QMS ISO 13485:2016 - ISO14971 IEC60304 etc

H

Hirvo

Starting to get Involved
I need to ask this to make sure.
We have a Cloud Based Medical Device software, ClassI (in the future it is going to be ClassIIa A and later B)
If we certificate the QMS 13485 now when the device is still ClassI, do we need to follow ISO 14971, IEC 82304-1, IEC62366-1 and IEC 62304-1?
 
shimonv

shimonv

Trusted Information Resource
In principle, you need to follow all the applicable standards.
In practice, because it's a low risk device with self declaration, you have "grace".

Shimon
 
T

Tidge

Trusted Information Resource
Generally:

It is always a good idea to have a process compliant with 14971. The difficult truth is that a third-party will almost always find something wrong with your particular implementation, but if you have been trying to implement a 14971-compliant process you will ultimately be better off should it come time to 'remediate' (depending on your attitude and the attitude of whoever establishes your remediation plan). You need a 14971-compliant process to motivate 62304.

62304 is ultimately a 'best practices' process standard that establishes the minimum necessary development deliverables, based on a risk categorization. Many professional software developers who take pride in their work will do the full suite of activities anyway, no matter the risk categorization.

The usability standards minimally ought to be considered for the validation of the SaMD; i.e. is the SaMD meeting the needs of the users. Frankly: when it comes to SaMD there is always going to be a learning curve and Luddites will be pre-disposed to not like all sorts of things about any SaMD. Focusing on colors, fonts, displayed text (and languages), UI layouts would probably be enough to satisfy most third parties... the things you focus on should be motivated by the initial risk assessment.

My own feeling is that usability of SaMD is going to take a backseat to security of SaMD for the foreseeable future. The usability standards and guidances are still important and serve an important role in the design of medical devices, of course. My thinking is motivated by:
  • Software design space (including User Interfaces) is simply too "wide open" for most companies to mandate/precisely specify UI
  • The hand-held computing revolution has (a) exposed many more people to different UI and (b) established "islands of stability" for acceptable UI (that is, there are fewer Luddites and a wider universe of recognizable user interfaces)
  • Security issues around integrity and availability will almost always trump particular UI design choices (made primarily around the concept of 'essential performance') in a risk-based analysis.
 
G

Gish

Gish Consulting LLC
shimonv said:
In principle, you need to follow all the applicable standards.
In practice, because it's a low risk device with self declaration, you have "grace".
Shimon
Click to expand...

I'm afraid I disagree. Class I products need to follow the applicable standards. By applying a risk-based approach for compliance (described in ISO 13485:2016) the activities and obligations for achieving compliance can be simplified and reduced from the levels required for Class II an III products. This strategy includes software-only devices.
Hirvo, begin by performing a product risk assessment of your product under ISO 14971:2019. Once you have that demonstration of low risk levels, that can be applied to other elements of your QMS and to the other standards.
 
J

James

Involved In Discussions
Gish said:
I'm afraid I disagree. Class I products need to follow the applicable standards. By applying a risk-based approach for compliance (described in ISO 13485:2016) the activities and obligations for achieving compliance can be simplified and reduced from the levels required for Class II an III products.
Click to expand...

I think you are effectively agreeing?! Please correct me if I'm wrong.
 
You must log in or register to reply here.
Top Bottom