Tag

standards

Standards

20
Jun

Diabetes Tech Society – Standard for Wireless Diabetes Device Security

June 20, 2016
The purpose of DTSec is to establish a standard used to provide a high level of assurance that electronic products for the treatment of diabetes deliver the security protections claimed by their developers and required by their users. Diabetes Tech Society Standard
Read More
05
Apr

FDA Standards Recogniton List Update April 2016

April 5, 2016
http://www.gpo.gov/fdsys/pkg/FR-2016-04-04/html/2016-07467.htm
Read More
08
Mar

ISO 13485:2016 Highlights

March 8, 2016
Click here to view a summary of my highlights and rationale, along with some practical implementation tips for the new ISO 13485:2016:  SoftwareCPR-ISO13485 revision March 2016 highlights Some of the revisions add items included in FDA’s 21 CFR 820 Quality System Regulation such as Design Transfer, Validation of automation of quality system activities, detailed records, and...
Read More
19
Feb

UL/AAMI 2800 Medical Device Interoperability

February 19, 2016
The Final Draft International Standard was approved at the end of 2015 and will be submitted for publication. The standard is expected to be published by the end of March 2016.  A three year transition period has been proposed.
Read More
20
Jan

SoftwareCPR 2016 Standards Outlook

January 20, 2016
Sherman Eagles of SoftwareCPR expects increased standards and regulatory activity related to Software and HealthIT in 2016. Here are some of the areas to watch: IEC 82304-1 Health Software: General requirements for safety will be completed during the first half of 2016. It is intended that this standard be harmonized in the EU, but it...
Read More
04
Jan

62304 Amendment Overview of Changes

January 4, 2016
In July 2015 an amendment was issued to IEC 62304. While this amendment was focused on additions for legacy software and clarifications to the use of risk in safety classification, keep in mind that a number of other smaller changes and additions were made. Some of the more significant ones include: Reduction in the exemptions...
Read More
11
Oct

AAMI TIR57 Medical Device Security Risk Standard Update

October 11, 2015
A committee draft for vote has been circulated for the AAMI TIR 57 Principles for medical device information security risk management. The objective of this TIR is to provide guidance on how medical device manufacturers can manage risks from security threats that could impact the confidentiality, integrity, and/or availability of the device or the information...
Read More
31
Jul

NIST Healthcare Cybersecurity Framework

July 31, 2015
The National Institute of Science of Technology issued Version 1 of its framework for improving cybersecurity for critical infrastructure including health care. The full press release is at the link provided.
Read More
13
Jul

NEMA Medical Image Management SW Guidance

July 13, 2015
The National Electrical Manufacturers Association (NEMA) has published a guidance document on supply chain best practices for electrical equipment and medical imaging manufacturers to minimize the possibility that bugs, malware, viruses, or other exploits can be used to negatively impact product operation. The document is a representation of identified best practices that vendors can implement...
Read More
13
Jul

IEC 62304 first amendment published

July 13, 2015
The first amendment to IEC 62304 amendment has been published as Edition 1.1. You can purchase just the amendment, which notates what has changed, or a consolidated redline version. It is currently available from ANSI or IEC. AAMI will publish it in the near future, although it may be expensive to purchase from AAMI. This amendment mainly focuses...
Read More
06
Jul

SW Security Common Weakness Enumeration

July 6, 2015
The CWE can be a useful reference to use when performing medical device software risk management and security vulnerability analysis. The Common Weakness Enumeration Specification (CWE) provides a common language of discourse for discussing, finding and dealing with the causes of software security vulnerabilities as they are found in code, design, or system architecture. Each...
Read More
25
May

62304 Amendment Status May 2015

May 25, 2015
The ballot on the final draft of the IEC 62304 amendment, which focuses on safety classification and legacy software, closes in May. We expect publication by July, followed by a consolidated version that incorporates the amendment. Adoption by CENELEC as an EN is happening concurrently, so harmonization by the EU should happen late this year...
Read More
04
Mar

AAMI TIR 80001-2-5 Distributed Alarm Systems

March 4, 2015
ANSI/AAMI/IEC TIR80001-2-5:2014 “Application of risk management for IT-networks incorporating medical devices Part 2-5: Application guidance: Guidance on distributed alarm systems” has been published. Sherman Eagles of SoftwareCPR was a co-chair for this.
Read More
04
Feb

Standards Navigator January Report

February 4, 2015,
/docs/scpred/standardsnavigator/SoftwareCPRStandardsNavigatorReport2015-1.pdf
Read More
02
Feb

AAMI HealthIT Quality Management Principles

February 2, 2015
AAMI has filed a Project Initiation Notice with ANSI for a new standard on Application of Quality Management Principles and Practices to Health IT. The notice was published in the ANSI Standards Action publication on January 23. The notice is reproduced below. BSR/AAMI HIT2000-201x, Application of Quality Management Principles and Practices to Health IT Stakeholders:...
Read More
31
Jan

IEC TR 62366 Usability Engineering Guidance

January 31, 2015
A committee draft (CD) of “IEC TR 62366-2: Medical devices – Part 2: Guidance on the application of usability engineering to medical devices” was issued for comment. This technical report provides medical device manufacturers with guidance on how to integrate usability engineering (also called human factors engineering) principles and user interface design practices into their...
Read More
21
Dec

November Standards Navigator Report

December 21, 2014,
/docs/scpred/StandardsNavigator/SoftwareCPRStandardsNavigatorReport2014-11.pdf
Read More
26
Mar

AAMI TIR50 Post-market Use Error Surveillance

March 26, 2014
AAMI TIR50: 2014 “Post-market surveillance of use error management” addresses use error detection for medical devices from the clinical, manufacturer, patient, user, and regulatory perspective. The goal is to provide guidance on how these individuals can best collect, assess, and leverage post-market use error data to mitigate product risk, and to improve product safety and...
Read More
06
Mar

ISO 13485 Medical Devices QMS Draft for Vote

March 6, 2014
There is a new draft for vote of ISO 13485 Medical Devices – Quality Management systems – requirements for regulatory purposes. This version updates the references to ISO 9001 to the 2008 version. Some new requirements include: A requirement for a risk management process has been added in the product realization phase and ISO 14971...
Read More
09
Feb

NIST Cybersecurity Framework

February 9, 2014
NIST received comments on the Preliminary Cybersecurity Framework for improving critical infrastructure cybersecurity and is updating the framework. They have announced that the final version (Version 1.0) will be released on February 13. When it is released, the Final Framework will be posted at NIST.
Read More
12
Jan

H.810 Interoperability for Personal Health Systems

January 12, 2014
The International Telecommunication Union (ITU) has adopted the Continua Design Guidelines (CDG) that contain specifications to ensure the interoperability of devices used for applications monitoring personal health (Recommendation ITU-T H.810 Interoperability design guidelines for personal health systems). ITU-T H.810 is available at the link provided: http://www.itu.int/rec/T-REC-H.810-201312-I
Read More
04
Jan

IEC Evaluation of Risk Management

January 4, 2014
IECEE published Document OD-2044 Ed. 2.2, Evaluation of Risks Management in medical electrical equipment according to IEC 60601-1 and IEC/ISO 80601-1. The procedure intends to provide a uniform approach to the Certification Body Testing Laboratory and Manufacturer on assessment and documentation of compliance with the relevant clauses of IEC 60601 standard series related to the...
Read More
12
Nov

IEC 80002-1 and 80001-1 reconfirmed to 2016

November 12, 2013
IEC 80002-1 “Guidance on the application of ISO 14971 to medical device software” has been reconfirmed with a new stability date of 2016. This means that the document will not change before 2016. The next review to determine if the technical report should be revised will occur in 2015. IEC 80001-1 “Application of risk management...
Read More
06
Aug

FDA Recognizes 25 Networking & Cybersecurity Standards

August 6, 2013
FDA has recognized a total of 25 standards on medical device interoperability and cybersecurity. These standards can be categorized into 3 groups: Risk management standards for a connected and networked environment (IEC 80001 series and ASTM F2761-09) Interoperability standards that establish nomenclature, frameworks, and medical device specific communications, including system and software lifecycle processes (ISO/IEEE...
Read More
12
Jul

NIST draft outline of a cybersecurity framework for critical infrastructure

July 12, 2013
NIST was directed to prepare a cybersecurity framework for critical infrastructure in Presidential Executive Order 13636. Healthcare was identified as one of the areas with critical infrastructure. This draft for comment is only an outline of the framework. NIST_draft_outline_cybersecurity_framework
Read More
25
Apr

ISO 14971 versus the EU Commission

April 25, 2013
The debate over ISO 14971 continues between industry and the European Commission. The joint ISO & IEC working group responsible for ISO 14971 met and determined that ISO 14971 still represents the state of the art for medical device risk management and that no changes were needed, despite the position of the EC that ISO...
Read More
25
Apr

EN 62304 FAQ

April 25, 2013
This document provides answers to questions that have been asked to notified bodies regarding using EN 62304 for regulatory purposes in the EU. FAQ 62304
Read More
21
Apr

SoftwareCPR Mobile App V&V Service

April 21, 2013
Brian Pate of SoftwareCPR now leads our specialized validation services for Mobile Medical Apps (MMApps), including our own simulator-based testing and automated unit and functional testing. For mobile apps that are regulated medical devices, we provide full design control and premarket submission support by compliance and validation experts with specific mobile app technical knowledge that...
Read More
18
Apr

IEC 62304 Revisions and Scope expansion update

April 18, 2013
IEC SC 62A has agreed that the 2nd edition of 62304 will be expanded to cover all Health Software, not just medical devices. In the interim, an amendment will be issued to clarify current safety classification as well as application of 62304 for legacy software (this was originally intended to be done as part of...
Read More
08
Apr

IEC/TR 62348 Assessment

April 8, 2013
IEC/TR 62348 is a technical report that assesses “the impact of the most significant changes in Amendment 1 to IEC 60601-1:2005 and mapping of the clauses of IEC 60601-1:2005 to the previous edition.”  The report is intended to be a tool for manufacturers to understand the impact of Amendment 1:2012 changes to 60601-1 from the...
Read More
28
Dec

AAMI/FDA Device Interoperability Summit Proceedings

December 28, 2012
AAMI and FDA held a two day event Oct 2-3, 2012, as a summit on interoperability. 260 people attended. AAMI has authorized widespread distribution of the proceedings document from this event (see the link provided). Interoperability Summit 2012
Read More
08
Dec

GHTF Guidance on Essential Principles of Safety

December 8, 2012
The Global Harmonization Task Force revision of its guidance on Essential Principles of Safety and Performance of Medical Devices is at the link provided. GHTF Essential Principles. It includes requirements for software that are similar to the European Union’s essential requirements relating to software.
Read More
08
Dec

GHTF Closing Statement

December 8, 2012
The GHTF is ending and will be replaced by a regulator-only organization, the International Medical Device Regulators Forum (IMDRF). This is the closing statement by the GHTF: GHTF-Closing-Statement.
Read More
12
Nov

IEC 62366 CDV-1 Amendment Draft for Review

November 12, 2012
AAMI/CDV-1 62366:2007/A1 (IEC/SC62A/826/CDV) — Medical devices – Application of usability engineering to medical devices, Amendment 1. This amendment is out for comment and addresses legacy user interfaces and 62366 conformance for User Interfaces of Unknown Provenance (UOUP). The 62366 amendment draft can now downloaded free from AAMI. Go to the AAMI web site at the...
Read More
05
Nov

IEC 62304 2nd Edition Draft for Review

November 5, 2012
The first committee draft of the second edition of “IEC 62304 Medical device software life cycle processes” has been circulated internally for comment. Major changes include a revision of how software safety class is determined, which could reduce the tendency towards most software being Class C; clear requirements for legacy software that explain how conformance...
Read More
12
Oct

AAMI/FDA Interoperability Summit presentations

October 12, 2012
Presentations made at the AAMI/FDA Interoperability Summit on October 1-2, 2012, can be found at the link provided. http://www.aami.org/interoperability/presentations
Read More
12
Oct

AAMI/UL collaboration on interoperability standard

October 12, 2012
See the attached press release from AAMI and UL regarding their collaboration to produce a series of interoperability standards. AAMI UL Interoperability Press Release
Read More
27
Sep

AAMI TIR45 Agile Methods Now Available

September 27, 2012
AAMI has published “AAMI TIR45: 2012 Guidance on the use of AGILE practices in the development of medical device software.” FDA staff was involved in development of this guidance for compliant use of Agile methods. The document can be ordered from AAMI.org.
Read More
20
Aug

FDA Standards Recognition Modification Aug 2012

August 20, 2012
FDA issued a list of modifications to its standards recognitions. The link provided is the webpage where FDA posts each modification list.
Read More
10
Aug

AAMI SW87 MDDS Quality System guidance issued

August 10, 2012
The final version of “ANSI/AAMI SW 87:2012 Application of quality management system concepts to medical device data systems” has been published. FDA initiated and participated in this work. Sherman Eagles, Sandy Hedberg, and Molly Ray of SoftwareCPR were on the working group and Alan Kusinitz of SoftwareCPR was a reviewer. SoftwareCPR can provide MDDS developers...
Read More
01
Jul

UK NHS Policy Document on IT

July 1, 2012
This link provides a ten-year strategy document for information technology use in healthcare in England. NHS Power of Information
Read More
01
Jul

MDICC draft concept paper

July 1, 2012
Medical Device Interoperability Coordinating Council draft concept paper is at the link provided. This group is being facilitated by the FDA to encourage interoperability between medical devices. MDICC Draft Concept
Read More
27
Apr

Sherman Eagles wins ACCE award

April 27, 2012
The American College of Clinical Engineering issued its ACCE 2012 Challenge Awards. Sherman Eagles of SoftwareCPR received an award achievement in the field of health technology management for his leadership of the working groups for IEC 80001-1 for risk management of IT networks that incorporate medical devices and the AAMI Medical Device Data System-MDDS/Quality Systems...
Read More
27
Mar

IEC 62366 Fast Track Amendment Proposal

March 27, 2012
A proposal has been made for a fast-track amendment to IEC 62366 related to use with legacy products. Application of “62366 Medical devices – Application of usability engineering to medical devices” to legacy devices has been inconsistent and problematic; this proposal is for a fast track amendment to address what is called User Interface of...
Read More
02
Feb

IOM Report on Health IT and patient Safety

February 2, 2012
The Institute of Medicine report is at the link provided. Health IT and Patient Safety Report
Read More
02
Feb

Manufacturer remote access to medical device

February 2, 2012
For devices where the medical device manufacturer intends to maintain remote access capability for service and updates, controls are needed to ensure this access does not compromise the security or operation of the device. There is one FDA recognized standard that addresses this for clinical laboratory devices, but many of the provisions could be instructive...
Read More
27
Jan

UL 1998 Revisions out for comment

January 27, 2012
The UL 1998 revision comment period ends March 5, 2012. The suggested revisions include: Reducing ambiguity in the applicability of the requirements for Negative Condition Branch failure mode and stress testing Revision of requirements to address the effects of power supply voltage variations Revised formating of Table A2.1 to clarify acceptable measures for each requirement...
Read More
27
Jan

Joint Initiative on SDO Global Health Informatics

January 27, 2012
The Joint Initiative on SDO Global Health Informatics Standardization is formed to enable common, timely health informatics standards by addressing and resolving issues of gaps, overlaps, and counterproductive standardization efforts.
Read More
27
Oct

IEC Software and Network Advisory Group

October 27, 2011
IEC Technical Committee 62 established a Software and Network Advisory Group at its meeting in September. Sherman Eagles of SoftwareCPR was named chair of this 7-member international advisory group. The purpose of the group is to advise the TC Chairman and other TC and sub-committee officers on the need for software standards for medical devices,...
Read More
22
Sep

2011-2012 Health & Medical Device SW Standards Update

September 22, 2011
SoftwareCPR participates in standards development and provides a premium subscription to provide additional insight and access to the development of new standards. The link, In Play 2011-09, is to one of Standards Navigator subscriber documents titled, “In play: The changing health and medical device software standards landscape.” This is updated regularly and includes the changes and new standards...
Read More
1 2 3 4

SoftwareCPR Training Courses:

IEC 62304 and other emerging standards for Medical Device and HealthIT Software

Our flagship course for preparing regulatory, quality, engineering, operations, and others for the activities and documentation expected for IEC 62304 conformance and for FDA expectations. The goal is to educate on the intent and purpose so that the participants are able to make informed decisions in the future.  Focus is not simply what the standard says, but what is meant and discuss examples and approaches one might implement to comply.  Special deep discount pricing available to FDA attendees and other regulators.

3-days onsite with group exercises, quizzes, examples, Q&A.

Instructor: Brian Pate

Next public offering:  TBD

Email training@softwarecpr.com to request a special pre-registration discount.  Limited number of pre-registration coupons.

Registration Link:

TBD

 

 

Being Agile & Yet Compliant (Public or Private)

Our SoftwareCPR unique approach to incorporating agile and lean engineering to your medical device software process training course is now open for scheduling!

  • Agile principles that align well with medical
  • Backlog management
  • Agile risk management
  • Incremental and iterative software development lifecycle management
  •  Frequent release management
  • And more!

2-days onsite (4 days virtual) with group exercises, quizzes, examples, Q&A.

Instructors: Mike Russell, Ron Baerg

Next public offering: March 7 & 28, 2024

Virtual via Zoom

Registration Link:

Register Now

 

 

Medical Device Cybersecurity (Public or Private)

This course takes a deep dive into the US FDA expectations for cybersecurity activities in the product development process with central focus on the cybersecurity risk analysis process. Overall approach will be tied to relevant standards and FDA guidance documentation. The course will follow the ISO 14971:2019 framework for overall structure but utilize IEC 62304, IEC 81001-5-1, and AAMI TIR57 for specific details regarding cybersecurity planning, risk characterization, threat modeling, and control strategies.

2-days onsite with group exercises, quizzes, examples, Q&A.

Instructor: Dr Peter Rech, 2nd instructor (optional)

Next public offering:  TBD

Corporate Office

15148 Springview St.
Tampa, FL 33624
USA
+1-781-721-2921
office@softwarecpr.com
Partners located in the US (CA, FL, MA, MN, TX) and Canada.