Software in Medical Devices, a blog by MD101 Consulting

To content | To menu | To search

Wednesday 20 September 2017

100% probability of software failure in IEC 62304 Amd1 2015

A reader of the post on IEC 62304 Amd1 2015 noticed in the comments that the sentence in section 4.3.a was removed:

If the HAZARD could arise from a failure of the SOFTWARE SYSTEM to behave as specified, the probability of such failure shall be assumed to be 100 percent.

Don't be too quick to scratch the 100 percent thing!

The dreadful 100 percent is still present in the informative Annex B.4.3.

Even if it is no more in the normative part, you shall continue to bear in mind this assumption when assessing software risks. The underlying concept is that it's not possible to assess probability of software failure, thus the worst case shall be considered.
This is the state-of-the-art, present in ISO 14971, in IEC 80002-1, in IEC 62304, and in the FDA Guidance for the Content of Premarket Submissions for Software Contained in Medical Devices.

100% probability is not dead!

Wait, but what of harmonized standards?

While the FDA continues to update periodically and reliably the list of recognized standards (last update in August 2017), the European Commission hasn't updated the list of harmonized standards since may 2016.

Continue reading...

Monday 3 July 2017

Cybersecurity in medical devices - Part 4 Impact on Software Development Process

We continue this series of posts on cybersecurity with some comments on impacts of cybersecurity on the software development documentation.

Continue reading...

Tuesday 16 May 2017

They've raised the bar!

If you are a regular visitor of this blog, you noticed that almost three months elapsed between the last two articles on cybersecurity.
That's not what I planned.

The time dedicated to this blog was totally swallowed by the other facets of my job. Namely filling the gap between the current level of compliance of manufacturers, and the new expectations of notified bodies and regulatory authorities in the European Union. The bar has been raised!

It gives you a sense of what we're getting into with the new MDR.

Cybersecurity in medical devices - Part 3 AAMI TIR57:2016

After a long pause, we continue this series about cybersecurity in medical devices with a discussion on AAMI TIR57:2016 Principles for medical device security — Risk management.

Continue reading...

Saturday 6 May 2017

MDR and IVDR published

Hello, The Medical Device Regulation and In-Vitro Device Regulation have been published the 5th May 2017!
See the Official Journal of the EU.

Friday 10 February 2017

Final FDA Guidance on Postmarket Management of Cybersecurity in Medical Devices - Final version released

This article is a follow-up of the previous article on the Draft guidance on Postmarket Management of Cybersecurity in Medical Devices.

Continue reading...

Final FDA Guidance on Medical Device Accessories: Defining Accessories and Classification Pathway for New Accessory Types

This article is a follow-up of the article on the Draft guidance on Medical Device Accessories: Defining Accessories and Classification Pathway for New Accessory Types.

Continue reading...

Monday 2 January 2017

Happy New Year 2017

Happy New Year!

Thank-you for your loyalty!

Sunset provençal

Tuesday 20 December 2016

Cybersecurity in medical devices - Part 2 Stakeholders

After a long interruption, we continue this series on cybersecurity in medical devices with a review of stakeholders involved or concerned by cybersecurity requirements, and the consequences on architectural choices.

Continue reading...

Friday 4 November 2016

Software as a Medical Device (SAMD): clinical evaluation

The FDA released a guidance on clinical evaluation of standalone software medical device (a.k.a SAMD) in October 2016. This guidance is the same text and has the same presentation as the International Medical Device Regulatory Forum (IMDRF) guidance on SAMD clinical evaluation published in August 2016.

Continue reading...

Tuesday 1 November 2016

IEC 82304-1:2016 Health software - Part 1: General requirements for product safety

IEC 82304-1:2016, the missing link on standalone medical device software validation has been published!
See the official version on IEC webstore, and comments made on the FDIS (the final version shouldn't have changed).

Now we wait for the FDA to recognize it and the EU to harmonize it!

Monday 24 October 2016

Cybersecurity in medical devices - Part 1 Regulations

We begin today a series of posts on cybersecurity in medical devices. Cybersecurity was not a subject before the advent of computerized medical devices. Now that every manufacturer wants its connected medical device, cybersecurity matters!
Let's start with the regulations.

Continue reading...

Friday 2 September 2016

EU Medical Device Regulation - Changes for software

We've seen in the previous article the revolution in the regulatory classification brought by the new rule 10a for standalone software.
Let's see now the other changes. These changes are relevant for all software: standalone, embedded, device or accessory.
They're not as big as the new rule 10a, but they will deserve a significant amount of man-hours and documentation.

Continue reading...

Friday 19 August 2016

Three new FDA guidances

The FDA released three new FDA guidances in July 2016:

  • Two draft guidances on Deciding When to Submit a 510(k) for a Change to an Existing Device,
  • The final guidance on General Wellness: Policy for Low Risk Devices.

Continue reading...

Wednesday 10 August 2016

MEDDEV 2.1/6 2016

A new version of the MEDDEV 2.1/6 was published in July 2016.

The first version of 2012 was a major breakthrough. The new version won't change you life. Almost nothing new, excepted a few definitions on software, input data, output data, a remarkable reference to IMDRF definitions, and a non-significant update of the first decision tree.

Add to that a few typos, and you have the new version of the MEDDEV:

  • "lossless compression" disappeared from the decision tree (was it intentional?) but is still present in the explanations of decision step 3,
  • Decision step 7 doesn't have any explanation.


MEDDEV for nothing ♫ and tips for free ♬.

Friday 22 July 2016

Is my software in class I, IIa, IIb or III - 2016 Revolution

The final version of the negotiated text of the new Medical Device Regulation (MDR) was published by the European Commission in June 2016. It is a big upheaval for all medical device manufacturers. Contrary to what the draft version of September 2015 contained, software is invited to the party.

Continue reading...

Friday 1 July 2016

How to validate software development tools like Jira or Redmine?

Following the discussion on ISO/TR 80002-2 and AAMI TRI 36 in the previous article, here are some tips on how to validate workflow and data management software like Jira or Redmine.

Continue reading...

Friday 10 June 2016

ISO/TR 80002-2: latest news on Validation of software for medical device quality systems

ISO/TR 80002-2 is the future technical report on the validation of software used in regulated processed. The last version of this document, a Draft Technical Report (ISO/DTR 80002-2:2016), was released to the members of the standard committee for comments in May 2016.
This document is still a draft and is to be released by the end of 2016 or early 2017. There are high expectations on this document, since the introduction of requirements on validation of software used in the QMS in section 4.1.6 of ISO 13485:2016.

Continue reading...

Friday 6 May 2016

Is my software in class A, B or C? - 2015 reloaded

Almost four years since I wrote in 2012 the post Is my software in class A, B or C?.
In 2015, IEC 62304 Amendment 1 was published, changing a bit the game about software safety class.

Continue reading...

- page 1 of 10