03/12/2017 © Lero 2015 1

Regulated Software Research Centre

Approach to the Development of a Medical DeviceSoftware Quality Assurance Framework

03/12/2017 © Lero 2015 2

Andrzej Beniamin Bujok

Supervised by Dr. Fergal McCaffery,

Dr. Silvana Togneri MacMahon, Dr. Peadar Grant

03/12/2017 © Lero 2015 3

Overview

Research Motivation

Research Problem

Research Approach – Development of a Medical Device SQA Framework

Research Questions

Research Progress to Date

Future Research

Conclusions

03/12/2017 © Lero 2015 3

03/12/2017 © Lero 2015 4

Research Motivation Malfunctioning medical devices

can cause serious injury or death of patients

03/12/2017 © Lero 2015 403/12/2017 © Lero 2015 4

03/12/2017 © Lero 2015 5

Research Motivation

Adherence to regulations is required and thus there is need to be compliant with international standards to obtain CE mark

Despite certification there is increasing evidence of medical device recalls and adverse events due to software issues

03/12/2017 © Lero 2015 503/12/2017 © Lero 2015 5

03/12/2017 © Lero 2015 6

Research Problem

03/12/2017 © Lero 2015 6

with increased

Generic Software System

results innot detected

can cause

increase occurrence of

Software Failure

Resulting in Recalls

Complexity of Software

System along with Evolving

Life Cycle Processes

Software Failure

Resulting in Risk of Injury or Loss of Life

compared to

Insufficient Evolution of

SQA

has to comply with

Medical Device

Software System

to comply with

result in not detected

Unidentified SQA Require-

ments

to prevent

Regulations and Safety Require-

ments

03/12/2017 © Lero 2015 7

Research Approach – Development of a Medical Device SQA Framework

03/12/2017 7

Validation

Verification

Testing

*Vogel, D.A., 2010. Medical Device Software Verification, Validation, and Compliance. Artech House.

Ensuring the product meets specifications

Ensuring the product meets customers expectations

Verification and Validation integrated into Framework

03/12/2017 © Lero 2015 8

Research Approach – Development of a Medical Device SQA Framework

03/12/2017 © Lero 2015 8

Generic software testing and quality

standards from ISO/TC 210

Medical device software

development standards from

ISO/IEC JTC 1/SC7

Provide requirements

Provide requirements

ISO/IEC 29119:2013 Software Testing Part

1: Concepts and Definitions

ISO/IEC 29119:2013 Software Testing Part

2: Test processes

ISO/IEC 33063:2015 Process Assessment Model for Software

Testing

ISO 25000:2014 Systems and Software Quality

Requirements and Evaluation

ISO 25051:2014 Requirements for quality of Ready to Use Software Product and Instructions

for Testing

IEC 62304:2006 Medical device

software life-cycle processes

IEC/TR 80002-3:2014 Process reference model of medical

device software life-cycle processes

ISO 14971:2012 Application of risk

management to medical devices

03/12/2017 © Lero 2015 9

Research Questions

Overall research question:

“How can the development of a medical device software quality assurance framework assist software testing organisations in implementing medical device software verification, validation and testing best practices?”

Sub-questions:

1. “What are the challenges associated with generic and medical device software quality assurance?”

2. “Which international standards and which of their requirements should be taken into account for the development of a medical device software quality assurance framework?”

3. “To what degree does a medical device software quality assurance framework address the challenges in implementing verification, validation and testing best practices?”

03/12/2017 © Lero 2015 9

03/12/2017 © Lero 2015 10

Research Progress to Date – SQ1

„What are the challenges associated with generic and medical deviceSQA?”

Increasing extension and complexity of software systems increases the complexity of software testing including testing of interfaces, integration and documentation

From the software life-cycle processes perspective, testing is no longer performed only during the software implementation but also during the software requirements and design phases

03/12/2017 10

03/12/2017 © Lero 2015 11

Research Progress to Date – SQ2

“Which international standards and which of theirrequirements should be taken into account for thedevelopment of a medical device software qualityassurance framework?”

ISO/IEC/IEEE 29119 - Software and systems engineering – Software testing – Family of standards

– Part 1: Concepts and definitions

– Part 2: Test processes

– Part 3: Test documentation

– Part 4: Test techniques

ISO/IEC 33063: 2015 - Information technology -- Process assessment -- Process assessment model for software testing

03/12/2017 11

03/12/2017 © Lero 2015 12

Research Progress to Date – SQ2

According ISO/IEC/IEEE 29119, testing is founded on the regulatory situation that an organization is in

Medical device SQA framework – multi-layered test context diagram from ISO/IEC/IEEE 29119-1

03/12/2017 © Lero 2015 12

03/12/2017 © Lero 2015 13

Sample Mapping of ISO/IEC 33063 and IEC/TR 80002-3

High level mapping to examine how the software testing processes can be used in conjunction with software development processes

03/12/2017 © Lero 2015 13

Section Process ID Process Name Process Purpose Section Process Name Process Purpose

5.2 PG Organisational Test

Process Group

5.2.1 OT.1 Organisational Test

Process

The Purpose of the

organisational test process

is to develop, monitor

conformance and maintain

organisational test

specifications, such as the

organisational test policy

and organisational test

strategy.

4.1.1 Software

development

Planning

The purpose of software

development planning (IEC

62304, 5.1) is to establish a

plan for conducting the

activities of the software

development processes.

Annex E

E1.1

OT.2 Skill Development

Training Process

(Additional Process)

The purpose of the training

process is to provide the

organisation and project

with individuals who

possess the needed skills

and knowledge to perform

their roles effectively.

ISO/IEC 33063: 2015 (PAM) PD IEC/TR 80002-3:2014 (PRM)

The processes related to each other are introduced in the same line. The results of the mapping indicate the potential for detailed mapping and integration.

03/12/2017 © Lero 2015 14

Mapping of IEC 62304 and ISO/IEC/IEEE 29119-2

IEC 62304 does imply dependencies between processes – inputs of a process are generated by another process. Another mapping to examine the dependencies between the processes of ISO/IEC/IEEE 29119-2 and IEC 62304 in terms of input and output.

03/12/2017 © Lero 2015 14

The results of both mappings demonstrate a potential for integration their requirements into the framework

03/12/2017 © Lero 2015 15

Future Research

Development of the medical device SQA framework

– The review of literature and standards to be continued

– Low level mapping of IEC 62304 (IEC/TR 80002-3) and ISO/IEC/IEEE 29119-2 (ISO/IEC 33063)

– Mapping of other relevant standards to ISO/IEC/IEEE 29119-2

– Integration of relevant requirements into the medical device SQA framework

Validation of the medical device SQA framework

– Validation of the framework by experts from standards community

– Validation of the framework by software development organisation

03/12/2017 © Lero 2015 15

03/12/2017 © Lero 2015 16

Conclusions

The adverse events and rising recalls of medical devices due to software issues demonstrate the need for improvement of medical device SQA.

Standards related to generic and medical device software testing and quality can address identified SQA challenges.

There is no single standard that incorporates requirements addressing all identified SQA challenges.

The research approach is to identify relevant standards requirements and integrate them into a medical device SQA framework.

The purpose of the development of a medical device SQA framework is to improve medical device software quality, and possibly increase safety of patients and reduce recalls of medical devices with related costs.

03/12/2017 © Lero 2015 16

03/12/2017 © Lero 2015 17

andrzej.bujok@dkit.ieLinkedIn: Andrzej Bujok

This research is supported by Lero - the Irish Software Engineering Research Centre (http://www.lero.ie) grant 10/CE/I1855 and grant

13/RC/20194.