By

Sherman Eagles
This content is only available to Standards Navigator subscribers.  See our Subscribe page for information on subscriptions. Recent standards and regulatory activity overview Medical device software Following the failure of the DIS of 62304 to be approved, the IEC 62304 working group requested input from the ISO and IEC member countries. There was not a consensus...
Read More
This content is only available to Standards Navigator subscribers.  See our Subscribe page for information on subscriptions. Standards and regulatory activity overview Medical device software It appears that in response to a question posed by the IEC 62304 working group, the ISO and IEC member countries want ISO 14971 to be required for use of the second...
Read More
Here are some quick links to websites that list the harmonised standards for the different directives.
Read More
This content is only available to Standards Navigator subscribers.  See our Subscribe page for information on subscriptions. Standards and regulatory activity overview Medical device software Two webinars were held for the National Committees of IEC/SC 62A and the Member Bodies of ISO/TC 215, Health informatics, as well as the Member Bodies of ISO/TC 210, Quality management and...
Read More
Underwriters Laboratories, Inc. published the First Edition of the Standard for Safety for Remote Software Updates, UL 5500 on September 6, 2018. This standard covers remote software updates, accounting for the manufacturer’s recommended process to ensure safety. It is limited to software elements having an influence on safety and compliance with the particular end product...
Read More
UL 5500 – Safety for Remote Software Updates has been adopted as a U.S. National Standard. It covers the remote updating of software via the manufacturer’s recommended process. It is limited to software elements having an influence on safety and on compliance with the particular end product safety standard. It is not specific for medical...
Read More
This content is only available to Standards Navigator subscribers.  See our Subscribe page for information on subscriptions. Standards and Regulatory Activity Overview Medical device software Two webinars will be held for the National Committees of IEC/SC 62A and the Member Bodies of ISO/TC 215, Health informatics, as well as the Member Bodies of ISO/TC 210, Quality management...
Read More
Here is the report for June/July, 2018. SoftwareCPRStandardsNavigatorReportfor2018-07
Read More
This update addresses International and US National medical device standards ("a view of the landscape") being developed or revised that may be of interest to developers of software for medical devices or healthcare. Some of these standards are used directly for regulatory purposes and others may be valuable in demonstrating to regulatory authorities that a...
Read More
A draft of a new revision of the NIST Framework for Improving Critical Infrastructure Cybersecurity has been circulated for comment.  This draft (NIST_cybersecurity_framework-v1-1) revision refines, clarifies, and enhances Version 1.0 issued in February 2014.  This is a draft for comment. See copy of draft NIST Cybersecurity Framework v1-1
Read More
Summary of primary medical device standards as well as standards specific to Medical Device and Health IT software
Read More
The EU has proposed a new regulation on cybersecurity.  While this regulation is not specific to the health sector, health is mentioned as critical infrastructure in the proposal. The proposal would provide a revised mandate, objectives, and tasks for ENISA, the “EU Cybersecurity Agency.”  The new tasks include: Facilitating the establishment and take-up of European...
Read More
This document provides Sherman Eagle's June 2017 standards status update to be used with the Standards Landscape document. It provides a summary of status updates to primary medical device standards as well as standards specific to Medical Device and Health IT software including Cybersecurity and systems and software engineering standards.
Read More
“IEC TR 80002-2 Medical device software – Part 2: Validation of software for medical device quality systems” has been published. This TR provides guidance for new requirements in ISO 13485:2016 for validating software used in quality systems. ISO/TR 80002-2:2017 applies to any software used in device design, testing, component acceptance, manufacturing, labeling, packaging, distribution and...
Read More
AAMI Software and IT-related standards working groups include one for interoperability (with 3 standards work items), one for Device Security (with 2 standards work items), one for Wireless, one for SW Defect Classification, and one for AAMI/UL 2800-1 for specification of architecture independent requirements. There is also a separate Health IT Committee with several items...
Read More
Although IEC 82304-1 Health Software: General requirements for safety has been published it is not clear when it will be harmonized in the EU. Nonetheless it appears EU notified bodies are treating it as “state-of-the-art” and are likely to expect it to be used for software products that are regulated as medical devices. IEC TR...
Read More
This content is only available to Standards Navigator and Standards Navigators PLUS subscribers.  See our Subscribe page for information on subscriptions. This document provides a summary of primary medical device standards as well as standards specific to Medical Device and Health IT software including Cybersecurity and systems and software engineering standards. It includes an assessment of how...
Read More
This document provides a summary of primary medical device standards as well as standards specific to Medical Device and Health IT software including Cybersecurity and systems and software engineering standards. It includes an assessment of how the standards will impact the development of medical device and Health IT software. This is truly a MUST READ...
Read More
“IEC 82304-1: Health software – Part 1: General requirements for product safety” has been approved and released. It can be purchased from the ISO at the link provided. This standard addresses Health Software Products in general and does not attempt to define which are regulated and which are not. Its scope is all standalone software...
Read More
A final draft (FDIS) of “IEC 82304-1: Health software – Part 1: General requirements for product safety” has been approved. The standard will be published after final editing. This is expected around the end of the year (2016). The primary focus of this standard is on requirements for the developers of the software product. It...
Read More
A final draft for approval (FDIS) of “IEC 82304-1: Health software – Part 1: General requirements for product safety” has been circulated. The ballot ends on October 14, and the standard is expected to be published by the end of 2016. This standard applies to software products that do not require specific hardware designed for...
Read More
The European Union has published a Directive concerning measures for a high common level of security of network and information systems across the Union.  The directive does not impose any new requirements on manufacturers that are not operators of essential services or digital services. Instead, it relies on existing rules on product liability. EU Network...
Read More
This agreement includes a number of clarifications to the EU Medical Device Regulations.  The Environment, Public Health and Food Safety (ENVI) Committee of the European Parliament and Council’s Committee of Permanent Representatives (COREPER) voted to endorse the trilogue agreement on June 15.  The text of the draft MDR is at the link provided.  The text...
Read More
The purpose of DTSec is to establish a standard used to provide a high level of assurance that electronic products for the treatment of diabetes deliver the security protections claimed by their developers and required by their users. Diabetes Tech Society Standard
Read More
Sherman Eagles of SoftwareCPR® recently coauthored an article published by AAMI in the Jan/Feb 2016 BIT Journal entitled “Cybersecurity for Medical Device Manufacturers: Ensuring Safety and Functionality.”  You can read the article at this link: 2016 Jan-Feb BIT Cybersecurity Sherman is well known as an expert in medical device standards and has been involved in many...
Read More
Click here to view a summary of my highlights and rationale, along with some practical implementation tips for the new ISO 13485:2016:  SoftwareCPR-ISO13485 revision March 2016 highlights Some of the revisions add items included in FDA’s 21 CFR 820 Quality System Regulation such as Design Transfer, Validation of automation of quality system activities, detailed records, and...
Read More
A committee draft for vote has been circulated for the AAMI TIR 57 Principles for medical device information security risk management. The objective of this TIR is to provide guidance on how medical device manufacturers can manage risks from security threats that could impact the confidentiality, integrity, and/or availability of the device or the information...
Read More
The National Electrical Manufacturers Association (NEMA) has published a guidance document on supply chain best practices for electrical equipment and medical imaging manufacturers to minimize the possibility that bugs, malware, viruses, or other exploits can be used to negatively impact product operation. The document is a representation of identified best practices that vendors can implement...
Read More
The first amendment to IEC 62304 amendment has been published as Edition 1.1. You can purchase just the amendment, which notates what has changed, or a consolidated redline version. It is currently available from ANSI or IEC. AAMI will publish it in the near future, although it may be expensive to purchase from AAMI. This amendment mainly focuses...
Read More
The CWE can be a useful reference to use when performing medical device software risk management and security vulnerability analysis. The Common Weakness Enumeration Specification (CWE) provides a common language of discourse for discussing, finding and dealing with the causes of software security vulnerabilities as they are found in code, design, or system architecture. Each...
Read More
The ballot on the final draft of the IEC 62304 amendment, which focuses on safety classification and legacy software, closes in May. We expect publication by July, followed by a consolidated version that incorporates the amendment. Adoption by CENELEC as an EN is happening concurrently, so harmonization by the EU should happen late this year...
Read More
ANSI/AAMI/IEC TIR80001-2-5:2014 “Application of risk management for IT-networks incorporating medical devices Part 2-5: Application guidance: Guidance on distributed alarm systems” has been published. Sherman Eagles of SoftwareCPR was a co-chair for this.
Read More
/docs/scpred/standardsnavigator/SoftwareCPRStandardsNavigatorReport2015-1.pdf
Read More
A committee draft (CD) of “IEC TR 62366-2: Medical devices – Part 2: Guidance on the application of usability engineering to medical devices” was issued for comment. This technical report provides medical device manufacturers with guidance on how to integrate usability engineering (also called human factors engineering) principles and user interface design practices into their...
Read More
/docs/scpred/StandardsNavigator/SoftwareCPRStandardsNavigatorReport2014-11.pdf
Read More
AAMI TIR50: 2014 “Post-market surveillance of use error management” addresses use error detection for medical devices from the clinical, manufacturer, patient, user, and regulatory perspective. The goal is to provide guidance on how these individuals can best collect, assess, and leverage post-market use error data to mitigate product risk, and to improve product safety and...
Read More
In SoftwareCPR’s opinion, a somewhat unique, very well conceived, and well designed tool for the specialized craft of risk analysis as well as safety assurance cases.  The tool is very configurable, allowing customized structures for your own methods.  The ability to view data from an FMEA, FTA, or table view saves valuable time during creation...
Read More
IEC 80002-1 “Guidance on the application of ISO 14971 to medical device software” has been reconfirmed with a new stability date of 2016. This means that the document will not change before 2016. The next review to determine if the technical report should be revised will occur in 2015. IEC 80001-1 “Application of risk management...
Read More
The debate over ISO 14971 continues between industry and the European Commission. The joint ISO & IEC working group responsible for ISO 14971 met and determined that ISO 14971 still represents the state of the art for medical device risk management and that no changes were needed, despite the position of the EC that ISO...
Read More
This document provides answers to questions that have been asked to notified bodies regarding using EN 62304 for regulatory purposes in the EU. FAQ 62304
Read More
IEC SC 62A has agreed that the 2nd edition of 62304 will be expanded to cover all Health Software, not just medical devices. In the interim, an amendment will be issued to clarify current safety classification as well as application of 62304 for legacy software (this was originally intended to be done as part of...
Read More
AAMI and FDA held a two day event Oct 2-3, 2012, as a summit on interoperability. 260 people attended. AAMI has authorized widespread distribution of the proceedings document from this event (see the link provided). Interoperability Summit 2012
Read More
The GHTF is ending and will be replaced by a regulator-only organization, the International Medical Device Regulators Forum (IMDRF). This is the closing statement by the GHTF: GHTF-Closing-Statement.
Read More
AAMI/CDV-1 62366:2007/A1 (IEC/SC62A/826/CDV) — Medical devices – Application of usability engineering to medical devices, Amendment 1. This amendment is out for comment and addresses legacy user interfaces and 62366 conformance for User Interfaces of Unknown Provenance (UOUP). The 62366 amendment draft can now downloaded free from AAMI. Go to the AAMI web site at the...
Read More
The first committee draft of the second edition of “IEC 62304 Medical device software life cycle processes” has been circulated internally for comment. Major changes include a revision of how software safety class is determined, which could reduce the tendency towards most software being Class C; clear requirements for legacy software that explain how conformance...
Read More
See the attached press release from AAMI and UL regarding their collaboration to produce a series of interoperability standards. AAMI UL Interoperability Press Release
Read More
Presentations made at the AAMI/FDA Interoperability Summit on October 1-2, 2012, can be found at the link provided. http://www.aami.org/interoperability/presentations
Read More
AAMI has published “AAMI TIR45: 2012 Guidance on the use of AGILE practices in the development of medical device software.” FDA staff was involved in development of this guidance for compliant use of Agile methods. The document can be ordered from AAMI.org.
Read More
The final version of “ANSI/AAMI SW 87:2012 Application of quality management system concepts to medical device data systems” has been published. FDA initiated and participated in this work. Sherman Eagles, Sandy Hedberg, and Molly Ray of SoftwareCPR were on the working group and Alan Kusinitz of SoftwareCPR was a reviewer. SoftwareCPR can provide MDDS developers...
Read More
Medical Device Interoperability Coordinating Council draft concept paper is at the link provided. This group is being facilitated by the FDA to encourage interoperability between medical devices. MDICC Draft Concept
Read More
1 2

CSV Training Course

Learn FDA expectations for software validation for computer systems, quality system software, manufacturing and production process software, and engineering tools. Email training@softwarecpr.com for more info.

Corporate Office

15148 Springview St
Tampa, FL 33624
USA
+1-781-721-2921
Partners located in the US (CA, FL, MA, MN) and Italy.