Monday, 20 February 2023
By Mitch on Monday, 20 February 2023, 13:56 - Standards
These three concepts come from IEC 62443 and were adopted in IEC 80001-5-1. SOUP isn't present in IEC 81001-5-1.
What are the differences between SOUP and Maintained software, Supported software, and Required software?
Friday, 10 June 2022
By Mitch on Friday, 10 June 2022, 13:47 - Regulations
The FDA issued in April a new draft guidance on Cybersecurity in Medical Devices: Quality System Considerations and Content of Premarket Submissions. This guidance will supersede the guidance on Content of Premarket Submissions for Management of Cybersecurity in Medical Devices of 2014, when it is finalized. There’s no word about the draft guidance of 2018. We can suppose that one is obsolete.
Friday, 26 March 2021
By Mitch on Friday, 26 March 2021, 13:38 - Misc
The definition of SOUP, and the requirements related to their lifecycle in IEC 62304 processes, are totally independent of any technology. Making no technological assumption, that's the way the standard is thought, so that it can be applied to any health software.
Cloud-based applications and web technologies make an intensive use of SOUPs. Let's see how IEC 62304 requirements can be applied to these technologies.
Friday, 4 September 2020
By Mitch on Friday, 4 September 2020, 14:34 - Regulations
The FDA published in July the final version of the Guidance on Multiple Function Device Products. Despite the absence of the word "software" in the title, it addresses at first software medical devices. It also addresses hardware devices, but we will focus on software in this post.
Friday, 15 May 2020
By Mitch on Friday, 15 May 2020, 14:00 - Processes
A recurring question is the confusion, or more precisely the difference between software release of IEC 62304, and design transfer of ISO 13485.
Friday, 6 December 2019
By Mitch on Friday, 6 December 2019, 14:10 - Regulations
So we have a corrigendum (almost 100% sure. A vote by the EU Parliament is still in the pipe December the 16th, though). To corrigendumize: that's a neologism I propose to name bug fixing activities in legal matters. I corrigendumize, you corrigendumize, they corrigendumize! Any resemblance to "randomize" is purely coincidental!
Friday, 22 November 2019
By Mitch on Friday, 22 November 2019, 14:16 - Standards
The second version of IEC 62304 is still in draft. It has been is this state for almost five years, since the publication of the amendment 1. It is now in public review (or has been in public review in your country) under the name IEC 62304:2019 CDV. Go to the website of your national standardization organization, to see if you can still download it for free!
Friday, 22 July 2016
By Mitch on Friday, 22 July 2016, 13:28 - Regulations
The final version of the negotiated text of the new Medical Device Regulation (MDR) was published by the European Commission in June 2016. It is a big upheaval for all medical device manufacturers. Contrary to what the draft version of September 2015 contained, software is invited to the party.
Friday, 8 April 2016
By Mitch on Friday, 8 April 2016, 14:25 - Standards
Continuing our series about IEC 82304-1, let's see the consequences of this standard on agile software development processes.
Friday, 11 March 2016
By Mitch on Friday, 11 March 2016, 14:53 - Standards
We had in a previous article an overview of IEC 82304-1 Health software -- Part 1: General requirements for product safety, its scope and its relationships with other standards like IEC 62304.
This article presents more in details (but not too much, we're not going to rephrase the standard) the requirements of IEC 82304-1.
Friday, 5 February 2016
By Mitch on Friday, 5 February 2016, 13:45 - Regulations
Friday, 15 January 2016
By Mitch on Friday, 15 January 2016, 14:30 - Standards
IEC 82304-1 Health software -- Part 1: General requirements for product safety standard is still under development. Its status is visible on the page of ISO website, dedicated to IEC 82304-1. There is even a preview of the first three pages of this draft standard.
Friday, 10 July 2015
By Mitch on Friday, 10 July 2015, 11:52 - Standards
The new version of IEC 62304, also known as IEC 62304:2015 or amendment 1 of IEC 62304 was published by the IEC at the end of June 2015.
There were no major changes compared to the drafts that were circulated earlier this year.
The two major new requirements, compared to IEC 62304:2006 are:
- Requirements about legacy software,
- Changes in the definition of the security classes, based on risk assessment.
IEC 62304:2015 is available on IEC website at the astounding / amazing / appealing / astonishing (delete as appropriate) price of 650 swiss francs (approx. US$700) for the consolidated version.
Now we need to wait for this version to be harmonized by EU and recognized by the USA.
Friday, 24 April 2015
By Mitch on Friday, 24 April 2015, 15:48 - Standards
Georg Heidenreich, one of the author of the Frequently Asked Questions on IEC 62304 published on the Team NB website, posted two weeks ago an article about the upcoming updates in the first amendment of IEC 62304.
Friday, 3 October 2014
By Mitch on Friday, 3 October 2014, 13:58 - Regulations
After a temporary absence, I'm back on the waves with a new series of articles to talk about the files required by the 21 CFR 820 regulations:
- DHF: Design History File,
- DMR: Device Master Record,
- DHR: Device History Record.
Let's begin with the DHF.
Friday, 22 August 2014
By Mitch on Friday, 22 August 2014, 14:12 - Standards
Continuing with the schedule of the ISO TC 210 committee, let's see when the next versions of IEC 62304 and IEC 62366 will be released.
Friday, 13 June 2014
By Mitch on Friday, 13 June 2014, 10:43 - Standards
ISO/DIS 13485:2014 is the draft of the next version of ISO 13485. The final version should be published in 2015.
This new version brings a lot of new requirements for management of software related to medical devices. Let's see what's inside this draft!
Monday, 26 May 2014
By Mitch on Monday, 26 May 2014, 00:02 - Misc
After MHRA's guidance on standalone software, we continue with another official document published by the International Medical Device Regulators Forum (IMDRF): the consultation on software as a medical device: Possible Framework for Risk Categorization and Corresponding Controls.
Friday, 14 March 2014
By Mitch on Friday, 14 March 2014, 13:26 - Processes
Validating the compiler used in software development is a recurring issue. To what extent a compiler should be validated, when, how and why?
In the same vein, we can extend the question of validation to all tools used in the software development environment: integrated development environment, configuration management tools, compiler (and linker), automated test tools.
Friday, 28 February 2014
By Mitch on Friday, 28 February 2014, 13:49 - Processes
If you've haven't heard about Apple's security flaw registered as CVE-2014-1266 on apple website, you probably were on planet Mars.
Basically, it was unsafe to use https connections. I couldn't help but write an article about this!
Components dealing with secured connections are abolutely critical. Applying rigorous development process is the best chance to avoid any trouble with these components.