Medical Device development teams are faced with increased software complexity today when developing high quality devices. Software quality is a key differentiator for medical device manufacturers. Their quality regulations include traceability on requirements, methods, processes and tests used for developing and servicing their medical devices. More often than not full traceability is required to comply with development audits. In traditional development systems providing traceability means enormous costly manual work to find information in isolated issue trackers, shared folders, emails, version control repositories and on all change history.
codeBeamer’s security and process workflow features are designed to comply with regulations and standards defined by government agencies and the production industry. This includes codes of federal regulations (CFR’s) issued by the FDA, ISO and DIN industry standards. codeBeamer supports electronic records and electronic signatures as described in CFR 21 part 11 and quality assurance features according to CFR 21 part 820.
codeBeamer is a 100% web based solution that provides integrated document management, wiki and a wide range of collaboration features. Working progress and important project information is available in real-time to all project members.
Medical device engineering requires achieving and proving compliance. When talking about software in these devices an important standard to start with is IEC 62304 (Medical Device Software – Life Cycle Processes) as it governs and describes software engineering-related matters.
But in order to develop medical devices and software, companies and engineers have to understand and adhere to several standards like ISO 13485 and ISO 14971 on one side, IEC 62304, ISO 60601/61010 and IEC 62366 on the other. It is important to know that some of these are not specific to software alone. ISO 13485 (Quality Management System) e.g. relates to design and also manufacturing of medical products in general. Additionally the Food and Drug Administration (FDA) or European Medical Device Directive add further requirements. See table at the end for a quick overview.
Overview of related standards The following figure gives a good overview of how some of the standards combine the fields of computer science and application lifecycle management with the fields of risk management, quality management, ergonomics and electrical engineering.
Medical device engineering teams are supported by codeBeamer with regard to the standards mentioned above in several ways:
Intentionally, none of the industry’s standards are prescriptive so individual organizations can optimize their processes as they like and as they have done in the past. Therefore, different organizations create different demands for different audit trails. The overall solution relies upon codeBeamer’s configurability for involved artifacts and their relationship to provide any kind of traceability to achieve compliance with regulatory standards and your derived processes.
Unfortunately, this figure is not yet complete as new standards for stand-alone software (IEC 82304) or provisions for health applications on smart/mobile devices (ISO 17522) and ISO/IEC 29119 for Software Testing are being developed.
Don’t we have enough standards already? Sure, we might be inclined to reply yes, but obviously ,the existing standards have either not been understood well, not defined with enough detail or not applied well enough as the increasing number of software related errors and recalls indicates.
The following lists presents a rough summary of standards around software for medical devices
In any case, overall system quality is the responsibility of management and direction, but the success of any system lies in well trained individuals defining and applying the system, and collaborating via an adequate ALM system to achieve compliance with standards on an organizational level. It is often the quality manager’s role to ensure that all standards are well applied by people who fully comprehend them. While the software project manager’s role is to implement standards governing software with the help of the quality manager, the quality manager himself needs a broader view of the device, about its conception (non-software parts), and its lifecycle (further phases of the medical device’s lifecycle).
FMEA is a widely used technique in various industries such as military, aerospace & defense, automotive and medical devices to manage risk by being preventive about failures. More specifically, FMEA means a qualitative (or, in the presence of historical data, quantitative) analysis of the root causes of failure modes and their effects. Applying FMEA is one of to the fundamental tasks when managing quality, reliability and safety are of major concern, which is certainly true for the above-mentioned industries. Having said this, it should be noted that it is not the only method to do so – FMEA is often combined with techniques such as Fault Tree Analysis and others.
The medical device industry is discussing FMEA specifically as part of risk management, quality assurance and CAPA (corrective action / preventive action) in several of the industry’s standards documents. Without intending to be cynical, risk management, FMEA and CAPA are great places for auditors to look for non-conformance.
A common way of applying FMEA is working with Microsoft Excel spreadsheets or specific reliability tools. These tools work very well stand-alone, but face their users with the challenge of versioning and the need to integrate with other systems. Deriving and linking new requirements specifications to mitigate risks, or creating specific tasks or test cases may pose problems. But management of related requirements and other artifacts usually takes places in different systems with their own separate databases, which adds to the overall complexity of any process. Obviously, data silos are not helpful when your processes require linking involved artifacts, and when everything needs to be documented and versioned across systems to provide accurate traceability and activity proof for auditors.
Conducting FMEA in codeBeamer provides widespread advantages to you and your organization:
Applying codeBeamer for FMEA does not deny the importance or usefulness of specific reliability tools, especially when integrated high-end statistics for the FMEA (quantitative analysis) are of importance. Instead of moving FMEA data completely into codeBeamer, alternative synchronized setups are also feasible.
Things appear to be confusing because many more industry or context specific versions like FMECA, FMEDA, Process FMEA, System FMEA or Design FMEA etc exist. However, they all follow similar concepts of identifying and judging defects and failures as early as possible, when the costs of fixing defects with regard to safety, cost, performance, quality, reliability and reputation are significantly lower.