23

Jan

2020

FDA GPSV Traceability Expectations

fda, traceability, verification

0

Going way back to the late 1990’s, FDA had an expectation that safe and effective software would require a well thought out development lifecycle that includes many activities designed to ensure the correctness and robustness of all software that was part of the medical device. A key guidance document was created known as the General Principles of Software Validation, or GPSV for short. One method that one will find in the GPSV is the use of traceability analyses for several verification activities. FDA GPSV traceability expectations include at least twelve traceability analyses. This could vary depending upon the risk profile of the medical device and other regulatory factors. Theses trace analyses are illustrated in the diagram below:

FDA GPSV Traceability Expectations Diagram

As you can see, this does not perfectly align with IEC 62304 so one should carefully consider and plan how traceability analysis will be used in the SDLC process for products marketed in the US to better fulfill FDA GPSV traceability expectations.

Traceability analysis can be a powerful tool to help gain confidence in the quality of a software program. It is just one verification method that one should use. The V-model diagram illustrates how verification activities essentially trace back to the “flowdown” portion of requirements and specifications. See our post on the V-model here: Enhanced V Model Diagram

About the author

Brian Pate

Brian is a biomedical software engineer - whatever that is! Started writing machine code for the Intel 8080 in 1983. Still enjoys designing and developing code. But probably enjoys his garden more now and watching plants grow ... and grandkids grow!

IEC 62304 and other emerging standards for Medical Device and HealthIT Software

Our flagship course for preparing regulatory, quality, engineering, operations, and others for the activities and documentation expected for IEC 62304 conformance and for FDA expectations. The goal is to educate on the intent and purpose so that the participants are able to make informed decisions in the future. Focus is not simply what the standard says, but what is meant and discuss examples and approaches one might implement to comply. Special deep discount pricing available to FDA attendees and other regulators.

3-days with group exercises, quizzes, examples, Q&A.

Instructor: Brian Pate

Next public offering: June 24-26, 2025 (Virtual, Live)

For private, in-house courses, please contact us.

Email training@softwarecpr.com for more info.

Being Agile & Yet Compliant (Public)

Our SoftwareCPR unique approach to incorporating agile and lean engineering to your medical device software process training course is now open for registration!

Agile principles that align well with medical
Backlog management
Agile risk management
Incremental and iterative software development lifecycle management
Frequent release management
And more!

3 days virtual (Zoom) with group exercises, quizzes, examples, Q&A.

Lead Instructor: Mike Russell

Next public offerings:

TBD

See our post titled: 1st Quarter 2025 Agile Compliant Courses Scheduled

Medical Device Cybersecurity (Public or Private)

This course takes a deep dive into the US FDA expectations for cybersecurity activities in the product development process with central focus on the cybersecurity risk analysis process. Overall approach will be tied to relevant standards and FDA guidance documentation. The course will follow the ISO 14971:2019 framework for overall structure but utilize IEC 62304, IEC 81001-5-1, and AAMI TIR57 for specific details regarding cybersecurity planning, risk characterization, threat modeling, and control strategies.

2-days onsite with group exercises, quizzes, examples, Q&A.

Instructor: Dr Peter Rech, 2nd instructor (optional)

Next public offering: TBD