Category

Blog
(Tampa, FL, October 9, 2024) – Crisis Prevention and Recovery, LLC is taking proactive steps to minimize impact to our clients from the landfall of Hurricane Milton in Southwest Florida.  With our corporate office in Tampa, Florida, there is a possibility of short term loss of electrical power and/or internet in the next 24 to...
Read More
Use of master files can be a convenient and strategic method for SaMD manufacturers or software suppliers to provide information necessary for a US regulatory submission without disclosing confidential and/or proprietary trade secrets to business partners. For example, a software supplier of a cloud library providing medical device functionality could submit a master file to...
Read More
I (Mike Russell) attended the neXus conference on medical device standards this year. Below are some observations and suggested takeaways from the talks I heard and the panel I was on. Remember, these are just selected highlights, not everything said 🙂 Session: Reducing Submission Rejections and Recalls with Software Standards This year’s conference added a third...
Read More
One of the cornerstones of a quality management system is the integrity of the quality system records. It should go without saying how critical it is for these records to be truthful, accurate, and genuine. Fraudulent data can lead to an unsafe medical device, or a medical device that does not fully achieve its intended...
Read More
Solving Problems Another great “soft skill” I learned from a mentor early in my career was knowing when to ask questions. You know, how long should I dig, research and investigate, before seeking the help of others? Some may gravitate toward spending too much time trying to find answers or solutions when it would have...
Read More
By Ron Baerg and Mike Russell “You can pay me now, or you can pay me later” was the punch line of a memorable TV commercial by the FRAM® company about their oil filters around 50 years ago. The “me”: a car mechanic. Their point: paying (a little) now to replace your oil filter regularly...
Read More
What does the US FDA expect in a premarket submission for description of the software design?  In the recent June 2023 Guidance for Industry and Food and Drug Administration Staff titled, “Content of Premarket Submissions for Device Software Functions,” the FDA gives the following guidance. For lower risk devices, the manufacturer is not required to...
Read More
Software risk analysis requires consideration of both the development process itself and the runtime environment.
Read More
The recent FDA guidance, Content of Premarket Submissions for Device Software Functions (June 14, 2023), points out that software design is a prospective activity and should not be done in an ad-hoc or last-minute approach.
Read More
#software #capa … Should a #medicaldevices manufacturer treat potential software design issues any different than any other product #quality issue?
Read More
The US regulations for design controls have requirements for design and development planning.  In fact, a design and development plan is an indication that a manufacturer has “exited” research phase activities and entered the development phase, and thus, design controls should be in place.  The regulation, 21 CFR 820.30(b), specifically states: Design and development planning....
Read More
Our partner Windi Hary and I annotated a recent FDA Warning Letter.  There is much one can learn from Warning Letters and we highly encourage our clients to make review and analysis of warning letters a regular part of your quality program. Click here to download this teaching aid:  Warning Letter - iRhythm Technologies, Inc...
Read More
The US FDA has a continuous challenge trying to ensure that regulations keep up with advancements in technology.  As with any new technology, manufacturers try and make the existing regulations applicable, while FDA assesses whether or not existing regulations are appropriate for the new technology.  This involves FDA collecting data to inform whether new and/or creative...
Read More
Effectively Communicating to FDA – being able to appropriately articulate what your software function is intended to do or intended to provide is – the foundation – the corner stone – the linchpin to navigating the correct path, investing your resource wisely, and defending your decisions now and into the future.  Solid foundations lead to solid futures....
Read More
I cannot agree more … “The more you can divide up the behavior of your app into components, the more effectively you can test that the behavior of your code meets the reference standards in all particulars as your project grows and changes. For a large project with many components, you’ll need to run a large number of tests to test...
Read More
In September 2022, FDA Updated the Software Guidance Policy for Device Software Functions and Mobile Medical Applications.  Last revised in September 2019, the policy is intended to clarify FDA’s regulatory oversight on software functions, including those used on mobile platforms and general-purpose computing platforms as well as software in the function or control of a...
Read More
On November 15, 2022, I had the pleasure to log in to a “live” FDA CDRH Industry Basics Seminar on Understanding Risk with Medical Devices.  You can view the workshop at this link: https://fda.yorkcast.com/webcast/Play/4aecf454d2d54039a1d5a6a3001d78c31d I did enjoy the materials presented and I do think the presenters Joseph and Tonya did a great job. I would recommend...
Read More
FDA Updates Cybersecurity Playbook for Health Care Organizations The healthcare sector knows how to prepare for and respond to natural disasters. It is less prepared, however, to handle cybersecurity incidents, particularly those involving medical devices.  With healthcare-related cyber incidents growing in size and scope, preparedness before a cyber event takes place with a strong, well-exercised,...
Read More
Just a few thoughts on metrics … specifically software metric.  A software metric defines a standard way of measuring some attribute of the software development process or an attribute of a software component. A software metric allows us to compare and evaluate one process or component with another, and plan to improve quality of a...
Read More
A course dedicated to “SaMD Risk Management Training?” Yes and much more! More discussion on Risk Management Training between our General Manager, Brian Pate, and our Partner, Dr. Peter Rech, regarding our January 2023 public training course on the application of ISO 14971 and IEC 62304 to system risk analysis and software risk analysis.  Our...
Read More
I recently spoke with Dr. Peter Rech about the 2019 update to ISO 14971 as he and I prepare for our upcoming public training course on January 9-11, 2023, in Tampa, Florida USA.  Registration information can be found at this post: 14971 Risk Management Training Course If you would like more information on applying IEC 62304...
Read More
In September 2022, the FDA Software Precertification Pilot Ends, or has officially “completed” the Software Precertification (Pre-Cert) Pilot Program.  See: https://www.fda.gov/medical-devices/digital-health-center-excellence/digital-health-software-precertification-pre-cert-pilot-program?utm_medium=email&utm_source=govdelivery The pilot explored innovative approaches to regulatory oversight of medical device software developed by organizations that have demonstrated a robust culture of quality and organizational excellence and who are committed to monitoring real-world performance of...
Read More
What are non-device software functions according to the FDA?  The 21st century cures act excluded certain types of software.  The term device, as defined in section 201(h), shall not include a software function that is intended— (A) for administrative support of a health care facility, including the processing and maintenance of financial records, claims or...
Read More
Trying to understand Software Design Verification … A QA’s takeaway on reading the General Principles of Software Validation for the first time. FDA gives guidance in the General Principles of Software Validation guidance document, but in general: Testing at different levels: units, integrated units, software complete Testing types: negative, combinatorial, fault injection, risk controls challenge, boundary, corner cases, stress,...
Read More
This March 2022 Standards Navigator Report content is only available to Standards Navigator subscribers. See our Subscribe page for information on subscriptions. SoftwareCPR® Standards Navigator provides information and tools related to standards that play a significant role in health software and software intensive medical devices.  In addition to information on existing standards, our report keeps you...
Read More
What is CAPA?   Corrective and Preventive Action (CAPA) is a fundamental quality process for medical device manufacturers including SaMD.  From the regulations it is really not that complicated.   21 CFR 820.100 reads: (a) Each manufacturer shall establish and maintain procedures for implementing corrective and preventive action. The procedures shall include requirements for: (1)...
Read More
When developing medical devices, a manufacturer may have difficulty knowing when (or what) the transition from research phase activities to design controls has begun.  Often this is due to the nature of research itself - one is exploring a concept or design approach that may or may not pan out in the end.  The US...
Read More
A fundamental requirement for any controlled process is to have the documentation associated with the process to be “controlled.”  What do we mean by controlled?  Document control implies that one can distinguish one revision of a document from another revision.  It also implies that a particular revision is retrievable and unblemished – that is, five...
Read More
This post discusses some code review basics - concepts and inspection ideas that one might use when performing a code review.  A code review is a technical verification activity.  The purpose is most often to identify coding errors against the design intent - one is verifying that the code actually accomplishes what that author intended....
Read More
When considering software process and software validation requirements for product software versus tool software, it can be very confusing and challenging.  We have created a job aid that can help facilitate the discussion of the differences between the two.  Available to our premium (or higher) level subscribers. The QSR which requires that “when computers or...
Read More
Today, the U.S. Food and Drug Administration (FDA) issued the draft guidance: Content of Premarket Submissions for Device Software Functions. The draft guidance is intended to reflect FDA’s most current thinking on the recommended documentation sponsors should include in premarket submissions for FDA’s evaluation of the safety and effectiveness of device software functions, including both...
Read More
“From my 25 years at the agency, I completely understand that FDA CDRH guidance development, approval and publication is complex, time-consuming work. I often said it may be compared to threading 1000 needles simultaneously. It requires significant time and energy from many hard-working, dedicated professionals to even reach the first goal of published draft guidance....
Read More
The Medical Device Innovation Consortium (MDIC) recently partnered with the MITRE Corporation, Adam Shostack, and the FDA to host a webinar regarding the soon to be released “Playbook for Threat Modeling Medical Devices.” The playbook was created during a series of bootcamps held by the team over the past year and the webinar provided a...
Read More
The FDA CDRH announced the guidance documents they intend to publish in FY2022. They also announced their intention to finalize, withdraw, re-open the comment period, or re-issue a revised draft guidance for 80 percent of draft guidance documents within 3 years of the close of the comment period, and within 5 years of the close...
Read More
This September 2021 Standards Navigator Report content is only available to Standards Navigator subscribers. See our Subscribe page for information on subscriptions. SoftwareCPR® Standards Navigator provides information and tools related to standards that play a significant role in health software and software intensive medical devices.  In addition to information on existing standards, our report keeps you...
Read More
FDA’s Digital Transformation and the regulation of Medical Device Cybersecurity? I read the recent FDA post that discussed the FDA’s Digital Transformation: “Today, the U.S. Food and Drug Administration announced the reorganization of the agency’s information technology (IT), data management and cybersecurity functions into the new Office of Digital Transformation (ODT).” Then I was reading...
Read More
Software of Unknown Provenance SOUP.  It is likely that you are familiar with the acronym, SOUP, in relation to medical device and Health IT software.  The medical device software standard IEC 62304, defines SOUP as a “software item that is: already developed and generally available and that has not been developed for the purpose of being...
Read More
This July 2021 Standards Navigator Report content is only available to Standards Navigator subscribers. See our Subscribe page for information on subscriptions. SoftwareCPR® Standards Navigator provides information and tools related to standards that play a significant role in health software and software intensive medical devices.  In addition to information on existing standards, our report keeps you...
Read More
Most medical device manufacturers use many, many software programs, systems, or services to automate quality system This software is not to be confused with product software - that is, software that runs as part of a medical device.  Medical device in this context could be custom hardware devices or Software as a Medical Device (SaMD)....
Read More
One of the most important references in creating a software development lifecycle process to assure software quality is the FDA guidance document, “General Principles of Software Validation.”  This guidance document has been around for many years.  The current version, 2.0, was released in 2002.  To many in the industry, this guidance is simply referred to...
Read More
As the use of Artificial Intelligence (AI) and machine learning methods expand in medical devices and HealthIT software, an oft asked question is whether the data sets used for training should be retained as part of the design history file (DHF) or other long term storage mechanisms.  SoftwareCPR partners Alan Kusinitz, Sherman Eagles, John Murray,...
Read More
The FDA is officially modifying medical device classifications for some software functions. On April 19, 2021, the agency published a “final” rule that updates eight classification regulations by amending these regulations to exclude software functions that no longer fall within the device definition under 201(h) of the FD&C Act. With this final rule, FDA is amending the...
Read More
An excellent overview of the challenges and benefits of the Microservices architectural style of software application development.  While many of the factors discussed by the author (Dr. André Fachat, published January 30, 2019), these same factors can affect the safety and efficacy of a medical devices using this style.  The article consists of two parts:...
Read More
This January 2021 Standards Navigator Report content is only available to Standards Navigator subscribers.  See our Subscribe page for information on subscriptions. SoftwareCPR® Standards Navigator provides information and tools related to standards that play a significant role in health software and software intensive medical devices. In addition to information on existing standards, SoftwareCPR Standards Navigator keeps you...
Read More
This December 2020 Standards Navigator Report content is only available to Standards Navigator subscribers.  See our Subscribe page for information on subscriptions. SoftwareCPR Standards Navigator Report provides information and tools related to standards that play a significant role in health software and software intensive medical devices. In addition to information on existing standards, SoftwareCPR Standards...
Read More
Is it possible to view draft revisions of FDA guidance documents when they are a “work in progress,” or are they only become available once published as draft?  This is a frequent question that I have heard. However, the FDA does not typically provide copies or drafts of “works in progress” for those items that...
Read More
This content is only available to our Premium subscribers. See our Subscribe page for information on subscriptions. ISO 14971 was updated and released in 2019.  We previously discussed the internal debate regarding ISO 14917 in this post ISO 14971 versus the EU Commission. There are several items to consider with the new update: Section 10.1 - “The manufacturer...
Read More
Compliance and Agile In a prior blog, we discussed a common hurdle to achieving agile benefits: focusing on isolated software process changes and not considering all four organizational factors. Another common hurdle to agile success is thinking only about making agile “compliant.” You will miss the full power of agile if you do not consider...
Read More
The Food and Drug Administration (FDA or Agency) is announcing the availability of the draft guidance on EMC entitled ‘‘Electromagnetic Compatibility (EMC) of Medical Devices.’’ This new “draft” guidance document is intended to recommend information that should be provided in a premarket submissions to demonstrate electromagnetic compatibility (EMC) for electrically powered medical devices and medical...
Read More
At SoftwareCPR today, we honor our consultants that are also veterans who served in our US military! John Murray – US Navy Mike Russell – US Air Force Greg Sandoe – US Marine Corps Jordan Pate – US Army Paul Felten – US Army Thank you for your service!
Read More
1 2 3 4

SoftwareCPR Training Courses:

Being Agile & Yet Compliant (Public)

Our SoftwareCPR unique approach to incorporating agile and lean engineering to your medical device software process training course is now open for registration!

  • Agile principles that align well with medical
  • Backlog management
  • Agile risk management
  • Incremental and iterative software development lifecycle management
  •  Frequent release management
  • And more!

3 days virtual (Zoom) with group exercises, quizzes, examples, Q&A.

Lead Instructor: Mike Russell

Next public offerings:

  • Americas: 11-13 February 2025
  • EU/Eastern Europe/Middle East/Africa/Atlantic/eastern South America: 18-20 February 2025
  • Southern Central Northeastern Pacific: 24-26 February 2025
Register using form at this link:     Agile Course Post Promo

 

IEC 62304 and other emerging standards for Medical Device and HealthIT Software

Our flagship course for preparing regulatory, quality, engineering, operations, and others for the activities and documentation expected for IEC 62304 conformance and for FDA expectations. The goal is to educate on the intent and purpose so that the participants are able to make informed decisions in the future.  Focus is not simply what the standard says, but what is meant and discuss examples and approaches one might implement to comply.  Special deep discount pricing available to FDA attendees and other regulators.

3-days onsite with group exercises, quizzes, examples, Q&A.

Instructor: Brian Pate

Next public offering:  TBD

Call or email now to schedule a private, in-house class. The fall schedule is filling up!

Email training@softwarecpr.com to request a special pre-registration discount.  Limited number of pre-registration coupons.

Registration Link:

TBD

 


 

Medical Device Cybersecurity (Public or Private)

This course takes a deep dive into the US FDA expectations for cybersecurity activities in the product development process with central focus on the cybersecurity risk analysis process. Overall approach will be tied to relevant standards and FDA guidance documentation. The course will follow the ISO 14971:2019 framework for overall structure but utilize IEC 62304, IEC 81001-5-1, and AAMI TIR57 for specific details regarding cybersecurity planning, risk characterization, threat modeling, and control strategies.

2-days onsite with group exercises, quizzes, examples, Q&A.

Instructor: Dr Peter Rech, 2nd instructor (optional)

Next public offering:  TBD

Corporate Office

15148 Springview St.
Tampa, FL 33624
USA
+1-781-721-2921
Partners located in the US (CA, FL, MA, MN, TX) and Canada.