Medical Device Software

Development
Outline
† Medical Device Regulations
„ FDA, ISO 13485, CE Mark
† Design Controls
† Software Development Procedure
„ Typical development phases
„ Associated documentation
Medical Device Regulations
† Medical devices are highly regulated:
„ FDA approval (United States)
† UL listing might be required by customer
„ CE mark (Europe)
„ MHW approval (Japan)
„ Other national requirements
FDA Approval
† Pre-Market Approval (PMA)
„ Path to market for new devices
„ Generally requires clinical trials
„ Company submits extensive documentation and data
† 510(K)
„ Establish “substantial equivalence” to a predicate
(existing) device
„ May include clinical trials
„ Less extensive documentation and data
FDA Approval
† Investigational Device Exemption (IDE)
„ Can do clinical trials
† Also need hospital Institutional Review Board (IRB)
approval
„ Not allowed to market the device
CE Mark

† Indicates that product satisfies European

safety requirements
† Managed by “notified bodies”, such as:
„ TUV (Germany)
„ BSI, SGS (United Kingdom)
CE Mark and ISO 9000
† ISO 9000 Quality Standards encompass:
„ ISO 9001: Design and Manufacturing
„ ISO 9002: Manufacturing Only
„ ISO 9003: Inspection and Testing Only
† Company with ISO 9001 can self-certify (CE
Mark) its products
† ISO 13485:2003 Medical devices - Quality
management systems - Requirements for
regulatory purposes.
† Notified Body periodically audits Quality System
Design Controls
† Quality System component that applies to
product design
„ ISO 9001
„ ISO 13485
„ FDA QSR 21 CFR 820 (Quality System
Regulations)
Goal: Prevent failures due to bad design
Design Controls

“Say what you will do and then do what you say”

„ Company defines its development process

„ Regulatory body reviews the process
„ Company follows the process, producing
supporting documentation (Quality Records)
„ Regulatory body periodically reviews records
Software Development Procedure
† Typical phases are:
„ Requirements
„ Design
„ Implementation
„ Integration and Test
„ Design Transfer (to production)
„ Maintenance
Requirements Phase Inputs
† Customer Requirements document
„ also called: User Requirements, System
Requirements Definition, Concept of
Operations
„ Usually generated by marketing department
Requirements Phase Outputs
† Software (or Project) Development Plan
† Software Quality Assurance Plan:
„ Defines standards to be used (e.g., coding
standards, documentation standards)
„ Defines review and audit plan
„ Specifies configuration management plan
„ Usually generated by Quality Assurance, with
input from Engineering
Requirements Phase Outputs
† Software Requirements Specification
(SRS)
„ Should specify requirements, not design
„ Should be unambiguous and testable
„ Must be traceable to Customer Requirements
Sample SRS Outline
† Introduction
† References
† System Description
† External Interface Requirements
† Functional Requirements
† Performance Requirements
† Safety Requirements
† Design Constraints
Requirements Phase Outputs
† Preliminary Risk (or Hazard) Analysis
„ Identifies safety requirements
„ Various techniques can be used
† Failure Modes and Effects Analysis (FMEA)
† Failure Modes, Effects and Criticality Analysis
(FMECA)
† Fault Tree Analysis (FTA)
Risk Analysis – FMEA/FMECA
† Most common risk analysis method
† Analyzes the effect of component failure
„ Bottom-up analysis
† Typically presented in tabular format:
„ Failure Mode
„ Effect on System
„ Cause of Failure
„ Method of Control
Risk Analysis - FMEA
Ref.# Item/Function Failure Mode Effect on System Cause Methods of Control
9 Trajectory Control Incorrect joint Incorrect robot Software error in Check for reasonable joint
Loop goals motion trajectory generation goals (e.g., within velocity
limits)
10 Loss of joint Incorrect robot Failure in one or Disable power to all robot
coordination motion more joints joints
11 Servo Control Loop Ceases to Robot continues Computer or software External watchdog to
execute last commanded failure; loss of trigger disable motor power if not
motion (interrupt) refreshed
12 Does not finish in Loss of control Unreliable interrupt Check for loop overrun;
time performance source; too much system performance
computation; measurements; choice of
interference from operating system
other tasks
13 Incorrect Incorrect robot Incorrect joint goals, Check maximum tracking
setpoints motion interpolation error error
14 Read data in middle Software mutual exclusion
of Trajectory Control mechanism
Loop update
15 Incorrect position Incorrect robot Failed sensor or Check maximum tracking
feedback motion interface hardware error; redundant sensors;
encoder error detection
16 Joint stops Incorrect robot Failed motor or power Check maximum tracking
moving motion amplifier error; check amplifier
status
Risk Analysis – FMEA/FMECA
† Risk assessment (criticality)
„ Severity (S) – seriousness of effect of failure
„ Occurrence (O) – likelihood of failure
„ Detection (D) – ability to detect failure
„ Risk Priority Number (RPN) = (S) x (O) x (D)
† Assign numerical values (e.g., 1-10) for (S),
(O) and (D)
† Prioritize risks by RPN
Requirements Phase Outputs
† Preliminary Software Validation Plan
„ System Testing (e.g., test that requirements
have been met)

† Design Review of all Requirements Phase

Outputs
„ Meeting minutes
Design Phase
† Software Architectural Design
„ Architecture diagrams, data flow diagrams, etc.
† Software Detailed Design
„ Software Design Specification (SDS)
„ Traceability analysis from SDS to SRS
Design Phase
† Update Software Validation Plan
„ Integration testing
† Update Risk Analysis
† Design Review II
Implementation Phase
† Write software according to Software
Quality Assurance Plan (SQAP):
„ Programming Guidelines
„ Documentation Standards
† Update Software Validation Plan
„ Unit or module testing
† Traceability analysis (SVP to SDS/SRS)
† Run module tests and write Test Reports
Integration and Test Phase
† Run Integration Tests and write Test
Reports
† Run System Tests and write Test Reports

Verification vs. Validation

Design Transfer
† Write relevant manufacturing procedures
„ Software installation procedure
„ Software duplication procedure
† Ensure user documentation is complete
„ Labeling review
† Release software
„ Change control procedure
Maintenance Phase
† Review and update any necessary
documents (e.g., SRS, Risk Analysis, SDS)
† Implement changes
† Assess testing requirement
„ Test changes
„ Possible regression testing
† Release via Change Control Procedure
Conclusions
Development process seems overwhelming!
But:
„ It can be customized for each company
„ It can be improved over time
„ It is not that bad when you get used to it
„ It generally produces better software
„ It is required for medical products!