Storing and developing SAMD (Software as a Medical Device) in the Cloud

#1
I work at a medical device company under 21CFR 820 and ISO 13485, and we are starting to get into Cloud tools to develop software as a medical device. There is also a large push to use the cloud platform to distribute the software to our end users/customers. We currently do not work a lot with software as a product and I do not have a lot of experience in cloud systems or deploying software. I have put together some questions that keep coming up and would appreciate any advice anyone has about creating a compliant process.

1- How can you validate cloud software/environments that are hosted in leased servers?
2- What controls need to be in place in the cloud environment to maintain compliance?
3- In general what controls need to be in place around the storage and deployment of software?
4- What US and EU regulations/standards/guidances cover software as a product? (I know that software must be treated as a product under CFR and ISO I am asking if there is more specific information to cover software)
 
Elsmar Forum Sponsor

yodon

Staff member
Super Moderator
#2
You're definitely hitting on some challenging points. By and large, I think regulatory bodies are playing catch-up here as well.

What are the services your software depends on? What level of security is required (are you storing any PHI?)? What level of availability is required (if 24/7 guarantee, multiple, redundant, geographically diverse sites probably necessary).

In terms of storage and deployment of software, I think the main focus is on ensuring the software is adequately protected. How will you coordinate updates with your user community?

As with most everything these days, take a risk-based approach. Think of what all might go wrong and put the controls in place to minimize.

Not completely sure what you're looking for in terms of question 4 but here are some thoughts
  • ISO 13485 is the standard for device development. It lines up pretty well with the US QSR (21 CFR 820) but there are some differences.
  • IEC 62304 is the standard for medical device software
  • If you go to the FDA search page for guidance docs and search for 'software' you'll see several that are probably relevant (esp. the one on premarket submissions and the one on validation)
  • If you go to the IMDRF site and search on software, you'll see some relevant ones.
  • Cybersecurity is huge now. Every country / jurisdiction has their own cybersecurity guidelines / requirements. You can, for example, go to the FDA guidance search site (per above) and search on cybersecurity to get an idea there. UL has a couple of cybersecurity standards you should probably check out.
 
Thread starter Similar threads Forum Replies Date
S Requirement(s) for Fireproof Cabinets for Storing Batch Records US Food and Drug Administration (FDA) 3
M Storing of Data per ISO 9001 Requirements ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 1
I Controlled Documents - Would storing documents as PDFs be sufficient for control? Document Control Systems, Procedures, Forms and Templates 12
T Ideas for developing a Supplier Quality Management System, non automotive ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 5
J Quality Assurance in China - Developing a quality management system for a California company Misc. Quality Assurance and Business Systems Related Topics 7
D Co-developing a new medical device ISO 13485:2016 - Medical Device Quality Management Systems 2
S Root cause analysis - The system of developing a work instruction is not effective Problem Solving, Root Cause Fault and Failure Analysis 1
L Problems while documenting the SOUPs used for the software we are developing IEC 62304 - Medical Device Software Life Cycle Processes 4
A Developing a ISO 9001:2015 Internal Audit Plan and Schedule ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 40
D Developing an Umbrella Management System Quality Management System (QMS) Manuals 2
R Developing procedure for Determining Company's Context And Interested Parties ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 53
Richard Regalado Sample Plan for Developing an ISO 22301 Business Continuity Management System (BCMS) Business Continuity & Resiliency Planning (BCRP) 3
D Developing a Supplier Risk Matrix Supplier Quality Assurance and other Supplier Issues 4
M Developing a new Plating Vendor - What software to track certifications Software Quality Assurance 2
T Need help developing an ECO (Engineering Change order) procedure Document Control Systems, Procedures, Forms and Templates 3
T Developing an AS9100 Internal Auditor Training Program AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 2
AnaMariaVR2 Developing Innovative Ideas for New Companies: free course Training - Internal, External, Online and Distance Learning 0
F Developing a Robust MSA Program - over 35,000 gages in 1 million square ft. facility Gage R&R (GR&R) and MSA (Measurement Systems Analysis) 6
T Developing Reward Programs for Employees Quality Manager and Management Related Issues 4
H Identifying Potential Automotive Suppliers before Developing New Products Supplier Quality Assurance and other Supplier Issues 2
S Developing Documentation and Defining Processes as Subcontractor IATF 16949 - Automotive Quality Systems Standard 6
A Developing Technology and Equipment to Manufacture Clients Product - Can exclude 7.3? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 8
B Developing a Segment-Based Customer Service Benchmarking 6
B Developing a Queue Management Procedure - Need some help writing a Proposal Quality Manager and Management Related Issues 2
Sidney Vianna ISO 9001 - Its Relevance and Impact in Asian Developing Economies ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 0
R Developing a c = 0 Sampling Plan Inspection, Prints (Drawings), Testing, Sampling and Related Topics 3
AnaMariaVR2 Preparing for the RAC Examination -- Developing an RAC Study Plan Professional Certifications and Degrees 1
P Developing a Counterfeit Parts Prevention Program AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 8
L Developing a QMS Manual for AS9100 and ISO 9001 AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 20
Q Developing a Sampling Plan for a New Product Inspection, Prints (Drawings), Testing, Sampling and Related Topics 14
L Developing an Access ECO Tracking Database - Need help Document Control Systems, Procedures, Forms and Templates 8
P Developing Performance Standards - ISO 14630:2008? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 10
P Developing a SOW for Entire Site Calibration Requirements General Measurement Device and Calibration Topics 3
J Developing Plans for Corrective Actions for Audit Non-Conformities ISO 13485:2016 - Medical Device Quality Management Systems 5
M Developing a Career Plan Career and Occupation Discussions 5
A Policy for Suppliers - Developing a Supplier Policy Document ISO 13485:2016 - Medical Device Quality Management Systems 3
M Developing your own personal "Body of Knowledge" document. Professional Certifications and Degrees 3
K Developing an TL 9000 Audit Checklist - Help required TL 9000 Telecommunications Standard and QuEST 2
E Developing the Essential Requirements Checklist - Identifying Requirements Other US Medical Device Regulations 3
N ISO 9001 and the HR Function - Developing a Total Quality Management System for HR ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 16
B ISO Clause Reference for Developing Common Customer Service Standards ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 3
M Developing a CPI for First Pass Yield Final Inspection - Need help Quality Tools, Improvement and Analysis 7
M Developing a Medical Device Audit Checklist 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 5
A Developing HR (Human Resources) Policies ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 1
A Developing a Position Grade for Employee Suggestions ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 7
B Developing In-House Calibration Capacities General Measurement Device and Calibration Topics 5
S Developing Petrochemical Company Processes - Help needed Process Maps, Process Mapping and Turtle Diagrams 1
S I need help in developing a Center of Excellence Misc. Quality Assurance and Business Systems Related Topics 5
D Input Requirement Document for developing Product Presentation by Multimedia Solution Document Control Systems, Procedures, Forms and Templates 2
T Developing the Risk Management Plan - Risk Management Policy and Objectives ISO 14971 - Medical Device Risk Management 25

Similar threads

Top Bottom