07
May
1999

Picker MRI Equipment

0

Picker 7-May-99 MRI equipment

The following, deviations from the Device Quality System Regulations were documented:

1) Failure to maintain a design file necessary to demonstrate that the design was developed in accordance with the approved design plan as required by 21 CFR 820.30(j). For example, there is no documentation of any module testing of the gantry control module of the _____ Software. Procedure NENG 2304, 10/15/96, Software Design and Development Control System identifies module testing as a required task.

2) Failure to establish and maintain plans that describe or reference the design and development activities and define responsibility for implementation as required by 21 CFR 820.30(b). For example:

(a) Coding conventions, rules or procedures; e.g., addressing requirements for source code clarity, management of source complexity, and proper and safe use of the programming language; were not established for the implementation of the software component of the Axis/Irix Product, Project #NU1078, as indicated by procedure NENG 2304, 10/15/96, Software Design and Development Control System

(b) The Axis/Irix Alpha Test plan and procedures lacks documentation identifying how test cases are mapped to the corresponding element of the specification as required by procedure NENG 2304, 10/15/96, Software Design and Development Control System (8.2).

(c) The MR Work instruction Software Product Design Management, No. E084, lacks requirements for complete software specifications, unit testing, test case identification methodologies which assure testing rigor, and lacks test completion criteria such as test coverage or thoroughness requirements.

3. Failure to establish and maintain procedures to ensure that the design requirements relating to a device are appropriate and address the intended use of the device, including tile needs of the user and patient, as required by 21 CFR 820.30(c). For example:

(a) The MR division procedure, Design Program Management, No M2803 lacks a mechanism for addressing incomplete, ambiguous or conflicting design requirements.

(b) There is not an autonomous specification for the gantry control module of the Software component for the Axis/Irix devices. Procedure NENG 2304, 10/15/96, Software Design and Development Control System requires a “Software Design Description” which documents software specification (5.2) in sufficient detail to permit coding and module testing (7.3.2).

(c) There is not an autonomous complete software specification for the _____.

(d) The Axis/Irix Product Specification – Base Development Project #NU1078, Product Specification (CP3) – Rev B; states in 17.1, “The _____ software specification is part of the rest of this specification and does not need to be delineated separately.” However, the product specification lacks necessary detail to ensure correct software implementation the thorough software test coverage as illustrated by #2.2.2.1. OVERRIDE/RESET and a user discovered software problem where a cold restart was necessary in order to remove a patient from the device after a camera head hit the patient. This specification covers the functions of the Override/Reset button which failed to function as expected per this complaint, #IR056-99. This specification section contains the ambiguous word “all” which is not further specified elsewhere in this document or in another specification document, nor is there a cross reference to other relevant sections such as any defining the intended software functionality and performance in relation to activation of the contact sensors. There is no information which specifies sensor activation as an interrupt event.

4. Failure to establish and maintain procedures for verifying the device design as required by 21 CFR 820.30(f). For example:

(a)There is no documentation that all of the Axis/Irix _____ Communication Error Messages were exercised by testing.

(b) The only test completion criteria identified in the Axis/Irix Alpha Test Reports is the resolution of all major open problems. Criteria for testing rigor (e.g., identifying appropriate challenges) and/or thoroughness (e.g. structural and functional coverage criteria) are not documented.

(c) The test documentation lacks the necessary detail for objective review, and accurate repetition of tests. For example, “Cause collision throughout several whole body scans and confirm that the scans can be continued” does not identify the precise number of scans, number of collisions, or timing of the collisions. Test results are documented only as Pass or Fail and some comments.

(d) There is no test documentation, e.g., a test plan or actual test results, of the 8.4.15 (8.4E) version of the Odyssey software.

About the author

Amy enjoys researching and writing about developments in medical technology and how that intersects with US law. She received her J.D. from the University of Florida Levin College of Law in 2020 and now works as a Regulatory Associate for SoftwareCPR®, a general-purpose regulatory consulting firm that is recognized globally for their expertise with standards and national regulations pertaining to medical device, mobile medical app, and HealthIT software.

SoftwareCPR Training Courses:

Being Agile & Yet Compliant (Public)

Our SoftwareCPR unique approach to incorporating agile and lean engineering to your medical device software process training course is now open for registration!

  • Agile principles that align well with medical
  • Backlog management
  • Agile risk management
  • Incremental and iterative software development lifecycle management
  •  Frequent release management
  • And more!

3 days virtual (Zoom) with group exercises, quizzes, examples, Q&A.

Lead Instructor: Mike Russell

Next public offerings:

  • Americas: 11-13 February 2025
  • EU/Eastern Europe/Middle East/Africa/Atlantic/eastern South America: 18-20 February 2025
  • Southern Central Northeastern Pacific: 24-26 February 2025
Register using form at this link:     Agile Course Post Promo

 

IEC 62304 and other emerging standards for Medical Device and HealthIT Software

Our flagship course for preparing regulatory, quality, engineering, operations, and others for the activities and documentation expected for IEC 62304 conformance and for FDA expectations. The goal is to educate on the intent and purpose so that the participants are able to make informed decisions in the future.  Focus is not simply what the standard says, but what is meant and discuss examples and approaches one might implement to comply.  Special deep discount pricing available to FDA attendees and other regulators.

3-days onsite with group exercises, quizzes, examples, Q&A.

Instructor: Brian Pate

Next public offering:  TBD

Call or email now to schedule a private, in-house class. The fall schedule is filling up!

Email training@softwarecpr.com to request a special pre-registration discount.  Limited number of pre-registration coupons.

Registration Link:

TBD

 

 

Medical Device Cybersecurity (Public or Private)

This course takes a deep dive into the US FDA expectations for cybersecurity activities in the product development process with central focus on the cybersecurity risk analysis process. Overall approach will be tied to relevant standards and FDA guidance documentation. The course will follow the ISO 14971:2019 framework for overall structure but utilize IEC 62304, IEC 81001-5-1, and AAMI TIR57 for specific details regarding cybersecurity planning, risk characterization, threat modeling, and control strategies.

2-days onsite with group exercises, quizzes, examples, Q&A.

Instructor: Dr Peter Rech, 2nd instructor (optional)

Next public offering:  TBD

Corporate Office

15148 Springview St.
Tampa, FL 33624
USA
+1-781-721-2921
office@softwarecpr.com
Partners located in the US (CA, FL, MA, MN, TX) and Canada.