Search the Elsmar Cove!
**Search ALL of Elsmar.com** with DuckDuckGo including content not in the forum - Search results with No ads.

Mapping CMMI to FDA Requirements

S

sfurlani

#1
Hello,

I'm a biomedical software engineer (not a quality guy), and my company is starting to make their first medical software product. I've worked under the quality management systems in the past, but this company does not have one and I have no idea how to start it.

The company is ISO 9001 certified, and we have another project which is appraised at CMMI ML3 (the company, however, is not CMMI).

I have found a white paper from CMU mapping CMMI to IEC 62304 and a published book section called "Mapping Medical Device Standards Against the CMMI for Configuration Management" , but the latter I haven't read yet (SpringerLink).

(Wishes he could post links).

Are there any other good resources for this? I don't want the company to have ISO 9001, ISO 13485, CMMI, cGMP, ISO 14971, and IEC 62304 documents separately... it seems quite silly.

Is there a way to show that what we have with our ISO 9001 and CMMI ML3 meets X, Y, Z requirements of ISO 13485 and 21 CFR 820, and then supply the missing documentation under ISO 9001 and CMMI manner? (I know 21 CFR 820 requires some CMMI ML5 stuff when it comes to safety) the CMMI stuff will need to be re-written for the new project, but I'd love to be able to start with something.

Any help is greatly appreciated, thanks!

-Stephen Furlani
Biomedical Software Engineer
 
Last edited by a moderator:

Stijloor

Staff member
Super Moderator
#2
Hello,

I'm a biomedical software engineer (not a quality guy), and my company is starting to make their first medical software product. I've worked under the quality management systems in the past, but this company does not have one and I have no idea how to start it.

The company is ISO 9001 certified, and we have another project which is appraised at CMMI ML3 (the company, however, is not CMMI).

I have found a white paper from CMU mapping CMMI to IEC 62304 and a published book section called "Mapping Medical Device Standards Against the CMMI for Configuration Management" , but the latter I haven't read yet (SpringerLink).

(Wishes he could post links).

Are there any other good resources for this? I don't want the company to have ISO 9001, ISO 13485, CMMI, cGMP, ISO 14971, and IEC 62304 documents separately... it seems quite silly.

Is there a way to show that what we have with our ISO 9001 and CMMI ML3 meets X, Y, Z requirements of ISO 13485 and 21 CFR 820, and then supply the missing documentation under ISO 9001 and CMMI manner? (I know 21 CFR 820 requires some CMMI ML5 stuff when it comes to safety) the CMMI stuff will need to be re-written for the new project, but I'd love to be able to start with something.

Any help is greatly appreciated, thanks!

-Stephen Furlani
Biomedical Software Engineer
Can someone help Stephen?

Thank you very much.

Stijloor.
 
#3
The white paper can be found on the following link: http://www.sei.cmu.edu/library/assets/CMMI and Medical Device Engineering.pdf

The Springerlink article can be seen on the following link (it can be accessed if tyou have the credentials): http://www.springerlink.com/content/p1p6880640856580/

Anyway, i do not know of other resources on this (particularly IEC 62304, which is a relatively new standard).

Anyway, please keep in mind that CMMI, being a process improvement tool, is not reuired by regulations in general. Standards, such as ISO and IEC medical devices standards, are usually used to provide presumption of conformity or other conformity aspects of the regulations.
 
S

sfurlani

#4
@mmantunes,

Thanks. Those were the two documents I had found (but unable to post links yet on this forum).

Since then, I've spoken with The Boss and he's decided that he doesn't want a company-wide standard (since many of our contracts don't require this stuff), so we'll be makeing SOPs for our ISO 9001 that meet the requirements.

Thanks for the replies, good to know I found everything I could.

-Stephen
 

sagai

Quite Involved in Discussions
#5
The fun will start when your customers ask you to have a compliance with any of these standards or the market recognizes your software product for less money because of the lack of these, anyway, I believe you can not avoid these regulations even for a short term period, regardless it looks more easy to ignore them.
br
Sz.
 
S

sfurlani

#6
@sagai,

I think you misunderstood me. We're fully intending to meet all the standards of IEC 62304, ISO 13485, ISO 14971, 21 CFR part 820 (and part 11 if it applies). If I understand it properly, the FDA has the ability to come in and seize the company's assets if we refuse to comply. We're small enough to be made an example and not put up much of a fight (unlike Yaz).

I was more interested in knowing how much, if we used the CMMI stuff, would we need to re-write, not whether CMMI would be sufficient in and of itself.

We've actually decided, based on the documents given here (thanks @mmantunes) and advice from others to create the SOPs and databases specifically for this project, and leave the CMMI stuff alone.

Thanks,

-Stephen
 
Top Bottom