Software in Medical Devices, by MD101 Consulting

To content | To menu | To search

Templates: software development plan and software configuration management plan

Here are the Software Development Plan Template and the Software Configuration Management Plan Template

These templates are technical ones. But they are closely linked to project management hence they contain sections about reponsibilities.

They amplify the Project Management Plan Template, when it is not detailed enough to give all necessary information about the organization of a project.

These templates deal with sections of IEC 62304 about project organisation, software configuration and problem resolution. Use them to answer to those requirements of the standard.

The next one will be about delivery.

Stay tuned, my list of templates is growing fast!

I gather all my templates on the templates page. You'll find them all there.

Please, fell free to give me feedback on my e-mail

I share this template with the conditions of CC-BY-NC-ND license.

Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 France License.


1. On Thursday 1 March 2012, 08:10 by Haris

It is a nice template to start with. It can be utilize to track your work on a regular basis. Thank for sharing your knowledge and slide.

2. On Thursday 1 March 2012, 09:24 by Piervi

Thank you so much, very useful templates. And congratulations for the blog, very nice and often updated: you're helping me a lot in my everyday work!
I'm going to put "check Mitch's blog" on my everyday schedule ;)

3. On Saturday 3 March 2012, 10:51 by Mitch

There's no "Like" button in this blog engine.

So I just say it: "Like"!

4. On Friday 20 July 2012, 03:06 by Joseph Copty

Hi thanks for the great posts. I was wondering what criteria you use for ranking the system for risk analysis. In the template you have included Occurrence and consequence of hazard and "add other criteria". Have you used any other criteria like detection?
If a third criteria was introduced how do you construct a 3d risk index?
Another question what are your criteria for acceptability (how do you know what ranges go in which risk index) and how do you validate that this criteria works?
These are some issues I am having trying to put together a risk management plan!
Thanks a lot for your help.

5. On Friday 20 July 2012, 14:47 by Mitch

Hi Joe, thanks for your feeback.

Yes, detection is a criteria commonly used. Usually, Risk index is often made of: probability x detectability x consequence.

Detectability is used in FMECA (Failure Mode, Effects, and Criticality Analysis) method. Bibliography exists that proves that this method and its criteria works. I think that you should try your own risk assessment with 2 criteria and 3 criteria to see what happens in your specific case. You could define it with 5 levels: remote, low, moderate, high, very high. For each level, you should also define what is detected: is it the user who detects the hazardous situation or is it the software with self-chekcs?

The criteria for acceptability shall be something simple like a threshold on the risk index: every risk index above the threshold shall be mitigated. See annex of ISO 14971 about criteria for acceptablity. There are useful examples. 

A possible method to validate if this criteria works, is to have someone who is expert in clinical use of your future device do a qualitative risk assessment. If there are discrepancies between the risks he/she finds not acceptable and your threshold, you should redefine the threshold.

6. On Tuesday 27 October 2020, 10:52 by Oliver

Hey MItch, Thanks for the templates! I think it's great that you share them openly.

Personally, I prefer to include the configuration management in the software development plan, but I guess that only works if things are rather simple :) for larger enterprise companies, it probably makes more sense to keep those separate.

Add a comment

Comments can be formatted using a simple wiki syntax.

This post's comments feed