Blog

Timely, insightful, and relevant thoughts, opinions, and discussion on FDA software validation, 62304 compliance, medical device software standards, updates impacting medical device and HealthIT software development, and sundry subjects from our Partners and staff.

What are non-device software functions according to the FDA?  The 21st century cures act excluded certain types of software.  The term device, as defined in section 201(h), shall not include a software function that is intended— (A) for administrative support of a health care facility, including the processing and maintenance of financial records, claims or...
Read More
Trying to understand Software Design Verification … A QA’s takeaway on reading the General Principles of Software Validation for the first time. FDA gives guidance in the General Principles of Software Validation guidance document, but in general: Testing at different levels: units, integrated units, software complete Testing types: negative, combinatorial, fault injection, risk controls challenge, boundary, corner cases, stress,...
Read More
This March 2022 Standards Navigator Report content is only available to Standards Navigator subscribers. See our Subscribe page for information on subscriptions. SoftwareCPR® Standards Navigator provides information and tools related to standards that play a significant role in health software and software intensive medical devices.  In addition to information on existing standards, our report keeps you...
Read More
What is CAPA?   Corrective and Preventive Action (CAPA) is a fundamental quality process for medical device manufacturers including SaMD.  From the regulations it is really not that complicated.   21 CFR 820.100 reads: (a) Each manufacturer shall establish and maintain procedures for implementing corrective and preventive action. The procedures shall include requirements for: (1)...
Read More
When developing medical devices, a manufacturer may have difficulty knowing when (or what) the transition from research phase activities to design controls has begun.  Often this is due to the nature of research itself - one is exploring a concept or design approach that may or may not pan out in the end.  The US...
Read More
A fundamental requirement for any controlled process is to have the documentation associated with the process to be “controlled.”  What do we mean by controlled?  Document control implies that one can distinguish one revision of a document from another revision.  It also implies that a particular revision is retrievable and unblemished – that is, five...
Read More
This post discusses some code review basics - concepts and inspection ideas that one might use when performing a code review.  A code review is a technical verification activity.  The purpose is most often to identify coding errors against the design intent - one is verifying that the code actually accomplishes what that author intended....
Read More
When considering software process and software validation requirements for product software versus tool software, it can be very confusing and challenging.  We have created a job aid that can help facilitate the discussion of the differences between the two.  Available to our premium (or higher) level subscribers. The QSR which requires that “when computers or...
Read More
Today, the U.S. Food and Drug Administration (FDA) issued the draft guidance: Content of Premarket Submissions for Device Software Functions. The draft guidance is intended to reflect FDA’s most current thinking on the recommended documentation sponsors should include in premarket submissions for FDA’s evaluation of the safety and effectiveness of device software functions, including both...
Read More
“From my 25 years at the agency, I completely understand that FDA CDRH guidance development, approval and publication is complex, time-consuming work. I often said it may be compared to threading 1000 needles simultaneously. It requires significant time and energy from many hard-working, dedicated professionals to even reach the first goal of published draft guidance....
Read More

Latest News!

Updated Risk Management training course now available.  Includes:

  • Coverage of ISO 14971, IEC 62304; amd1, and IEC/TR 80002-1.
  • Why FMEA is incomplete for medical device risk management.
  • How to perform software hazards analysis.
  • And more!

3-days onsite with group exercises, quizzes, examples, Q&A.  Contact training@softwarecpr.com

Corporate Office

15148 Springview St.
Tampa, FL 33624
USA
+1-781-721-2921
Partners located in the US (CA, FL, MA, MN, TX) and Canada.