Software in Medical Devices, by MD101 Consulting

To content | To menu | To search

Tag - risk management

Entries feed - Comments feed

Friday, 6 October 2023

Final 2023 FDA Premarket Cybersecurity guidance released

The final version of the FDA guidance titled "Cybersecurity in Medical Devices: Quality System Considerations and Content of Premarket Submissions was published the 27th September 2023.

Continue reading...

Friday, 4 September 2020

FDA Guidance on Multiple Function Device Products

The FDA published in July the final version of the Guidance on Multiple Function Device Products. Despite the absence of the word "software" in the title, it addresses at first software medical devices. It also addresses hardware devices, but we will focus on software in this post.

Continue reading...

Monday, 15 October 2018

Cybersecurity - Part 5 Templates

Hi there! Long time no see once again. I dig up our series of posts on cybersecurity.
In this post I publish two new templates for cybersecurity risk management.

Continue reading...

Friday, 6 July 2018

IEC 62366-1 and Usability engineering for software

Usability is a requirement, which has been present in regulations since a long time. It stems from the assessment of user error as a hazardous situation. It is supported by the publication AAMI HE75 standard, FDA guidances, and the publication of IEC 62366 in 2008 followed by IEC 62366-1:2015. Although usability engineering is a requirement for the design of medical devices, most of people designing software are not familiar with this process. This article is an application of the process described in IEC 62366-1 to software design.

Continue reading...

Friday, 5 February 2016

New FDA draft guidance on interoperable medical devices

The draft guidance about Design Considerations and Pre-market Submission Recommendations for Interoperable Medical Devices was published late January 2016.

Continue reading...

Friday, 29 January 2016

FDA draft guidance on Postmarket Management of Cybersecurity in Medical Devices

The FDA released one week ago a new draft guidance on Postmarket Management of Cybersecurity in Medical Devices.
This guidance is the sister of the guidance on Content of Premarket Submissions for Management of Cybersecurity in Medical Devices released in 2014. Both guidances address cybersecurity at different steps of software lifecycle: the 2014 guidance is about cybersecurity during design and development, the 2016 draft guidance is about cybersecurity during post-market surveillance.

Continue reading...

Friday, 9 January 2015

IEC/FDIS 62366-1 released in November 2014

The FDIS (final draft version) of IEC 62366-1 was released in November 2014. This version, also known as IEC 62366 2nd edition, is on the right track to be officially released in Q1 2015. It will supersede the IEC 62366:2007 + Amendment 1:2014.

Continue reading...

Friday, 21 November 2014

Analysis of the FDA Cybersecurity Guidance

At last! The FDA has published last October a guidance about cybersecurity that matters!
Not that the guidance previously published about Off-the-shelf software cybersecurity wasn’t worth reading it (Guidance to Industry: Cybersecurity for Networked Medical Devices Containing Off-the-Shelf Software), but its scope was more than reduced.

Continue reading...

Friday, 28 March 2014

Validation of compiler and IDE - Why, when and how to? - Part 2: compilers

We saw in the last post how to validate a software development tool. But we saw also that validating a compiler this way is not a satisfactory task.
Then: Why, when, and how to validate a compiler?

Continue reading...

Friday, 14 March 2014

Validation of compiler and IDE - Why, when and how to? - Part 1

Validating the compiler used in software development is a recurring issue. To what extent a compiler should be validated, when, how and why?
In the same vein, we can extend the question of validation to all tools used in the software development environment: integrated development environment, configuration management tools, compiler (and linker), automated test tools.

Continue reading...

Friday, 17 January 2014

How to develop a smartphone App to be FDA-cleared or CE Marked? - part 4 Usability

In the last article, we saw the concerns about the reliability of wireless connections and how to handle them.
Today, we are going to have a look at something quite important for mobile platforms: usability and humans factors engineering (HFE).

Continue reading...

Friday, 4 October 2013

Template: Risk Matrix Calculator

Risk matrixes are a useful way to show graphically the ranges in which risks are acceptable, tolerable and unacceptable. Here is an excel sheet that automates the computation of ranges.

Continue reading...

Friday, 20 September 2013

Templates Risk Management Plan and Risk Analysis Report updated

Here is an update of Risk Management Plan and Risk Analysis Report templates.

Continue reading...

Friday, 28 June 2013

Got SOUP? - Part 6 - FDA Guidance and Conclusion

This is today the last article of this series about SOUP.
SOUP is a concept that we find elsewhere than in the IEC 62304 standard. Namely in the FDA guidances.

Continue reading...

Friday, 14 June 2013

Got SOUP? - Part 5 - Standalone software

After having discussed about open-source software in the last post, we continue today this series about SOUP with the case of standalone software.

Continue reading...

Friday, 7 June 2013

Got SOUP? - Part 4 - Open-Source Software

After having discussed about frameworks and runtimes in the last article, we continue today this series about SOUP with the case of open-source software.

Continue reading...

Friday, 31 May 2013

Got SOUP? - Part 3 - Runtimes, Frameworks

We saw in the first article of this series, what is a SOUP and what is not a SOUP, according to IEC 62304.
Then we continued in the second article by having a look at OS's and drivers.
Let's now see how to deal with runtimes.

Continue reading...

Friday, 24 May 2013

Got SOUP? - Part 2 - OS, Drivers, Runtimes

We've seen in the last article, what is a SOUP and what is not a SOUP, according to IEC 62304.
We've also seen that a lot of 3rd party software are SOUPs, to begin with OS, drivers, runtimes, Just-In-Time (JIT) compilers and frameworks.
How to deal with those to be compliant with IEC 62304?

Continue reading...

Friday, 17 May 2013

Got SOUP? - Part 1 - Because every good software starts with SOUP

No need to reinvent the wheel when developing software. Everybody uses software made by 3rd parties, to begin with the operating system and general purpose libraries.
IEC 62304 has specific requirements about 3rd party software. What are these requirements and how do they affect software development and maintenance?

Continue reading...

Friday, 12 April 2013

MD and IVD standards: IEC 60601-1 and IEC 61010-1, versus IEC 62304 - Part 2

In the previous post, we've seen when it's mandatory to be compliant both with IEC 60601-1 and IEC 62304, and when IEC 60601-1 alone is enough.

But some manufacturers don't apply IEC 60601-1, mainly because their devices are not in contact with the patient or cannot be qualified are medical devices. We find in these categories in-vitro diagnosis instruments and laboratory instruments.
These instruments usually fall in the scope of IEC 61010-1. Let's see now the relationship between IEC 61010-1 and IEC 62304.

Continue reading...

- page 1 of 2