specifically for this type of software - it was not...
Read More
A 2015 article providing a review of the factors that contribute to a potentially insecure environment, together with the identification of the vulnerabilities, and why these vulnerabilities persist and what the solution space should look like.
Read More
Many years ago, Capers Jones, the software metrics guru, analyzed his database of thousands of software projects for the key factors affecting “real” software quality.  “Real” software quality relates to how the software actually performed and how robust in the field.   His list in priority order was: Programmer Application (domain) Experience Programmer Technical Experience Reuse...
Read More
In April 2019, FDA released a draft guidance providing manufacturers and FDA staff with detailed recommendations on assessing the technical performance of quantitative imaging devices and how the documentation from those assessments should be provided in premarket submissions. From a big picture perspective, one should remember the overall goal is to “provide performance specifications for...
Read More
John F. Murray, Jr, will be teaching at our June 4-6, 2019, FDA and 62304 Software course in Boston. Our course is designed to gain an understanding of how 62304 and other standards can be implemented efficiently and effectively while meeting FDA expectations as well.
Read More
The US FDA Center for Biologics Evaluation and Research (CBER) finalized the December 2017 draft guidance titled “Standards Development and the Use of Standards in Regulatory Submissions Reviewed in the Center for Biologics Evaluation and Research” today.  The guidance makes clear that CBER recognizes the value and proper usage of standards and further encourages the...
Read More
US FDA has proposed a new rule to exempt Cytometry instruments used for counting or characterizing cells (a well-understood and mature technology), from premarket notification requirements.  Cytometry instruments used for sorting or collecting cells, and instruments that are used as an automated hematology analyzer, or that perform automated differential cell counts, will still require premarket...
Read More
Today FDA qualified the Osirix CDE Software Module biomarker test for use by medical device developers to identify and enroll patients into Traumatic Brain Injury (TBI) studies.  This is the third qualification of a medical device development tool (MDDT) by the FDA, and the first of a software module biomarker test tool type. A biomarker...
Read More
Medical Device Development Tool (MDDT) Qualification The US FDA has provided guidance on the methods and approaches to qualify a medical device development tool so that medical device manufacturers or sponsors can use them to support the development and evaluation of medical devices.  The manufacturer is expected to ensure the tool produces “scientifically-plausible measurements” and...
Read More
Our March 2019 Newsletter has been published.  Learn of significant regulatory and standards related activity associated medical device software, medical mobile apps, and HealthIT software.  Also you can find dates for upcoming training opportunities.
Read More
For those currently or intending to distribute electronic labeling for their medical devices, be aware that in 2010 FDA issued a guidance entitled “Addition of URL to Electronic Product Labeling”.  This guidance contains a recommendation: “ …that manufacturers include their Uniform Resource Locator (URL) on their electronic product labels in addition to the requirements under...
Read More
What does one need to know about IEC 62304? In our 3-day 62304 Training course, we flow through the software development lifecycle drawing attention to requirements of the standard as well as related standards and always current FDA expectations from our experience.  The topics we plan to cover in our 2019 course are below. Topics: Regulatory...
Read More
On Jan 14, 2019, FDA recognized ANSI AAMI SW91:2018 Classification of defects in health software.  The FDA recognition statement for this standard does not indicate any specific use in premarket submissions or relevant FDA guidances. It simply states it supports existing policies.  This standard is lengthy and technical in terms of its approach to defect...
Read More
Through blog posts and downloadable content, Alan Kusinitz, Sherman Eagles, Brian Pate, and other SoftwareCPR® experts keep you informed of new developments in FDA Software Regulation, enforcement actions, ISO standards related to medical devices, and also gain access to a wide variety of training aides, document templates, and checklists! Download the attached form to learn more about the different SoftwareCPR® subscriptions...
Read More
The West Australian reported that two autonomous haulage systems (AHS) trucks experienced a collision when one of the trucks backed into the cab of the second truck that was stationary at the time.  This is of interest to us as the AHS trucks are software controlled and they crashed.  Clearly a failure mode.  The initial report is...
Read More
Came across this website that has some very detailed “commandments” for software development at their company.  A surprisingly lengthy list of dos and don’ts related to coding, testing, designing, estimating, and managing the software lifecycle.  Does your company have anything written?  I often find that each company has some “lore” – some practices that characterize...
Read More
The US FDA issued the final guidance for industry, “The Least Burdensome Provisions: Concept and Principles.”  This guidance is intended to accurately reflect Congress’ intent by describing the guiding principles and recommended approach for FDA staff and industry to facilitate consistent application of least burdensome principles.  FDA Least Burdensome Final Guidance
Read More
1 2

Remote Webmeeting Assessments

SoftwareCPR can provide remote offsite assessments to support virtual offices.  Our consultants can utilize webmeeting tools to walk your teams through assessments such as:

  • 62304 compliance
  • Regulatory submission pre-review
  • Software risk analysis
  • Cybersecurity process and validation
  • Overall ISO 14971 risk management
  • Overview of software regulation with John Murray

Email office@softwarecpr.com
for more info!

Corporate Office

15148 Springview St
Tampa, FL 33624
USA
+1-781-721-2921
Partners located in the US (CA, FL, MA, MN) and Italy.