Category

Blog
This content is only available to Standards Navigator subscribers.  See our Subscribe page for information on subscriptions. Standards and regulatory activity overview Medical device software It appears that in response to a question posed by the IEC 62304 working group, the ISO and IEC member countries want ISO 14971 to be required for use of the second...
Read More
Clearly one of the great struggles with medical device product design is to understand and finely tune the design input for our devices.  It is difficult but the payoff can be great when done well – pays off with development efficiency, greater certainty with safety risk control, and ultimately in customer satisfaction. In our training...
Read More
It is always good to remind ourselves of exactly what the regulation says – often our corporate procedures can become “bloated” and lead some to believe that some specific activities and/or types of deliverables are required by the regulations.
Read More
One of the most difficult challenges for medical device and HealthIT manufacturers is to properly "level" the design requirements for their medical device systems such that it is clear when it comes to design validation versus design verification.
Read More
Certainly everyone with any connection to information technology and networked devices is concerned with cybersecurity. However, often we just miss the basics – we do not practice good cyber hygiene. While not intended to be comprehensive or state-of-the-art, here are some security basics (or as some call it, “cyber hygiene”) that one should consider when developing...
Read More
Glanced through the latest FDA warning letters today.  From the FDA Medical Device & Radiological Health Operations West/Division 3 I see the inspector pointing out “This design validation also fails to include software validation [emphasis mine] to assure software will perform as intended and will not prevent safe operation by the user.”   Of course this is...
Read More
Questionnaire asking the national bodies to choose which approach to risk management should be used in the second edition of IEC 62304: Standards Navigator 62304 Ed2 Questionnaire
Read More
A presentation on IEC 62304 Second Edition may be found at the following link: Standards Navigator 62304 Ed2 Presentation
Read More
This content is only available to Standards Navigator subscribers.  See our Subscribe page for information on subscriptions. Standards and regulatory activity overview Medical device software Two webinars were held for the National Committees of IEC/SC 62A and the Member Bodies of ISO/TC 215, Health informatics, as well as the Member Bodies of ISO/TC 210, Quality management and...
Read More
This content is only available to Premium and higher subscribers.  See our Subscribe page for information on subscriptions. It contains all software and computer related recall excerpts for the years listed. Some of the newest recalls on the site may not be included. This compilation is provided in reverse chronological order and is useful for quick review,...
Read More
This content is only available to Premium and higher subscribers.  See our Subscribe page for information on subscriptions. The attached pdf file contains all software and computer related warning letter excerpts posted on this site for the years listed. Some of the newest warning letters on the site may not be included since we only update this...
Read More
This content is only available to Standards Navigator subscribers.  See our Subscribe page for information on subscriptions. Standards and Regulatory Activity Overview Medical device software Two webinars will be held for the National Committees of IEC/SC 62A and the Member Bodies of ISO/TC 215, Health informatics, as well as the Member Bodies of ISO/TC 210, Quality management...
Read More
The latest communication from FDA regarding regulation of medical apps notes that mobile medical apps can greatly help patients be proactive and vigilant about their own healthcare. There has been increased demand for medical apps, and many of the apps depend on high levels of feedback between patients and clinicians. The FDA wants to regulate...
Read More
What concerns FDA when conducting a benefit-risk assessment of medical devices?  The answer is a long list of variables that can vary by type of device, target population, and indications for use, but the clear focus is on patient safety and benefit. The FDA considers both the device benefit-risk assessment, as well as evidence and...
Read More
Software-based medical devices tend to develop more quickly than typical hardware-based medical devices; so, in response, the FDA has turned to an agile regulatory model for software as a medical device (“SaMD”). The FDA describes the Software Precertification Program as a voluntary pathway, with tailored assessments of the safety and effectiveness of software technologies. Rather...
Read More
The latest communication from FDA regarding regulation of medical apps notes that mobile medical apps can greatly help patients be proactive and vigilant about their own healthcare.  There has been increased demand for medical apps, and many of the apps depend on high levels of feedback between patients and clinicians.  The FDA wants to regulate...
Read More
Here is the report for June/July, 2018. SoftwareCPRStandardsNavigatorReportfor2018-07
Read More
Prepared a visual aide (one of many we use in our training courses) of key Medical Devices Standards and FDA guidance related to software.  Enjoy! SoftwareCPR Sw Stds Guidances
Read More
This update addresses International and US National medical device standards ("a view of the landscape") being developed or revised that may be of interest to developers of software for medical devices or healthcare. Some of these standards are used directly for regulatory purposes and others may be valuable in demonstrating to regulatory authorities that a...
Read More
On Dec. 14, 2017, the FDA released a Draft guidance dated Dec. 15, 2017 “The Least Burdensome Provisions: Concept and Principles.” This guidance discusses FDA’s intent and approach to applying Least Burdensome Principles to the total product lifecycle for medical devices based on requirements in FDAMA (Public Law 105-115), the FDA Safety and Innovation Act...
Read More
Summary of primary medical device standards as well as standards specific to Medical Device and Health IT software
Read More
FDA regulation of Medical Device Data Systems has changed significantly over the years. This, together with the blurred line between MDDS and general health information technology, interfaces between MDDS and regulated medical devices, the actual criteria for deciding if something is classified as a Medical Device Data System, and different regulatory requirements outside the US...
Read More
I don’t even really like to use the word retrospective
Read More
A short, short time ago, in this very own galaxy some companies were not making blockbusters, but medical devices. Whispers of quicker development times and better testing made the way past the water cooler until it became time to indulge and implement the mythical software development lifecycle. With the changes came weird language and rumors...
Read More
Testing activities should neither end with the release of the product nor once test documentation is complete, but should continue with the reduction of any test debt. Test debt is essentially a form of technical debt. Like technical debt, test debt is incurred during a project when compromises are made in the creation of test...
Read More
A security company indicated the following: … many companies received emails from Amazon indicating that their AWS S3 bucket policies were left configured as “publicly accessible”. These publicly accessible policies allow potentially sensitive cloud data exposed to cybersecurity threats, and likely are not the intention of the Amazon customers. Amazon recommended that each “bucket” policy...
Read More
Here are some thoughts from a recent conversation between Sherman Eagles, Brian Pate, and Alan Kusinitz of SoftwareCPR®: Cybersecurity vulnerabilities can have unpredictable effects on safety.  Unpredictable effects … to those who have worked to reduce risks of software failures in medical device software, that phrase may be familiar.  That concept is explained in relation to...
Read More
This document provides Sherman Eagle's June 2017 standards status update to be used with the Standards Landscape document. It provides a summary of status updates to primary medical device standards as well as standards specific to Medical Device and Health IT software including Cybersecurity and systems and software engineering standards.
Read More
Cybersecurity firm Sophos published an article on Medical Device cybersecurity and David Overton of SoftwareCPR® suggested we post this as it may be of interest. David pointed out these statements: A significant percentage of medical devices are not secure. Most medical device manufacturers do not take serious steps to secure their devices for two reasons:...
Read More
This content is only available to Premium and higher subscribers.  See our Subscribe page for information on subscriptions. Created a job aide which compares the IEC 62304 and IEC 82304 elements for requirements. This is only intended to be used as a starting point and requires interpretation based on knowledge of each standard and the type of...
Read More
This content is only available to Premium and higher subscribers.  See our Subscribe page for information on subscriptions. Use this as a starting point to gather information on the software development environment (and related information) as required in FDA's Guidance for Software Information to be included in open market submissions. It is only intended as a starting...
Read More
Although IEC 82304-1 Health Software: General requirements for safety has been published it is not clear when it will be harmonized in the EU. Nonetheless it appears EU notified bodies are treating it as “state-of-the-art” and are likely to expect it to be used for software products that are regulated as medical devices. IEC TR...
Read More
This content is only available to Premium and higher subscribers.  See our Subscribe page for information on subscriptions. SoftwareCPR checklist for "IEC 82304-1: Health software - Part 1: General requirements for product safety."  82304 SoftwareCPR Checklist SoftwareCPR can provide conformance assessments, training, or expert consultation for efficient use and implementation of 82304 for medical device software as well...
Read More
This content is only available to Standards Navigator and Standards Navigators PLUS subscribers.  See our Subscribe page for information on subscriptions. This document provides a summary of primary medical device standards as well as standards specific to Medical Device and Health IT software including Cybersecurity and systems and software engineering standards. It includes an assessment of how...
Read More
This document provides a summary of primary medical device standards as well as standards specific to Medical Device and Health IT software including Cybersecurity and systems and software engineering standards. It includes an assessment of how the standards will impact the development of medical device and Health IT software. This is truly a MUST READ...
Read More
This content is only available to Premium and higher subscribers.  See our Subscribe page for information on subscriptions. The attached pdf file contains all Part 11 related warning letter excerpts included on this site as of the date above.  This file is updated periodically, but for the most recent warning letters between these updates, do text...
Read More
This document is the result of an industry-led initiative of the European Commission. It is targeted at app developers and its purpose is to foster justified trust among users of mHealth apps which process personal data. Standards Navigator Draft Health Code of Conduct
Read More
The link provided is our revised checklist for changes in Amendment 1. You will need to login as a paid subscriber to download this checklist.
Read More
Click here to view a summary of my highlights and rationale, along with some practical implementation tips for the new ISO 13485:2016:  SoftwareCPR-ISO13485 revision March 2016 highlights Some of the revisions add items included in FDA’s 21 CFR 820 Quality System Regulation such as Design Transfer, Validation of automation of quality system activities, detailed records, and...
Read More
This content is only available to Premium and higher subscribers.  See our Subscribe page for information on subscriptions. It contains a training aid that provides an overview comparison between the 2015 Amendment of IEC 62304 and FDA requirements based on 62304 Safety Classes. SCPRed_SoftwareCPR-FDA-62304SafetyClasscomparisonTrainingAide
Read More
This content is only available to Premium and higher subscribers.  See our Subscribe page for information on subscriptions. A sample checklist for releasing or updating software is at the link provided. GoLiveiChecklistTrainingExample111115
Read More
/docs/scpred/standardsnavigator/SoftwareCPRStandardsNavigatorReport2015-1.pdf
Read More
This content is only available to Premium and higher subscribers.  See our Subscribe page for information on subscriptions. It contains all software and computer related recall excerpts for the years listed. Some of the newest recalls on the site may not be included. This compilation is provided in reverse chronological order and is useful for quick review,...
Read More
/docs/scpred/StandardsNavigator/SoftwareCPRStandardsNavigatorReport2014-11.pdf
Read More
Brian Pate of SoftwareCPR suggest that a good rule of thumb is: If differences in the final product, produced by two different development groups using the same specification element, resulted in unacceptable differences in safety or efficacy then it would likely be a “requirement”. Otherwise it is most likely to be a design specification. This...
Read More
Test driven development (TDD) is the creation and execution of automated tests early in development which fail, by design, until a programmed element is implemented. There are many terms to describe the process, but few will refute its value. Re-discovered in 2003, manufacturers are taking hold of this methodology, ensuring new hires can successfully and...
Read More
This content is only available to Premium and higher subscribers.  See our Subscribe page for information on subscriptions. It contains all software and computer related warning letter excerpts included on this site. Some of the newest warning letters on the site may not be included since we only update this comprehensive document periodically. This compilation is provided...
Read More
Obviously, unit tests have their greatest value at the time of the development of the unit itself. Well-designed unit tests provide evidence that the unit performs its intended function, that the software design executes as intended, and allows the developer (or tester) to test the unit with inputs and states that may be difficult to...
Read More
The document at the link provided is a short checklist for helping ensure or assess requirements quality. It is an educational aid to be used only by knowledgeable individuals and should not be used blindly or considered comprehensive. This was prepared by Brian Pate with input from Alan Kusinitz. Requirement Quality Checklist
Read More
If sample sizes need to be determined there are many statistical methods and assumptions related to this so decisions should be carefully considered. Two of the most commonly used sample tables are ISO 2859 for attibutes and ISO 3951 for variables.
Read More
This content is only available to Premium and higher subscribers.  See our Subscribe page for information on subscriptions. Mary Decareau of SoftwareCPR prepared a tiered checklist for EN 62366 Medical devices – Application of usability engineering to medical devices for our internal use and we are making it available to paid subscribers at the link provided and...
Read More
This content is only available to Premium and higher subscribers.  See our Subscribe page for information on subscriptions. The SFDA prepared a draft document entitled "Explanations on the Basic Requirements of Application for Registration of Medical Device Software" on April 28, 2012, which is linked below. This was initially translated to English by JIRA (Japan Industries Association...
Read More
This content is only available to Premium and higher subscribers.  See our Subscribe page for information on subscriptions. The attached pdf file contains all software and computer related warning letter excerpts included on this site. Some of the newest warning letters on the site may not be included since we only update this comprehensive document periodically. This...
Read More
This content is only available to our Standards Navigators subscribers.  See our Subscribe page for information on subscriptions. Read the Swedish formal objection to the harmonization of ISO 13485. Sweden Formal Objection ISO13485 Medical Devices
Read More
This content is only available to Standards Navigators subscribers.  See our Subscribe page for information on subscriptions. The Industry response to the Swedish objection to ISO 13485 can be found at the following link:   Industryresponseto13485objection I had previously posted regarding the Swedish objection at this link:  
Read More
This content is only available to Standards Navigators subscribers.  See our Subscribe page for information on subscriptions. The link provides the formal objection to the harmonization of ISO 14971 from the European Commission.   EN Deharmonization of Cen-Standards 2010-11
Read More
This content is only available to Standards Navigators subscribers.  See our Subscribe page for information on subscriptions. The link provides the response from ISO TC 210 to the EC objections to ISO 14971.  ISO TC210 Comments on deharmonization of EN14971
Read More
This content is only available to Standards Navigator subscribers.  See our Subscribe page for information on subscriptions. A new work item and draft technical report for guidance in implementing IEC 80001-1:2010. This TR provides practical guidance for doing risk management for hospital networks.The report is at the link provided until the review period ends on 24-Feb-2011. IEC...
Read More
This content is only available to Standards Navigator subscribers.  See our Subscribe page for information on subscriptions. A new work item and draft technical report for guidance in implementing IEC 80001-1:2010. This TR provides a framework for a dialogue between a medical device manufacturer and a hospital regarding system and data security controls. The report is at...
Read More
This content is only available to Standards Navigator subscribers.  See our Subscribe page for information on subscriptions. A new work item and draft technical report for guidance in implementing IEC 80001-1:2010. This TR provides guidance for considering risk when using wireless communications in a hospital.  The report is at the link provided until the review period ends...
Read More
This content is only available to Premium and higher subscribers.  See our Subscribe page for information on subscriptions. The pdf at the link provided contains a training template used in SoftwareCPR training on production and quality system software validation. It presents a general validation form for discussion that can be used itself for simple applications or tools...
Read More
The pdf at the link provided is a list of detectable flaws which a manufacturer could be expected to identify and remove. This was provided to the 62304 working group by the FDA for consideration during the work on the second edition of 62304.
Read More
This content is only available to Premium and higher subscribers.  See our Subscribe page for information on subscriptions. The pdf at the link provided contains selected templates used in SoftwareCPR training on medical device software standards focused on IEC 62304. These are not intended to be ideal for all situations or comprehensive but are intended to serve...
Read More
This content is only available to Premium and higher subscribers.  See our Subscribe page for information on subscriptions. Slides from a presentation by Molly Ray of SoftwareCPR are at the link provided as a pdf. These slides provide an introduction to pre-market submissions for devices that are, or contain, software. SoftwareCPR Presentation-510k
Read More
This content is only available to Premium and higher subscribers.  See our Subscribe page for information on subscriptions. The attached zip file contains 3 training templates. One is for an example software development SOP, one is a companion software development plan, and one is a template for software risk analysis incorporating the concept of predefined categories of...
Read More
This content is only available to Premium and higher subscribers.  See our Subscribe page for information on subscriptions. The attached pdf is a SoftwareCPR training aide and should not be used blindly to fill in the blanks. It is a partial example of a software risk analysis procedure and report. It is just one partial approach that...
Read More
This content is only available to Premium and higher subscribers.  See our Subscribe page for information on subscriptions. The pdf at the link provided contains a set of FDA reference documents and partial examples used in SoftwareCPR training courses on Validation of Production and Quality System Software and Part 11. This is just a partial set and...
Read More
This content is only available to Premium and higher subscribers.  See our Subscribe page for information on subscriptions. The attached pdf is a training aide and should not be used blindly to fill in the blanks. It is a partial example of Software Design Specification tailored from an IEEE standard. Design Spec - SoftwareCPR Template-Rev3
Read More
This content is only available to Premium and higher subscribers.  See our Subscribe page for information on subscriptions. The attached pdf is a training aide and should not be used blindly to fill in the blanks. It is a partial example of a User Interface Design Specification. UI Design - SoftwareCPR Template-Rev2
Read More
This content is only available to Premium and higher subscribers.  See our Subscribe page for information on subscriptions. The attached pdf is a SoftwareCPR training aide and should not be used blindly to fill in the blanks. It is a partial example for a software requirements specification (SRS) for a small surgical device. SRS-template-embeddev-SoftwareCPRtrainingdocRev2 . . ....
Read More
This content is only available to Premium and higher subscribers.  See our Subscribe page for information on subscriptions. Prepared this example Device Risk Management SOP for the purpose of risk analysis training where the pros and cons could be further discussed.  This example is modeled on the approach required by ISO 14971 and expands on it with...
Read More
This content is only available to Premium and higher subscribers.  See our Subscribe page for information on subscriptions. This reference manual includes select FDA documents as well as SoftwareCPR training aides and checklists that SoftwareCPR uses in its training courses on Validation of Clinical Trials Computer Systems. The PDF is over 2 MB so be patient downloading...
Read More
This content is only available to Premium and higher subscribers.  See our Subscribe page for information on subscriptions. 21 CFR Part 11 is a topic of current focus for FDA and industry.  This manual contains the most important FDA documents related to Part 11 as well as some key SoftwareCPR educational Aides as listed below: This manual...
Read More
This content is only available to Premium and higher subscribers.  See our Subscribe page for information on subscriptions. Crimson Life Sciences which performs language translations for labeling and user interfaces was assessed by Underwriters Laboratory for conformance with the ISO 14971 Medical Device Risk Management standard. The summary of the audit results is available at this link...
Read More
This content is only available to Premium and higher subscribers.  See our Subscribe page for information on subscriptions. Our SoftwareCPR audit checklist for assessing conformance with the FDA Guidance for "Computerized Systems Used in Clinical Trials" can be viewed and downloaded at this link:  ClinicalTrialsSWFullChecklist. This checklist has been updated by Mary Decareau of SoftwareCPR to reflect...
Read More
This content is only available to Premium and higher subscribers.  See our Subscribe page for information on subscriptions. 21 CFR Part 11 is a topic of current focus for FDA and industry. In February 2003 FDA announced a major change in direction regarding Part 11 and withdrew all previous draft Part 11 guidance and the Part 11...
Read More
This content is only available to Premium and higher subscribers.  See our Subscribe page for information on subscriptions. The pdf at the link provided is a reprint of an article entitled "Uses and Misuses of Probability in Medical Device Risk Management" authored by Alan Kusinitz, Managing Partner of SoftwareCPR, for the AAMI Biomedical Instrumentation and Technology journal...
Read More
This content is only available to Premium and higher subscribers.  See our Subscribe page for information on subscriptions. This reference manual includes the following documents in a single pdf with bookmarks and a clickable TOC. Be sure to click bookmarks in adobe so you can jump around the document easily. This pdf contains key FDA software guidances...
Read More
This content is only available to Premium Level and higher subscribers.  See our Subscribe page for information on subscriptions. At a 1-day current regulatory topics session by ASQ held in Needham, MA, on June 16, 2005, Alan Kusinitz, Managing Partner of SoftwareCPR®, gave a presentation on the recent FDA Cybersecurity Guidance and the new revised FDA "Guidance...
Read More
This content is only available to Premium and higher subscribers.  See our Subscribe page for information on subscriptions. The attached document is a reprint of a chapter from an AABB book. The book is titled "Information Technology in Infusion Medicine".  The chapter is on 21 CFR Part 11 Electronic Records;Electronic Signatures and was authored by Alan Kusinitz,...
Read More
This content is only available to Premium and higher subscribers.  See our Subscribe page for information on subscriptions. SoftwareCPR has prepared an audit checklist for assessing compliance with 21 CFR Part 11 Electronic Records and Electronic Signatures regulation.  The checklist is intended for use by expert assessors knowledgeable in the regulation, its preamble, history, and current enforcement...
Read More
This content is only available to Premium and higher subscribers.  See our Subscribe page for information on subscriptions. At AAMI's International Standards Conference on March 11 2003 FDA's CDRH Software Compliance and Part 11 Representative (John Murray) gave the first presentation on FDA's changes in its approach to Part 11.  The slides from this presentation can be...
Read More
This content is only available to Premium Level or higher subscribers.  See our Subscribe page for information on subscriptions. At AAMI's International Standards Conference on March 11 2003 FDA's CDRH Software Compliance Expert and AAMI Software Committee co-chair (John Murray) gave a presentation on FDA's software message and the role standards can play to benefit industry and...
Read More
This content is only available to Premium and higher subscribers.  See our Subscribe page for information on subscriptions. The document at the link provided is a SoftwareCPR training aide on Part 11. It provides information and explanation of the Feb 2003 FDA redirection of its Part 11 regulation. It includes a summary of the areas of Part...
Read More
This content is only available to Premium and higher subscribers.  See our Subscribe page for information on subscriptions. A one page memory jogger for key sections of the Part 11 rule is at the link provided.  This is a SoftwareCPR training and auditing aide. This was updated Feb 2003 to highlight items for which FDA is changing...
Read More
This content is only available to Premium and higher subscribers.  See our Subscribe page for information on subscriptions. SoftwareCPR suggestions for a validation or Part 11 master plan are that it be a high-level plan not providing detailed document or protocol formats. Generally it is best if a master plan is a transient document.  It gets constructed...
Read More
This content is only available to Premium and higher subscribers.  See our Subscribe page for information on subscriptions. The document at the link provided is a SoftwareCPR training aid that provides a partial template with some tips for construction of a handbook/procedure that addresses IT/Network issues regulatory compliance with 21 CFR Part 11 requirements and to support...
Read More
This content is only available to Premium and higher subscribers.  See our Subscribe page for information on subscriptions. 21 CFR Part 11 Electronic Records and Electronic Signatures is a short rule with a lengthy and informative preamble.  The attached training aid provides section of the rule side by side with relevant excerpts of the preamble with some...
Read More
This content is only available to Premium and higher subscribers.  See our Subscribe page for information on subscriptions. The attached document is a SoftwareCPR training aid with commentary and explanation of 21 CFR Part 11 Electronic Records; Electronic Signatures by SoftwareCPR.  Note the date of this document as this is an evolving area. erecordsesigscommentary09012000-346
Read More
Expand your access! Subscribe today!

Corporate Office

+1-781-721-2921
Partners located in the US (CA, FL, MA, MN, TN) and Italy.