ISO 13485 for software outsourcing company

Talja

Starting to get Involved
Hello everyone,

Is there someone who has experience with implementing ISO 13485 in software outsourcing company?

Due to specific of work there are plenty of limitations and bottlenecks that cant be established in our company per requirements from the standard and I would like to consult how those issues were solved by others.

Would appreciate any help.
 

yodon

Leader
Super Moderator
We are a contract R&D shop doing both hardware and software and we're registered to 13485... I might be able to relate what we've done to the problems you're facing.

By and large, considering your "product" being "service" helps to keep things properly framed. It does get strange in some places.
 

Talja

Starting to get Involved
Hi yodin, :bigwave:
I would be more than happy if you could help me in finding some good quality literature, web resource that should help me to map the processes we have to requirements for medical devices QMS.

In our company there is no experts in this field and I am pioneer in this process.

The biggest pain I have is Infrastructure, Environment and Control of Production and service Provision. As there is no actually the real manufacturing process, we have offices, buildings and hardware with network infrastructure. How it should be mapped in order to cover requirements from iso?
 

Talja

Starting to get Involved
Thanks for replying!
So, we are outsourcing software development company. We have different clients that outsource development, testing, etc. mostly from USA and Europe. So we decided to certify 800people who works in healthcare domain in our company. But the challenge is that all projects are very different, some of the has shared responsibility with clients, some of them only responsibility on the client side and we act as augmentation of their teams.

The are main question that I have now:
1) how we have to create a medical device files for ~ 70 different projects?
2) how we can establish FMEA risk management, as usually we do not have whole picture of the product, we only contribute.
3) For the Control of Production and service Provision we decided to decribe the flow how the projects are working from the signing the contract and getting some basic requirements to closure of the project. Not sure if this is right way...

Can you advise something?Will appreciate your help ;)
 
A

Access2hc

very strange that your clients (whom i assume are all doing medical devices) are not imposing their requirements on your company.. (different type of concern :)

1. medical device file - one per product group, not necessarily per project
2. you have the part of the SRS/SDDS that was provided to you or you've created, you definitely have the code. therefore just do your part
3. control of production here does not mean the coding. (the code is the product). do you provide copies of your software in USB, CDs, in which you would have to replicate the software? if yes, then that becomes production.

Cheers,
Ee Bin
Access2hc
 

yodon

Leader
Super Moderator
Apologies, this apparently slipped through the cracks...

Thanks for replying!
So, we are outsourcing software development company. We have different clients that outsource development, testing, etc. mostly from USA and Europe. So we decided to certify 800people who works in healthcare domain in our company. But the challenge is that all projects are very different, some of the has shared responsibility with clients, some of them only responsibility on the client side and we act as augmentation of their teams.

The are main question that I have now:
1) how we have to create a medical device files for ~ 70 different projects?

*You* don't - that's the responsibility of the device manufacturer. Access2hc touched on this: your customers should be driving what's required from you. You can facilitate this by doing your work in compliance with, say, IEC 62304, providing (documentation) deliverables that are suitable for inclusion in the medical device file. This should all be worked out in the contract between you and your clients. (Again, you can help by understanding the standard and working through the process of defining who provides what).

2) how we can establish FMEA risk management, as usually we do not have whole picture of the product, we only contribute.

Indeed, you cannot! This has to be a collaborative effort with your customer. 62304 (and IEC 60101-1 section 14 for PEMS if applicable) define some generic risks that need to be addressed as part of risk management for the software aspects but you'll still need to work collaboratively to ensure things line up.

3) For the Control of Production and service Provision we decided to decribe the flow how the projects are working from the signing the contract and getting some basic requirements to closure of the project. Not sure if this is right way...

Agree generally with Access2hc's response and especially in terms of your limited responsibilities in this matter. Your customer, though, needs to define how they control matters to ensure the device production incorporates the correct version of the software. Again, though, that's out of your scope.
 
R

Rlizyani

ISO 13485 also requires developers to look closely at every decision made during the process of design and development. This process includes minimizing waste during testing anddevelopment as well as improving risk management
 

Lokus200

Starting to get Involved
I think for software development companies it is better to have a Software Development Procedure to cover 62304, this should come in addition to general Design and Development Procedure.
 
Top Bottom