Lectures for December 18th 2014

18/12/2014
Groups
Standards in Software Quality
Assurance
(Medical Devices)
CS4271
Dr Val Casey
Lecturer
Lero – The Irish Software Engineering Research Centre &
Computer Science & Information Systems Department
University of Limerick
Ireland
Lecture Dates
We have lectures today Thursday 18th (I will be giving
out the 2nd Project for this module shortly) &
Tomorrow Friday 19th (1st Project for this module is
due)
Christmas Break
After Christmas we have lectures on Thursday and
Friday 8th & 9th of January
Final week of module we have lectures on Thursday
and Friday 15th & 16th of January (2nd Project for this
module is due)
Lero University of Limerick
Ireland
Relevant Medical Device Standards
Can you sit in your groups as it
will facilitate the work we are
going to do today
Lero University of Limerick
Ireland
Results For This Semester
Has everyone in the class got a UL student ID
Number?
If you don’t have a UL ID you need to get it
sorted out THIS MORNING
I need to have ALL Your UL ID Numbers as I will
have to add your grades for the last module
CS4261 - FOUNDATIONS OF SOFTWARE TESTING
to the UL System
Once I have your 1st projects corrected and we
have the results from the repeats of the ISTQB I
will be able to do this
This all has to be done before the 8th of January
when we get back from the Christmas Break
Lero University of Limerick
Ireland
Relevant Standards & Regulations
 IEC 62304:2006 – Medical Device Software –
Software Lifecycle Processes
 IEC 60601-1:2005 - Medical Electrical Equipment - Part 1:
General Requirements For Safety
 ISO 13485:2003 – Medical Devices – Quality
Management Systems – System Requirements for
Regulatory Purpose (EN ISO 13485:2012)
 IEC 61508:2010 - Functional safety electrical
/electronic/programmable electronic safety-related systems
 ISO 14971:2007 – Medical devices – Application of
risk management to medical devices
 MDD 93/42/EEC - Council Directive 9 Of 14 June 1993
Concerning Medical Devices 93/42/EEC
 AIMD 90/385/EEC - The Council Directive 90/385/EEC On Active
Implantable Medical Devices
 IEC TR 80002-1:2009 – Medical device software.
Guidance on the application of ISO 14971 to
medical device software
 IVDD 98/79/EC - In Vitro Diagnostic Medical Devices Directive
 IEC 62366:2007 – Medical devices – Application of
Usability to medical devices
 21 CFR Part 820 - Quality System Regulation
Lero University of Limerick
Ireland
 2007/47/EC - Directive 2007/47/EC Of The European Parliament
And Of The Council ( Amending Directive)
Lero University of Limerick
Ireland
1
18/12/2014
EN ISO 13485:2012
• Last week we started to review ISO 13485 in detail
Standards in Software Quality
Assurance
(Medical Devices)
CS4271
Dr Val Casey
Lecturer
Lero – The Irish Software Engineering Research Centre &
Computer Science & Information Systems Department
University of Limerick
Ireland
EN ISO 13485:2012
• This included a review of the new Forward and
Annexes of EN ISO 13485:2012
• In the context of the “Relationship between this
European Standard and the Conformity
Assessment of”:
• Annex ZA Requirements of EU Directive
90/385/EEC (Active Implantable Medical Devices)
• Annex ZB Requirements of EU Directive
93/42/EEC (Concerning Medical Devices)
• Annex ZC Requirements of EU Directive 98/79/EC
(In Vitro Diagnostic Medical Devices Directive)
Lero University of Limerick
Ireland
ISO/TR 14969:2004
• As I stated the current version of the international
standard is ISO 13485:2003 but the latest European
Version of the Standard is: EN ISO 13485:2012
• The Irish version of the standard is: IS EN ISO
13485:2012 (IS =Irish Standard) EN (European Norm)
which you have access to through the UL Library
• We discussed the relationship of ISO 13485 to ISO
9001 at considerable length
• We also discussed the difference between ISO
13485:2003 & EN ISO 13485:2012
Lero University of Limerick
Ireland
ISO/TR 14969:2004
I mentioned that there was a technical report
“intended to provide guidance for the
application of ISO 13485“
It is called ISO/TR 14969:2004
It does not add to or otherwise change the
requirements of ISO 13485
The guidance it provides can be used to better
understand the requirements of ISO 13485 an
to illustrate some of the variety of methods
and approaches available for meeting its
requirements
Lero University of Limerick
Ireland
ISO/TR 14969:2004
ISO/TR 14969:2004 describes itself in the
following terms as providing:
“guidance to assist in the development,
implementation and maintenance of quality
management systems that aim to meet the
requirements of ISO 13485 for organizations
that design and develop, produce, install and
service medical devices...”
Lero University of Limerick
Ireland
Lero University of Limerick
Ireland
2
18/12/2014
EN ISO 13485:2012
Medical Devices
We will now pick up where we finished off on
Friday afternoon
To do this we will start by having a quick review
of the main sections of EN ISO 13485:2012
We will then very briefly look at the primary
content of the sections we have already
covered
Then review the structure of Section 7 and go
over it in detail
We will do the same for the rest of the standard
Foundations of Software Testing
Lero & University of Limerick
Ireland
Foundations of Software Testing
Lero & University of Limerick
Ireland
EN ISO 13485:2012
Foundations of Software Testing
Lero & University of Limerick
Ireland
EN ISO 13485:2012
Foundations of Software Testing
Lero & University of Limerick
Ireland
EN ISO 13485:2012
Foundations of Software Testing
Lero & University of Limerick
Ireland
3
18/12/2014
ISO 13485:2003 & 21 CFR Part 820
As I mentioned the FDA do not recognize ISO
13485:2003
It does look like they are heading toward developing
some sort of official recognition of the standard
This is highlighted by their pilot program where the
FDA may accept a ISO 13485 audit
Your 2nd Project For This
Module
Despite this there are still specific gap between 21
CFR Part 820 and ISO 13485:2003
These are highlighted and compared in a white paper
Correspondence between ISO 13485:2003 & US
Quality Systems Regulation 21 CFR Part 820 (If you want
a copy bring in a USB stick and I will put it on)
Foundations of Software Testing
Lero & University of Limerick
Ireland
Your 2nd Project For This Module
Each Group will research and submit a report titled
"The Role and Importance of IEC 62304 to Medical
Device Software Development and Testing in
Particular”
Your report should include, but not be limited to:
Research and outline the development of international
standards in the context of medical device software
development and in particular with reference to IEC
62304 Medical device software - Software life cycle
processes
Based on your research discuss the importance and
focus of IEC 62304 in the context of medical device
software development
Lero University of Limerick
Ireland
Lero & University of Limerick
Ireland
Your 2nd Project For This Module
Outline the structure of the standard and discuss its
content, approach and level of abstraction
Identify relevant related standards and discuss their
importance and role in the context of IEC 62304
Critically evaluate the approach taken by IEC 62304 to
verification in general and the key aspects of software
testing in particular
Research and discuss the advantages and
disadvantages that IEC 62304:2006 provides
Based on your research outline areas which the next
release of the IEC 62304 standard are likely to address.
Lero University of Limerick
Ireland
Your 2nd Project For This Module
The report will be as follows:
It should be 8000 words in length or more for groups
of 4 (or 6000 for groups of 3 )
IEC 62366:2007
(BS EN 62366:2008)
It should have a minimum of 8 references.
References can be Numbered or the Harvard
Referencing method may be used
A soft and hard copy of the report is required to be
submitted
The Submission deadline for this project is 16.00 on
Friday 16th of January 2015
Lero University of Limerick
Ireland
Medical Devices
- Application of
Usability Engineering to Medical
Devices
Lero & University of Limerick
Ireland
4
18/12/2014
IEC 62366
• Use errors caused by inadequate medical device
usability have become an increasing cause for concern
Usability Engineering
What is Usability Engineering?
• Many of the medical devices developed without
applying a usability engineering process are nonintuitive, difficult to learn and to use
• Usability engineering is the discipline
based on an understanding of why people
make errors when using equipment
• The design of a usable medical device is a challenging
endeavour yet many organizations treat it as if it were
just “common sense”
• Seeks to minimise errors by good design
of the interface between users and the
equipment
• Where in fact the design of the user interface to achieve
adequate (safe) usability requires a very different skill
set than that of the technical implementation of that
interface
Lero University of Limerick
Ireland
IEC 62366 & ISO 14971
• ISO 14971 requires usability to be addressed:
• As source for identifying hazards and
hazardous situations
• In assessing and evaluating risks
• In reducing risks
• However ISO 14971 does not say how
• IEC 62366 addresses this
• Very important particular with regard to
software in medical devices
• https://www.youtube.com/watch?v=rPpc7VfJ5iQ
Lero University of Limerick
Ireland
IEC 62366
• IEC 62366:2007 (EN 62366: 2008 ) - Medical Devices
Application of Usability Engineering To Medical
Devices
• Covers basic usability processes and provides
direction how to:
• Identify usability risks
• Analyse and evaluate usability risks
• Reduce usability risks
• Key document: Usability Specification
• Identifies main functions
• Identifies user populations
• Identifies contexts of use
Lero University of Limerick
Ireland
Lero University of Limerick
Ireland
IEC 62366
IEC 62366
• Usability Specification
• The Usability Specification shall provide:
• Testable requirements for usability verification
• Testable requirements for usability of the primary
operating functions including criteria for
determining the adequacy of risk control
achieved by the Usability Engineering Process
• The manufacturer will prepare and maintain a
Usability Validation Plan
• The Usability Validation Plan will specify the
following:
Lero University of Limerick
Ireland
Lero University of Limerick
Ireland
5
18/12/2014
IEC 62366
• Any method used for validation of the usability of the
primary operating functions
• The criteria for determining successful validation of the
usability of the primary operating functions based on
the usability specification
• The involvement of representative intended users
• The Usability Validation Plan will address:
• Frequent use scenarios
• Reasonably foreseeable worst case use scenarios that
are identified in the usability specification
• The Usability Validation Plan will be recorded in
the Usability Engineering File
.
Lero University of Limerick
Ireland
6