By

Sherman Eagles
This March 2022 Standards Navigator Report content is only available to Standards Navigator subscribers. See our Subscribe page for information on subscriptions. SoftwareCPR® Standards Navigator provides information and tools related to standards that play a significant role in health software and software intensive medical devices.  In addition to information on existing standards, our report keeps you...
Read More
This September 2021 Standards Navigator Report content is only available to Standards Navigator subscribers. See our Subscribe page for information on subscriptions. SoftwareCPR® Standards Navigator provides information and tools related to standards that play a significant role in health software and software intensive medical devices.  In addition to information on existing standards, our report keeps you...
Read More
This July 2021 Standards Navigator Report content is only available to Standards Navigator subscribers. See our Subscribe page for information on subscriptions. SoftwareCPR® Standards Navigator provides information and tools related to standards that play a significant role in health software and software intensive medical devices.  In addition to information on existing standards, our report keeps you...
Read More
This January 2021 Standards Navigator Report content is only available to Standards Navigator subscribers.  See our Subscribe page for information on subscriptions. SoftwareCPR® Standards Navigator provides information and tools related to standards that play a significant role in health software and software intensive medical devices. In addition to information on existing standards, SoftwareCPR Standards Navigator keeps you...
Read More
This December 2020 Standards Navigator Report content is only available to Standards Navigator subscribers.  See our Subscribe page for information on subscriptions. SoftwareCPR Standards Navigator Report provides information and tools related to standards that play a significant role in health software and software intensive medical devices. In addition to information on existing standards, SoftwareCPR Standards...
Read More
This September 2020 Standards Navigator Report content is only available to Standards Navigator subscribers.  See our Subscribe page for information on subscriptions. SoftwareCPR Standards Navigator Report provides information and tools related to standards that play a significant role in health software and software intensive medical devices. In addition to information on existing standards, SoftwareCPR Standards...
Read More
This July 2020 Standards Navigator Report content is only available to Standards Navigator subscribers.  See our Subscribe page for information on subscriptions. SoftwareCPR Standards Navigator Report provides information and tools related to standards that play a significant role in health software and software intensive medical devices. In addition to information on existing standards, SoftwareCPR Standards...
Read More
This February 2020 Standards Navigator Report content is only available to Standards Navigator subscribers.  See our Subscribe page for information on subscriptions. SoftwareCPR Standards Navigator Report provides information and tools related to standards that play a significant role in health software and software intensive medical devices. In addition to information on existing standards, SoftwareCPR Standards...
Read More
This content is only available to Standards Navigator subscribers.  See our Subscribe page for information on subscriptions. SoftwareCPR Standards Navigator Report provides information and tools related to standards that play a significant role in health software and software intensive medical devices. In addition to information on existing standards, SoftwareCPR Standards Navigator keeps you up to date...
Read More
This content is only available to Standards Navigator subscribers.  See our Subscribe page for information on subscriptions. SoftwareCPR Standards Navigator provides information and tools related to standards that play a significant role in health software and software intensive medical devices. In addition to information on existing standards, SoftwareCPR Standards Navigator keeps you up to date on...
Read More
This content is only available to Standards Navigator subscribers.  See our Subscribe page for information on subscriptions. SoftwareCPR Standards Navigator provides information and tools related to standards that play a significant role in health software and software intensive medical devices. In addition to information on existing standards, SoftwareCPR Standards Navigator keeps you up to date on...
Read More
This content is only available to Standards Navigator subscribers.  See our Subscribe page for information on subscriptions. SoftwareCPR Standards Navigator provides information and tools related to standards that play a significant role in health software and software intensive medical devices. In addition to information on existing standards, SoftwareCPR Standards Navigator keeps you up to date on...
Read More
This content is only available to Standards Navigator subscribers.  See our Subscribe page for information on subscriptions. Recent standards and regulatory activity overview Medical device software Following the failure of the DIS of 62304 to be approved, the IEC 62304 working group requested input from the ISO and IEC member countries. There was not a consensus...
Read More
This content is only available to Standards Navigator subscribers.  See our Subscribe page for information on subscriptions. Standards and regulatory activity overview Medical device software It appears that in response to a question posed by the IEC 62304 working group, the ISO and IEC member countries want ISO 14971 to be required for use of the second...
Read More
Here are some quick links to websites that list the harmonised standards for the different directives.
Read More
This content is only available to Standards Navigator subscribers.  See our Subscribe page for information on subscriptions. Standards and regulatory activity overview Medical device software Two webinars were held for the National Committees of IEC/SC 62A and the Member Bodies of ISO/TC 215, Health informatics, as well as the Member Bodies of ISO/TC 210, Quality management and...
Read More
Underwriters Laboratories, Inc. published the First Edition of the Standard for Safety for Remote Software Updates, UL 5500 on September 6, 2018. This standard covers remote software updates, accounting for the manufacturer’s recommended process to ensure safety. It is limited to software elements having an influence on safety and compliance with the particular end product...
Read More
UL 5500 – Safety for Remote Software Updates has been adopted as a U.S. National Standard. It covers the remote updating of software via the manufacturer’s recommended process. It is limited to software elements having an influence on safety and on compliance with the particular end product safety standard. It is not specific for medical...
Read More
This content is only available to Standards Navigator subscribers.  See our Subscribe page for information on subscriptions. Standards and Regulatory Activity Overview Medical device software Two webinars will be held for the National Committees of IEC/SC 62A and the Member Bodies of ISO/TC 215, Health informatics, as well as the Member Bodies of ISO/TC 210, Quality management...
Read More
Here is the report for June/July, 2018. SoftwareCPRStandardsNavigatorReportfor2018-07
Read More
This update addresses International and US National medical device standards (“a view of the landscape”) being developed or revised that may be of interest to developers of software for medical devices or healthcare. Some of these standards are used directly for regulatory purposes and others may be valuable in demonstrating to regulatory authorities that a...
Read More
A draft of a new revision of the NIST Framework for Improving Critical Infrastructure Cybersecurity has been circulated for comment.  This draft (NIST_cybersecurity_framework-v1-1) revision refines, clarifies, and enhances Version 1.0 issued in February 2014.  This is a draft for comment. See copy of draft Framework for Improving Critical Infrastructure Cybersecurity Version 1.1
Read More
Summary of primary medical device standards as well as standards specific to Medical Device and Health IT software
Read More
The EU has proposed a new regulation on cybersecurity.  While this regulation is not specific to the health sector, health is mentioned as critical infrastructure in the proposal. The proposal would provide a revised mandate, objectives, and tasks for ENISA, the “EU Cybersecurity Agency.”  The new tasks include: Facilitating the establishment and take-up of European...
Read More
This document provides Sherman Eagle's June 2017 standards status update to be used with the Standards Landscape document. It provides a summary of status updates to primary medical device standards as well as standards specific to Medical Device and Health IT software including Cybersecurity and systems and software engineering standards.
Read More
“IEC TR 80002-2 Medical device software – Part 2: Validation of software for medical device quality systems” has been published. This TR provides guidance for new requirements in ISO 13485:2016 for validating software used in quality systems. ISO/TR 80002-2:2017 applies to any software used in device design, testing, component acceptance, manufacturing, labeling, packaging, distribution and...
Read More
AAMI Software and IT-related standards working groups include one for interoperability (with 3 standards work items), one for Device Security (with 2 standards work items), one for Wireless, one for SW Defect Classification, and one for AAMI/UL 2800-1 for specification of architecture independent requirements. There is also a separate Health IT Committee with several items...
Read More
Although IEC 82304-1 Health Software: General requirements for safety has been published it is not clear when it will be harmonized in the EU. Nonetheless it appears EU notified bodies are treating it as “state-of-the-art” and are likely to expect it to be used for software products that are regulated as medical devices. IEC TR...
Read More
This content is only available to Standards Navigator and Standards Navigators PLUS subscribers.  See our Subscribe page for information on subscriptions. This document provides a summary of primary medical device standards as well as standards specific to Medical Device and Health IT software including Cybersecurity and systems and software engineering standards. It includes an assessment of how...
Read More
This document provides a summary of primary medical device standards as well as standards specific to Medical Device and Health IT software including Cybersecurity and systems and software engineering standards. It includes an assessment of how the standards will impact the development of medical device and Health IT software. This is truly a MUST READ...
Read More
“IEC 82304-1: Health software – Part 1: General requirements for product safety” has been approved and released. It can be purchased from the ISO at the link provided. This standard addresses Health Software Products in general and does not attempt to define which are regulated and which are not. Its scope is all standalone software...
Read More
A final draft (FDIS) of “IEC 82304-1: Health software – Part 1: General requirements for product safety” has been approved. The standard will be published after final editing. This is expected around the end of the year (2016). The primary focus of this standard is on requirements for the developers of the software product. It...
Read More
A final draft for approval (FDIS) of “IEC 82304-1: Health software – Part 1: General requirements for product safety” has been circulated. The ballot ends on October 14, and the standard is expected to be published by the end of 2016. This standard applies to software products that do not require specific hardware designed for...
Read More
The European Union has published a Directive concerning measures for a high common level of security of network and information systems across the Union.  The directive does not impose any new requirements on manufacturers that are not operators of essential services or digital services. Instead, it relies on existing rules on product liability. EU Network...
Read More
This agreement includes a number of clarifications to the EU Medical Device Regulations.  The Environment, Public Health and Food Safety (ENVI) Committee of the European Parliament and Council’s Committee of Permanent Representatives (COREPER) voted to endorse the trilogue agreement on June 15.  The text of the draft MDR is at the link provided.  The text...
Read More
The purpose of DTSec is to establish a standard used to provide a high level of assurance that electronic products for the treatment of diabetes deliver the security protections claimed by their developers and required by their users. Diabetes Tech Society Standard
Read More
Sherman Eagles of SoftwareCPR® recently coauthored an article published by AAMI in the Jan/Feb 2016 BIT Journal entitled “Cybersecurity for Medical Device Manufacturers: Ensuring Safety and Functionality.”  You can read the article at this link: 2016 Jan-Feb BIT Cybersecurity Sherman is well known as an expert in medical device standards and has been involved in many...
Read More
Click here to view a summary of my highlights and rationale, along with some practical implementation tips for the new ISO 13485:2016:  SoftwareCPR-ISO13485 revision March 2016 highlights Some of the revisions add items included in FDA’s 21 CFR 820 Quality System Regulation such as Design Transfer, Validation of automation of quality system activities, detailed records, and...
Read More
A committee draft for vote has been circulated for the AAMI TIR 57 Principles for medical device information security risk management. The objective of this TIR is to provide guidance on how medical device manufacturers can manage risks from security threats that could impact the confidentiality, integrity, and/or availability of the device or the information...
Read More
The National Electrical Manufacturers Association (NEMA) has published a guidance document on supply chain best practices for electrical equipment and medical imaging manufacturers to minimize the possibility that bugs, malware, viruses, or other exploits can be used to negatively impact product operation. The document is a representation of identified best practices that vendors can implement...
Read More
The first amendment to IEC 62304 amendment has been published as Edition 1.1. You can purchase just the amendment, which notates what has changed, or a consolidated redline version. It is currently available from ANSI or IEC. AAMI will publish it in the near future, although it may be expensive to purchase from AAMI. This amendment mainly focuses...
Read More
The CWE can be a useful reference to use when performing medical device software risk management and security vulnerability analysis. The Common Weakness Enumeration Specification (CWE) provides a common language of discourse for discussing, finding and dealing with the causes of software security vulnerabilities as they are found in code, design, or system architecture. Each...
Read More
The ballot on the final draft of the IEC 62304 amendment, which focuses on safety classification and legacy software, closes in May. We expect publication by July, followed by a consolidated version that incorporates the amendment. Adoption by CENELEC as an EN is happening concurrently, so harmonization by the EU should happen late this year...
Read More
ANSI/AAMI/IEC TIR80001-2-5:2014 “Application of risk management for IT-networks incorporating medical devices Part 2-5: Application guidance: Guidance on distributed alarm systems” has been published. Sherman Eagles of SoftwareCPR was a co-chair for this.
Read More
/docs/scpred/standardsnavigator/SoftwareCPRStandardsNavigatorReport2015-1.pdf
Read More
A committee draft (CD) of “IEC TR 62366-2: Medical devices – Part 2: Guidance on the application of usability engineering to medical devices” was issued for comment. This technical report provides medical device manufacturers with guidance on how to integrate usability engineering (also called human factors engineering) principles and user interface design practices into their...
Read More
/docs/scpred/StandardsNavigator/SoftwareCPRStandardsNavigatorReport2014-11.pdf
Read More
AAMI TIR50: 2014 “Post-market surveillance of use error management” addresses use error detection for medical devices from the clinical, manufacturer, patient, user, and regulatory perspective. The goal is to provide guidance on how these individuals can best collect, assess, and leverage post-market use error data to mitigate product risk, and to improve product safety and...
Read More
In SoftwareCPR’s opinion, a somewhat unique, very well conceived, and well designed tool for the specialized craft of risk analysis as well as safety assurance cases.  The tool is very configurable, allowing customized structures for your own methods.  The ability to view data from an FMEA, FTA, or table view saves valuable time during creation...
Read More
IEC 80002-1 “Guidance on the application of ISO 14971 to medical device software” has been reconfirmed with a new stability date of 2016. This means that the document will not change before 2016. The next review to determine if the technical report should be revised will occur in 2015. IEC 80001-1 “Application of risk management...
Read More
1 2

SoftwareCPR Training Courses:

IEC 62304 and other emerging standards for Medical Device and HealthIT Software

Our flagship course for preparing regulatory, quality, engineering, operations, and others for the activities and documentation expected for IEC 62304 conformance and for FDA expectations. The goal is to educate on the intent and purpose so that the participants are able to make informed decisions in the future.  Focus is not simply what the standard says, but what is meant and discuss examples and approaches one might implement to comply.  Special deep discount pricing available to FDA attendees and other regulators.

3-days onsite with group exercises, quizzes, examples, Q&A.

Instructor: Brian Pate

Next public offering:  TBD

Email training@softwarecpr.com to request a special pre-registration discount.  Limited number of pre-registration coupons.

Registration Link:

TBD

 


 

Being Agile & Yet Compliant (Public or Private)

Our SoftwareCPR unique approach to incorporating agile and lean engineering to your medical device software process training course is now open for scheduling!

  • Agile principles that align well with medical
  • Backlog management
  • Agile risk management
  • Incremental and iterative software development lifecycle management
  •  Frequent release management
  • And more!

2-days onsite (4 days virtual) with group exercises, quizzes, examples, Q&A.

Instructors: Mike Russell, Ron Baerg

Next public offering: March 7 & 28, 2024

Virtual via Zoom

Registration Link:

Register Now

 


 

Medical Device Cybersecurity (Public or Private)

This course takes a deep dive into the US FDA expectations for cybersecurity activities in the product development process with central focus on the cybersecurity risk analysis process. Overall approach will be tied to relevant standards and FDA guidance documentation. The course will follow the ISO 14971:2019 framework for overall structure but utilize IEC 62304, IEC 81001-5-1, and AAMI TIR57 for specific details regarding cybersecurity planning, risk characterization, threat modeling, and control strategies.

2-days onsite with group exercises, quizzes, examples, Q&A.

Instructor: Dr Peter Rech, 2nd instructor (optional)

Next public offering:  TBD

Corporate Office

15148 Springview St.
Tampa, FL 33624
USA
+1-781-721-2921
Partners located in the US (CA, FL, MA, MN, TX) and Canada.