SBS - The best value in QMS software

5.5.3 - Software Unit Acceptance Criteria (Risk Control Measures)

A

andypatkinson

#1
Hi,

When it comes to verifying our software units that contain a RCM, we use unit tests to evaluate the RCM implementation (is it present and working as expected) and where we cannot test for it (for one resaon or another) we verify by code inspection.

Does anyone see any probem with this?

I have heard from other medical device SW developers ('around town') that because the example in the standard says:

NOTE Examples of acceptance criteria are:
? does the software code implement requirements including RISK CONTROL measures?


That code inspection / review is the only acceptable verification method and that verifying RCMs with unit tests is not 'meeting the intent of the standard'. I have a hard itme accepting that - for me we're verifying that the RCM is present in the unit and I choose to do that by 1st, testing and 2nd, inspection (but only if I have to, i.e. I cannot test for it).

Am I on the money or really going against the 'intent of the standard'?

Thanks in advance......

Andy
 
Elsmar Forum Sponsor

yodon

Staff member
Super Moderator
#2
In general, I would agree that some requirements can only be verified through unit test (weak) or code inspection (weakest).

For risk controls, though, the expectation is that you demonstrate the control is available and effective at the time of need. It's clear that in some cases, demonstration could only be shown via unit-level testing. I would have a hard time defending verification of a risk control via code inspection - I don't think you could defend the effectiveness of the control.

Can you share a scenario where ONLY code inspection could verify a risk control?
 
A

andypatkinson

#3
Hi Yodon

Thanks for the reply.

The issue seems to be that because the example given in the standard talks about 'code', that the expected method of verifying this is via a code inspection, rather than testing. I agree that testing is a better method and is my preference.

Given that the standard talks about verifying risk control measures and traceability of requirements to tests, I don't see the point of section 5.5.3 and the focus on checking that a risk control measure had been implemented (if we're going to test for it before releasing the software, e.g. all verification will be completed before release).

Perhaps this is another example of a 62304 clause that if poorly written and simply causes confusion / misinterpretation.

Any further advice appreciated, Yodon

Regards, Andy
 

yodon

Staff member
Super Moderator
#4
I can't argue for the merits of the verbiage in the standard. :) But maybe some discussion can clarify what I believe the intent is (at least I can express my opinion).

5.5.2 is where you define how you establish verification methods for the units. Note that it's limited to class B and C (potential for patient injury). Note also that they explicitly indicate that there are other methods besides test for unit verification. For some units; e.g., those that are on one side of an interface, maybe you do some testing with a debugger to confirm the unit properly handles all data passed - both valid and invalid (something that should not be possible in normal operations).

5.5.3 establishes unit acceptance criteria and again only required for class B and C. If you have units that implement risk controls, the expectation, as I read, is that you do a code inspection to verify the implementation of the control. This is NOT requirements verification; this is how you accept the UNIT. This is a very low-level acceptance gate. The examples are quite appropriate for such a low-level verification: did you write the code per your standards, did you conform to the interface defined, etc.

So for class B and C software, if you have risk controls implemented in software, you're effectively saying that you are ensuring patients aren't harmed (or worse) via these controls and so the expectation is that you take extraordinary measures to ensure it's done right.

If you consider the 'V' model, you would have a low-level confirmation at the implementation level to confirm (via code inspection) that the risk control was implemented properly. (There's merit to this given testing can't or won't necessarily test every possible scenario.) Then moving up the food chain, once you get to the requirements level, you would have some type of functional testing to formally verify the risk control is effective.

Keep separate unit acceptance from requirements verification. Hope that makes sense.
 
Thread starter Similar threads Forum Replies Date
C Software Unit Acceptance Criteria (5.5.4) IEC 62304 - Medical Device Software Life Cycle Processes 3
I IEC 62304:2006 Definitions - Software System, a Software Element and Software Unit IEC 62304 - Medical Device Software Life Cycle Processes 13
C 7.6 for a Software Company - Calibrating Unit Testing ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 7
E Any sample of a full software life cycle IEC 62304 report ( any class )? IEC 62304 - Medical Device Software Life Cycle Processes 1
Q ISO 13485 7.5.6 Validation - Off the shelf Software ISO 13485:2016 - Medical Device Quality Management Systems 3
M ERP / QMS related software standards for Validation IEC 62304 - Medical Device Software Life Cycle Processes 6
J Do Software Subcontractors need to be ISO13485 compliant in the EU? EU Medical Device Regulations 3
D Safety data sheets software REACH and RoHS Conversations 2
N What are the software audit and control steps Reliability Analysis - Predictions, Testing and Standards 2
N Validating Software before getting approved as Class 2 device US Food and Drug Administration (FDA) 5
M Clinical Decision Support Software Question 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 2
P Missing 1m visual alarm signal in case of software/display failure, mitigation? ISO 14971 - Medical Device Risk Management 3
B Software service provider as critical supplier ISO 13485:2016 - Medical Device Quality Management Systems 4
S Asterisk in DOE minitab software Using Minitab Software 23
M Surgical angle measurement guide device with an application software Medical Device and FDA Regulations and Standards News 1
M Advice needed for SEH Compliance Software and ISNETWord Compatabiliy Occupational Health & Safety Management Standards 2
bruceian Software Quality Metrics Software Quality Assurance 11
optomist1 How Secure Are Our Software Systems Software Quality Assurance 7
M 'Active' device? Software/laptop with attached camera 'looking' at passive metal probe EU Medical Device Regulations 3
D Software validation team Misc. Quality Assurance and Business Systems Related Topics 3
O Any info on release date of FDA “Computer Software Assurance for Manufacturing and Quality System Software” document? 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 0
L Radiology software Class I exemption Medical Device and FDA Regulations and Standards News 3
O Software for comparing text of PDF files Contract Review Process 2
J Implementing an ISO 13485 QMS Software ISO 13485:2016 - Medical Device Quality Management Systems 6
K Software Updates in the Field and ISO scope ISO 13485:2016 - Medical Device Quality Management Systems 2
M Recurrent event analysis software (python) General Auditing Discussions 2
Y UL 1998 Standard: software classes Software Quality Assurance 0
P Need a programmer for QVI's VMS software for optical inspection machine Inspection, Prints (Drawings), Testing, Sampling and Related Topics 0
S IEC 62304 software costs and time Medical Device and FDA Regulations and Standards News 3
S IEC 62304 - Software verification cost IEC 62304 - Medical Device Software Life Cycle Processes 3
Sravan Manchikanti Software Risk Management & probability of occurrence as per IEC 62304 IEC 62304 - Medical Device Software Life Cycle Processes 8
I Form templates for software (iso9001) Document Control Systems, Procedures, Forms and Templates 0
H Software Interface Translation IVD Regulation EU Medical Device Regulations 0
C 8.5.1.1 Control of Equipment, Tools, and Software Programs - Questions about the extent of control of NC programs AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 5
M IEC 62304 Software changes - Minor labeling changes on the GUI IEC 62304 - Medical Device Software Life Cycle Processes 3
silentmonkey Rationalising the level of effort and depth of software validation based on risk ISO 13485:2016 - Medical Device Quality Management Systems 10
T Do I need a qualified compiler for class B software? IEC 62304 - Medical Device Software Life Cycle Processes 3
S Manufacturing Execution Systems Software Costs Manufacturing and Related Processes 0
E 13485:2016, Sections 4.1.6, 7.5.6 and 7.6 - Validation of Software - Need some Advice please ISO 13485:2016 - Medical Device Quality Management Systems 3
R Medical Device Software Certification IEC 62304 - Medical Device Software Life Cycle Processes 1
S HIPAA-compliant monitoring software (advice needed) Hospitals, Clinics & other Health Care Providers 1
A Software bug fixes after shipping a product EU Medical Device Regulations 3
J Medical software Patient outcome Medical Information Technology, Medical Software and Health Informatics 2
F Grand Avenue Software, Q-Pulse or Qualio - which for a full eQMS? Medical Information Technology, Medical Software and Health Informatics 1
K SOUP (Software of Unknown Provenance) Anomaly Documentation IEC 62304 - Medical Device Software Life Cycle Processes 2
Q Storing and developing SAMD (Software as a Medical Device) in the Cloud IEC 62304 - Medical Device Software Life Cycle Processes 3
I Old Time Scatter diagrams for defect type and location- software Quality Tools, Improvement and Analysis 7
SocalSurfer AS9100 new certificate, but need QMS software, help Quality Assurance and Compliance Software Tools and Solutions 2
C Is my software an accessory? Telecommunication between HCP and patients EU Medical Device Regulations 10
K Verify Software Architecture - supporting interfaces between items IEC 62304 - Medical Device Software Life Cycle Processes 2

Similar threads

Top Bottom