Medical Device Software Verification, Validation, and Compliance



Similar documents
Medical Device Software Verification, Validation, and Compliance

How To Validate Software

General Principles of Software Validation; Final Guidance for Industry and FDA Staff

State of Medical Device Development State of Medical Device Development seapine.com 1

INTRODUCTION. This book offers a systematic, ten-step approach, from the decision to validate to

SOFTWARE TESTING AS A SERVICE

AAMI TIR 36: Validation of SW for Regulated Processes. Denise Stearns April 2008

Validate it? I just want to use it! Sound

Using TechExcel s DevSuite to Achieve FDA Software Validation Compliance For Medical Software Device Development

Implementation of ANSI/AAMI/IEC Medical Device Software Lifecycle Processes.

CONTENTS. List of Tables List of Figures

SOFTWARE TESTING. A Craftsmcm's Approach THIRD EDITION. Paul C. Jorgensen. Auerbach Publications. Taylor &. Francis Croup. Boca Raton New York

for Research and Guiding Innovation for Positive R&D Outcomes Lory Mitchell Wingate

Formal Software Testing. Terri Grenda, CSTE IV&V Testing Solutions, LLC

C ONTENTS. Acknowledgments

The purpose of Capacity and Availability Management (CAM) is to plan and monitor the effective provision of resources to support service requirements.

How To Write Software

Management. Project. Software. Ashfaque Ahmed. A Process-Driven Approach. CRC Press. Taylor Si Francis Group Boca Raton London New York

Measurement Information Model

Improved Software Testing Using McCabe IQ Coverage Analysis

<name of project> Software Project Management Plan

Integrity 10. Curriculum Guide

Application of software product quality international standards through software development life cycle

Engineering. Software. Eric J. Braude. Michael E. Bernstein. Modern Approaches UNIVERSITATSBIBLIOTHEK HANNOVER ' TECHNISCHE INFORM ATIONSBIBLIOTHEK

Software Test Plan (STP) Template

Effective Software Verification for Medical Devices

Medical Device Software Standards for Safety and Regulatory Compliance

PAPER-6 PART-5 OF 5 CA A.RAFEQ, FCA

Contents. Introduction and System Engineering 1. Introduction 2. Software Process and Methodology 16. System Engineering 53

The Software. Audit Guide. ASQ Quality Press. Milwaukee, Wisconsin. John W. Helgeson

Computer System Validation - It s More Than Just Testing

CHAPTER 7 Software Configuration Management

Requirements Engineering

Measuring Data Quality for Ongoing Improvement

Software-based medical devices from defibrillators

Testing of safety-critical software some principles

SECOND EDITION THE SECURITY RISK ASSESSMENT HANDBOOK. A Complete Guide for Performing Security Risk Assessments DOUGLAS J. LANDOLL

MHRA GMP Data Integrity Definitions and Guidance for Industry March 2015

I. General Knowledge, Conduct, and Ethics (16 Questions)

Considerations When Validating Your Analyst Software Per GAMP 5

Enabling Continuous Delivery by Leveraging the Deployment Pipeline

The Cloud in Regulatory Affairs - Validation, Risk Management and Chances -

COTS Validation Post FDA & Other Regulations

OPERATIONAL STANDARD

Software Development Process

This interpretation of the revised Annex

Mining Metrics to Predict Component Failures

Validating Enterprise Systems: A Practical Guide

CDC UNIFIED PROCESS JOB AID

Guidance for Industry COMPUTERIZED SYSTEMS USED IN CLINICAL TRIALS

MHRA GMP Data Integrity Definitions and Guidance for Industry January 2015

The Configuration Management process area involves the following:

Risk Assessment for Medical Devices. Linda Braddon, Ph.D. Bring your medical device to market faster 1

Software Engineering for LabVIEW Applications

Fundamentals of Measurements

Leveraging CMMI framework for Engineering Services

Implementation. Business-Driven IT-Wide Agile (Scrum) and Kanban (Lean) Andrew T. Pham and David K. Pham. An Action Guide for Business and IT Leaders

Introduction of ISO/DIS (ISO 26262) Parts of ISO ASIL Levels Part 6 : Product Development Software Level

Module 10. Coding and Testing. Version 2 CSE IIT, Kharagpur

GAMP5 - a lifecycle management framework for customized bioprocess solutions

Karunya University Dept. of Information Technology

MKS Integrity & CMMI. July, 2007

IMPROVEMENT THE PRACTITIONER'S GUIDE TO DATA QUALITY DAVID LOSHIN

ISCT Cell Therapy Liaison Meeting AABB Headquarters in Bethesda, MD. Regulatory Considerations for the Use of Software for Manufacturing HCT/P

Risk-Based Validation of Computer Systems Used In FDA-Regulated Activities

CONTENTS Preface xv 1 Introduction

The FDA requires medical-device manufacturers

The SaaS LMS and Total Cost of Ownership in FDA-Regulated Companies

GAMP 4 to GAMP 5 Summary

Certified Software Quality Engineer (CSQE) Body of Knowledge

DRAFT REGULATORY GUIDE

Introduction into IEC Software life cycle for medical devices

How to Write a Software Process Procedures and Policy Manual for YOUR COMPANY

Configuration. Management for. Senior Managers. Essential Product Configuration. and Lifecycle Management

Software Factories: Assembling Applications with Patterns, Models, Frameworks, and Tools

Feature. A Higher Level of Governance Monitoring IT Internal Controls. Controls tend to degrade over time and between audits.

Software Engineering Introduction & Background. Complaints. General Problems. Department of Computer Science Kent State University

Environmental and Material Flow Cost Accounting

Governance Simplified

GAMP 5 and the Supplier Leveraging supplier advantage out of compliance

Driving Quality Improvement and Reducing Technical Debt with the Definition of Done

THE COMPLETE PROJECT MANAGEMENT METHODOLOGY AND TOOLKIT

Design of Enterprise Systems

AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO

A Risk Based Thinking Model for ISO 9001:2015

Considerations for validating SDS Software v2.x Enterprise Edition for the 7900HT Fast Real-Time PCR System per the GAMP 5 guide

Testing Automated Manufacturing Processes

When COTS is not SOUP Commercial Off-the-Shelf Software in Medical Systems. Chris Hobbs, Senior Developer, Safe Systems

From Agile by Design. Full book available for purchase here.

Frank Tsui. Orlando Karam. Barbara Bernal. State. University. Polytechnic. Ail of Southern JONES & BARTLETT LEARNING

Software Testing Interview Questions

Design Specification for IEEE Std 1471 Recommended Practice for Architectural Description IEEE Architecture Working Group 0 Motivation

CHAPMAN & HALL/CRC INNOVATIONS IN SOFTWARE ENGINEERING AND SOFTWARE DEVELOPMENT. Software Test Attacks to Break Mobile and Embedded Devices

FSW QA Testing Levels Definitions

QUALITY CONTROL AND QUALITY ASSURANCE IN CLINICAL RESEARCH

Comprehensive Review and Implementation of Risk Management Processes in Software Development

Transcription:

Medical Device Software Verification, Validation, and Compliance David A. Vogel ARTECH HOUSE BOSTON LONDON artechhouse.com

Contents Preface The Author's Background and Perspective of Validation Acknowledgments xvii xvii xxi Background 1 CHAPTER 1 The Evolution of Medical Device Software Validation and the Need for This Book 3 The Evolution of Validation in the Medical Device Industry 3 Building a Language to Discuss Validation 4 Terminology is the Foundation 5 Correct Versus Consistent Terminology 6 Terminology Need Not Be Entertaining 7 Risk Management and Validation of Medical Device Software 8 About This Book 8 Goals of This Book 9 Intended Audience 10 Are You Wasting Time? 12 References 12 \_П/А1 I Li\ Z. Regulatory Background 13 The FDA: 1906 Through 1990 13 The FDA Today (2009) 16 How the FDA Assures Safety, Efficacy, and Security 17 Quality System Regulations and Design Controls 20 Understanding How Regulation Relates to Getting the Job Done 22 Medical Devices Sold Outside the United States 24 References 25

VIII Contents CHAPTER 3 The FDA Software Validation Regulations and Why You Should Validate Software Anyway Why the FDA Believes Software Should Be Validated Therac 25 Building Confidence The Validation Regulations Why You Should Validate Software Anyway References CHAPTER 4 Organizational Considerations for Software Validation Regulatory Basis of Organizational Responsibility A Model for Quality Systems Roles, Responsibilities and Goals for the Quality System The Structure of the Quality System Quality System Processes Quality System Procedures Thinking Analytically About Responsibility Untangling Responsibilities, Approvals, and Signatures What Happened to the Author? The Meaning of Approval: What That Signature Means So, What Could Go Wrong with a Design Control Quality System? What Happened? Designing Streamlined RR&A Requirements for the Quality System Fixing the Problem: Designing a Value-Added Approval/Signature Process Regulatory Basis for Treating Approvals and Signatures Seriously Reference CHAPTER 5 The Software (Development) Life Cycle What Is a Software Life Cycle? Software Validation and SDLCs: The Regulatory Basis Why Are Software Development Life Cycle Models Important? What Do Different Software Development Life Cycle Models Look Like? Waterfall and Modified Waterfall Sashimi Modified Waterfall Model Spiral Model Extreme Programming: Agile Development Models How Do You Know What Life Cycle Model to Choose? How Do Software Development Life Cycles Relate to the Quality System? The ANSI/AAMI/IEC 62304:2006 Standard An Organization for the Remainder of This Book Reference

CHAPTER 6 Verification and Validation: What They Are, What They Are Not 75 What Validation is NOT 75 Validation and Its Relationship to Verification and Testing 76 Software Validation According to Regulatory Guidance 79 Can Other Definitions of Validation Be Used? 81 User Needs and Intended Uses 82 Software Verification According to Regulatory Guidance 82 How Design Controls, Verification, and Validation Are Related 84 Validation Commensurate with Complexity and Risk 85 Is All Validation Created Equal? 87 Reference 87 CHAPTER 7 The Life Cycle Approach to Software Validation 89 Validation and Life Cycles 90 Combined Development and Validation Waterfall Life Cycle Model 91 A Validation Life Cycle Model 93 The Generic or Activity Track Life Cycle Model 95 Life Cycles and Industry Standards 102 Final Thoughts on Selecting an Appropriate Life Cycle Model 103 References 103 CHAPTER 8 Supporting Activities that Span the Life Cycle: Risk Management 105 Introduction to Activities Spanning the Life Cycle 105 Risk Management 106 Risk in the Regulations and Guidance Documents 107 ISO 14971: Application of Risk Management to Medical Devices 108 AAMI's TIR32:2004: Medical Device Software Risk Management 110 Risk and the IEC 62304 Standard on Life Cycle Processes 111 IEC/TR 80002-1: Application of 14971 to Medical Device Software 112 The Risk Management Process 112 The Language of Risk Management 113 Risk Management Outputs 114 The Risk Management Plan 114 The Risk Management File 115 Risk Management Concepts and Definitions 115 Risk Management Activities 117 Risk Analysis 117 Qualitative Probability Analysis 122 Ignoring Probability 123 Qualitative Probabilities 123 Risk Evaluation 129 Risk Control 130 Overall Residual Risk Evaluation 134

Contents Summary 140 References 141 CHAPTER 9 Other Supporting Activities: Planning, Reviews, Configuration Management, and Defect Management 143 Planning 143 Design and Development Planning 143 Why Planning Is Important 144 How Many Plans Are Required? 145 Plan Structure and Content 147 What Does a Plan Look Like? 148 Evolving the Plan 152 Configuration Management 153 Regulatory Background 153 Why Configuration Management? 154 What Goes into a Configuration Management Plan? 155 Defect (and Issue) Management 160 Regulatory Background 161 Why Defect Management Plans and Procedures Are Important 161 Relationship to Configuration (Change) Management 161 Planning for Defect Management 165 Reviews 167 Regulatory Background 167 Why the Focus on Reviews? 168 What Is Meant by a Review? 171 Who Should Be Participating in the Reviews? 172 How Reviews Are Conducted 173 Traceability 177 Why Traceability? 177 Regulatory Background 178 Traceability Beyond the Regulatory Guidance 182 Practical Considerations: How It Is Done 185 Trace Tools 185 Trace Mapping 188 Can Traceability Be Overdone? 189 References 189 Validation of Medical Device Software 191 CHAPTER 10 The Concept Phase Activities 193 The Concept Phase 193 Regulatory Background 194 Why a System Requirements Specification Is Needed 195 Validation Activities During the Concept Phase 196

Contents XI Make or Buy? Should Off-the-Shelf (OTS) Software Be Part of the Device? 198 The System Requirements Specification 200 Who Is the Intended Audience? 200 What Information Belongs in an SyRS? 201 How Are System Requirements Gathered? 204 Further Reading 205 Select Bibliography 205 The Software Requirements Phase Activities 207 Introduction 208 Regulatory Background 208 Why Requirements Are So Important 210 The Role of Risk Management During Requirements Development 214 Who Should Write the Software Requirements? 215 The Great Debate: What Exactly Is a Requirement? 217 Anatomy of a Requirement 219 How Good Requirements Are Written 223 Summary 231 References 231 CHAPTER 12 The Design and Implementation Phase Activities 233 Introduction 233 Regulatory Background 234 Validation Tasks Related to Design Activities 236 The Software Design Specification (Alias the Software Design Description) 236 Evaluations and Design Reviews 239 Communication Links 239 Traceability Analysis 240 Risk Management 246 Validation Tasks Related to Implementation Activities 247 Coding Standards and Guidelines 248 Reuse of Preexisting Software Components 248 Documentation of Compiler Outputs 249 Static Analysis 250 References 251 CHAPTER 13 The Testing Phase Activities 253 Introduction 253 Regulatory Background 253 Why We Test Software 255 Defining Software Testing 256 Testing Versus Exercising 257 The Psychology of Testing 258

XII Contents Levels of Testing 260 Unit-Level Testing 261 Unit-Level Testing and Path Coverage 263 McCabe Cyclomatic Complexity Metric and Path Coverage 263 Other Software Complexity Metrics and Unit Test Prioritization 267 Integration-Level Testing 267 Device Communications Testing 269 System-Level Software Testing 272 System-Level Verification Testing Versus Validation Testing 274 Testing Methods 275 Equivalence Class Testing 276 Boundary Value Testing 279 Calculations and Accuracy Testing 282 Error Guess Testing 286 Ad Hoc Testing 287 Captured Defect Testing 288 Other Test Methods 289 Test Designs, Test Cases, and Test Procedures 290 Managing Testing 295 The Importance of Randomness 295 Independence 296 Informal Testing 297 Formal Testing 298 Regression Testing 300 Automated Testing 302 Summary 303 References 304 Select Bibliography 304 CHAPTER 14 The Maintenance Phase Validation Activities 305 Introduction 305 A Model for Maintenance Activities 308 Software Release Activities: Version n 309 Collection of Post-Market Data 312 Process and Planning 313 Sources of Post-Market Data 313 Analysis 315 The Maintenance Software Development Life Cycle(s) 318 Software Development and Validation Activities 320 Software Release Activities: Version n + 1 321 References 321 Validation of Nondevice Software 323

(-ontents XIII CHAPTER 15 Validating Automated Process Software: Background 325 Introduction 325 Regulatory Background 326 Nondevice Software Covered by These Regulations 330 Factors that Determine the Nondevice Software Validation Activities 332 Level of Control 332 Type of Software 334 Source of the Software 334 Other Factors That Influence Validation 335 Risk 336 Size and Complexity 336 Intended Use 336 Confidence in the Source of the Software 337 Intended Users 337 Industry Guidance 340 AAMI TIR36:2007: Validation of Software for Regulated Processes 341 GAMP 5: Good Automated Manufacturing Practice 341 Who Should Be Validating Nondevice Software? 342 Reference 343 CHAPTER 16 Planning Validation for Nondevice Software 345 Introduction 345 Choosing Validation Activities 346 Do-It-Yourself Validation or Validation for Nonsoftware Engineers 347 The Nondevice Software Validation Spectrum 349 Life Cycle Planning of Validation 350 The Nondevice Software Validation Toolbox 352 Product Selection 354 Supplier Selection 354 Known Issue Analysis 355 Safety in Numbers 355 Third-Party Validation 356 Output Verification 357 Backup, Recovery, and Contingency Planning 358 Security Measures 359 Training 360 The Validation Plan 360 Reference 361 CHAPTER 17 Intended Use and the Requirements for Fulfilling Intended Use 363 Introduction 363 Intended Use 364 Why It Is Necessary to State Intended Use 364 Intended Use and Validation of Nondevice Software 365

XIV Contents Contents of a Statement of Intended Use 365 Determining Intended Use 366 Requirements for Fulfilling the Intended Use 369 Requirements for Custom-Developed Software 369 Requirements for Acquired Software 370 Information Content of Requirements 370 Example: Intended Use and Requirements for Validation of a Text Editor 372 CHAPTER 18 Risk Management and Configuration Management of Nondevice Software Activities that Span the Life Cycle 375 Risk Management 375 Applying the 14971 Risk Management Process to Nondevice Software 375 Harm 376 Risk, Severity, and Probability 378 Managing the Risk 382 Controlling the Process to Reduce Risk 383 Risk Acceptability 383 Detectability 387 Configuration Management for Nondevice Software 387 Why Configuration Management Is Important 388 Configuration Management Planning 389 Configuration Management Activities 391 References 392 CHAPTER 19 Nondevice Testing Activities to Support Validation 393 Why Test Why Not To Test 393 Testing as a Risk Control Measure 395 Regulatory Realities 395 Testing Software That Is Acquired for Use 396 IQ, OQ, and PQ Testing 397 Validation of Part 11 Regulated Software 399 Summary 400 CHAPTER 20 Nondevice Software Maintenance and Retirement Activities 401 Maintenance Activities 401 Release Activities 402 Post-Release Monitoring 403 Risk Analysis and Risk Management 404 Security 405 Retirement of Software 406 About the Author 409 Index 411

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information