ALM for Medical Device Development

Compliance with IEC 62304, Title 21 CFR Part 11 (FDA), ISO 14971, IEC 60601 and more

solutions-medical-1 ALM for Medical Device Development Medical device and health software development teams are faced with increased product and software complexity, and increasingly stringent regulations. In such a highly regulated environment, finding an efficient way to ensure and prove compliance with relevant standards is vital.

Software quality, safety and reliability are crucial when it comes to medical systems development. Relevant quality regulations stipulated by standards such as IEC 62304 and FDA’s Title 21 Code of Federal Regulations Part 11 among others demand:

  • traceability on requirements
  • the enforcement of transparent & effective methods and processes, and
  • adequate testing and risk management measures

in the development and servicing of medical devices. Complete traceability is one of the most important requisites to compliance with relevant ISO/IEC/FDA standards. In traditional development systems, ensuring and proving traceability means enormous amounts of costly manual work.

Intland’s Medical IEC 62304 Template, developed in collaboration with adesso AG, helps cut the time, effort end costs necessary to ensuring traceability, and compliance with relevant medical regulations.

Intland’s Medical IEC 62304 Template

The advanced capabilities of codeBeamer ALM, leveraged by Intland’s Medical IEC 62304 Template, help ensure and conveniently prove traceability, and satisfy further requirements of various medical industry standards to facilitate compliance in the development of health software.

safety-standards-medical ALM for Medical Device Development

Intland’s Medical IEC 62304 Template includes functionality to support compliance with IEC 62304, IEC 60601, Title 21 CFR Part 11 (FDA), and ISO 14971, and lets you conduct Failure Mode and Effects Analysis (FMEA) out of the box. You can easily tailor the template to suit your internal processes in order to facilitate compliance with medical standards.

codeBeamer’s Features for Medical Development

Medical Requirements Management

Intland’s Medical IEC 62304 Template comes with preconfigured medical requirements trackers to allow you to specify, collaborate on, and document your requirements. These artifacts may be further customized, and let you manage both initial and changing requirements, with all changes being logged and displayed on each work item. codeBeamer’s integrated architecture & single repository let you conveniently establish links between requirements, source code and test cases as well as regulatory documents. The Traceability Browser allows you to simply visualize, and easily pull & export traceability reports for compliance audits.

Medical Software Development & Release Management

Software development is integrated in the lifecycle, so end-to-end traceability between requirements (or user stories), tasks, source code, test cases and releases is ensured. codeBeamer’s release management functionality allows you to plan activities, iterations and releases (milestones, versions), with time and effort estimates added, and monitor the progress of all development streams. Waterfall, Agile and Hybrid development methods may be applied even within a single project.

Security and Approval Workflows with e-signatures

codeBeamer’s advanced workflow engine lets you define and enforce complex workflows with role or member-based access control, and guards with (FDA compliant) e-signatures for approval management. To prove that process enforcement has been ensured during development, the visualized workflow can be exported conveniently. Complete change history on all work items also logs signatures and approval data (timestamp, member, action) in human readable format.

Medical Risk Management

Risk Management is supported by predefined, but flexibly configurable medical risk trackers. These trackers can store all risk-relevant data such as severity, likelihood, current risk controls, planned mitigation actions, etc. Links between risks and requirements may be established, and the overall risk level visualized using highly configurable Risk Matrix Diagrams. After risk prioritization, requirements can be derived from risks, and assigned to team members, with complete traceability maintained.

Failure Mode and Effects Analysis Template

To further support your medical risk management efforts and to help compliance with ISO 14971, preconfigured risk trackers and a Failure Mode and Effects Analysis (FMEA) functionality is available in codeBeamer ALM, and may be used out of the box with no further configuration necessary (but possible). It allows you to identify, define, and control the mitigation of risks, while ensuring traceability between requirements, risks, and test cases. Risk Matrix Diagrams visualize your overall risk levels, and Risk Priority Numbers are calculated automatically. The FMEA feature set comes with a comprehensive guide to conducting Failure Mode and Effects Analysis, and a complete FMEA Worksheet may be exported in several formats.

Medical Quality Assurance & Testing

codeBeamer’s QA & Testing functionality lets you define test cases (which may be simply generated from requirements), organize them into test sets, save them in test libraries for later re-use, execute test runs on multiple hardware and software configurations, and conveniently report bugs. Parameterized testing is supported. Due to the integration of QA & Testing in the overall development, complete traceability is ensured, and a Test Coverage Browser is available to visualize the coverage of requirements with test cases. Automated testing is supported via codeBeamer’s integration with Jenkins.

Medical Wiki, Document Management

The medical wiki fully supports compliance with IEC 62304 as its contents cover the standard’s requirements, provide users with domain knowledge, and support the application of rules throughout the entire development lifecycle. codeBeamer’s Documents tracker satisfies the requirements of ISO 9001:2008 and can be used to store and manage all documents (with a complete version history, and full text searchability), providing your teams with a single source of truth, and facilitating compliance audits.


Using baselines, you can create lightweight snapshots of the current state of all your artifacts. All details of your work items including wiki pages, documents, images, attachments, comments etc. can be saved in baselines that may be compared later on. This is the primary means for versioning the states of rapidly changing requirement specifications along the process of their evolution.

Challenges of Standards Compliance in Medical Device Development

Compliance with relevant industry standards isn’t only necessary to prove the safety and reliability of medical end products: in most cases, it is a prerequisite to entering the market. When talking about software in medical devices, one of the most important standards is IEC 62304 (Medical Device Software – Life Cycle Processes), as it governs and describes software engineering-related matters.

However, companies and engineers have to understand and adhere to several other standards such as ISO 13485 (quality management) and ISO 14971 (risk management) on one side, IEC 62304, ISO 60601/61010 (safety and performance) and IEC 62366 (usability engineering) on the other. It is important to know that some of these are not specific to software alone. ISO 13485 (Quality Management System), for example, relates to the design and also the manufacturing of medical products in general. Additionally, the Food and Drug Administration (FDA) or European Medical Device Directive add further requirements. See our table below for a quick overview.

Overview of related standards

The following illustration gives a good overview of how some of the standards combine the fields of computer science and Application Lifecycle Management with the fields of risk management, quality management, ergonomics and electrical engineering.

medical-figure-1 ALM for Medical Device Development
  • ISO 14971 is the standard that governs the requirements of risk management processes in medical device development.
  • The US Food and Drug Administration’s (FDA) Code of Federal Regulations' (CFR) Part 11 contains requirements for e-signatures used in medical device development, while Part 820 is known as the Quality System Regulation.
  • IEC 60601 is a collection of standards about the safety and effectiveness of medical electrical equipment. Part 1 is titled General requirements for basic safety and essential performance.
  • IEC 60601 is a collection of standards about the safety and effectiveness of medical electrical equipment. Part 2 contains standards about the basic safety and essential performance of particular types of medical equipment.
  • IEC 62304 is an important standard that specifies the requirements of software lifecycle processes in the development of medical software and software embedded in medical devices.

IEC 62304 (Medical Device Software – Life Cycle Processes)

IEC 62304 is an international standard (harmonized by the EU and the US) that specifies the requirements of software lifecycle processes in the development of medical software and software embedded in medical devices. The primary aim of this standard is to ensure the safety of medical devices & medical software. The standard also regulates the use of software of unknown pedigree (SOUP) based on a risk-driven decision process.

Intland’s Medical Template is customized for compliance with IEC 62304, among other standards. It contains specific medical trackers, features such as the Traceability Browser that help ensure, visualize and prove gapless end-to-end traceability, and advanced risk management functionality. Dependencies between items such as requirements, risks and test cases are also recorded. Intland’s Medical Template also supports the use of workflows to enforce processes and manage approvals (sign-offs with e-signatures), and offers convenient reporting functionality to facilitate IEC 62304 compliance audits.

FDA Title 21 Code of Federal Regulations Part 11

Title 21 CFR Part 11 (FDA) refers to the part of the US Food and Drug Administration’s Code of Federal Regulations that governs electronic records and e-signatures used in medical device development. More specifically, Part 11 regulates the requirements based on which electronic records or electronic signatures are considered reliable and equivalent to wet ink signatures. It applies to the management (controls, audit trails, system validation, documentation and e-signatures) of electronic data that is used to prove compliance with other FDA regulations.

codeBeamer supports compliance with FDA’s Title 21 CFR Part 11. It manages and records relationships between different work items, and its central repository logs all changes to each artifact. Changes may be controlled via role- or member-based access control, and workflows with guards requiring authentication (e-signature). Each change will be recorded with all relevant details (full change history on all items), and may be browsed or reported any time later on.

ISO 14971 (Application of Risk Management to Medical Devices)

ISO 14971 lays out a process for identifying, evaluating and reducing or mitigating the risks associated with medical devices, as well as for monitoring the effectiveness of these risk control measures. The standard applies to all stages of the development lifecycle, requiring developers to specify, execute and report on the risk control process throughout the lifecycle.

codeBeamer’s risk-related capabilities allow you to define your risk management process, from identification, assessment, and hazard analysis, risk reduction & mitigation planning, all the way through to documentation and reporting. Through its risk trackers and preconfigured FMEA template, codeBeamer ALM helps keep track of failure modes and risks, implement risk control measures, and report on the coverage of risks with reduction/mitigation actions. The initial risk level, as well as the risk level after risk control measures can both be visualized using Risk Matrix Diagrams. Traceability is maintained throughout the risk control lifecycle, and all risk management processes and actions may be conveniently monitored and documented using dashboards, wikis and documents.

IEC 60601 (Medical Electrical Equipment)

IEC 60601 is actually a collection of standards rather than one standard, all of which aim to govern the safety and effectiveness of medical electrical equipment. IEC 60601-1, the first part of the standard titled Part 1 – General requirements for basic safety and essential performance is the section that gives general guidance on the requirements of the standard, and also contains a part (section 14) on software used in medical devices.

The standard IEC 60601-1 is internationally recognized, and compliance with it (or similar national versions of it) is a great step towards the (pre-market) approval of medical devices. Thus, even though it’s not mandated everywhere, it’s generally considered a required standard for most medical device developers, wherever they operate.

codeBeamer’s advanced capabilities don’t just support software development: they help you manage the complexity of the medical product development lifecycle. As such, its capabilities around risk management & risk coverage analysis, collaboration, traceability, documents management, and workflows are able to aptly support any kind of complex product development process. For instance, you can configure codeBeamer ALM so that certain actions (e.g. adding a new requirement) automatically trigger the creation of specified work items (risks and test cases, for example). This helps make sure that all potential risks are controlled, so as to ensure the safety and reliability of the end product. Therefore, codeBeamer can be efficiently used in facilitating compliance with complex standards such as IEC 60601.

I am transitioning the organization towards state of the art mobile, cloud, and data driven medical systems with Agile processes that support new forms of healthcare delivery and user experiences. For me, speed of development and innovation delivery will be the new currency in the healthcare digital transformation. We needed a sophisticated tool that gave us the flexibility to model and manage the relationships that exist between customer needs, product requirements, product design, tests, source code, and verification and validation efforts. codeBeamer ALM was the only tool that allowed us to do that in a smooth way.
Sarb Singh-Kaur, Director of Patient Care Software, Medtronic Neuromodulation

Related case studies

Related posts

Related webinar recordings