Medical Devices

Home » Solutions » By Industry » Medical Devices

ALM for Medical Device Development

solutions-medical-1

Medical Device development teams are faced with increased software complexity today when developing high quality devices. Software quality is a key differentiator for medical device manufacturers. Their quality regulations include traceability on requirements, methods, processes and tests used for developing and servicing their medical devices. More often than not full traceability is required to comply with development audits. In traditional development systems providing traceability means enormous costly manual work to find information in isolated issue trackers, shared folders, emails, version control repositories and on all change history.

codeBeamer’s security and process workflow features are designed to comply with regulations and standards defined by government agencies and the production industry. This includes codes of federal regulations (CFR’s) issued by the FDA, ISO and DIN industry standards. codeBeamer supports electronic records and electronic signatures as described in CFR 21 part 11 and quality assurance features according to CFR 21 part 820.

codeBeamer is a 100% web based solution that provides integrated document management, wiki and a wide range of collaboration features. Working progress and important project information is available in real-time to all project members.

ISO / IEC Standards for Software in Medical Devices Challenges

Medical device engineering requires achieving and proving compliance. When talking about software in these devices an important standard to start with is IEC 62304 (Medical Device Software – Life Cycle Processes) as it describes everything software engineers do.

But in order to develop medical devices and software, companies and engineers unfortunately have to understand and adhere to several standards like ISO 13485 and ISO 14971 on one side, IEC 62304, ISO 60601/61010 and IEC 62366, on the other side. It is important to know that some of these are not specific to software alone. ISO 13485 (Quality Management System) e.g. relates to design and also manufacturing of medical products in general. Additionally the Food and Drug Administration (FDA) or European Medical Device Directive add further requirements. See table at the end for a quick overview.

Overview of related standards The following figure gives a good overview showing how some of the standards combine the world of computer science and application lifecycle management with the existing world of risk management, quality management, ergonomics and electrical engineering.

solutions-medical-2

Applying codeBeamer to approach challenges

Medical device engineering teams are supported by codeBeamer with regard to the standards mentioned above in several ways, here are some of them:

  • codeBeamer satisfies ISO 13485 (quality management system) requirements for document control, control of records, product realization, identification and traceability and improvement
  • codeBeamer can satisfy ISO 14971 (risk management) with risk analysis, evaluation, control and reporting
  • Software development planning is achieved through release and activity planning and scheduling inside codeBeamer with accurate traceability to requirements, test cases etc.
  • Software requirements analysis is supported by freely configurable requirements and specification document handling, where issues can classified by category, safety level and more
  • Software integration and integration testing as well as system testing combined with defect management
  • Software error resolution handling by definable defects and change request workflows including impact analysis
  • Applying FMEA inside codeBeamer to handle software risk analysis
  • Software configuration management including change control and review processes with traceability from requirement to source code.
  • codeBeamer can be tailored to your organization’s specific needs as individual data structures, enforceable workflows and reporting can be configured.
  • achieving compliance is reached by enforcement of individual processes inside codeBeamer, proving compliance by reporting and only a mouse-click away from an auditor’s demand because all data management has taken place in a central repository.
  • improving collaboration between different groups increases productivity and quality at the same time, impact between work items can easily be analysed and notified.
  • Individual workflows for failure modes, visualization of dependencies to derived and linked artifacts and more can be applied to comply with your processes and to make these repeatable. Furthermore, all activities and changes are documented automatically and can be provided for audits.
  • Planning related work items and providing impact analysis and notification for frequent change on these enhances collaboration between otherwise separated groups like risk managers, requirements engineers and testers.

Intentionally, none of the industry’s standards are prescriptive so individual organizations can optimize their processes as they like and as they have done in the past. Therefore, different organizations create different demands for different audit trails. The overall solution relies upon codeBeamer’s configurability for involved artifacts and their relationship to provide any kind of traceability to achieve compliance with regulatory standards and your derived processes.

More challenges

Unfortunately, this figure is not yet complete as new standards for stand-alone software (IEC 82304) or provisions for health applications on smart/mobile devices (ISO 17522) and ISO/IEC 29119 for Software Testing arise.

Don’t we have enough standards, yet? The answer might be yes but obviously the existing standards have either not been understood well, not be defined with enough detail or not applied well enough at all as the increasing number of software related errors and recalls indicates.

Addendum

The following lists presents a rough summary of standards around software for medical devices

  • ISO 13485 Quality System for medical devices industry – area of responsibility of quality manager, software project manager, CAPA experts should know about it
  • ISO 14971 Risk management for medical devices – area of responsibility of quality and risk manager, software project manager needs to interact
  • IEC 62304 Software lifecycle for medical devices – area of responsibility of software project manager but quality manager needs to interact
  • IEC 62366 Usability in medical devices – area of responsibility of software project manager, quality manager needs to be involved
  • IEC 60601-1 Programmable electric medical devices – area of responsibility of software project manager with regard to section 14, quality manager sould know about it as well

In any case, the responsibility of an overall quality system is the responsibility of management and direction but the success of any system lies in well trained individuals defining and applying the system and collaborating via such a system achieving compliance with standards on company level. The Quality Manager’s role often implies to ensure that all standards are well applied by people who should know them. While the software project manager’s role is to implement the three standards about software with the help of the quality manager, the quality manager himself needs a broader view of the device abouts its conception (non software parts) and in its lifecycle (other phases of the life of the medical device).

FMEA – Failure Mode and Effects Analysis

What is it?

FMEA is a widely-used technique in various industries as military, aerospace & defense, automotive and medical devices to manage risk by being preventive about failures. In more detail, FMEA mainly represents a qualitative analysis of the root causes of failure modes and their effects. Applying FMEA belongs to the basic tasks whenever handling quality, reliability and safety are of major concern which is certainly true for the mentioned industries above. Having said this, it should be noted that it is not the only method to do so but often combined with techniques as Fault Tree Analysis and others.

Relevance for the medical device industry

The medical device industry is discussing FMEA specifically as part of risk management, quality assurance and CAPA (corrective action / preventive action) in several of the industry’s standards documents. Without intending to be cynical, risk management, FMEA and CAPA are great places for auditors to look for non-conformance.

Practical challenges of performing FMEA

A common way of applying FMEA is working with Microsoft EXCEL spreadsheets or specific reliability tools. These tools work very well stand-alone but face their users with the challenge of versioning and need to integrate with other systems because best practices include a variety of different activities, often depending on the individual organizations. Common examples are deriving and linking new requirements specifications to mitigate risks or creating specific tasks or test cases. But handling of related requirements specifications and other artifacts usually takes places in different systems with their own separated databases which adds to the overall complexity for any process. Obviously data silos are not helpful when your processes require linking involved artifacts and when everything needs to be documented and versioned across systems to provide accurate traceability and activity prove for auditors.

Applying codeBeamer to approach challenges

Doing your FMEA in codeBeamer can provide a lot of different advantages to you and your organization, here are some of them:

  • Parallel access to your FMEA documents, versioning and electronic signature are just the beginning.
  • If you started your FMEA outside of codeBeamer and need to move data from spreadsheets to codeBeamer, CSV and Excel import help to do so.
  • Once working in codeBeamer automatic calculations (e.g. risk priority numbers) and process enforcement can take place.
  • Individual workflows for failure modes, visualization of dependencies to derived and linked artifacts and more can be applied to comply with your processes and to make these repeatable. Furthermore, all activities and changes are documented automatically and can be provided for audits.
  • Planning related work items and providing impact analysis and notification for frequent change on these enhances collaboration between otherwise separated groups like risk managers, requirements engineers and testers.

Intentionally, none of the industry’s standards are prescriptive so individual organizations can optimize their processes as they like and as they have done in the past. Therefore, different organizations create different demands for different audit trails. The overall solution relies upon codeBeamer’s configurability for involved artifacts and their relationship to provide any kind of traceability to achieve compliance with regulatory standards and your derived processes.

Addendum

Applying codeBeamer for FMEA does not deny the importance or usefulness of specific reliability tools especially when integrated high-end statistics for the FMEA are of importance. Instead of moving FMEA data completely into codeBeamer, alternative synchronized setups are feasible in general.

Confused with similar terminology?

Things appear to be confusing because many more industry or context specific versions like FMECA, FMEDA, Process FMEA, System FMEA or Design FMEA etc. exist. They ALL follow similar concepts of identifying and judging defects and failures early enough by involving different roles and responsibilities when it is still cheap to fix defects with regard to safety, cost, performance, quality, reliability and reputation.

codeBeamer Disciplines and Benefits for Medical Device Engineering

  • Requirements Management (RM)With codeBeamer RM you can systematically manage initial and changing requirements for your software or hardware project. codeBeamer RM not only lets you specify, organize and document your requirements, but also serves as a central information repository for requirements attributes, status information and associations to tests, source code or regulatory documents.
  • QA Test Management (QA-Test)QA & Test Management module helps you to define Test Cases, to compose Test Sets and to execute tests on multiple hardware and software configurations. It gives full traceability by associating tests with requirements and releases. It enables test result data drilling with coverage analysis and customizable dashboards.
  • Regulations and Standards CompliancecodeBeamer’s wide range of security and process workflow features are designed to comply with regulations and standards defined by government agencies and the production industry. This includes codes of federal regulations (CFR) issued by the FDA or USDA and current ISO or DIN norms for the manufacturing industry.
  • Best PracticescodeBeamer’s customizable workflows and processes can easily be configured to support your company’s standard operating procedures (SOP) and current good manufacturing practices (CGMP). Once implemented, SOPs and CGMPs are automatically followed and audits become less scary. Design control assures high product quality, less errors and reduced project costs.
  • Security and Approval WorkflowscodeBeamer provides project- and role-based security features. Projects serve as secure working environments where access permissions can be set on different layers and granularity. Freely customizable approval workflows with optional electronic signature ensure that important documents and specifications are reviewed before being published.
  • Link Requirements to Tests and Derive Actionable Work ItemsClearly specifying your requirements is only the beginning of the work. codeBeamer will also help you to connect actual feature requests, change requests, tasks, defects and test cases to the requirements captured. Both the requirements and the actionable work items can be organized into hierarchies in order to better model the problem domain.
  • BaselinesUsing baselines you can make lightweight snapshots of the whole specification, including wiki pages, documents, images, attachments and all other types of artifacts. This is the primary means for versioning the states of the rapidly changing requirement specification, along its evolution. The baselines are optimal for comparing two states of documentation, computing deviation between two states, for audit purposes, and for certification for an approval.
  • Document Management with ISO 9001:2008 compliancecodeBeamer satisfies requirements of the ISO 9001:2008 standard, from content management point of view. codeBeamer enables accurate versioning of content, periodic document reviews, approval workflows, complete trace of changes, full text searchability and content consistency via baselining, among others.
  • End-to-End TraceabilityDue to codeBeamer’s flexible data model and artifact linking capability, the whole lifecycle of your product can be precisely tracked from requirement capture phase, through development and test, until release.
  • Configurable and ExtendablecodeBeamer is not a static platform. Intland intended to build flexibility into the product right from the beginning by offering configuration for workitem data types, workflows etc. in a graphical user interface to adapt to an organization’s need and not vice versa. Using its API (Application Programming Interface), codeBeamer can be easily extended beyond this configuration level, customized and integrated with your own applications, third party tools and services.
  • Lower CostscodeBeamer’s features for requirements management, design control and document management ensure early detection of errors, following of best practices and therefore reduce the overall costs of the project.