Model Based Engineering and Its Integration with Safety Assurance Cases for Medical Device Software



Similar documents
Fundamental Principles of Software Safety Assurance

Accountability Model for Cloud Governance

I S O G AP A N A L Y I S T O O L

Safety Assurance Cases: What the medical device industry is doing

Clinical Risk Management: Agile Development Implementation Guidance

Software-based medical devices from defibrillators

How To Write Software

Quality Risk Management - The Medical Device Experience. Niamh Nolan Principal Design Assurance Engineer Boston Scientific

codebeamer INTLAND SOFTWARE codebeamer Medical ALM Solution is built for IEC62304 compliance and provides a wealth of medical development knowledge

Capability Maturity Model Integration (CMMI SM ) Fundamentals

COTS Validation Post FDA & Other Regulations

Agile Model-Based Systems Engineering (ambse)

Risk Assessment for Medical Devices. Linda Braddon, Ph.D. Bring your medical device to market faster 1

IBM Rational systems and software solutions for the medical device industry

A Risk Management Capability Model for use in Medical Device Companies

Why System Suitability Tests Are Not a Substitute for Analytical Instrument Qualification

The PNC Financial Services Group, Inc. Business Continuity Program

3 Guidance for Successful Evaluations

Quality Management System Process/ Management Review

Standards Initiatives for Software Product Line Engineering and Management within the International Organization for Standardization

AAMI TIR 36: Validation of SW for Regulated Processes. Denise Stearns April 2008

Meeting your Electrical Safety Testing & Quality Requirements

Dependable (Safe/Reliable) Systems. ARO Reliability Workshop Software Intensive Systems

Data Management Maturity Model. Overview

IT Professional Standards. Information Security Discipline. Sub-discipline 605 Information Security Testing and Information Assurance Methodologies

FDA Software Validation-Answers to the Top Five Software Validation Questions

CDC UNIFIED PROCESS PRACTICES GUIDE

MEDICAL DEVICE Cybersecurity.

THE APPLICATION OF A VALUE ASSURANCE SYSTEM TO OIL & GAS DEVELOPMENT PROJECTS (Guido Mattu, Franca Marini)

Implementation of ANSI/AAMI/IEC Medical Device Software Lifecycle Processes.

Why do Project Fail? 42% 37% 27% 26% 24% 24% 0% 10% 20% 30% 40% 50% IBM Software Group Rational software. Source: AberdeenGroup, August 2006

Performance Standards and Test Procedures for Environmental Data Management Software. Martin Lloyd

Software Application Control and SDLC

IT Project Management Methodology. Project Scope Management Support Guide

Towards a Logical Foundation for Assurance Arguments for Plug & Play Systems

The purpose of Capacity and Availability Management (CAM) is to plan and monitor the effective provision of resources to support service requirements.

Safety Risk Management in RT: A Software Manufacturer Perspective

Core Fittings C-Core and CD-Core Fittings

IVD Regulation Overview. Requirements to Assure Quality & Effectiveness

Bidirectional Tracing of Requirements in Embedded Software Development

Spreading the Word on Nuclear Cyber Security

Office for Nuclear Regulation

Requirements engineering

ITIL v3 - Service Transition Lifecycle

How To Write An Slcm Project Plan

unless the manufacturer upgrades the firmware, whereas the effort is repeated.

University of Paderborn Software Engineering Group II-25. Dr. Holger Giese. University of Paderborn Software Engineering Group. External facilities

Cloud Computing in a GxP Environment: The Promise, the Reality and the Path to Clarity

Operational Risk Management - The Next Frontier The Risk Management Association (RMA)

Managing FDA regulatory compliance with IBM Rational solutions

SecSDM: A Model for Integrating Security into the Software Development Life Cycle

Requirements Definition and Management Processes

CMMI KEY PROCESS AREAS

Securing the Microsoft Cloud

Software Quality Management II

KPMG in India s Software testing services Test consulting case studies

TÜV UK Ltd Guidance & Self Evaluation Checklist

Applying 50 years of Aerospace Systems Engineering Lessons Learned to the Oil Field Technical Challenges of Today

Internal Quality Management System Audit Checklist (ISO9001:2015) Q# ISO 9001:2015 Clause Audit Question Audit Evidence 4 Context of the Organization

Overview of how to test a. Business Continuity Plan

Traceability Patterns: An Approach to Requirement-Component Traceability in Agile Software Development

Verification and Validation According to ISO 26262: A Workflow to Facilitate the Development of High-Integrity Software

The PNC Financial Services Group, Inc. Business Continuity Program

Enabling Continuous Delivery by Leveraging the Deployment Pipeline

FINAL DOCUMENT. Implementation of risk management principles and activities within a Quality Management System. The Global Harmonization Task Force

How To Use Risk It

Software Engineering. Session 3 Main Theme Requirements Definition & Management Processes and Tools Dr. Jean-Claude Franchitti

FDA Perspectives on Human Factors in Device Development

Nuclear Safety Council Instruction number IS-19, of October 22 nd 2008, on the requirements of the nuclear facilities management system

OWN RISK AND SOLVENCY ASSESSMENT AND ENTERPRISE RISK MANAGEMENT

Business Continuity Policy

The SPES Methodology Modeling- and Analysis Techniques

Safe%Feed/Safe%Food% Overview of Certification Programs: Why Should a Feed Mill Get Certified?

Product Lifecycle Management for the Pharmaceutical Industry

The Role of Requirements Traceability in System Development

Configuration Management Practices

Requirements Traceability. Mirka Palo

Project Management Certificate (IT Professionals)

Review Protocol Agile Software Development

What is Process Validation?

Ellucian Implementation Methodology. Summary of Project Management and Solution Delivery Phases

Project Risk Management: IV&V as Insurance for Project Success

Software Engineering Compiled By: Roshani Ghimire Page 1

Intland s Medical Template

Certification Report

The Quality Assurance Centre of Excellence

Transcription:

Model Based Engineering and Its Integration with Safety Assurance Cases for Medical Device Software Yi Zhang Ph.D., Paul Jones Office of Science and Engineering Laboratories Center for Devices and Radiological Health Food and Drug Administration March 25 th, 2015

Disclaimer The opinions and information in this presentation are those of the authors, and do not represent the views and/or policies of the U.S. Food and Drug Administration. -1-

Abstract Model based engineering (MBE) has the potential to help medical device manufacturers detect subtle design flaws at early stages of the development lifecycle, and reduce design/implementation errors in the final device. The rigor of the MBE process and derived artifacts can serve to justify the confidence of stakeholders (e.g. internal, third party, and regulatory) in device safety. In particular, artifacts generated through the MBE process are objective, verifiable, and traceable, and hence can be used as evidence in safety assurance cases to facilitate and ease vested stakeholder assessments of device safety. A variety of modeling and verification tools are available to implement the MBE process. These tools vary in their semantics, expressiveness, and verification rigor. Thus, developers have to realize the strength and weakness of these tools, and make reasonable choices. Furthermore, when applied to the design of medical devices, the MBE process has to be integrated with the organization s risk management activities (as specified in ISO-14971), to ensure that all foreseeable risks are adequately addressed and mitigated in the final device. -2-

Model Based Engineering (MBE) of Medical Device Software Requirement Engineering Design Implementation Requirement Solicitation Design Implementation Requirement Document Design Models Automatic Code Generation Final Software Requirement Models Formal Requirement Verification Formal Design Verification Model Based Testing/Verification Verification results could cause re-iteration of previous development activities Trustworthy development artifacts: clearly/unambiguous defined, and demonstrable/verifiable properties Explicit and complete traceability among development artifacts -3-

Safety-Driven Development of Medical Device Software Safety and effectiveness are two primary properties of interest. ISO 14971: Application of risk management to medical devices. All foreseeable risks of the device have to be identified and adequately mitigated. Software mitigation measures have to be correctly implemented and tested; Risks caused by software have to be adequately mitigated. Risk mitigation measures need to be traceable throughout the development artifacts to the final device. -4-

Generic Infusion Pump Project Establish safety-driven MBE methods for generic infusion pump software safety model. Developed a set of generic infusion pump safety reference models that can be used as a reference standard to verify safety properties in difference classes of infusion pumps. Joint effort between FDA and several universities GIP web site (http://rtg.cis.upenn.edu/gip.php3): a repository of software development artifacts for infusion pump software Open contribution for community (manufacturers & academics) to advance the science and practice of developing high-confidence medical device software. -5-

Safety-Driven MBE of Generic Patient Controlled Analgesic Pump (GPCA) Model Common use scenarios and functions of PCA pumps Code Generation (TIMES tool) Model Development Platform- Independent Code Glue Code Common PCA pump hazards GPCA Pump Model (Simulink + UPPAAL) Code-Interfacing Compilation Generic PCA pump safety requirements Model Checking + Instrumentation Based Verification -6- Final software executable Testing

GPCA Pump Development Artifacts Hazards + Generic Safety Requirements GPCA Model + Verification Results (Simulink/Stateflow + UPPAAL) -7- Deployable code + Test cases and results

Lessons Learned Fidelity of design model is bounded by assumptions e.g. use scenarios, user inputs, environment, etc. There is gap between design models and final implementation of the device e.g. computational platform, operational systems Various verification techniques can be used to ensure the correctness and safety of design models Expert review Testing/Simulation/Instrumentation based verification Formal verification (i.e., model checking) Increasing order of rigor vs. increasing order of cost Not all safety/functional requirements can be formally verified * Details can be found in Safety-Assured Development of the GPCA Infusion Pump Software, B. Kim and et al., in proceedings of the 11 th International Conference on Embedded Software (EMSOFT 2011), pages 155-164, October 2011. -8-

MBE and Safety Assurance Cases Safety Assurance Case: structured argument about device safety Claim: Device is safe (ISO 14971: free from unacceptable risk) Argument: Rationale & appeal to evidence justifying the claim Evidence: objective, verifiable, traceable Benefits of using MBE artifacts in Assurance Cases Using MBE processes as arguments & artifacts as evidence can improve the quality and trustworthiness of the claim (i.e. device is safe) Models support mathematical & computational rigor Verification results of models are objective &/measurable Explicit traceability among MBE artifacts helps justify design & development integrity -9-

Safety Assurance Case with MBE Artifacts Claims Claims Claims Arguments Evidence -10-

Questions?

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information