SBS - The Best Value in QMS software

Working with a software developer who is not setup for IEC 62304

shimonv

Trusted Information Resource
#1
Hi Fellows,
Here is the scenario:
A client of mine would like to outsource the software development to a small firm that are good at what they do, but are not setup to working according to IEC 62304.

Question: Is there any problem/pitfall to allow such a contract developer to work according to their own agile methods and when they get close to the end start working on the software QA docs with my help. This will include the preparation of STD for prospective testing.


Appreciate your thoughts.

Thanks,
Shimon
 
Last edited:
Elsmar Forum Sponsor

Ed Panek

QA RA Small Med Dev Company
Staff member
Super Moderator
#2
62304 asks what risk class the software in question presents; A, B or C I believe. Do you know what the contractor is working on?
 

Ed Panek

QA RA Small Med Dev Company
Staff member
Super Moderator
#4
I am not sure I would risk waiting to the end to document their compliance but you could certainly periodically update it since it low risk. Are you going to document this "plan" in your own QMS?
 

yodon

Staff member
Super Moderator
#5
are not setup to working according to IEC 62304.
That's a *bit* worrisome - most of 62304 is really just good software engineering practices.

If Class A, as you think, the burden is pretty light and the approach you describe is probably mostly reasonable. Doing the planning work up front will help them see how you will get there.

Requirements documentation can be challenging with this approach. The agile folks often take a different approach to requirements; e.g., use scenarios -v- "shall" and that makes the V&V work really hard. I would recommend going "old school" and writing ("shall" requirements) established. It's possible to use use scenarios as the basis for software system testing but sometimes the scenarios can be just too vague. We generally 'extract' requirements from use scenarios and keep updating throughout the development process.

The configuration management work is pretty fundamental and if they're not "set up to working.." this may be a problem. For Class A, you can pretty much wait until you start software system test before going under change control. After that, though, all changes need to be authorized and all changes to the code need to be linked to that authorization (usually supported through the SW CM system; i.e., check-out / check-in comments). Again, if you set the stage through planning, it will probably go ok.

If, though, the software turns out to be Class B, it gets really hard to back-fill - especially in unit verification & acceptance and integration (testing) - and I wouldn't recommend it.

Oh, and don't forget 62366! Agile is suited quite well for that standard as you will likely be doing a lot of formative studies. It also helps to get all the use specifications understood.
 

shimonv

Trusted Information Resource
#6
I am not sure I would risk waiting to the end to document their compliance but you could certainly periodically update it since it low risk. Are you going to document this "plan" in your own QMS?
All the QA documents will be maintained at the legal entity QMS.
 

shimonv

Trusted Information Resource
#7
Thanks Yodon,
Your writing clearly indicates that you had your fare share of SW QA juggling :)
In my opinion the IEC 62304 has not caught up with the reality of contemporary software development practices.


Shimon
 

yodon

Staff member
Super Moderator
#8
fare share of SW QA juggling
Yes, 62304 remediation is certainly a solid revenue stream. :) Not the most fun work, but pays the bills.

There's certainly room for improvement in the standard but given that it's medical device software that could result in harm, there's good rationale, IMO, for most of it.
 

Tidge

Trusted Information Resource
#10
I stand with @yodon ; I will reply to this bit:
In my opinion the IEC 62304 has not caught up with the reality of contemporary software development practices.
Without trying to spark discussion about various agile methods wholly contained within different phases of development (i.e. requirements development v. design solutions) there is nothing about "contemporary development practices" that doesn't fit within 62304... assuming that (medical device) software developers are willing to guarantee the role their software plays in assuring safety.

My experience has been that software developers are no different than many other engineers that bristle at "somebody looking over their shoulder" or "making me explain myself over and over again". The (scaled) deliverables of 62304 can support rapid development... it's just that the developers have to be disciplined enough to admit when they are stepping backwards out of a phase (e.g. by refactoring elements of an established architecture, changing requirements, etc.) and recognize the consequences of doing so.
 
Thread starter Similar threads Forum Replies Date
V What qualification is needed for working as QMS Engineer in a software company? Training - Internal, External, Online and Distance Learning 6
G I am looking for software developers with experience working with AS9100 AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 2
W Hackers and software developers - Colleagues working to make software better? After Work and Weekend Discussion Topics 4
B 3-phase supply, overvoltage catogory, line-to-neutral and working voltage (IEC 61010-1) IEC 60601 - Medical Electrical Equipment Safety Standards Series 0
John Broomfield Guidance on Safe Working During Covid-19 Pandemic Misc. Quality Assurance and Business Systems Related Topics 5
S Experience working with TUV SUD or Rheinland, and/or BSI Registrars and Notified Bodies 5
G Working on a Root Cause Problem Solving, Root Cause Fault and Failure Analysis 11
M Informational TGA-led IMDRF Personalised Medical Devices working group meets in Canberra Medical Device and FDA Regulations and Standards News 0
M Informational EU – Minutes of the 24 July 2019 SCHEER Working Group on safety of breast implants in relation to anaplastic large cell lymphoma (BIA-ALCL) meeting Medical Device and FDA Regulations and Standards News 0
Watchcat MDD, MDR/IVDR, Working Groups, Expert Panels, MEDDEVs and Other EU Guidances EU Medical Device Regulations 32
T Is anyone working with N299.1 (Supply/service to nuclear power plants)? Various Other Specifications, Standards, and related Requirements 0
M Informational EU – 12th Meeting of the Working Group on Guidelines on benefit – risk assessment of Phthalates in Medical Devices Medical Device and FDA Regulations and Standards News 0
G Anyone working with or planning to do business in the CBD (cannabidiol) industry? US Food and Drug Administration (FDA) 1
M Applicability of Means of Protection, working voltage in an Automated External Defibrillator IEC 60601 - Medical Electrical Equipment Safety Standards Series 0
Sidney Vianna ISO 9001 News Tirelessly Improving the Brand Integrity of ISO 9001 - Working Group under ISO TC 176 ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 42
E Feeling ill when working with adhesives Occupational Health & Safety Management Standards 2
M Informational EU – SCHEER – Minutes of the Working Group meeting on guidelines on the benefit-risk assessment of the presence of phthalates in certain medical devic Medical Device and FDA Regulations and Standards News 1
T IEC60601-1: Isolation for an applied part with working voltage of 1500Vp. IEC 60601 - Medical Electrical Equipment Safety Standards Series 8
Rameshwar25 Min working experience for IATF 16949 third party auditor IATF 16949 - Automotive Quality Systems Standard 5
J AS9100 - Working Outside of Scope of Certification AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 5
S ISO 13485 Cl. 6.2 Human Resources - Personnel working within the QMS ISO 13485:2016 - Medical Device Quality Management Systems 4
K Outsourced Major Processes - Working for Two Sister Companies AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 1
A Working for multiple CB's (Certification Bodies) AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 17
N Anyone working on NIST SP 800-171 (Network and Information Security)? Records and Data - Quality, Legal and Other Evidence 4
O Cleaning API Rotary Shoulder Connections Working Mates exposed to Outside Weather General Measurement Device and Calibration Topics 1
R Working on a 510(k) that is very similar to the predicate device Other US Medical Device Regulations 4
L How many working hours to required to implement ISO 14001 ? ISO 14001:2015 Specific Discussions 6
R How to Determine Working Voltage & Tolerance for Isolation Barriers? IEC 60601 - Medical Electrical Equipment Safety Standards Series 2
S OHSAS 18001 - 4.3.2 Legal and Other Requirements - Working document or template Occupational Health & Safety Management Standards 2
D How Working Standard Calibration result use in Verification of Equipment General Measurement Device and Calibration Topics 7
B Any future for someone working as Lead Quality right these days? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 6
W Control of Document - Working Instruction and Checklist ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 6
W Working in a company where we try to implement ISO 27001 IEC 27001 - Information Security Management Systems (ISMS) 9
C "PEAK WORKING VOLTAGE" with a 220-240VAC nominal Power Supply IEC 60601 - Medical Electrical Equipment Safety Standards Series 5
C What is an acceptable bioburden level or count when working in cleanroom ISO class7 ISO 13485:2016 - Medical Device Quality Management Systems 1
AnaMariaVR2 IMDRF Working With ICH on Harmonized Electronic Submission System for Drugs, Devices Other Medical Device Regulations World-Wide 0
J0anne US Working Permit Requirements for European Consultants Career and Occupation Discussions 2
E What are the major difficulties when working as a consultant in your industry? Consultants and Consulting 20
B Need help on an application we are working on Coffee Break and Water Cooler Discussions 4
A I am working in QA. How can I gain knowledge and skills on EHS system? Career and Occupation Discussions 4
K What are the challenges of working in UAE as an Auditor ? General Auditing Discussions 2
X Shall not exceed 2 working weeks = shall not exceed within 10 working days? IATF 16949 - Automotive Quality Systems Standard 2
I IEC 60601-1 Least Favourable Working Conditions for Medical Equipment IEC 60601 - Medical Electrical Equipment Safety Standards Series 3
L Working closer and better with Suppliers - Practical ideas to improve? Supplier Quality Assurance and other Supplier Issues 8
J Frequency of Re-Testing Working Standards (Secondary Reference Standard) Pharmaceuticals (21 CFR Part 210, 21 CFR Part 211 and related Regulations) 1
R Supplier Satisfaction Survey about Working with us as a Customer Supplier Quality Assurance and other Supplier Issues 7
R Informational How to consider the Working Voltage for splitting 2MOPP IEC 60601 - Medical Electrical Equipment Safety Standards Series 39
M Working Styles - The lazy, last minutes type Career and Occupation Discussions 13
R Determining Working Voltage - Drawing a Medical Device Insulation Diagram IEC 60601 - Medical Electrical Equipment Safety Standards Series 5
Q Quality Working Documents in same QMS Folders? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 4

Similar threads

Top Bottom