Medical Devices

Home » Solutions » By Industry » Medical Devices

ALM for Medical Device Development


Medical Device development teams are faced with increased software complexity today when developing high quality devices. Software quality is a key differentiator for medical device manufacturers. Their quality regulations include traceability on requirements, methods, processes and tests used for developing and servicing their medical devices. More often than not full traceability is required to comply with development audits. In traditional development systems providing traceability means enormous costly manual work to find information in isolated issue trackers, shared folders, emails, version control repositories and on all change history.

codeBeamer’s security and process workflow features are designed to comply with regulations and standards defined by government agencies and the production industry. This includes codes of federal regulations (CFR’s) issued by the FDA, ISO and DIN industry standards. codeBeamer supports electronic records and electronic signatures as described in CFR 21 part 11 and quality assurance features according to CFR 21 part 820.

codeBeamer is a 100% web based solution that provides integrated document management, wiki and a wide range of collaboration features. Working progress and important project information is available in real-time to all project members.

ISO / IEC Standards for Software in Medical Devices Challenges

Medical device engineering requires achieving and proving compliance. When talking about software in these devices an important standard to start with is IEC 62304 (Medical Device Software – Life Cycle Processes) as it governs and describes software engineering-related matters.

But in order to develop medical devices and software, companies and engineers have to understand and adhere to several standards like ISO 13485 and ISO 14971 on one side, IEC 62304, ISO 60601/61010 and IEC 62366 on the other. It is important to know that some of these are not specific to software alone. ISO 13485 (Quality Management System) e.g. relates to design and also manufacturing of medical products in general. Additionally the Food and Drug Administration (FDA) or European Medical Device Directive add further requirements. See table at the end for a quick overview.

Overview of related standards The following figure gives a good overview of how some of the standards combine the fields of computer science and application lifecycle management with the fields of risk management, quality management, ergonomics and electrical engineering.


Applying codeBeamer to approach challenges

Medical device engineering teams are supported by codeBeamer with regard to the standards mentioned above in several ways:

  • codeBeamer satisfies ISO 13485 (quality management system) requirements for document control, control of records, product realization, identification and traceability and improvement
  • codeBeamer can satisfy ISO 14971 (risk management) with risk analysis, evaluation, control and reporting
  • Software development planning is achieved in codeBeamer via release and activity planning and scheduling, with complete traceability to requirements, test cases etc.
  • Software requirements analysis is supported by freely configurable requirements and specification document handling, where issues can be classified by category, safety level and more
  • Software integration and integration testing as well as system testing combined with defect management
  • Software error resolution handling by definable defects and change request workflows including impact analysis
  • Applying FMEA inside codeBeamer to handle software risk (failure mode) analysis
  • Software configuration management including change control and review processes with traceability from requirements to source code.
  • codeBeamer can be tailored to your organization’s specific needs as individual data structures, enforceable workflows and reporting can be configured.
  • Compliance can be achieved by the enforcement of individual processes inside codeBeamer, proving compliance by reporting and only a click away from an auditor’s demand because all data management has taken place in a central repository.
  • Improving collaboration between different groups increases productivity and quality at the same time, impact between work items can easily be analysed and notified.
  • Individual workflows for failure modes, visualization of dependencies between derived and linked artifacts and more can be applied to comply with your processes and to make these repeatable. Furthermore, all activities and changes are documented automatically and can be provided for audits.
  • Planning-related work items and providing impact analysis and notification for frequent changes on these enhances collaboration between otherwise separated groups such as risk managers, requirements engineers, and testers.

Intentionally, none of the industry’s standards are prescriptive so individual organizations can optimize their processes as they like and as they have done in the past. Therefore, different organizations create different demands for different audit trails. The overall solution relies upon codeBeamer’s configurability for involved artifacts and their relationship to provide any kind of traceability to achieve compliance with regulatory standards and your derived processes.

More challenges

Unfortunately, this figure is not yet complete as new standards for stand-alone software (IEC 82304) or provisions for health applications on smart/mobile devices (ISO 17522) and ISO/IEC 29119 for Software Testing are being developed.

Don’t we have enough standards already? Sure, we might be inclined to reply yes, but obviously ,the existing standards have either not been understood well, not defined with enough detail or not applied well enough as the increasing number of software related errors and recalls indicates.


The following lists presents a rough summary of standards around software for medical devices

  • ISO 13485 Quality System for medical devices industry – area of responsibility of quality manager, software project manager, CAPA experts should know about it
  • ISO 14971 Risk management for medical devices – area of responsibility of quality and risk manager, software project manager needs to interact
  • IEC 62304 Software lifecycle for medical devices – area of responsibility of software project manager but quality manager needs to interact
  • IEC 62366 Usability in medical devices – area of responsibility of software project manager, quality manager needs to be involved
  • IEC 60601-1 Programmable electric medical devices – area of responsibility of software project manager with regard to section 14, quality manager sould know about it as well

In any case, overall system quality is the responsibility of management and direction, but the success of any system lies in well trained individuals defining and applying the system, and collaborating via an adequate ALM system to achieve compliance with standards on an organizational level. It is often the quality manager’s role to ensure that all standards are well applied by people who fully comprehend them. While the software project manager’s role is to implement standards governing software with the help of the quality manager, the quality manager himself needs a broader view of the device, about its conception (non-software parts), and its lifecycle (further phases of the medical device’s lifecycle).

FMEA – Failure Mode and Effects Analysis

What is it?

FMEA is a widely used technique in various industries such as military, aerospace & defense, automotive and medical devices to manage risk by being preventive about failures. More specifically, FMEA means a qualitative (or, in the presence of historical data, quantitative) analysis of the root causes of failure modes and their effects. Applying FMEA is one of to the fundamental tasks when managing quality, reliability and safety are of major concern, which is certainly true for the above-mentioned industries. Having said this, it should be noted that it is not the only method to do so – FMEA is often combined with techniques such as Fault Tree Analysis and others.

Relevance for the medical device industry

The medical device industry is discussing FMEA specifically as part of risk management, quality assurance and CAPA (corrective action / preventive action) in several of the industry’s standards documents. Without intending to be cynical, risk management, FMEA and CAPA are great places for auditors to look for non-conformance.

Practical challenges of performing FMEA

A common way of applying FMEA is working with Microsoft Excel spreadsheets or specific reliability tools. These tools work very well stand-alone, but face their users with the challenge of versioning and the need to integrate with other systems. Deriving and linking new requirements specifications to mitigate risks, or creating specific tasks or test cases may pose problems. But management of related requirements and other artifacts usually takes places in different systems with their own separate databases, which adds to the overall complexity of any process. Obviously, data silos are not helpful when your processes require linking involved artifacts, and when everything needs to be documented and versioned across systems to provide accurate traceability and activity proof for auditors.

Applying codeBeamer to approach challenges

Conducting FMEA in codeBeamer provides widespread advantages to you and your organization:

  • Parallel access to your FMEA documents, versioning and electronic signature are just the beginning.
  • If you started your FMEA outside of codeBeamer and need to move data from spreadsheets to codeBeamer, CSV and Excel import help to do so.
  • Once working in codeBeamer, automatic calculations (e.g. risk priority numbers) and process enforcement can be handled within the system.
  • codeBeamer offers customizable failure mode workflows, dependency tracking and visualization (derived and linked artifacts) and more to ensure consistent process compliance. Changes and history are automatically documented to facilitate auditing.
  • Single repository to manage associations, changes, dependencies, and impact analysis. The common platform facilitates collaboration between otherwise separated groups such as risk managers, requirements engineers and testers.


Applying codeBeamer for FMEA does not deny the importance or usefulness of specific reliability tools, especially when integrated high-end statistics for the FMEA (quantitative analysis) are of importance. Instead of moving FMEA data completely into codeBeamer, alternative synchronized setups are also feasible.

Confused with similar terminology?

Things appear to be confusing because many more industry or context specific versions like FMECA, FMEDA, Process FMEA, System FMEA or Design FMEA etc exist. However, they all follow similar concepts of identifying and judging defects and failures as early as possible, when the costs of fixing defects with regard to safety, cost, performance, quality, reliability and reputation are significantly lower.

codeBeamer Disciplines and Benefits for Medical Device Engineering

  • Requirements Management (RM) With codeBeamer RM you can systematically manage initial and changing requirements for your software or hardware project. codeBeamer RM not only lets you specify, organize and document your requirements, but also serves as a central information repository for requirements attributes, status information and associations to tests, source code or regulatory documents.
  • QA & Test Management codeBeamer’s QA & Test Management module helps you to define test cases, to compose test sets and to execute tests on multiple hardware and software configurations. It gives full traceability by associating tests with requirements and releases. It enables test result data drilling with coverage analysis and customizable dashboards.
  • Regulations and Standards Compliance codeBeamer’s wide range of security and process workflow features are designed to comply with regulations and standards defined by government agencies and the production industry. This includes codes of federal regulations (CFR) issued by the FDA or USDA and current ISO or DIN norms for the manufacturing industry.
  • Best Practices codeBeamer’s customizable workflows and processes can easily be configured to support your company’s standard operating procedures (SOP) and current good manufacturing practices (CGMP). Once implemented, SOPs and CGMPs are automatically followed and audits become less scary. Design control assures high product quality, less errors and reduced project costs.
  • Security and Approval Workflows codeBeamer provides project- and role-based security features. Projects serve as secure working environments where access permissions can be set on different layers and granularity. Freely customizable approval workflows with optional electronic signature ensure that important documents and specifications are reviewed before being published.
  • Link Requirements to Tests and Derive Actionable Work Items Clearly specifying your requirements is only the beginning of the work. codeBeamer will also help you to connect actual feature requests, change requests, tasks, defects and test cases to the requirements captured. Both the requirements and the actionable work items can be organized into hierarchies in order to better model the problem domain.
  • Baselines Using baselines you can make lightweight snapshots of the whole specification, including wiki pages, documents, images, attachments and all other types of artifacts. This is the primary means for versioning the states of the rapidly changing requirement specification, along its evolution. The baselines are optimal for comparing two states of documentation, computing deviation between two states, for audit purposes, and for certification for an approval.
  • Document Management with ISO 9001:2008 compliance codeBeamer satisfies requirements of the ISO 9001:2008 standard, from a content management point of view. codeBeamer enables accurate versioning of content, periodic document reviews, approval workflows, complete trace of changes, full text searchability and content consistency via baselining, among others.
  • End-to-End Traceability Due to codeBeamer’s flexible data model and artifact linking capability, the whole lifecycle of your product can be precisely tracked from requirement capture phase, through development and test, until release.
  • Configurable and Extendable codeBeamer is not a static platform. Intland intended to build flexibility into the product right from the beginning by offering configuration for work item data types, workflows etc in a graphical user interface to adapt to an organization’s need and not vice versa. Using its API (Application Programming Interface), codeBeamer can be easily extended beyond this configuration level, customized and integrated with your own applications, third party tools and services.
  • Lower Costs codeBeamer’s features for requirements management, design control and document management ensure early detection of errors, following of best practices and therefore reduce the overall costs of the project.