ISO 13485 for software outsourcing company

Talja

Registered
#1
Hello everyone,

Is there someone who has experience with implementing ISO 13485 in software outsourcing company?

Due to specific of work there are plenty of limitations and bottlenecks that cant be established in our company per requirements from the standard and I would like to consult how those issues were solved by others.

Would appreciate any help.
 
Elsmar Forum Sponsor

yodon

Staff member
Super Moderator
#2
We are a contract R&D shop doing both hardware and software and we're registered to 13485... I might be able to relate what we've done to the problems you're facing.

By and large, considering your "product" being "service" helps to keep things properly framed. It does get strange in some places.
 

Talja

Registered
#3
Hi yodin, :bigwave:
I would be more than happy if you could help me in finding some good quality literature, web resource that should help me to map the processes we have to requirements for medical devices QMS.

In our company there is no experts in this field and I am pioneer in this process.

The biggest pain I have is Infrastructure, Environment and Control of Production and service Provision. As there is no actually the real manufacturing process, we have offices, buildings and hardware with network infrastructure. How it should be mapped in order to cover requirements from iso?
 
#4
Thanks for replying!
So, we are outsourcing software development company. We have different clients that outsource development, testing, etc. mostly from USA and Europe. So we decided to certify 800people who works in healthcare domain in our company. But the challenge is that all projects are very different, some of the has shared responsibility with clients, some of them only responsibility on the client side and we act as augmentation of their teams.

The are main question that I have now:
1) how we have to create a medical device files for ~ 70 different projects?
2) how we can establish FMEA risk management, as usually we do not have whole picture of the product, we only contribute.
3) For the Control of Production and service Provision we decided to decribe the flow how the projects are working from the signing the contract and getting some basic requirements to closure of the project. Not sure if this is right way...

Can you advise something?Will appreciate your help ;)
 

Access2hc

Involved In Discussions
#5
very strange that your clients (whom i assume are all doing medical devices) are not imposing their requirements on your company.. (different type of concern :)

1. medical device file - one per product group, not necessarily per project
2. you have the part of the SRS/SDDS that was provided to you or you've created, you definitely have the code. therefore just do your part
3. control of production here does not mean the coding. (the code is the product). do you provide copies of your software in USB, CDs, in which you would have to replicate the software? if yes, then that becomes production.

Cheers,
Ee Bin
Access2hc
 

yodon

Staff member
Super Moderator
#6
Apologies, this apparently slipped through the cracks...

Thanks for replying!
So, we are outsourcing software development company. We have different clients that outsource development, testing, etc. mostly from USA and Europe. So we decided to certify 800people who works in healthcare domain in our company. But the challenge is that all projects are very different, some of the has shared responsibility with clients, some of them only responsibility on the client side and we act as augmentation of their teams.

The are main question that I have now:
1) how we have to create a medical device files for ~ 70 different projects?
*You* don't - that's the responsibility of the device manufacturer. Access2hc touched on this: your customers should be driving what's required from you. You can facilitate this by doing your work in compliance with, say, IEC 62304, providing (documentation) deliverables that are suitable for inclusion in the medical device file. This should all be worked out in the contract between you and your clients. (Again, you can help by understanding the standard and working through the process of defining who provides what).

2) how we can establish FMEA risk management, as usually we do not have whole picture of the product, we only contribute.
Indeed, you cannot! This has to be a collaborative effort with your customer. 62304 (and IEC 60101-1 section 14 for PEMS if applicable) define some generic risks that need to be addressed as part of risk management for the software aspects but you'll still need to work collaboratively to ensure things line up.

3) For the Control of Production and service Provision we decided to decribe the flow how the projects are working from the signing the contract and getting some basic requirements to closure of the project. Not sure if this is right way...
Agree generally with Access2hc's response and especially in terms of your limited responsibilities in this matter. Your customer, though, needs to define how they control matters to ensure the device production incorporates the correct version of the software. Again, though, that's out of your scope.
 
#7
ISO 13485 also requires developers to look closely at every decision made during the process of design and development. This process includes minimizing waste during testing anddevelopment as well as improving risk management
 

Lokus200

Starting to get Involved
#8
I think for software development companies it is better to have a Software Development Procedure to cover 62304, this should come in addition to general Design and Development Procedure.
 
Thread starter Similar threads Forum Replies Date
S SOP for ISO 13485:2016 Quality related Software validation ISO 13485:2016 - Medical Device Quality Management Systems 9
Q Is that any difficulty to do software DFMEA and PFMEA in ISO 13485? ISO 13485:2016 - Medical Device Quality Management Systems 5
R ISO 13485 Software validation procedure and Quality Objectives Monitoring wanted Document Control Systems, Procedures, Forms and Templates 1
T Software Validation Certificate (ISO 13485:2016) ISO 13485:2016 - Medical Device Quality Management Systems 19
C Software validation (4.1.6 ISO 13485:2016) ISO 13485:2016 - Medical Device Quality Management Systems 20
O ISO 13485 for software company - Selecting suppliers ISO 13485:2016 - Medical Device Quality Management Systems 3
R CNC Software Validation requirements as per ISO 13485:2016 Other ISO and International Standards and European Regulations 8
P QMS software recommendations for a small ISO 13485 company Quality Manager and Management Related Issues 5
S What is the clause in ISO 13485 for SAP Software Validation? ISO 13485:2016 - Medical Device Quality Management Systems 3
A Process Validation of QMS Software ISO 13485: 2016 Cl. 4.1.6 ISO 13485:2016 - Medical Device Quality Management Systems 26
A ISO 13485:2016 - Validate our use of software that impacts on the QMS ISO 13485:2016 - Medical Device Quality Management Systems 8
K ISO 13485:2016 Self Certification for Class I (annex 9) Stand-Alone Software? ISO 13485:2016 - Medical Device Quality Management Systems 3
H ISO 14971 vs. IEC 62304 vs. 98/79/EC vs. ISO 13485 (Software Medical Device) ISO 14971 - Medical Device Risk Management 1
SteveK Software Validation – Clause 4.1.6 of ISO 13485:2016 ISO 13485:2016 - Medical Device Quality Management Systems 12
K ISO 13485 requirements for Stand Alone Medical Device Software (Class II a) ISO 13485:2016 - Medical Device Quality Management Systems 1
F How to Align a Software Consulting/Contract Firm to ISO 13485+14971 & 62304 ISO 13485:2016 - Medical Device Quality Management Systems 1
R ISO 13485 Software Validation Requirements - Help needed ISO 13485:2016 - Medical Device Quality Management Systems 4
K Are ISO 13485 & ISO 14971 applicable to Healthcare IT software? ISO 13485:2016 - Medical Device Quality Management Systems 3
M Problems implementing ISO 13485 for Software-Only Medical Device Manufacturers? ISO 13485:2016 - Medical Device Quality Management Systems 4
F ISO 13485 & FDA Requirements - What kinds of software require validation? ISO 13485:2016 - Medical Device Quality Management Systems 2
T Quality Compliance Software to meet ISO 13485 QMS and 21 CFR 820 Requirements Quality Assurance and Compliance Software Tools and Solutions 3
A ISO 13485, Document Control and Software Validation ISO 13485:2016 - Medical Device Quality Management Systems 9
R Help for implementing ISO 13485 (provision of software to Hospitals) ISO 13485:2016 - Medical Device Quality Management Systems 4
S Nonconforming Material and CAPA ISO 13485 compliant software suggestions? Nonconformance and Corrective Action 7
K Evaluation of software life span - ISO 13485 IEC 62304 - Medical Device Software Life Cycle Processes 6
G Software for Medical Devices and ISO 13485 ISO 13485:2016 - Medical Device Quality Management Systems 5
P Guidance on ISO 13485 Section 7.5.2. about Software Validation ISO 13485:2016 - Medical Device Quality Management Systems 15
K Software validation question - Contract Manufacturer - ISO 13485 implementation ISO 13485:2016 - Medical Device Quality Management Systems 2
J MRP / ERP Software Systems - Small medical laser manufacturing company - ISO 13485 Quality Assurance and Compliance Software Tools and Solutions 6
Q Looking for Best ISO 13485/FDA QSR Quality System Development Software Quality Assurance and Compliance Software Tools and Solutions 4
K ISO 13485 clause 8.5.2 'Any necessary CA shall be taken without undue delay' ISO 13485:2016 - Medical Device Quality Management Systems 2
J How much to charge for helping a startup company with initial ISO 13485 certification? Consultants and Consulting 3
J ISO 13485 System 'soft start' - How to best reflect this in initial audits, management review minutes and other records? ISO 13485:2016 - Medical Device Quality Management Systems 3
D ISO 13485 - 7.3.6 Design and development verification - Do most folks create a separate SOP? ISO 13485:2016 - Medical Device Quality Management Systems 4
C ISO 13485 :2016 - CAPA - Does every CAPA need to be checked by regulations? ISO 13485:2016 - Medical Device Quality Management Systems 9
D ISO 13485 8.2.1 and 8.2.2 - Customer Feedback and Customer Complaints ISO 13485:2016 - Medical Device Quality Management Systems 5
Sravan Manchikanti How to interpret '8.3 Control of nonconforming product' for SaMD device while implementing ISO 13485 & MDSAP ISO 13485:2016 - Medical Device Quality Management Systems 4
M Getting started in ISO 13485 ISO 13485:2016 - Medical Device Quality Management Systems 21
P ISO 13485:2016 MDSAP Certification Fee Survey ISO 13485:2016 - Medical Device Quality Management Systems 6
C SOP Template needed for ISO 13485 6.3 Infrastructure ISO 13485:2016 - Medical Device Quality Management Systems 9
T ISO 13485 8.3 - Non-Conforming Materials - on-line rework or part of process? ISO 13485:2016 - Medical Device Quality Management Systems 11
B Do IFU designs have to be document controlled under ISO 13485? Document Control Systems, Procedures, Forms and Templates 2
H ISO 13485 - Separate Microbiology Audits ISO 13485:2016 - Medical Device Quality Management Systems 3
C Production and Post Production feedback - ISO 13485 ISO 13485:2016 - Medical Device Quality Management Systems 4
T ISO 13485 - 5.5.1 Responsibility and authority - Small Company Independence ISO 13485:2016 - Medical Device Quality Management Systems 13
D Test summary report example for design validation wanted - ISO 13485 ISO 13485:2016 - Medical Device Quality Management Systems 1
T ISO 13485 - Process validation at critical suppliers ISO 13485:2016 - Medical Device Quality Management Systems 7
O ISO 13485 vs. GMP - Comparison matrix wanted EU Medical Device Regulations 4
O ISO 13485 - Is management review required before stage 1? ISO 13485:2016 - Medical Device Quality Management Systems 6
O In addition to the standard, what other ISO 13485 sources do people recommend? ISO 13485:2016 - Medical Device Quality Management Systems 5

Similar threads

Top Bottom