SOUP anomaly evaluation for MMA (Mobile Medical Application) IEC 62304 clause 7.1.3

#1
I'm working on an IEC 62304 compliant project for a mobile medical application with mostly class A and some class B elements. The standard requires in clause 7.1.3 that published SOUP anomaly lists be evaluated for contributing to potentially hazardous situations. In this project, many of the software components are open source, so we are looking at issues lists posted online. However some of the open source elements, such as Angular, have hundreds of issues posted online. Does anyone have experience on how to address this 62304 requirement on a practical basis for open source software? This is a startup company so developing an in-house alternative to some of the open source building blocks isn't practical and in my opinion may even introduce more risks since it wouldn't have the established history and user base. Any feedback much appreciated!
 
Elsmar Forum Sponsor

yodon

Staff member
Super Moderator
#2
Those lists can certainly be painful to deal with. If you can export them, hopefully there is enough information to help you sort / filter. Many times you can exclude large chunks based on revision or functions (not) used or ...

Alternatively, look at trying to isolate SOUP use to non-critical functions. May not be possible but if so, may not require such a big development effort as completely re-writing the SOUP.

Interestingly (and slightly off topic), we have one client (large company) that has decided they will no longer allow SOUP in their applications and are requiring (outsourced) software development to basically copy the SOUP code and adapt to internal standards, etc. The benefits of this approach have been, um, questioned.
 
#3
This approach makes sense, but I can already anticipate the collective groan from the development team...

We also work with another (large) client that expressly forbids open source software. I can see their rationale. Thanks for the input.
 
#4
Hi PaulG, so what was your approach to solving this situation. We are dealing with the same problem and I don´t see a way around of listing all anomalies and analyze each one of them (which will be very time consuming).
Where did you put the list of anomalies?
How often do you check for new reported anomalies?
 
#5
It was a challenge to implement this in practice. Every single SOUP item (numbering in the thousands) is tracked through a version-controlled list of dependencies required by the software. Each dependency has a corresponding repository which tracks issues through open source collaboration. If required to provide the anomalies, we could scrape these issues from every single repository; a process that would have to be automated as the total number of issues likely number in tens of thousands if not more over the entire collection of dependencies/SOUP items. We could also comb through each of these dependencies' issues tabs to identify issues that likely directly impact the software, but we found it far more efficient to take a holistic approach and test the software using our QA system. If the app as a whole works and passes QA, then the issues of the sub-components (the SOUP) are not as irrelevant in my opinion. If required by a regulator to provide them with the list we would make the decision of either putting together a list of specific issues from the SOUP repositories (a time consuming process that produces a list of relevant issues that quickly becomes out of date) and providing our rationale as above, or scraping every single issue in some automated way and providing it to the regulator.
 
Thread starter Similar threads Forum Replies Date
K SOUP (Software of Unknown Provenance) Anomaly Documentation IEC 62304 - Medical Device Software Life Cycle Processes 2
K IEC 62304 - Functional and performance requirements for SOUP items IEC 62304 - Medical Device Software Life Cycle Processes 2
F Firmware as SOUP - Sensor with third party produced firmware IEC 62304 - Medical Device Software Life Cycle Processes 2
K SDK: SOUP or not? IEC 62304 - Medical Device Software Life Cycle Processes 8
A OTS and SOUP Software Documentation Requirements Other US Medical Device Regulations 9
J Custom Tools as SOUP? (Software of Unknown Provenance) IEC 62304 - Medical Device Software Life Cycle Processes 9
J Converting SOUP to "SOKP" ... IEC 62304 - Medical Device Software Life Cycle Processes 1
U The Importance of Correct Sample Size Calculation - Greek Alphabet Soup Book, Video, Blog and Web Site Reviews and Recommendations 7
S Software Risk Estimation: Probability of Medical Device Software Anomaly Occuring ISO 14971 - Medical Device Risk Management 9
P Level of Concern anomaly - FDA Guidance Document Conflicts 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 7
I The Anomaly of Calculating MTBF from Reliability Reliability Analysis - Predictions, Testing and Standards 1
J What is the right way to describe a failure? Anomaly? Nonconformance and Corrective Action 3
M Clinical Evaluation Benchmark vs. Equivalent EU Medical Device Regulations 2
M IVDR and Performance Evaluation Plan CE Marking (Conformité Européene) / CB Scheme 2
S User evaluation for self monitoring blood glucose test systems US Food and Drug Administration (FDA) 4
S Australia TGA Clinical Evaluation Report (CER) Other Medical Device Regulations World-Wide 0
S API Spec. Q1 clause 5.6.1.2 On site evaluation Oil and Gas Industry Standards and Regulations 10
B Biological evaluation plan and report Other Medical Device Related Standards 5
F Biocompatibility evaluation for Hardware/Interface Components? Other Medical Device Related Standards 12
B Clinical Evaluation Expert Panels - MDR EU Medical Device Regulations 1
T Clinical evaluation of a new medical device EU Medical Device Regulations 0
dgrainger Informational MDCG 2020:13 - Clinical evaluation assessment report template EU Medical Device Regulations 0
S A clinical performance evaluation study with an IVD product as Investagional Use product - Clinical Monitor requirements 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 4
B AS9100 8.4.1 Supplier Selection/Evaluation criteria and reevaluations AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 13
R Clinical evaluation without clinical data - MDR Article 61(10) EU Medical Device Regulations 6
M Clinical Evaluation Plan vs. PMCF Plan EU Medical Device Regulations 21
K Biocompatibility evaluation of gas pathways Medical Device and FDA Regulations and Standards News 5
T HF testing / Summative evaluation for MDDS class I necessary? Human Factors and Ergonomics in Engineering 2
N Evaluation of service providers Supplier Quality Assurance and other Supplier Issues 2
M Can someone share a scrubbed version of Clinical Evaluation Plan (CEP) EU Medical Device Regulations 4
S EU MDR Annex XIV - Clinical Evaluation Plan - What do these methods mean? EU Medical Device Regulations 12
C Material from outside CER evaluation period CE Marking (Conformité Européene) / CB Scheme 8
DitchDigger IEC 60601-1 subclause 5.1 - Adequate evaluation in lieu of testing IEC 60601 - Medical Electrical Equipment Safety Standards Series 2
S Clinical Evaluation - Is this an ISO 13485:2016 requirement? ISO 13485:2016 - Medical Device Quality Management Systems 4
M Informational How to perform a clinical evaluation of medical devices – Part 2 – Level of clinical evidence and what sufficient clinical evidence means Medical Device and FDA Regulations and Standards News 9
P IEC 62304 - evaluation of integration and system testing IEC 62304 - Medical Device Software Life Cycle Processes 4
R Supplier evaluation and business needs in the context of ISO 13485 ISO 13485:2016 - Medical Device Quality Management Systems 2
U Changes to Internal Processes and Risk Evaluation - Mitigations Risk Management Principles and Generic Guidelines 10
M Informational Work in progress at the FDA for biological evaluation – Color Hazard and RISk calculator (CHRIS) Medical Device and FDA Regulations and Standards News 0
M Informational How to perform a clinical evaluation of medical devices – Part 1 – Overview and sample of activities Medical Device and FDA Regulations and Standards News 0
T EU MDR Article 61- Clinical Evaluation EU Medical Device Regulations 2
pashah Looking for Clinical Evaluation SOP acc. MEDDEV and EU MDR Other Medical Device Related Standards 1
K Supplier re-evaluation (API Q1) Manufacturing and Related Processes 8
B Evaluation of Basic Safety during EMC Immunity or Climate Testing IEC 60601 - Medical Electrical Equipment Safety Standards Series 0
S ISO 10993 Biocompatibility Evaluation - Electronic thermometer Other Medical Device Related Standards 3
D Clinical Evaluation Report - Consultant Recommendations Consultants and Consulting 9
qualprod ISO 9001 Clause 9.1 - Monitoring measurement analysis and evaluation ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 6
M CER (Clinical Evaluation Reports) updates - Product Codes EU Medical Device Regulations 2
A Medical device CER (clinical evaluation report) training/seminar services EU Medical Device Regulations 2
M Informational US – National Evaluation System for Health Technology Coordinating Center (NESTcc) Solicits Public Comments for Data Quality and Methods Frameworks Medical Device and FDA Regulations and Standards News 0

Similar threads

Top Bottom