Software in Medical Devices, by MD101 Consulting

To content | To menu | To search

Monday 15 October 2018

Cybersecurity - Part 5 Templates

Hi there! Long time no see once again. I dig up our series of posts on cybersecurity.
In this post I publish two new templates for cybersecurity risk management.

Continue reading...

Friday 6 July 2018

IEC 62366-1 and Usability engineering for software

Usability is a requirement, which has been present in regulations since a long time. It stems from the assessment of user error as a hazardous situation. It is supported by the publication AAMI HE75 standard, FDA guidances, and the publication of IEC 62366 in 2008 followed by IEC 62366-1:2015. Although usability engineering is a requirement for the design of medical devices, most of people designing software are not familiar with this process. This article is an application of the process described in IEC 62366-1 to software design.

Continue reading...

Wednesday 18 April 2018

Update of SRS and SAD templates for GDPR

European Regulation 2016/679, aka GDPR, will be fully in force in May 2018. Everybody knowns that we have something to do to be compliant since it has been published. And everybody is getting awake only two months before the full application. So do I.

Continue reading...

Friday 19 January 2018

FDA Guidance on Medical Device Accessories updated

Here is a quick follow-up of the new version of the FDA Guidance titled Medical Device Accessories – Describing Accessories and Classification Pathways, published in December 2017. This comes a bit in parallel to the Section 3060 guidance described in the previous post on the 21st Century Cures Act.

Continue reading...

Friday 12 January 2018

Consequences of the 21st Century Cures Act - State of Play

Since the last blog post on US FDA guidance on software classification, things evolved quickly with the FDA. We know where they want to go with software as medical device, but not exactly how they will implement it.
Let's do a review of what has been done since the publication of the 21st Century Cures Act.

Continue reading...

Sunday 7 January 2018

Happy New Year 2018

Happy New Year 2018!
Thanks for still visiting this blog, despite the spaced updates!

Sainte Victoire

Wednesday 20 September 2017

100% probability of software failure in IEC 62304 Amd1 2015

A reader of the post on IEC 62304 Amd1 2015 noticed in the comments that the sentence in section 4.3.a was removed:

If the HAZARD could arise from a failure of the SOFTWARE SYSTEM to behave as specified, the probability of such failure shall be assumed to be 100 percent.

Don't be too quick to scratch the 100 percent thing!

The dreadful 100 percent is still present in the informative Annex B.4.3.

Even if it is no more in the normative part, you shall continue to bear in mind this assumption when assessing software risks. The underlying concept is that it's not possible to assess probability of software failure, thus the worst case shall be considered.
This is the state-of-the-art, present in ISO 14971, in IEC 80002-1, in IEC 62304, and in the FDA Guidance for the Content of Premarket Submissions for Software Contained in Medical Devices.

100% probability is not dead!

Wait, but what of harmonized standards?

While the FDA continues to update periodically and reliably the list of recognized standards (last update in August 2017), the European Commission hasn't updated the list of harmonized standards since may 2016.

Continue reading...

Monday 3 July 2017

Cybersecurity in medical devices - Part 4 Impact on Software Development Process

We continue this series of posts on cybersecurity with some comments on impacts of cybersecurity on the software development documentation.

Continue reading...

Tuesday 16 May 2017

They've raised the bar!

If you are a regular visitor of this blog, you noticed that almost three months elapsed between the last two articles on cybersecurity.
That's not what I planned.

The time dedicated to this blog was totally swallowed by the other facets of my job. Namely filling the gap between the current level of compliance of manufacturers, and the new expectations of notified bodies and regulatory authorities in the European Union. The bar has been raised!

It gives you a sense of what we're getting into with the new MDR.

Cybersecurity in medical devices - Part 3 AAMI TIR57:2016

After a long pause, we continue this series about cybersecurity in medical devices with a discussion on AAMI TIR57:2016 Principles for medical device security — Risk management.

Continue reading...

Saturday 6 May 2017

MDR and IVDR published

Hello, The Medical Device Regulation and In-Vitro Device Regulation have been published the 5th May 2017!
See the Official Journal of the EU.

Friday 10 February 2017

Final FDA Guidance on Postmarket Management of Cybersecurity in Medical Devices - Final version released

This article is a follow-up of the previous article on the Draft guidance on Postmarket Management of Cybersecurity in Medical Devices.

Continue reading...

Final FDA Guidance on Medical Device Accessories: Defining Accessories and Classification Pathway for New Accessory Types

This article is a follow-up of the article on the Draft guidance on Medical Device Accessories: Defining Accessories and Classification Pathway for New Accessory Types.

Continue reading...

Monday 2 January 2017

Happy New Year 2017

Happy New Year!

Thank-you for your loyalty!

Sunset provençal

Tuesday 20 December 2016

Cybersecurity in medical devices - Part 2 Stakeholders

After a long interruption, we continue this series on cybersecurity in medical devices with a review of stakeholders involved or concerned by cybersecurity requirements, and the consequences on architectural choices.

Continue reading...

Friday 4 November 2016

Software as a Medical Device (SAMD): clinical evaluation

The FDA released a guidance on clinical evaluation of standalone software medical device (a.k.a SAMD) in October 2016. This guidance is the same text and has the same presentation as the International Medical Device Regulatory Forum (IMDRF) guidance on SAMD clinical evaluation published in August 2016.

Continue reading...

Tuesday 1 November 2016

IEC 82304-1:2016 Health software - Part 1: General requirements for product safety

IEC 82304-1:2016, the missing link on standalone medical device software validation has been published!
See the official version on IEC webstore, and comments made on the FDIS (the final version shouldn't have changed).

Now we wait for the FDA to recognize it and the EU to harmonize it!

Monday 24 October 2016

Cybersecurity in medical devices - Part 1 Regulations

We begin today a series of posts on cybersecurity in medical devices. Cybersecurity was not a subject before the advent of computerized medical devices. Now that every manufacturer wants its connected medical device, cybersecurity matters!
Let's start with the regulations.

Continue reading...

Friday 2 September 2016

EU Medical Device Regulation - Changes for software

We've seen in the previous article the revolution in the regulatory classification brought by the new rule 10a for standalone software.
Let's see now the other changes. These changes are relevant for all software: standalone, embedded, device or accessory.
They're not as big as the new rule 10a, but they will deserve a significant amount of man-hours and documentation.

Continue reading...

- page 1 of 10