Off-The Shelf Software..and Life Cycle Requirements for Medical Device Software.
Hi Folks,
I'm working with a company who are developing a medical device incorporating software. I've recently developed a series of design development procedures including procedures covering their internal software development environment However one of the areas that they want procedurised is a systematic approach to the qualification and approval of everything that might incorporate some software, and which is bought in from external sources. This could range from software tools such as compilers and debuggers which have could affect the quality of the software developed to code or firmware that actually gets embedded in the product, incl. operating systems, and hardware as well e.g. PIC's, microprocessors & comm's libraries, 3rd Party networking software, Vista, etc..
My thinking on this is to adopt a similar methodology to that I recommended for the development of their software development process -this is a multi- step phase review process starting off with a Quality Plan and Preliminary Risks Analysis, the risks analysis should focus attention to the aspects of the OTS (off the shelf software) which are of most concern and the Quality Plan plans out the steps needed to qualify that software so that it can be used. The Quality Plan of course would rationalise why its not necessary to go thru every phase at the level of detail you would for a full-blown coded development project. This approach is being balked at from two perspectives; a) the number of Quality Plans that will need to be generated and b) the "over-the-top" level of scrutiny on OTS e.g. a standard compiler/buchecker or PIC that have is going to ultimately have a relatively minor impact on final perf. of device. (Sledgehammer and walnut have been mentioned.)
So I'm rethinking my initial approach and thinking at the moment that the solution is to use the risk management structure to influence the appropriate course of action. (How I frame all of that in a simple 3 or 4 page procedure that is generic enough to cover all the above is a problem I still have to sort out -but I will.) I am also familiar with the fact that FDA have some useful guidances on OTS one of which I'm currently reading. (I can't post weblinks yet but if someone else is familiar with them maybe it might help others who are interested in this branch.)
this is a long winded way of eventually getting to ask the question I want to ask............
1. If this scenario is familiar to anybody out there, what approach have you used in your situation?
2. BTW anybody know of Linux code being used in any medical device applications?
If anyone can help I'd really appreciate it,
Cheers,
SR