I am transitioning the organization towards state of the art mobile, cloud, and data driven medical systems with Agile processes that support new forms of healthcare delivery and user experiences. For me, speed of development and innovation delivery will be the new currency in the healthcare digital transformation. We needed a sophisticated tool that gave us the flexibility to model and manage the relationships that exist between customer needs, product requirements, product design, tests, source code, and verification and validation efforts. codeBeamer ALM was the only tool that allowed us to do that in a smooth way.
As an Application Lifecycle Management platform for medical device software development, codeBeamer ALM provides an efficient way to support and prove the use of mature medical technology development processes. It helps achieve compliance with medical standards and regulations. Its TÜV “Trusted Tool” certification proves that codeBeamer adequately supports the implementation of mature and compliant lifecycle processes in the development of digital healthcare products.
Software quality, safety and reliability are crucial when it comes to medical device systems development. Relevant quality regulations stipulated by IEC 62304, IEC 60601, ISO 14971 and other ISO/IEC/FDA standards demand:
- complete traceability of requirements all the way through to product release
- the enforcement of mature and transparent methods and processes throughout the lifecycle
- adequate testing and risk management measures
- the comprehensive documentation of lifecycle processes and activities for compliance audits.
Challenges of Compliance in Medical Device Development
Compliance with relevant medical industry standards proves the safety and reliability of healthcare technology products, and may be a prerequisite to entering the market. One of the most important standards is IEC 62304 (Medical Device Software – Life Cycle Processes) which governs and describes software engineering for medical devices.
Companies and engineers operating in the medical technology sector have to understand and adhere to several other standards. These include ISO 13485 (quality management) and ISO 14971 (risk management), IEC 62304, ISO 60601/61010 (safety and performance) and IEC 62366 (usability engineering). Some of these regulations are not specific to software alone. ISO 13485 (Quality Management System), for example, relates to the design and also the manufacturing of medical products in general. Additionally, the Food and Drug Administration (FDA) or European Medical Device Directive may add further requirements. FDA’s Code of Federal Regulations’ Title 21 adds a number of other requirements (such as Part 11 about e-signatures, or Part 820 about Quality Systems Regulations).
Intland’s Medical IEC 62304 & ISO 14971 Template
Intland’s Medical IEC 62304 & ISO 14971 Template leverages the lifecycle-wide capabilities of codeBeamer ALM to help cut development time and costs while ensuring high product quality in the development of medical technology. The template comes with preconfigured but flexibly customizable artifacts and processes, letting you tailor the platform to your processes to support efficient development and compliance with medical standards and regulations.
codeBeamer ALM offers gapless traceability from requirements to release, rigorous process control, security, and process workflow features. It provides electronic records and e-signatures, advanced risk management, quality assurance, and all-round analytics & reporting features.
Used with this template, codeBeamer ALM helps you achieve compliance with IEC 62304, IEC 60601, Title 21 CFR Part 11 (FDA), ISO 14971, and lets you conduct Failure Mode and Effects Analysis (FMEA) out of the box.
codeBeamer ALM’s Features for Medical Development
Intland’s Medical IEC 62304 & ISO 14971 Template comes with preconfigured medical requirements trackers to enable you to specify, collaborate on, and document your requirements. These artifacts may be further customized, letting you manage both initial and changing requirements, with all changes being automatically logged and displayed on each work item. codeBeamer’s integrated architecture & single repository allow you to conveniently establish links between requirements, source code and test cases as well as regulatory documents. The Traceability Browser lets you simply visualize links between artifacts, and easily pull & export traceability reports for compliance audits.
Software development features are integrated in the ALM functionality, so end-to-end traceability between requirements or user stories, tasks, source code, test cases and releases is ensured. codeBeamer’s release management functionality allows you to plan activities, iterations and releases (milestones, versions), with time and effort estimates added. Statistics and Gantt charts help you monitor the progress of all development streams. Waterfall, Agile, Hybrid, and scaled Agile (via SAFe®) development methods may be applied or combined even within a single project.
codeBeamer’s advanced workflow engine lets you define and enforce complex workflows with role or member-based access control, and guards with e-signatures for approval management (compliant with Title 21 CFR Part 11). To prove that process enforcement has been ensured during development, the visualized workflow can be exported conveniently, and global Audit Trail Reports help you report on any and all user activities in your projects. A complete change history (timestamp, member, action) is recorded on all work items in human readable format. User logins and logouts are recorded as well as e-signatures and approval data, and comprehensive reports on lifecycle activities can be easily exported and shared with auditors.
Risk management is supported by predefined, but flexibly configurable medical risk trackers. These trackers can store all risk-relevant data such as severity, likelihood, current risk controls, planned mitigation actions, etc. Links between risks and requirements may be established, and the overall risk level visualized using highly configurable Risk Matrix Diagrams. After risk prioritization, requirements can be derived from risks, and assigned to team members, with complete traceability maintained.
To further support your hazard management efforts, a preconfigured Failure Mode and Effects Analysis (FMEA) feature set is available in codeBeamer ALM, and may be used out of the box with no further configuration necessary (but possible). It allows you to identify, define, and control the mitigation of risks, while ensuring traceability between requirements, failure modes, and test cases. Risk Matrix Diagrams visualize your overall risk levels, and Risk Priority Numbers are calculated automatically. codeBeamer’s FMEA functionality comes with a comprehensive guide to conducting Failure Mode and Effects Analysis, and offers a complete FMEA Worksheet that may be exported in several formats.
codeBeamer’s QA & Testing functionality lets you define test cases (which may be simply generated from requirements), organize them into test sets, save them in test libraries for later re-use, execute test runs on multiple hardware and software configurations manually or automatically, and conveniently report bugs. Parameterized testing is supported. Due to codeBeamer’s complete integration and end-to-end traceability, requirements-based testing is supported, and a Test Coverage Browser is available to visualize the coverage of requirements with test cases. Automated testing can be executed via codeBeamer’s integration with Jenkins.
The medical wiki fully supports compliance with IEC 62304 as its contents cover the standard’s requirements, provide users with domain knowledge, and support the application of rules throughout the entire development lifecycle. codeBeamer’s Documents tracker satisfies the requirements of ISO 9001:2008 and can be used to store and manage all documents (with a complete version history, and full text search), providing your teams with a single source of truth, and facilitating compliance audits.
Using baselines, you can create lightweight snapshots of the current state of all your artifacts. All details of your work items including wiki pages, documents, images, attachments, comments etc. can be saved in baselines that may be compared or browsed any time. This is the primary means for versioning the states of rapidly changing requirement specifications along the process of their evolution.
Overview of Key Medical Standards
codeBeamer ALM supports compliance with the following standards that apply to the development of medical devices:
IEC 62304 is an international standard (harmonized by the EU and the US) that specifies the requirements of software lifecycle processes in the development of medical software and software embedded in medical devices. The primary aim of this standard is to ensure the safety of medical devices & medical software. The standard also regulates the use of software of unknown pedigree (SOUP) based on a risk-driven decision process.
Intland’s Medical IEC 62304 & ISO 14971 Template is configured to support compliance with IEC 62304 among other standards. It contains specific medical trackers, features such as the Traceability Browser that help ensure, visualize and prove gapless end-to-end traceability, and advanced risk management functionality. Dependencies between items such as requirements, risks and test cases are also recorded. Intland’s Medical IEC 62304 & ISO 14971 Template also supports the use of workflows to enforce processes and manage approvals (sign-offs with e-signatures), and offers convenient reporting functionality to facilitate compliance audits.
Title 21 CFR Part 11 (FDA) refers to the part of the US Food and Drug Administration’s Code of Federal Regulations that governs electronic records and e-signatures used in medical device development. More specifically, Part 11 regulates the requirements based on which electronic records or electronic signatures are considered reliable and equivalent to wet ink signatures. It applies to the management (controls, audit trails, system validation, documentation and e-signatures) of electronic data that is used to prove compliance with other FDA regulations.
codeBeamer ALM supports compliance with Title 21 CFR Part 11 (FDA) by offering flexibly configurable e-signatures that adhere to the requirements of the standard. codeBeamer manages and records relationships between different work items, and its central repository logs all changes to each artifact. Changes may be controlled via role- or member-based access control, and workflows with guards requiring authentication (e-signature). Each change will be recorded with all relevant details (providing a full change history on all items), and may be browsed or reported any time later on.
ISO 14971 lays out a process for identifying, analyzing & evaluating, and controlling (reducing or mitigating) the risks associated with medical devices, as well as for monitoring the effectiveness of these risk control measures. The standard applies to all stages of the development lifecycle, requiring developers to specify, execute and report on the risk control process throughout the lifecycle.
codeBeamer’s risk-related capabilities allow you to define your risk management process, from identification, assessment, and hazard analysis, risk reduction & mitigation planning, all the way through to documentation and reporting. Through its risk trackers and preconfigured FMEA functionality, codeBeamer ALM helps keep track of failure modes and risks, implement risk control measures, and report on the coverage of risks with reduction/mitigation actions. The initial risk level, as well as the risk level after risk control measures can both be visualized using Risk Matrix Diagrams. Traceability is maintained throughout the risk control lifecycle, and all risk management processes and actions may be conveniently monitored and documented using dashboards, wikis and documents.
IEC 60601 is actually a collection of standards rather than one standard, all of which aim to govern the safety and effectiveness of medical electrical equipment. IEC 60601-1, the first part of the standard titled Part 1 – General requirements for basic safety and essential performance is the section that gives general guidance on the requirements of the standard, and also contains a part (section 14) on software used in medical devices. The standard IEC 60601-1 is internationally recognized, and compliance with it (or similar national versions of it) is a great step towards the (pre-market) approval of medical devices. Thus, even though it’s not mandated everywhere, it’s generally considered a required standard for most medical device developers, wherever they operate.
codeBeamer’s advanced capabilities don’t just support software development: they help you manage the complexity of the medical product development lifecycle. As such, its capabilities around risk management & risk coverage analysis, collaboration, traceability, documents management, and workflows are able to aptly support any kind of complex product development process. For instance, you can configure codeBeamer ALM so that certain actions (e.g. adding a new requirement) automatically trigger the creation of specified work items (risks and test cases, for example). This helps make sure that all potential risks are controlled, so as to ensure the safety and reliability of the end product. Therefore, codeBeamer can be efficiently used in facilitating compliance with complex standards such as IEC 60601.
Our medical customers include
Our medical case studies
Download our medical brochure
If you’d like to know more about Intland’s Medical IEC 62304 & ISO 14971 Template, please fill in the following form to download our PDF brochure free of charge: