Web-based Software Device - Servers & 510k

tebusse

Involved In Discussions
#1
Greetings,

I'm currently working on writing my company's 510(k) for their web-based software device and I have an question pertaining to data storage and management.

The servers that are used to store the medical image and data displayed by our device are not under my company's control, but outsourced. We have a Master Service Agreement with one company who maintains 4 dedicated servers for us.

Is anyone able to provide guidance regarding how to explain this in the 510(k)? I've started with discussing that a copy of the data is sent to each of the 4 servers, discussed the characteristics of the servers along with server protection. Do I even have to explain that the servers are not under our control?

Regards, Tonia
 
Elsmar Forum Sponsor

sagai

Quite Involved in Discussions
#2
I think it should be under your control, but you do not have to detail this control in the 51ok though. :D

When you describe the hardware to be used for the device in an appropriate detail, you describe it.
The control itself however should be manifested in proper Service level agreement and I tend to say you can not avoid to audit this supplier on a regular and formal basis.

The more interesting part of this story actually is how you maintain the compliance with the data protection act for EU legislation.
I am not sure if data protection act has a similar extent in the US, but I think there is a safe-harbour principle to look into.

Cheers!
 

yodon

Staff member
Super Moderator
#3
While I won't profess to be a 510(k) expert, this is a very interesting and timely topic for me. Clearly, the industry is moving away from the traditional models of owned / dedicated servers, traditional (locally installed) installations, etc. to the software-as-a-service / cloud-based server model. Unfortunately, I've not run across any guidance on how to approach management, validation, or regulatory submittals.

I would tend to agree with Sagai that the level of detail you're describing may not be appropriate for a 510(k) (I'll certainly defer to the experts on that). However, you ARE CERTAINLY responsible for ensuring is safe and secure. And that needs to be demonstrated through a validation effort.

If the hardware is out of your control, you should also have agreements in place with the provider to coordinate changes with you so you can ensure your system remains in a validated state. There should also be things like logical / physical security in place, disaster recovery (which includes backup), etc. Again, these probably aren't appropriate for a 510(k) but you need to have it all in place
 
G

Gert Sorensen

#4
The more interesting part of this story actually is how you maintain the compliance with the data protection act for EU legislation.
I am not sure if data protection act has a similar extent in the US, but I think there is a safe-harbour principle to look into.
:topic: Good point, but why limit the scope to EU and US? What about the rest of the world? Japan, Australia, Israel, China to name but a few? Devicemakers who venture blindly down this road may see them selves in conflict with the law in more countries than they ever imagined! :topic:
 

tebusse

Involved In Discussions
#5
I understand that we're responsible for the safety and security of the servers. Does the validation of those servers need to be included in the 510k?
 
Thread starter Similar threads Forum Replies Date
C Web based Complaint Software which interfaces with our Enovia system Document Control Systems, Procedures, Forms and Templates 0
L Data Management and Web based Document Control Software Document Control Systems, Procedures, Forms and Templates 18
B Web Based Quality Management Compliance Software Quality Assurance and Compliance Software Tools and Solutions 5
B Do you use paper or web-based templates for CAPA processes? ISO 13485:2016 - Medical Device Quality Management Systems 3
G Web based tool for benchmarking audit findings Benchmarking 6
P For any programmers in the Cove - Web based ISO System? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 13
S Web Based Training System recommendations wanted Training - Internal, External, Online and Distance Learning 3
J Web based Database to Collect and Evaluate 5S Audit Results, Trends, Charts Lean in Manufacturing and Service Industries 3
J Is ASQ CQM/OE web-based training worth it? Training - Internal, External, Online and Distance Learning 4
T How do I control web-based asp forms/rpts that write to and pull from an Access DB Document Control Systems, Procedures, Forms and Templates 4
P Web based file sharing i.e. Dropbox for Doc Control - Comments/Alternatives? Document Control Systems, Procedures, Forms and Templates 6
K Seeking a workflow for web based Document Control System Document Control Systems, Procedures, Forms and Templates 4
bio_subbu USFDA CDER Learn (Web based course free of charge) Pharmaceuticals (21 CFR Part 210, 21 CFR Part 211 and related Regulations) 1
K Paperless Web Based Quality System Quality Assurance and Compliance Software Tools and Solutions 11
I Suitable ISO 9001 Registrar - IT sector engaged in delivering Web based solutions Registrars and Notified Bodies 18
M Apply Taguchi method for Web-based application development Quality Tools, Improvement and Analysis 4
Sidney Vianna Web based AS9102 and 9103 compliance tools AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 0
C Web based SPC Analysis using PHP Statistical Analysis Tools, Techniques and SPC 2
S Quality Systems and Web-based Applications in the quality field Quality Assurance and Compliance Software Tools and Solutions 11
Manix Does anyone know if BMW has a web based Supplier Portal? Customer and Company Specific Requirements 3
A Customer's Web Based CAR (Corrective Action Request) Systems ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 13
Q Developing new web-based quality system and need advice Quality Assurance and Compliance Software Tools and Solutions 3
J Web Based Corrective Action Tracking Tools - Does anyone have any knowledge of? Nonconformance and Corrective Action 4
A Web-based, RAB APPROVED, transition training program for ISO 9001:2000 ASQ, ANAB, UKAS, IAF, IRCA, Exemplar Global and Related Organizations 2
C Software validation - Off The Shelf Software - Web hosted ISO 13485:2016 - Medical Device Quality Management Systems 6
S IFU on web page - Consequences if the most recent one is not uploaded EU Medical Device Regulations 3
K Need feedback: FMEA Web Application FMEA and Control Plans 5
G Nonconformance Categories - QMS web app to support ISO9001 ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 3
F Looking for some type of training on Lean Manufacturing video or web training Lean in Manufacturing and Service Industries 7
T Changes on the Medical Devices Act in Korea announced on MFDS web site Other Medical Device Regulations World-Wide 1
renenatasha Usage of web articles in DHF (Design History File) 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 10
WCHorn New Web Site Tab Required Coffee Break and Water Cooler Discussions 4
Q 21 CFR Part 11 Password Requirement for a Web Service Software Quality Assurance 6
W Lean Games and Simulations Web Site Lean in Manufacturing and Service Industries 0
Marc 6 August 1991 - First page on the World Wide Web publicly available After Work and Weekend Discussion Topics 0
C FDA Labeling Requirements and Company Brochures and Web Site Content US Food and Drug Administration (FDA) 5
S FDA Inspection Guide to MD - New Web Portal for Inspectional Database US Food and Drug Administration (FDA) 1
AnaMariaVR2 FDA launches consumer-friendly Web search for recalls US Food and Drug Administration (FDA) 0
J New Toyota Supplier Quality Manual is on the Toyota Web Site Customer and Company Specific Requirements 1
Marc Justice Department seeks to have all web surfing tracked After Work and Weekend Discussion Topics 19
C World Population Clock as Web Part in SharePoint Document Control Systems, Procedures, Forms and Templates 1
F Document Control - Addressing control of content stored on web sites Document Control Systems, Procedures, Forms and Templates 9
G Is it dumb to develop an ISO 17025 web site? ISO 17025 related Discussions 9
P Standards Subscription - Online web site that provides AMS, NAS, SAE etc, standards Various Other Specifications, Standards, and related Requirements 1
J One of the great web comics of all time - xkcd Funny Stuff - Jokes and Humour 6
Marc My Cousin Jonny's Art Web Site - Camp Ernst Pictures Coffee Break and Water Cooler Discussions 7
J FDA Launches Medical Device and Radiation-Emitting Product Transparency Web site US Food and Drug Administration (FDA) 2
somashekar Substances declarations web database for REACH, RoHS, Book, Video, Blog and Web Site Reviews and Recommendations 2
S Sharing information on useful web sites Book, Video, Blog and Web Site Reviews and Recommendations 30
Q Web Address or the Full Street and ZIP/Postcode Address for FPR Labeling? ISO 13485:2016 - Medical Device Quality Management Systems 2

Similar threads

Top Bottom