Medical Device Software Verification, Validation, and Compliance

Transcription

1 Medical Device Software Verification, Validation, and Compliance David A. Vogel ARTECH HOUSE BOSTON LONDON artechhouse.com

2 Contents Preface The Author's Background and Perspective of Validation Acknowledgments xvii xvii xxi Background 1 CHAPTER 1 The Evolution of Medical Device Software Validation and the Need for This Book 3 The Evolution of Validation in the Medical Device Industry 3 Building a Language to Discuss Validation 4 Terminology is the Foundation 5 Correct Versus Consistent Terminology 6 Terminology Need Not Be Entertaining 7 Risk Management and Validation of Medical Device Software 8 About This Book 8 Goals of This Book 9 Intended Audience 10 Are You Wasting Time? 12 References 12 \_П/А1 I Li\ Z. Regulatory Background 13 The FDA: 1906 Through The FDA Today (2009) 16 How the FDA Assures Safety, Efficacy, and Security 17 Quality System Regulations and Design Controls 20 Understanding How Regulation Relates to Getting the Job Done 22 Medical Devices Sold Outside the United States 24 References 25

3 VIII Contents CHAPTER 3 The FDA Software Validation Regulations and Why You Should Validate Software Anyway Why the FDA Believes Software Should Be Validated Therac 25 Building Confidence The Validation Regulations Why You Should Validate Software Anyway References CHAPTER 4 Organizational Considerations for Software Validation Regulatory Basis of Organizational Responsibility A Model for Quality Systems Roles, Responsibilities and Goals for the Quality System The Structure of the Quality System Quality System Processes Quality System Procedures Thinking Analytically About Responsibility Untangling Responsibilities, Approvals, and Signatures What Happened to the Author? The Meaning of Approval: What That Signature Means So, What Could Go Wrong with a Design Control Quality System? What Happened? Designing Streamlined RR&A Requirements for the Quality System Fixing the Problem: Designing a Value-Added Approval/Signature Process Regulatory Basis for Treating Approvals and Signatures Seriously Reference CHAPTER 5 The Software (Development) Life Cycle What Is a Software Life Cycle? Software Validation and SDLCs: The Regulatory Basis Why Are Software Development Life Cycle Models Important? What Do Different Software Development Life Cycle Models Look Like? Waterfall and Modified Waterfall Sashimi Modified Waterfall Model Spiral Model Extreme Programming: Agile Development Models How Do You Know What Life Cycle Model to Choose? How Do Software Development Life Cycles Relate to the Quality System? The ANSI/AAMI/IEC 62304:2006 Standard An Organization for the Remainder of This Book Reference

4 CHAPTER 6 Verification and Validation: What They Are, What They Are Not 75 What Validation is NOT 75 Validation and Its Relationship to Verification and Testing 76 Software Validation According to Regulatory Guidance 79 Can Other Definitions of Validation Be Used? 81 User Needs and Intended Uses 82 Software Verification According to Regulatory Guidance 82 How Design Controls, Verification, and Validation Are Related 84 Validation Commensurate with Complexity and Risk 85 Is All Validation Created Equal? 87 Reference 87 CHAPTER 7 The Life Cycle Approach to Software Validation 89 Validation and Life Cycles 90 Combined Development and Validation Waterfall Life Cycle Model 91 A Validation Life Cycle Model 93 The Generic or Activity Track Life Cycle Model 95 Life Cycles and Industry Standards 102 Final Thoughts on Selecting an Appropriate Life Cycle Model 103 References 103 CHAPTER 8 Supporting Activities that Span the Life Cycle: Risk Management 105 Introduction to Activities Spanning the Life Cycle 105 Risk Management 106 Risk in the Regulations and Guidance Documents 107 ISO 14971: Application of Risk Management to Medical Devices 108 AAMI's TIR32:2004: Medical Device Software Risk Management 110 Risk and the IEC Standard on Life Cycle Processes 111 IEC/TR : Application of to Medical Device Software 112 The Risk Management Process 112 The Language of Risk Management 113 Risk Management Outputs 114 The Risk Management Plan 114 The Risk Management File 115 Risk Management Concepts and Definitions 115 Risk Management Activities 117 Risk Analysis 117 Qualitative Probability Analysis 122 Ignoring Probability 123 Qualitative Probabilities 123 Risk Evaluation 129 Risk Control 130 Overall Residual Risk Evaluation 134

5 Contents Summary 140 References 141 CHAPTER 9 Other Supporting Activities: Planning, Reviews, Configuration Management, and Defect Management 143 Planning 143 Design and Development Planning 143 Why Planning Is Important 144 How Many Plans Are Required? 145 Plan Structure and Content 147 What Does a Plan Look Like? 148 Evolving the Plan 152 Configuration Management 153 Regulatory Background 153 Why Configuration Management? 154 What Goes into a Configuration Management Plan? 155 Defect (and Issue) Management 160 Regulatory Background 161 Why Defect Management Plans and Procedures Are Important 161 Relationship to Configuration (Change) Management 161 Planning for Defect Management 165 Reviews 167 Regulatory Background 167 Why the Focus on Reviews? 168 What Is Meant by a Review? 171 Who Should Be Participating in the Reviews? 172 How Reviews Are Conducted 173 Traceability 177 Why Traceability? 177 Regulatory Background 178 Traceability Beyond the Regulatory Guidance 182 Practical Considerations: How It Is Done 185 Trace Tools 185 Trace Mapping 188 Can Traceability Be Overdone? 189 References 189 Validation of Medical Device Software 191 CHAPTER 10 The Concept Phase Activities 193 The Concept Phase 193 Regulatory Background 194 Why a System Requirements Specification Is Needed 195 Validation Activities During the Concept Phase 196

6 Contents XI Make or Buy? Should Off-the-Shelf (OTS) Software Be Part of the Device? 198 The System Requirements Specification 200 Who Is the Intended Audience? 200 What Information Belongs in an SyRS? 201 How Are System Requirements Gathered? 204 Further Reading 205 Select Bibliography 205 The Software Requirements Phase Activities 207 Introduction 208 Regulatory Background 208 Why Requirements Are So Important 210 The Role of Risk Management During Requirements Development 214 Who Should Write the Software Requirements? 215 The Great Debate: What Exactly Is a Requirement? 217 Anatomy of a Requirement 219 How Good Requirements Are Written 223 Summary 231 References 231 CHAPTER 12 The Design and Implementation Phase Activities 233 Introduction 233 Regulatory Background 234 Validation Tasks Related to Design Activities 236 The Software Design Specification (Alias the Software Design Description) 236 Evaluations and Design Reviews 239 Communication Links 239 Traceability Analysis 240 Risk Management 246 Validation Tasks Related to Implementation Activities 247 Coding Standards and Guidelines 248 Reuse of Preexisting Software Components 248 Documentation of Compiler Outputs 249 Static Analysis 250 References 251 CHAPTER 13 The Testing Phase Activities 253 Introduction 253 Regulatory Background 253 Why We Test Software 255 Defining Software Testing 256 Testing Versus Exercising 257 The Psychology of Testing 258

7 XII Contents Levels of Testing 260 Unit-Level Testing 261 Unit-Level Testing and Path Coverage 263 McCabe Cyclomatic Complexity Metric and Path Coverage 263 Other Software Complexity Metrics and Unit Test Prioritization 267 Integration-Level Testing 267 Device Communications Testing 269 System-Level Software Testing 272 System-Level Verification Testing Versus Validation Testing 274 Testing Methods 275 Equivalence Class Testing 276 Boundary Value Testing 279 Calculations and Accuracy Testing 282 Error Guess Testing 286 Ad Hoc Testing 287 Captured Defect Testing 288 Other Test Methods 289 Test Designs, Test Cases, and Test Procedures 290 Managing Testing 295 The Importance of Randomness 295 Independence 296 Informal Testing 297 Formal Testing 298 Regression Testing 300 Automated Testing 302 Summary 303 References 304 Select Bibliography 304 CHAPTER 14 The Maintenance Phase Validation Activities 305 Introduction 305 A Model for Maintenance Activities 308 Software Release Activities: Version n 309 Collection of Post-Market Data 312 Process and Planning 313 Sources of Post-Market Data 313 Analysis 315 The Maintenance Software Development Life Cycle(s) 318 Software Development and Validation Activities 320 Software Release Activities: Version n References 321 Validation of Nondevice Software 323

8 (-ontents XIII CHAPTER 15 Validating Automated Process Software: Background 325 Introduction 325 Regulatory Background 326 Nondevice Software Covered by These Regulations 330 Factors that Determine the Nondevice Software Validation Activities 332 Level of Control 332 Type of Software 334 Source of the Software 334 Other Factors That Influence Validation 335 Risk 336 Size and Complexity 336 Intended Use 336 Confidence in the Source of the Software 337 Intended Users 337 Industry Guidance 340 AAMI TIR36:2007: Validation of Software for Regulated Processes 341 GAMP 5: Good Automated Manufacturing Practice 341 Who Should Be Validating Nondevice Software? 342 Reference 343 CHAPTER 16 Planning Validation for Nondevice Software 345 Introduction 345 Choosing Validation Activities 346 Do-It-Yourself Validation or Validation for Nonsoftware Engineers 347 The Nondevice Software Validation Spectrum 349 Life Cycle Planning of Validation 350 The Nondevice Software Validation Toolbox 352 Product Selection 354 Supplier Selection 354 Known Issue Analysis 355 Safety in Numbers 355 Third-Party Validation 356 Output Verification 357 Backup, Recovery, and Contingency Planning 358 Security Measures 359 Training 360 The Validation Plan 360 Reference 361 CHAPTER 17 Intended Use and the Requirements for Fulfilling Intended Use 363 Introduction 363 Intended Use 364 Why It Is Necessary to State Intended Use 364 Intended Use and Validation of Nondevice Software 365

9 XIV Contents Contents of a Statement of Intended Use 365 Determining Intended Use 366 Requirements for Fulfilling the Intended Use 369 Requirements for Custom-Developed Software 369 Requirements for Acquired Software 370 Information Content of Requirements 370 Example: Intended Use and Requirements for Validation of a Text Editor 372 CHAPTER 18 Risk Management and Configuration Management of Nondevice Software Activities that Span the Life Cycle 375 Risk Management 375 Applying the Risk Management Process to Nondevice Software 375 Harm 376 Risk, Severity, and Probability 378 Managing the Risk 382 Controlling the Process to Reduce Risk 383 Risk Acceptability 383 Detectability 387 Configuration Management for Nondevice Software 387 Why Configuration Management Is Important 388 Configuration Management Planning 389 Configuration Management Activities 391 References 392 CHAPTER 19 Nondevice Testing Activities to Support Validation 393 Why Test Why Not To Test 393 Testing as a Risk Control Measure 395 Regulatory Realities 395 Testing Software That Is Acquired for Use 396 IQ, OQ, and PQ Testing 397 Validation of Part 11 Regulated Software 399 Summary 400 CHAPTER 20 Nondevice Software Maintenance and Retirement Activities 401 Maintenance Activities 401 Release Activities 402 Post-Release Monitoring 403 Risk Analysis and Risk Management 404 Security 405 Retirement of Software 406 About the Author 409 Index 411