Do I need a qualified compiler for class B software?

#1
I am developing firmware for a medical device which fulfills the criteria for class B software.

The firmware is written in C and C++, for which some vendors provide toolchains that have certification for many standards, including IEC 62304 (e.g. Arm Compiler, IAR EWB). So far, we have used the free non-certified GNU Arm Embedded Toolchain for development. The certified versions are proprietary and quite expensive, so we would prefer to avoid their use. Furthermore, I have never, in two years of development, come across a compiler bug.

My question is: will it be necessary to use a qualified compiler/toolchain (or qualify the compiler ourselves), or can we use a non-qualified compiler?

I believe that it is not the case that we require a qualified compiler (i.e. we don't need any special considerations other than documenting its version and how it integrates with out build process and perhaps including compiler bugs as part of our risk analysis), and I found a blog post (unfortunately, I am not allowed to post links) that says that it is only necessary for class C devices, but I am not entirely certain and I am looking for some confirmation.
 
Elsmar Forum Sponsor

yodon

Staff member
Super Moderator
#2
By "qualified" do you mean putting it through something like IQ/OQ/PQ? If that's what you mean then, I don't subscribe to qualifying compilers. The software testing that you will do will provide far better assurance of functioning software than any kind of qualification protocol.

Of course, all this is predicated on the assumption that your internal procedures don't drive any specific qualification actions. And it's not a bad idea to double-check the manufacturer's specs to ensure you have an environment (OS, RAM, etc.) compatible with the tool.

You do want to "qualify" a toolchain for the target environment; i.e., choose a suitable one, preferably one that is commonly used (and those you mention certainly are)

A bit off topic, but there's a little less clarity on whether compilers / IDEs should be considered SOUP. It's my position that if you're using the libraries provided by the tool then there is certainly an element of SOUP. So in addition to just documenting its version, you should consider risks from unexpected results or failure of SOUP and evaluate the known anomalies with SOUP (these are applicable to Class B and C).
 
#3
I suppose what I meant by "qualification" is any sort of process that would provide satisfactory assurance of the correctness and suitability of the compiler for regulatory compliance (such as compilation tests or compliance with e.g. IEC 62304 which the certified toolchains I mentioned provide).

The fact that you didn't mention these kind of tests or certification requirements, combined with the blog post I mentioned, puts me at ease with regard to the need for a certified toolchain. We will certainly include compiler errors in our risk analysis, although it seems like we should be able to assign them a very low probability.
 

Tidge

Quite Involved in Discussions
#4
Aside from the excellent point about (SOUP) libraries provided by @yodon , there are only two areas involving compilers which would motivate some discussion 'above and beyond' simply detailing the compiler used:

1) Configuration management / Lifecycle concerns for your software: You may establish a configuration management plan that implies (or states) that you could reconstruct an executable (or the like) from source files. This by itself would not require validation of the complier, but it would require you to document and archive the compiler used to create the executable that was subjected to software system testing. Vendor toolkits have a habit of vaporizing; you may need to archive license keys as well as the compiler sources.

2) Unit / Integration testing: If white/gray-box testing of code relies on specific features of the compiler (e.g. comparing different outputs when different compiler switches are used), The compiler really ought to be treated as any other tool, and be qualified. Having written that, it will be nearly impossible (for most medical device companies) to validate certain aspects of a compiler, so if that path is taken (for the Medical Device Software testing) you shouldn't put too much weight behind such results. I think that it is generally possible to construct a comprehensive test plan such that if low-level testing relies on the compiler, it would be possible to establish higher level (System) tests that provide the necessary confidence that the Medical Device Software is working as necessary.
 
Thread starter Similar threads Forum Replies Date
R Do we need issue ECN (Engineering Change Notice) towards updated Material Specification? Design and Development of Products and Processes 2
N IPC-A-630 - Is this free or do i really need to pay for it? Manufacturing and Related Processes 3
C ISO/ IEC 17021 Resource requirement (need help) Document Control Systems, Procedures, Forms and Templates 5
P Need a programmer for QVI's VMS software for optical inspection machine Inspection, Prints (Drawings), Testing, Sampling and Related Topics 0
silentmonkey How to decide what characteristics need to be verified during incoming inspection? ISO 13485:2016 - Medical Device Quality Management Systems 5
D Change Approval Requirements - Does every change need formal customer approval? Design and Development of Products and Processes 17
E 13485:2016, Sections 4.1.6, 7.5.6 and 7.6 - Validation of Software - Need some Advice please ISO 13485:2016 - Medical Device Quality Management Systems 2
C ISO 13485 :2016 - CAPA - Does every CAPA need to be checked by regulations? ISO 13485:2016 - Medical Device Quality Management Systems 9
L Proof of Concept Studies - Do we need to comply with SAE reporting? Medical Device and FDA Regulations and Standards News 3
gunnyshore Adding a new facility - do I need to submit an amendment to the MDL or MDEL, or both? Canada Medical Device Regulations 3
N FDA UDI - Label vs. Labeling - Does the insert need to include UDI? Other US Medical Device Regulations 0
SocalSurfer AS9100 new certificate, but need QMS software, help Quality Assurance and Compliance Software Tools and Solutions 2
A Demonstration of Equivalence - Need for comparing biological characteristics for an SamD EU Medical Device Regulations 1
G Need to change KPI we called NC parts (maximum 3%.) to FTQ (first time quality) IATF 16949 - Automotive Quality Systems Standard 4
W Need for current design or process control FMEA and Control Plans 2
L Turkish Requirements - Does the Software need to be translated? CE Marking (Conformité Européene) / CB Scheme 2
J Need for a cleanroom in the manufacture of a medical device for a clinical trial EU Medical Device Regulations 4
S Need help with analysing a survey on minitab Using Minitab Software 1
M IATF 16949 8.5.1.3 Verification of job set-ups - Do we need secondary check? IATF 16949 - Automotive Quality Systems Standard 7
P Electrosurgical Device User Need: Cord Flexibility -> Requirement Other Medical Device and Orthopedic Related Topics 4
P Do I need to get registered or have German entity to sell IVD products in Germany? CE Marking (Conformité Européene) / CB Scheme 2
J Documentation structure - Do I need Work Instructions? Document Control Systems, Procedures, Forms and Templates 23
G Need resources / tutorials about OPS (Operation) for ISO IT (Information Technology) Service Management 8
D Do non-IATF customers need to be included in audit scope? IATF 16949 - Automotive Quality Systems Standard 23
M Do you need an Applicable general safety and performance requirements Checklist? EU Medical Device Regulations 2
Y Does Solidworks (2D/3D drafting modules) need validation? Other Medical Device and Orthopedic Related Topics 5
M Do we need to create a new CER or can we just update the existing CER EU Medical Device Regulations 3
K A proposal for the model Quality Management - I need help for the project ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 3
B Record Management - Does the QMS need to control templates of records? Records and Data - Quality, Legal and Other Evidence 17
Q Need clarification on requirements.... Class i, gmp & 510(k) exempt Medical Device and FDA Regulations and Standards News 12
U Do we need clinical trial data for Class IIa medical device under MDR EU Medical Device Regulations 7
G Do we need to QA cert? We only plan to supply reagents Medical Device and FDA Regulations and Standards News 3
I MSA requirement for 5 Micrometers + CP changes need customer approval? IATF 16949 - Automotive Quality Systems Standard 2
R Evaluating the need for preventive action Preventive Action and Continuous Improvement 3
R Probability - Need a help to solve the below question Statistical Analysis Tools, Techniques and SPC 5
E In need of a new TGA sponsor - Small software company Other Medical Device Regulations World-Wide 4
8 Need Help - Runout - Function Gage Inspection, Prints (Drawings), Testing, Sampling and Related Topics 7
B Need For BIS Standard Mark? Imported OEM's Power supply,Li-Ion Battery Other Medical Device Regulations World-Wide 0
F How many signatures do we need on calibration certificates? ISO 17025 related Discussions 8
B We need a QMS: file-based templates or software Other Medical Device Related Standards 23
M AQL table - I need to sample 1250pcs AQL - Acceptable Quality Level 3
atitheya Need of conducting medical trials in European Union EU Medical Device Regulations 2
L Gage R&R studies for identical Devices - Need to confirm the requirement to perform them Reliability Analysis - Predictions, Testing and Standards 2
D Does every piece of equipment used in a laboratory need to have an IQ protocol written and executed? ISO 13485:2016 - Medical Device Quality Management Systems 1
I IATF16949 Audit Preparation, Need "searchable" ANPQP 3.1 or latest IATF 16949 - Automotive Quality Systems Standard 1
A Does Class 1 Medical Device need to be certified to MDSAP? Canada Medical Device Regulations 5
S New to FAIR, need help in filling it out AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 8
S ISO 9001:2015 & ISO 14001:2015 - I need a format for Design & Development planning ISO 14001:2015 Specific Discussions 2
M Informational Some things the EU MDR 2017/745 does not tell you, but you may need to know to comply with it effectively – Part 1 Medical Device and FDA Regulations and Standards News 0
S NADCAP approval for Conventional Machining and Chemical processes - need assistance AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 10

Similar threads

Top Bottom