OTS (Off The Shelf) Software Validation for 510k Traditional

Y

youuu

#1
Hi everyone,

Please keep in mind that i am no engineer of any sort but I have to get this sorted out myself to even ask the engineer what to do.. which I have no luck right now:mad:

So first of all we are trying to get fda approved for a x-ray PACS and viewer type of software for a medical x-ray system. Currently our program uses 'leadtool medical imaging suite' and 'magic cd/dvd server'.

Yes, I have read guidance regaring off the shelf software on fda website and.. i just get more and more confused (and depressed)

1. Do I need OTS sofrware documentation? (pls say no!!!) Our engineer keeps on saying how its a library and it is not a program.. then again I really cant understand what he is saying really ...:(
Please ignore me if i am wrong but I guess codes from 'leadtool medical imaging suite' are used to make our software (for example part of image archiving, searching fuction etc.)

2. If I do need OTS software documentation.........Please help. I tried to explain the fda guidance to the engineer but he just dont understand (or pretends to.. hmm). Partly is probably because I have no idea on softwares... especially codes.... or whatever it is so I cant even explain properly. Please help me what I have to ask my engineer to create for me. Yes I am aware that this entire document has to be created by the engineer maybe even from the beginning but.. well..

Please help and I really appreciate any sort of comments, advices and solutions!!
Thank youuuu
 
Elsmar Forum Sponsor

yodon

Staff member
Super Moderator
#2
Re: OTS Validation for 510k Traditional

First off, don't panic and don't get angry. :)

When you say you read the guidance, I presume you're referring to: http://www.fda.gov/medicaldevices/d...guidancedocuments/ucm073778.htm#_Toc458569099

The flowchart in that guidance is quite helpful. You DO need to provide, as they indicate, "Basic Documentation." This is all done internally by your software engineers and shouldn't be a burden. Just have them document:
1) Background info: What the libraries are, the version used, any patch information, where they got them, etc. They need to provide some rationale why these libraries were selected.
2) Design / Architecture info: Have them indicate if there are any limitations on how the libraries are used. They need to be able to say if they implemented anything in the design to limit how they are used. This could be limited to a subset of features in the libraries, or (since it sounds like you're doing imaging analysis or at least handling images) if there are maybe size limits on information fed to the libraries. A block diagram should be developed to show where in the system the libraries are used. The interface between the in-house developed code and the libraries should be documented.
3) End-Use Info: Some libraries may have restrictions on where they can be used; e.g., minimum amount of memory available, restrictions on browsers supported, etc. If there are any such restrictions, document how these restrictions are realized for the fielded software. For example, if the use of the libraries is restricted to the Explorer browser, the software could test for the browser in use and only allow operations if Explorer is being used.
4) General Use Info: Provide information on how the libraries are used; i.e., what features in your software they support, etc. Just a high-level overview. If the libraries access something outside the system, that needs to be described.
5) I'll defer the "How do we know it works" discussion for just a bit but it needs to be included in the basic documentation.
6) Control: COTS is software and so by its nature, it probably has bugs and will likely change. Your team should try to find any open issues with the libraries (many times vendors will post the list of bugs / issues) and assess the potential impact (documented). When updates to the libraries are made available, will they be incorporated? How will they be deployed?

Now, circling back to the "how we know it works" point. The amount of documentation here depends on the risk associated with both the software system and the use of the libraries. For example, if you just use libraries to support a user login, there may be some security risk but you could probably make an argument that the risk to the patient is low. However, if you are using libraries to control the amount of x-rays delivered in the system, the risk is quite high. Do a risk analysis on using the libraries. What happens if the libraries return invalid values or fail in some method. Presumably there will be some controls implemented (e.g., the software checks for returned values within a certain range or a checksum is used to ensure proper data transport). Any controls implemented should be verified. On top of that, functions that use the libraries need to be verified. This doesn't need to be any additional testing but if you can map requirements that are implemented using the libraries to verification tests, that should be sufficient.

Sorry you're getting pushback from the software team. Basic Documentation is required so they're just going to have to do it. Hopefully this will help them understand it's not a huge burden (unless the COTS is safety-critical).
 
Y

youuu

#3
Re: OTS Validation for 510k Traditional

Oh wow .. thank you sooo much for your help Yodon!
That was exactly what I needed to know :) thanks again !!
 

yodon

Staff member
Super Moderator
#4
Re: OTS Validation for 510k Traditional

Keep in mind that's just a high-level overview. Holler back if you run into some specific challenges getting through it. Good luck!
 
Thread starter Similar threads Forum Replies Date
M Seeking advice regarding use of off-the-shelf (OTS) batteries Other Medical Device and Orthopedic Related Topics 4
M OTS (Off-the-shelf) Medical Device Accessories - Camera EU Medical Device Regulations 1
K Can we consider Operating System as OTS (Off The Shelf) Software? 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 3
T Validation of OTS (Off The Shelf) Software in Medical Devices IEC 62304 - Medical Device Software Life Cycle Processes 12
R What is needed for an FAI on off the shelf (OTS) electronic components? APQP and PPAP 2
M Recommendations for Off the Shelf (OTS) FMEA software FMEA and Control Plans 2
S Re-selling off-the-shelf (OTS) accessories for medical devices 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 2
C Validation of OTS (Off-the-Shelf) Training Software - Necessary? Qualification and Validation (including 21 CFR Part 11) 13
B Our suppliers are retail shops - How to evaluate OTS (Off the Shelf) suppliers? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 6
A One of APQP Process Steps - OTS (Off Tool Sample) Approval APQP and PPAP 1
X Definition OTS - Off Tool Sample - APQP Definitions, Acronyms, Abbreviations and Interpretations Listed Alphabetically 9
D Class IIB Medical Device Accessories - OTS Tablets Other Medical Device Regulations World-Wide 1
W Part Change Request - Standard (OTS) electronic parts (resistors, capacitors etc.) IATF 16949 - Automotive Quality Systems Standard 3
C Risk Analysis for COTS/OTS Risk Management Principles and Generic Guidelines 4
Q EU Regulations for OTS and System (Monitors and Scanner) EU Medical Device Regulations 3
M FDA's expectation for validating OTS software updates Other US Medical Device Regulations 8
M Strategy to allow for OTS computer use as part of a Medical Equipment System EU Medical Device Regulations 14
C Is the firmware in a component OTS if it is customised? Other US Medical Device Regulations 2
M Options for OTS Computer as part of Medical Equipment System IEC 60601 - Medical Electrical Equipment Safety Standards Series 6
A OTS and SOUP Software Documentation Requirements Other US Medical Device Regulations 9
A How Much Validation is needed for OTS Software - Marketing material only 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 2
R CNC OTS Software Validation Separate from full IQ/OQ/PQ for 21CFR Part 820 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 9
R Advice on OTS software validation Software Quality Assurance 3
A Can a power Supply be an accessory to a medical device, if it is an 'off-the-shelf' product. IEC 60601 - Medical Electrical Equipment Safety Standards Series 3
I Do I need to sign off my annual audit calendar? Internal Auditing 2
Q ISO 13485 7.5.6 Validation - Off the shelf Software ISO 13485:2016 - Medical Device Quality Management Systems 3
A IEC 62304 safety classification, External Controls and off-label use related risks IEC 62304 - Medical Device Software Life Cycle Processes 5
R Qualification list of businesses approved to Off-Shore Aerospace work. AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 4
S Study sign off question / responsibilities ISO 13485:2016 - Medical Device Quality Management Systems 3
M Question for Auditors - "Off the Record" Conversation? General Auditing Discussions 14
P Equipment 21 CFR 820.70(g) - User Requirements Document for Off the shelf equipment 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 7
S PSW - Requirements for "off-the shelf" component that has multiply manufacturing locations Off the Shelf Item Manufacturing and Related Processes 1
Ed Panek CE Mark Requirements on Kits (off the shelf product requirements met) CE Marking (Conformité Européene) / CB Scheme 2
M Off-Label Use - Clarification of FDA Policy US Food and Drug Administration (FDA) 1
Watchcat Best Regulatory Oversight for Off-Shore Device Manufacturing? Other Medical Device Regulations World-Wide 1
E Stand-by vs. ON/OFF symbol IEC 60601 - Medical Electrical Equipment Safety Standards Series 2
R NRTL - Scope Question - Off-the-Shelf Plug In IEC 60601 - Medical Electrical Equipment Safety Standards Series 0
P Qualifying commercial off the shelf (COTS) external suppliers ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 10
SKM.Sunil Detachable parts vs Off the Shelf parts EU Medical Device Regulations 8
M Labeling for off-label use - Prevention of off-label use of a medical device 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 1
C Software validation - Off The Shelf Software - Web hosted ISO 13485:2016 - Medical Device Quality Management Systems 6
T Potential Off-Label Use question 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 5
Q Handling Off-the-Shelf Components 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 1
Marc Goldsmiths University will take beef products off the menu starting in September 2019 Sustainability, Green Initiatives and Ecology 19
A A purpose of a Stage 1 audit - Off site document review Registrars and Notified Bodies 3
Miner Getting logged off repeatedly Elsmar Cove Forum Suggestions, Complaints, Problems and Bug Reports 13
C Supplier blowing off CAR request Registrars and Notified Bodies 14
W Job Card/Router sign off - Want to go paperless AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 1
L Off the Shelf Software VISUAL ERP system ISO 13485:2016 - Medical Device Quality Management Systems 1
J Supplier controls for consumer-grade off-the-shelf products 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 1

Similar threads

Top Bottom