Software in Medical Devices – Update for Q1/Q2 2024 The past year, as in previous…
Software in Medical Devices – Update for Q3/Q4 2017
Software in Medical Devices – Update for Q3/Q4 2017
This is a continuation of the software updates I have been sending out. Please check out all the references to download and/or to purchase. If you have any questions, please contact us.
Software is everywhere in medical devices and IVDs. The FDA and CE are becoming more pedantic on how they review and relate to software. The number of companies getting into the field is growing and the amount of software being developed for medical is very large.
Software Recalls Q3-Q4 /2017
We have been following the recalls and there were a growing number of recalls that are listed where software played a role in the recall. The following are additional examples of recalls involving software directly as listed on the FDA website. There were over 70 recalls in this period relating to software, including 4 class I recalls. There may be more but classified not under software directly.
- Arkon Anesthesia Delivery System, Class I – Arkon Anesthesia Workstation, with software version 61, experienced failure in mechanical ventilation, oxygen and anesthetic gas delivery, with concurrent failure of the display unit that resulted in a blank screen without audible or visible alarms.
- Datascope/Maquet Intra-Aortic Balloon Pump, Class I – Datascope Corp./MAQUET is recalling its CS100i, CS100, and CS300 Intra-Aortic Balloon Pumps manufactured July 1, 2003 to June 16, 2017 due to False Blood Detection Alarm and Ingress of Fluid into the Intra-Aortic Balloon Pump. If a patient requires circulatory support with an IABP and the device does not work, or if therapy is stopped during use without a replacement IABP available, device failure may result in immediate and serious adverse health consequences, including death.
- Abbott Implantable Cardiac Pacemakers, Class I – On August 23, 2017, the FDA approved a firmware update that is now available and is intended as a recall, specifically a corrective action, to reduce the risk of patient harm due to potential exploitation of cybersecurity vulnerabilities for certain Abbott pacemakers. For the purposes of this safety communication, cybersecurity focuses on protecting patients’ medical devices and their associated computers, networks, programs, and data from unintended or unauthorized access, change, or destruction. The FDA recommends that patients and their health care providers discuss the risks and benefits of the cybersecurity vulnerabilities and the associated firmware update designed to address such vulnerabilities at their next regularly scheduled visit. As medical devices become increasingly interconnected via the Internet, hospital networks, other medical devices, and smartphones, there is an increased risk of exploitation of cybersecurity vulnerabilities, some of which could affect how a medical device operates. The FDA has reviewed information concerning potential cybersecurity vulnerabilities associated with the RF-enabled implantable cardiac pacemakers and has confirmed that these vulnerabilities, if exploited, could allow an unauthorized user (i.e. someone other than the patient’s physician) to access a patient’s device using commercially available equipment. This access could be used to modify programming commands to the implanted pacemaker, which could result in patient harm from rapid battery depletion or administration of inappropriate pacing.
- CS 300 Intra-Aortic Balloon Pump, Class I – The device failed to pump due to an electrical test failure code #58 (power up vent test fail), maintenance code #3, and an autofill failure which has been associated to a patient death due to the failure of the device to initiate therapy.
- Xper Flex Cardio Physiomonitoring System, Class II – The company has identified that due to a software nonconformity in connection with a changed service setting Remisol could display wrong results.
- enGen Track System, Class II – A software anomaly with TCA Software 2 may potentially cause a delay in reporting of results due to patient samples being routed to an unintended location when samples are reintroduced back onto the enGen track.
- Radiometer ABL800 analyzer with FLEXQ module, Class II – Due to misinterpretation of the barcode by the scanner, when the registration receipt barcode is scanned by the analyzer, a result from a different patient will be printed or displayed on the analyzer.
- Remisol Advance Software, Class II – Beckman Coulter has identified that due to a software nonconformity in connection with a changed service setting Remisol could display wrong results.
- Accu-Chek Connect App, Class II – Certain iOS and Android App versions contain a program error (bug) in the Bolus Advisor feature. After pairing a meter with the app for the first time, a customer may encounter the rare condition in which the countdown timer is not displayed, and correction bolus advice is not available for the most recent, valid glucose reading. This same blood glucose value may become available for bolus advice calculation at a later time (countdown timer is displayed).
- CARESCAPE Patient Data Module, Class II – Device does not produce a visual or audible impedance respiration APN alarm when an impedance respiration apnea event occurs.
- ICU MedNet Medication Management Suites, Class II – The MedNet Meds 6.1 and 6.21 programs, under certain conditions, can change the piggyback medication entry set settings for existing defined medication entries.
- BRAINLAB EXACTRAC VERO, Class II – Brainlab has internally detected that under specific conditions ExacTrac Vero may not correctly account for this ring angle correction during the calculation of the corresponding couch shift. This may result in the treatment couch not moving to the exact planned position resulting in a deviation between the planned and the treatment target position. This deviation may not be clearly visible to the user if no verification image of the patient position is acquired after this couch shift has been performed.
- Rosa Spine 0.2, Class II – A design change was initiated to update ROSA Spine 1.0.2 to version ROSA Spine 1.0.2.16 to resolve software bugs and improve usability and stability of the ROSA Spine device.
- Volcano Imaging Systems, Class II – On certain Impacted Systems, an unexpected Microsoft Windows Security dialog may appear during use, and the user’s response to the dialog may adversely affect the subsequent operation of the device.
- 3M Bair Hugger(TM) Normothermia System, Class II – During a recent investigation, 3M confirmed that a programming translation error could occur in a small amount of the sensors that could lead to a temperature readout that is lower than the patients actual temperature.
- ROSA Brain 0.0, Class II – Communication errors between ROSANNA BRAIN software, MARIO software and the CS8C controller.
- Siemens plaza PACS, Class II – Siemens is releasing a non-medical software application LTA Incomplete Archive Check Tool V1.0. It is intended to eliminate an issue that occurs during syngo.plaza de-archiving from Dicom LTA. It has been defined that the number of de-archived images is less than the count of the archived images for the series.
- Plum 360 Infusion System, Class II – (1) Under certain conditions, if a malfunction alarm occurs while the pump is in the “Paused” state waiting for the distal pressure to decrease, the pump cannot be turned off and delivery cannot be restarted until the battery is discharged or is disconnected; and (2) when the user accesses the Preventive Maintenance Screen in Service/Biomed Mode with a Total Delivery Time >1,500 hours, the user will not be able to interact with the device and the device must be power cycled.
- Symbia Intevo 16, SPECT/CT System, Class II – The Broad Quantification option of the Symbia product software version VB20A may not allow modification of two data input values. The failure occurs when the system with the Broad Quantification option is calibrated with phantoms that do not have a volume of 6500ml and/or when residual dose needs to be entered.
- RESONATE EL ICD VR, Class II – The devices have an incorrect firmware configuration.
- THERMOCOOL SF NAV Catheters, Class II – Biosense Webster, Inc. has recently received an increased number of complaints related to the display of Alert 402 on the CARTO 3 System for certain lots of THERMOCOOL brand catheters. Alert 402 implies a “Map: magnetic distortion” when connected to CARTO 3 System. This issue may subsequently lead the physician to ablate in an unintended area when delivering RF energy.
- Ablatherm Integrated Imaging, Class II – The US FDA has requested the optional energy treatment settings, “medium” and “low” (Software Protocols 02-Medium and 03-Low) be removed from all Ablatherm Integrated Imagining devices in the U.S. until supporting clinical data can be submitted and evaluated by FDA.
- Oncentra Brachy 4.5 radiation therapy SW, Class II – Oncentra is a radiation therapy planning software designed to analyze and plan radiation treatments in three dimensions for the purpose of treating patients with cancer. Incorrect source step size may occur in the software plans.
- Power Processor 1K Stockyard, Class II – Beckman Coulter has identified that due to a PLC software nonconformity the 1K Stockyard can initiate a retrieval of a sample tube during the rack loading process, which should not occur. This issue and associated complaint were discovered and filed internally.
- Alaris Pump Module model 8100, Class II – The recalling firm has received reports of increased or decreased flows that have occurred in certain pumps.
- Philips Healthcare Brilliance 64 System, Class II – During a bolus tracking procedure, no images were generated when the scan was completed, and the raw data file was not available for offline reconstruction. There is a discrepancy between the calculated reconstruction length and the actual scan length that results in the inability to reconstruct raw data.
- Toshiba Medical Kalare Fluoroscopic X-Ray, Class II – During an examination images were displayed on the live monitor, but the images were not displayed on the system monitor nor were they saved to the hard disk.
- Baxter Amia Automated Peritoneal Dialysis, Class II – The firm received increased customer complaints for Missing Red Line, Patient Slow Flow, Solution Slow Flow, and Inadequate Drain alerts on certain lots of the AMIA Automated Peritoneal Dialysis Set with Cassette.
- FFR Link-FFR Signal Processing Module, Class II – The device history record (DHR) was missing its test documentation for final HIPOT (high potential) electrical testing.
- Mako Total Hip Application, Class II – Software discrepancy of not showing all the EE constants, when the screen is filled.
- Toshiba Medical Radrex, Class II – It was discovered during a procedure that when the operator made an exposure on the wireless x-ray detector and the image data was sent to the digital radiography system, and error message was displayed ” System Error (2063)” which required a reboot and loss of the image.
- Merge Unity software, Class II – The software is not identifying the patient as having atypical hyperplasia, resulting in an incorrect Gail Risk calculation.
- Biomerieux VITEK 2 Compact 15, Class II – Customers have reported that some VITEK¿ 2 cards are staying in preliminary status, not finalizing after ejection from the instrument, and not allowing cards in subsequent carousel slots to be The issue was reported to occur on VITEK¿ 2 Compact 15 and Compact 30 systems following a system software update to version 8.01.
- Neusoft Medical NeuViz 64, Class II – The Multi-Slice CT Scanner System can be used as a whole body computed tomography X-ray system featuring a continuously rotating X-ray tube and detector array. The acquired X-RAY transmission data is reconstructed by computer into cross-sectional images of the body from either the same axial plane taken at different angles or spiral planes taken at different angles. The recall was due to a software defect.
- ORA System with VerifEye, Class II – Some ORA Carts have the potential to return an incorrect IOL power measurement during cataract surgery. This issue appears to have been caused by a software coding error that results in the lens coefficients for an IOL model being downloaded from the Alcon server in an incorrect order.
- EMBLEM MRI S- Implantable Cardioverter Defib, Class II – The device can deliver an atypical amount of energy due to memory corruption inside the device.
- SoftLab Software Lab information system, Class II – Display of lab results based on incorrect LOINC code/test descriptions for tests that were performed at a reference lab, saved incorrectly, and sent to systems that display the EMR.
- Beckman Coulter PK7300(R), Class III – Beckman Coulter’s PK7300, associated with a defect or glitch with the dispensing monitoring board, was distributed.
- Agfa Healthcare NX 0.8950 Software, Class II – A customer reported that when using an NX workstation with software version NX 3.0.8950 software and selecting the affected patient/exam from closed exams, initially the wrong image was linked to the exam and appeared. After a short time, the wrong image was replaced by the correct image, however the wrong image was used for transmitting to PACS.
- Draeger Infinity Acute Care System, Class II – Cockpits with revision index 06 or higher that contain 4GB RAM modules may not annunciate audio or visual alarms on the Cockpit and Central Station.
- Medtronic Navigation Install CD, Spine tools, Class II – Software issue related to the StealthStation S7 system and the Synergy Spine application Version 1 configured with Spine Tool Install CD version 25. Issue may result in user being unable to navigate the Navigated Elevate Inserter with the StealthAiR Spine Frame during spine surgical procedures.
- Merge Eye Care PACS Viewer 2, Class II – When the user has not set up any user preference on the sorting order to render the study images (OS/OD/etc.) and reports, the ECP may get an incorrect study index. If the user attempts to delete an image, ECP may then read that image as OS when it is, in fact, OD.
- CardioTek EP-TRACER Software, Class II – Software bug which allows parameters to be changed unintentionally during use.
- Ion Beam Proteus 235, Class II – The Proton Therapy System – Proteus 235 is a medical device designed to produce and deliver a proton beam for the treatment of patients with localized tumors and other conditions susceptible to treatment by Recall due to a software issue.
- Siemens Sensis Vibe Systems, Class II – In Sensis Vibe systems with software version VD10B, a software error can result in: problems generating a report and/ or- information from different examinations of the same patient being combined into one — The error causes information from two examinations to be combined into one report.
- IMPAX CV Reporting module Cl II – A customer experienced when using IMPAX CV Reporting software, specifically, when building a NIV report, the NIV Cardio report was showing incorrect findings for Aneurysm.
The amount of software recalls is growing. This shows that there is more software out there and also a lot of software bugs.
IEC 82304 Recognized as FDA Consensus Standard
The FDA added the IEC 82304-1 Edition 1.0 2016-10, Health Software – Part 1: General Requirements for Product Safety, as a consensus standard.
Top 10 Health Technology Hazards for 2018
The ECRI Institute published the executive brief of the top 10 health technology hazards for 2018. The relevant technology hazards listed by place are:
- 1 Ransomware and Other Cybersecurity Threats to Healthcare Delivery Can Endanger Patients
- 4 Missed Alarms May Result from Inappropriately Configured Secondary Notification Devices and Systems
- 7 Inadequate Use of Digital Imaging Tools May Lead to Unnecessary Radiation Exposure
- 8 Workarounds Can Negate the Safety Advantages of Bar-Coded Medication Administration Systems
- 9 Flaws in Medical Device Networking Can Lead to Delayed or Inappropriate Care
UL 2900 for Medical Device Cybersecurity
The FDA added UL 2900-1 Ed.1 2017, Standard For Software Cybersecurity Network-Connectable Products, Part 1: General Requirements to the list of consensus standards. UL 2900-1 covers general cybersecurity requirements for network-connectable devices.
FDA – Cybersecurity Update
On August 23, 2017, the FDA approved a firmware update that is now available and is intended as a recall, specifically a corrective action, to reduce the risk of patient harm due to potential exploitation of cybersecurity vulnerabilities for certain Abbott (formerly St. Jude Medical) pacemakers. “Firmware” is a specific type of software embedded in the hardware of a medical device (e.g. a component in the pacemaker).
For the purposes of this safety communication, cybersecurity focuses on protecting patients’ medical devices and their associated computers, networks, programs, and data from unintended or unauthorized access, change, or destruction.
The FDA recommends that patients and their health care providers discuss the risks and benefits of the cybersecurity vulnerabilities and the associated firmware update designed to address such vulnerabilities at their next regularly scheduled visit.
Many medical devices – including St. Jude Medical’s implantable cardiac pacemakers – contain configurable embedded computer systems that can be vulnerable to cybersecurity intrusions and exploits. As medical devices become increasingly interconnected via the Internet, hospital networks, other medical devices, and smartphones, there is an increased risk of exploitation of cybersecurity vulnerabilities, some of which could affect how a medical device operates.
The FDA has reviewed information concerning potential cybersecurity vulnerabilities associated with St. Jude Medical’s RF-enabled implantable cardiac pacemakers and has confirmed that these vulnerabilities, if exploited, could allow an unauthorized user (i.e. someone other than the patient’s physician) to access a patient’s device using commercially available equipment. This access could be used to modify programming commands to the implanted pacemaker, which could result in patient harm from rapid battery depletion or administration of inappropriate pacing.
There are no known reports of patient harm related to the cybersecurity vulnerabilities in the 465,000 (US) implanted devices impacted.
To address these cybersecurity vulnerabilities and improve patient safety, St. Jude Medical has developed and validated this firmware update as a corrective action (recall) for all of their RF-enabled pacemaker devices, including cardiac resynchronization pacemakers. The FDA has approved St. Jude Medical’s firmware update to ensure that it addresses these cybersecurity vulnerabilities, and reduces the risk of exploitation and subsequent patient harm.
NIST Framework
A draft of a revised version of the NIST Framework for Improving Critical Infrastructure Cybersecurity has been circulated for comment. This draft revision refines, clarifies, and enhances Version 1.0 issued in February 2014 and updated in January 2017.
https://www.nist.gov/sites/default/files/documents/2017/12/05/draft-2_framework-v1-1_without-markup.pdf
Federal Trade Commission (FTC) Mobile Health Apps Interactive Tool
If you are developing a mobile health app that collects, creates, or shares consumer information, click on the button to take you to the tool on Federal Trade Commission’s website to find out when FDA, Federal Trade Commission (FTC) or Office of Civil Rights (OCR) laws apply:
https://www.ftc.gov/tips-advice/business-center/guidance/mobile-health-apps-interactive-tool
FDA Final Deciding if a new 510(k) is needed
The FDA released two new guidances on 25/10/17 on deciding when to submit a new 510{K), one for general changes and the second for software changes. It seems that there are so many software changes, the FDA decided that software needs its own guidance.
https://www.fda.gov/downloads/MedicalDevices/DeviceRegulationandGuidance/GuidanceDocuments/ucm514771.pdf
https://www.fda.gov/downloads/medicaldevices/deviceregulationandguidance/guidancedocuments/ucm514737.pdf
The major issues in the software changes relate to the following:
- strengthen cybersecurity
- return the system into specification of the most recently cleared device
- changes to risks associated with the use of the device
- changes to the risk controls for the device
- affecting clinical functionality or performance specifications
FDA MDDT – Medical Device Development Tools
The FDA released a final guidance on 10/8/17 on the Qualification of Medical Devices Development Tools. This guidance describes the way the FDA will qualify tools that medical device sponsors can use in the development and evaluation of medical devices.
https://www.fda.gov/downloads/MedicalDevices/DeviceRegulationandGuidance/GuidanceDocuments/UCM374432.pdf
FDA Least Burdensome Principles Draft Guidance
The FDA released a draft guidance of “The Least Burdensome Provisions: Concept and Principles”. This guidance discusses FDA’s intent and approach to applying Least Burdensome Principles to the total product lifecycle for medical devices based on requirements in FDAMA, the FDA Safety and Innovation Act and the 21st Century Cures Act. This guidance stresses interactive approaches, tailored approaches, consideration of time and resources impact of its requests, use of post market data to reduce premarket data, timely patient access, leveraging international data, alternative source of data versus clinical trial data, leveraging existing data rather than running new trials, use of read world data and non-clinical data and bench testing, use of computer modeling and simulation, non-comparative clinical outcome studies, risk benefit analysis, bunding multiple devices in a submission, exempting some Class I and II devices from 510(k) requirements, and in general requesting only the minimum information needed for making a regulatory decision.
https://www.fda.gov/downloads/MedicalDevices/DeviceRegulationandGuidance/GuidanceDocuments/UCM588914.pdf
FDA Clinical and Patient Decision Support Software Draft Guidance
The FDA released on 8/12/17 a draft guidance of “Clinical and Patient Decision Support Software”. This guidance addresses software for decision support in two categories: one used by Healthcare Professionals, the other used personally by patients and non-health professionals. It provides FDA interpretation of which types of Decision Support Software do not meet the definition of a medical device (as modified in the 21st Century Cures Act), which types may meet the definition, and which types FDA will focus on in terms of regulatory oversight. One key factor is whether the information provided by the software can be independently evaluated by the Clinician.
https://www.fda.gov/downloads/MedicalDevices/DeviceRegulationandGuidance/GuidanceDocuments/UCM587819.pdf
FDA SAMD Clinical Evaluation Final Guidance
FDA released the final guidance of “Software as a Medical Device (SAMD): Clinical Evaluation” on 8/12/17. This guidance is actually the use of an International Medical Device Regulators Forum (IMDRF) document completed in June 2017, so this guidance represents broad international consensus. This guidance discusses various types of clinical evidence to support safety and effectiveness of a wide range of Software devices. Information is provided on FDA’s perspective on use of pre-existing scientific and clinical information, analytical evaluation and bench testing. It also distinguishes between expectations for well-established clinical associations vs. Novel clinical associations. Section 9.0 discusses continuous leveraging of real world performance data to support additional performance claims and functions or to reduce such claims.
https://www.fda.gov/downloads/MedicalDevices/DeviceRegulationandGuidance/GuidanceDocuments/UCM524904.pdf
FDA Changes to Medical Software Policies Draft Guidance
The FDA released on 8/12/17 a draft guidance of “Changes to Existing Medical Software Policies Resulting from Section 3060 of the 21st Century Cures Act”. This guidance discusses software functions in relation to the modified device definition in the 21st Century Cures Act and the criteria for interpreting if and how medical software will or will not be regulated. Note, however, that the 21st Century Cures Act allows regulation of devices excluded from regulation if a federal register notice finds it would be reasonably likely to have serious adverse health consequences This guidance indicates that 4 other existing FDA software guidances will be modified to incorporate the policies indicated. related to application of these policies on a software function-specific basis and across platforms. These includes the Mobile Medical Applications, Off-the- Shelf Software, General Wellness, and Medical Device Data Systems guidances. This draft guidance contains many criteria and details regarding FDA’s legal authority (or lack thereof) to regulate medical software and whether if within their authority they will exercise enforcement discretion and not actively regulate. It includes related factors such as whether the software is certified by non-FDA HHS Office of the National Coordinator for Health Information Technology.
https://www.fda.gov/downloads/MedicalDevices/DeviceRegulationandGuidance/GuidanceDocuments/UCM587820.pdf
Risk Management of Radio-Frequency Wireless Coexistence
The AAMI released its standard on Risk Management of Radio-Frequency Wireless Coexistence: AAMI TIR69: 2017, Technical Information Report Risk Management of Radio-Frequency Wireless Coexistence for Medical Devices and Systems. The standard is recognized by FDA as a consensus standard. This is a very important issue for medical device developers developing medical devices to be used in the home.
Planned Guidance Documents from FDA for 2018
Relevant to this update, the following guidances are listed by the FDA for 2018:
- Validation of Automated Process Equipment Software
- Unique Device Identification: Policy Regarding Compliance Dates of Class I and Unclassified Devices
- Multifunctional Device Products: Policy and Considerations
IEC TR 80002-2 Validation of Regulated Systems
IEC TR 80002-2 Medical device software – Part 2: Validation of software for medical device quality systems has been released. This TR provides guidance for new requirements in ISO 13485:2016 for validating software used in quality systems.
ISO/TR 80002-2:2017 applies to any software used in device design, testing, component acceptance, manufacturing, labelling, packaging, distribution and complaint handling or to automate any other aspect of a medical device quality system as described in ISO 13485.
FDA Draft Part 11 for Clinical Investigations
The FDA issued a new draft guidance in June 2017 titled “Use of Electronic Records and Electronic Signatures in Clinical Investigations Under 21 CFR Part 11 – Questions and Answers”. This guidance, while scoped for clinical investigations, has information that is probably useful and defensible for assessing or ensuring compliance with other types of systems subject to 21 CFR Part 11 as well. It is presented in Q&A format and addresses cloud systems, mobile devices, outsourcing and many other topics. This was sponsored by CDRH, CDER and CBER.
FDA Responses to 510K – Software
We are still receiving responses from the FDA concerning their software. This means that this is becoming the state of the practice for the FDA. These responses relate to the run-time testing, and cybersecurity. Below is shown the wording received from the FDA in all the cases:
- The submission did not include information on the tools, such as static analysis tools, that you used to detect run-time errors. This information is needed to assess whether good coding practices have been implemented to prevent common coding errors which may adversely affect the safety of the Please provide this information. For any such tool used, please identify what error types the tool detects, your method and process of applying the tool(s), and a summary report and/or conclusion about the results. Note: some common run-time errors are:
- Un-initialized variables
- Type mismatches
- Memory leaks
- Buffer over/under flow
- Dead and unreachable code
- Memory/heap corruption
- Unexpected termination
- Non-terminating loops
- Dangerous Functions Cast
- Illegal manipulation of pointers
- Division by zero
- Race conditions
- The information security and cybersecurity of the device is needed to evaluate the cybersecurity risks and the associated controls.
- Please discuss in detail, information on your design considerations, including mitigations pertaining to intentional and unintentional cybersecurity risks including:
- A specific list of all cybersecurity risks that were considered in your design.
- A specific list and justification for all cybersecurity controls that you established, and the justification as to why such controls are Please provide the evidence that the controls perform as intended.
- Please ensure that you address information confidentiality, integrity and viability.
- Please incorporate, as appropriate, the information identified here in your Hazard Analysis.
We are highly recommending to clients several remediations:
- SSC Class B/Moderate LOC – software require tools to test the software for run-time We are recommending using static code analysis tools. There are low end tools that should be used, e.g., Source Code Analysis package for medical device companies from Parasoft (C/C++, C#/VB.NET, Java), Microsoft Visual Studio 2013 Static Code Analysis (C/C++), IAR C-STAT static analysis (C/C++), etc.
- SSC Class C/Major LOC/Special Guidance/PMA – FDA will ask for a SCA report. We highly recommend using one of the tools that we know the FDA has evaluated. A partial list of these tools is Parasoft, Coverity, Polyspace, PQRA, Klocwork, Grammatech and LDRA.
- A cybersecurity report should be prepared for submission to the FDA based upon the threat analysis.
When choosing a SCA tools, check the local support. Even though everyone offers Internet support, nothing beats having the support done locally by someone who has the experience and speaks your language.
Summary
There are many ways to screw up your software in the medical device. It doesn’t take too much talent to do this and companies are doing it daily. Many companies mess up royally and don’t know how to get out of the mess. In many cases, they don’t even know that they are in deep trouble.
You can work properly without breaking the bank. There are many ways to handle the software development/maintenance life cycle and the software validation.
If there are any questions or requests, please feel free to contact us.
Mike