Relying on mitigations implemented in non-medical device

#1
Currently developing a software medical device locked to deployment on a non-medical, internally developed general computing platform.

The requirements and mitigations are defined and evaluated for the system as a whole, including the non-medical portion. This has lead to mitigations being identified and implemented entirely within the scope of the computing platform (e.g. OS/HW redundancy features needed by the medical device, OS firewall settings, OS notifications....). It is a known/fixed computing platform that the product will be verified/validated on.

I would like to take advantage of this and rely directly on the verification of the mitigations on the computing platform, without relying on additional external mitigations (e.g. to check the firewall settings at installation/runtime), however I keep running into a logic wall of, if it contains the implementation of mitigations, should it be:
- Considered for risk classification within SDLC?
- Required to meet all the documentation rigor of class A/B/C?
- Be considered a medical device?

I'm very open to answers, or even re-thinking the problem as a whole.

/Chris K.
 
Elsmar Forum Sponsor

Ronen E

Problem Solver
Staff member
Moderator
#2
What is/are the sales configuration(s)?
Are you also selling the computing platform alone? For what intended uses?
Are you supplying the computing platform together with the "SaMD"?
Does "locked to deployment on" mean that the SaMD can't run on any other computing platform?
 
#3
What is/are the sales configuration(s)?
- Single configuration deployed on defined server hardware with fixed OS.

Are you also selling the computing platform alone? For what intended uses?
- The compute platform is used in other internal products, but not sold externally (yet).

Are you supplying the computing platform together with the "SaMD"?
- Yes.

Does "locked to deployment on" mean that the SaMD can't run on any other computing platform?
- Correctish... the intention is to limit it to a defined platform to reducing risk associated with installation on an unqualified/untested Server/OS. There are no technical limitations that would stop this from functioning equally on a platform such as AWS or other such service.
 
Last edited:

Ronen E

Problem Solver
Staff member
Moderator
#4
What is/are the sales configuration(s)?
- Single configuration deployed on defined server hardware with fixed OS.

Are you also selling the computing platform alone? For what intended uses?
- The compute platform is used in other internal products, but not sold externally (yet).

Are you supplying the computing platform together with the "SaMD"?
- Yes.

Does "locked to deployment on" mean that the SaMD can't run on any other computing platform?
- Correctish... the intention is to limit it to a defined platform to reducing risk associated with installation on an unqualified/untested Server/OS. There are no technical limitations that would stop this from functioning equally on a platform such as AWS or other such service.
It sounds like your device is not a SaMD. It is the HW+SW combination you provide.
 
#5
Are you asserting that the HW and OS are part of the medical device?

Assuming you this, then I assume the classification would then pull in full 62304 compliance for the computing platform?
 

Ronen E

Problem Solver
Staff member
Moderator
#6
Are you asserting that the HW and OS are part of the medical device?

Assuming you this, then I assume the classification would then pull in full 62304 compliance for the computing platform?
I am asserting that the way you describe it, from a regulatory standpoint the HW+OS+SW application are a single Medical Device.

I'm not a 62304 expert so can't answer your question directly, but I think that if your medical device includes a computing platform that you've developed you need to validate that computing platform to a certain extent.
 
Thread starter Similar threads Forum Replies Date
L Relying on Suppliers - Most Quality and Warranty problems are caused by Suppliers Supply Chain Security Management Systems 5
B "Detection, NOT Prevention!" - Relying on Final Inspection Quality Manager and Management Related Issues 48
D Relying on Supplier Records for Material Traceability - Bar stock and forgings ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 11
U Changes to Internal Processes and Risk Evaluation - Mitigations Risk Management Principles and Generic Guidelines 10
D Dumb question on Risk Assessment - Include planned mitigations? ISO 14971 - Medical Device Risk Management 26
A How to Validate Effectiveness of Mitigations? ISO 14971 - Medical Device Risk Management 13
U Own Procedure was not effectively implemented Problem Solving, Root Cause Fault and Failure Analysis 3
Y Risk Control Implemented in Software IEC 60601 - Medical Electrical Equipment Safety Standards Series 6
H How Calibration Precision checks are implemented in medical device companies General Measurement Device and Calibration Topics 2
E Consultant Person who implemented ALSO the Registrar Auditor? Consultants and Consulting 17
Ajit Basrur Why I Implemented a Quality Management System for my Kids Coffee Break and Water Cooler Discussions 5
R Quality Audit Form to Veriify Implemented Countermeasures wanted Nonconformance and Corrective Action 1
X Matrix for: Established, implemented, maintained (5.5.2 Management Representative) ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 8
L Can ISO 13485 be implemented in just one section of a business? ISO 13485:2016 - Medical Device Quality Management Systems 4
P Why does a SQA (Software Quality Assurance) standard be implemented in our company Software Quality Assurance 4
Q How can Six Sigma be implemented in Retail Distributors (Logistics and Supply Chain) Six Sigma 4
E ISO 17020 and ISO 26000 - Has anyone implemented ISO 26000? Other ISO and International Standards and European Regulations 10
M New In ISO 9001, How to Continue the Implemented Standard ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 20
J What's the meaning of word "map" (Map these requirements with your implemented QMS)? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 22
2 ISO 9001 should be implemented before CMMI for maximum effectiveness? Quality Manager and Management Related Issues 2
C Procedure is not Implemented - Audit Finding - ISO 9001 Clause 7.5.1? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 10
Q Can a waivers for external calibration labs be implemented via the PPAP process? IATF 16949 - Automotive Quality Systems Standard 3
V What type of SQC or SPC Techniques can be implemented in Machine Shops Statistical Analysis Tools, Techniques and SPC 8
K Research with companies who have implemented OHSAS 18001 Occupational Health & Safety Management Standards 9
S Are 'Standard Work Documents' used by "All" who implemented LEAN & Control Needed? Lean in Manufacturing and Service Industries 33
T What Verification Method can I use to ensure Supplier Implemented Preventive Action Nonconformance and Corrective Action 14
D Why MIL-STD-105E is obsoleted but ANSI/ASQC Z1.4 is still implemented? Need Opinion Inspection, Prints (Drawings), Testing, Sampling and Related Topics 14
A Do Visual Aids Need to be Implemented? TL 9000 Gap Analysis ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 2
I How are Policies Classified, Implemented and Maintained? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 3
T TS 16949 vs. Dock to Stock - Seeking comments from anyone who has implemented DtS IATF 16949 - Automotive Quality Systems Standard 4
S Major NC or Not - Procedure Not Implemented and Repetitive mistakes/failures General Auditing Discussions 7
A Has anyone implemented SPC in the Laboratory Testing/Service Industry Statistical Analysis Tools, Techniques and SPC 1
W Has anyone implemented EDI in their organization? Misc. Quality Assurance and Business Systems Related Topics 14
J Is anyone aware of any federal or state agencies that have implemented ISO 14001? ISO 14001:2015 Specific Discussions 1
Similar threads


































Top Bottom