Wednesday 20 September 2017
By Mitch on Wednesday 20 September 2017, 17:48
A reader of the post on IEC 62304 Amd1 2015 noticed in the comments that the sentence in section 4.3.a was removed:
If the HAZARD could arise from a failure of the SOFTWARE SYSTEM to behave as specified, the probability of such failure shall be assumed to be 100 percent.
Don't be too quick to scratch the 100 percent thing!
The dreadful 100 percent is still present in the informative Annex B.4.3.
Even if it is no more in the normative part, you shall continue to bear in mind this assumption when assessing software risks. The underlying concept is that it's not possible to assess probability of software failure, thus the worst case shall be considered.
This is the state-of-the-art, present in ISO 14971, in IEC 80002-1, in IEC 62304, and in the FDA Guidance for the Content of Premarket Submissions for Software Contained in Medical Devices.
100% probability is not dead!
By Mitch on Wednesday 20 September 2017, 14:18 - Standards
While the FDA continues to update periodically and reliably the list of recognized standards (last update in August 2017), the European Commission hasn't updated the list of harmonized standards since may 2016.
Monday 3 July 2017
By Mitch on Monday 3 July 2017, 14:06 - Regulations
We continue this series of posts on cybersecurity with some comments on impacts of cybersecurity on the software development documentation.
Tuesday 16 May 2017
By Mitch on Tuesday 16 May 2017, 22:34 - Misc
If you are a regular visitor of this blog, you noticed that almost three months elapsed between the last two articles on cybersecurity.
That's not what I planned.
The time dedicated to this blog was totally swallowed by the other facets of my job. Namely filling the gap between the current level of compliance of manufacturers, and the new expectations of notified bodies and regulatory authorities in the European Union. The bar has been raised!
It gives you a sense of what we're getting into with the new MDR.
By Mitch on Tuesday 16 May 2017, 21:53 - Standards
After a long pause, we continue this series about cybersecurity in medical devices with a discussion on AAMI TIR57:2016 Principles for medical device security — Risk management.
Saturday 6 May 2017
By Mitch on Saturday 6 May 2017, 10:59 - Regulations
The Medical Device Regulation and In-Vitro Device Regulation have been published the 5th May 2017!
See the Official Journal of the EU.
Friday 10 February 2017
By Mitch on Friday 10 February 2017, 14:20 - Regulations
By Mitch on Friday 10 February 2017, 14:19 - Regulations
Monday 2 January 2017
By Mitch on Monday 2 January 2017, 23:04
Happy New Year!
Thank-you for your loyalty!
Tuesday 20 December 2016
By Mitch on Tuesday 20 December 2016, 12:51 - Misc
After a long interruption, we continue this series on cybersecurity in medical devices with a review of stakeholders involved or concerned by cybersecurity requirements, and the consequences on architectural choices.
Friday 4 November 2016
By Mitch on Friday 4 November 2016, 15:37 - Misc
The FDA released a guidance on clinical evaluation of standalone software medical device (a.k.a SAMD) in October 2016. This guidance is the same text and has the same presentation as the International Medical Device Regulatory Forum (IMDRF) guidance on SAMD clinical evaluation published in August 2016.
Tuesday 1 November 2016
By Mitch on Tuesday 1 November 2016, 21:09 - Standards
IEC 82304-1:2016, the missing link on standalone medical device software validation has been published!
See the official version on IEC webstore, and comments made on the FDIS (the final version shouldn't have changed).
Now we wait for the FDA to recognize it and the EU to harmonize it!
Monday 24 October 2016
By Mitch on Monday 24 October 2016, 16:50 - Regulations
We begin today a series of posts on cybersecurity in medical devices. Cybersecurity was not a subject before the advent of computerized medical devices. Now that every manufacturer wants its connected medical device, cybersecurity matters!
Let's start with the regulations.
Friday 2 September 2016
By Mitch on Friday 2 September 2016, 13:27 - Regulations
We've seen in the previous article the revolution in the regulatory classification brought by the new rule 10a for standalone software.
Let's see now the other changes. These changes are relevant for all software: standalone, embedded, device or accessory.
They're not as big as the new rule 10a, but they will deserve a significant amount of man-hours and documentation.
Friday 19 August 2016
By Mitch on Friday 19 August 2016, 13:48 - Regulations
The FDA released three new FDA guidances in July 2016:
- Two draft guidances on Deciding When to Submit a 510(k) for a Change to an Existing Device,
- The final guidance on General Wellness: Policy for Low Risk Devices.
Wednesday 10 August 2016
By Mitch on Wednesday 10 August 2016, 10:09 - Regulations
A new version of the MEDDEV 2.1/6 was published in July 2016.
The first version of 2012 was a major breakthrough. The new version won't change you life. Almost nothing new, excepted a few definitions on software, input data, output data, a remarkable reference to IMDRF definitions, and a non-significant update of the first decision tree.
Add to that a few typos, and you have the new version of the MEDDEV:
- "lossless compression" disappeared from the decision tree (was it intentional?) but is still present in the explanations of decision step 3,
- Decision step 7 doesn't have any explanation.
MEDDEV for nothing ♫ and tips for free ♬.
Friday 22 July 2016
By Mitch on Friday 22 July 2016, 13:28 - Regulations
The final version of the negotiated text of the new Medical Device Regulation (MDR) was published by the European Commission in June 2016. It is a big upheaval for all medical device manufacturers. Contrary to what the draft version of September 2015 contained, software is invited to the party.
Friday 1 July 2016
By Mitch on Friday 1 July 2016, 13:22 - Processes
Following the discussion on ISO/TR 80002-2 and AAMI TRI 36 in the previous article, here are some tips on how to validate workflow and data management software like Jira or Redmine.
Friday 10 June 2016
By Mitch on Friday 10 June 2016, 13:56 - Standards
ISO/TR 80002-2 is the future technical report on the validation of software used in regulated processed. The last version of this document, a Draft Technical Report (ISO/DTR 80002-2:2016), was released to the members of the standard committee for comments in May 2016.
This document is still a draft and is to be released by the end of 2016 or early 2017. There are high expectations on this document, since the introduction of requirements on validation of software used in the QMS in section 4.1.6 of ISO 13485:2016.
Friday 6 May 2016
By Mitch on Friday 6 May 2016, 13:33 - Standards
Almost four years since I wrote in 2012 the post Is my software in class A, B or C?.
In 2015, IEC 62304 Amendment 1 was published, changing a bit the game about software safety class.