Applying ISO 14971 and IEC 62304 to medical device software

158245439.jpg

Risk management of software used in medical devices has to be implemented diligently, completely and correctly, scrutinizing the gaps thoroughly and correcting them right from the very start of product development. This is critical because of the following reasons:

  1. Medical products that have gaps or are implemented incorrectly or incompletely suffer serious ailments such as impediments or delays in production. Further, such products fail to get the required certification and/or approval;
  2. Given the close linkage between most activities and the development lifecycle; almost no activity can be isolated and performed with retrospective effect after detection of a gap. As a result, all the activities performed till the identification of gaps become unproductive and redundant. When this happens, the company has to start from the beginning, irrespective of the stage at which an anomaly gets detected, incurring huge delays and cost overruns.

The solution to these problems is to embed software risk management into the bigger scope of overall risk management. This is the only real solution to problems associated with faulty product development. Globally applicable standard requirements such as ISO14971 and IEC62304 are major guidelines that help medical device companies get the risk management of software used in medical devices right. These standards have made risk management central to and a mandatory component of almost any activity in the medical device industry.

Getting it right from start till finish

Regulatory requirements set out in ISO14971 and IEC62304 standards that deal with risk management of software used in medical devices need to be implemented in the right manner, if medical device companies have to clear regulatory hurdles and meet quality standards. Expert professional trainings that help them do this will give them an understanding of how to design, implement and test critical medical device software in a regulatory compliant environment.

All these will be part of a learning session that is being organized by GlobalCompliancePanel, a very well-known provider of professional trainings for the regulatory compliance areas. This two-day, live seminar will have Markus Weber, Principal Consultant with System Safety, Inc., who specializes in safety engineering and risk management for critical medical devices, as the course Director.

To gain the benefit of expert training from the Director of this seminar; please visit http://www.globalcompliancepanel.com/control/globalseminars/~product_id=900750?wordpress_SEO  to register.

Globally applicable standard requirements

Markus will explain the requirements set out by international consensus, reflected in globally applicable standard requirements such as ISO14971 and IEC62304, which has led to risk management being a mandatory component of almost any activity in the medical device industry.

Since the need to embed software risk management into the bigger scope of overall risk management is a critical aspect; Markus will introduce all the steps needed for designing, implementing and testing core medical device software in a regulatory compliant environment, even as they adhere to the principles of risk management. Another important learning Markus will impart is system level risk management and the resulting interfaces to software.

The safety case method

A well-established method for collecting and consolidating all safety related information together in one location, so that all risk related activities are comprehensively summarized, and the safe properties of a device demonstrated, is what is called the ‘Safety Case’ or ‘Assurance Case’ document.

Although as of now, the FDA requires this method for only infusion pump submissions; this system of documentation is almost certain to become standard practice in the future across all devices that come up for approval. At this course, Markus Weber will introduce the basic concepts and content of safety assurance cases. He will also explain and illustrate their utility for internal and external review of safety related information.

Tips for practical application of risk management principles

Real-life examples and proven tips and tricks that make the application of risk management practical and beneficial will be offered at this webinar. The Director will describe the system level issues of risk management as well as the increasingly important software related issues of critical systems.

He will introduce the concept of an assurance case to make the combined effort needed to design, implement and verify a safe device transparent. An important outcome of this learning is that it will help participants to meet and comply with regulatory requirements with highly lessened overheads and resource burdens.

Risk Management Seminar for Applying ISO14971 and IEC62304

 

Course “Applying ISO14971 and IEC62304 – A guide to practical Risk Management” has been pre-approved by RAPS as eligible for up to 12 credits towards a participant’s RAC recertification upon full completion.

Overview:

Gaps, incorrect or incomplete implementation of safety functionality can delay or make the certification/approval of medical products impossible. Most activities cannot be retroactively performed since they are closely linked into the development lifecycle. Diligent, complete and correct implementation of risk management from the start of product development is therefore imperative. This course will introduce all necessary steps to design, implement and test critical medical devices in a regulatory compliant environment. This course will additionally address the software risk management and the resulting interfaces to device level risk management.

To comprehensively summarize all risk related activities and to demonstrate the safe properties of a device the ‘Safety Case’ or ‘Assurance Case’ document is a well-established method to collect all safety related information together in one place. This documentation will most likely become mandatory for all devices (currently only required for FDA infusion pump submissions). This course will introduce the basic concepts and content of safety assurance cases and will illustrate the usefulness for internal and external review of safety related information.

Who Will Benefit:

The course will introduce the main elements of risk management with emphasis on the application of risk management principles and requirements to the medical device development cycle. Risk management has become the method of choice to ensure an effective and safety oriented device development. International consensus, reflected in globally applicable standard requirements, has led to risk management being a mandatory component of almost any activity in the medical device industry.

The course will emphasize the implementation of risk management into the development and maintenance process. It will use real-life examples and proven tips and tricks to make the application of risk management a practical and beneficial undertaking. This seminar will address the system level issues of risk management as well as the increasingly important software and usability related issues of critical systems. It will help to comply with regulatory requirements with minimized overhead and resource burden. To make the combines effort to design, implement and verify a safe device transparent the concept of an assurance case will be introduced.

The course is mainly based on international consensus requirements such as ISO14971, IEC62366 and IEC62304. It will cover European (MDD), US (FDA) and international risk management requirements from a regulatory and practitioner’s perspective.

Following personnel will benefit from the course:

  • Senior quality managers
  • Quality professionals
  • Regulatory professionals
  • Compliance professionals
  • Project managers
  • Design engineers
  • Software engineers
  • Process owners
  • Quality engineers
  • Quality auditors
  • Medical affairs
  • Legal Professionals

Agenda:

Day 1 Schedule:

 

Lecture 1: Introduction into Risk Management and Quality System Integration

  • Why risk management?
    • Historical perspective
    • International regulatory / statutory requirements
  • Risk Management Lifecycle and stakeholders
    • Over-reaching concept
    • Integration into ISO13485
    • Lifecycle steps
  • Risk Management Benefits
    • Liability issues
    • Streamlining product development
    • Improving product safety and quality
  • How to Implement Risk Management into ISO13485
    • SOP framework
    • Planning and execution
    • Monitoring and control

Lecture 2: Risk Management to ISO 14971:2012

    • Risk Management Planning
    • Risk Management Life Cycle
    • Hazard Identification
      • Hazard Domains
      • Hazard Latency Issues
      • Risk Rating Methods
    • Initial (unmitigated) Risk Assessment
    • Mitigation Strategies and Priorities
    • Mitigation Architectures
      • Alarm Systems as Mitigations
      • Risk Control Bundles
    • Post Mitigation Risk
    • Residual Risk
      • Safety Integrity Levels
    • European special requirements (Z-Annexes)
    • Safety Requirements
    • Hazard Mitigation Traceability
    • Verification Planning
    • Architectures, Redundancy and Diversity
    • Failure Mode and Effect Analysis
    • Tips and Tricks
    • Q&A

Day 2 Schedule:

 

Lecture 1: Usability and Risk Management

  • Use errors as hazard source
  • User intervention as hazard mitigation
  • Usability engineering lifecycle
  • Application specification
  • Usability Specification
  • Frequently used functions / primary operating functions
  • Usability verification / validation
  • Upcoming changes IEC62366:2014

Lecture 2: Software Risk Management (IEC62304 / FDA software reviewers’ guidance):

  • Critical Software Issues
  • Software Hazard Mitigation Strategies
  • Software Item, Unit and System Definition
  • Software Failures as Hazard Sources
  • Software Requirements and Design Specification
  • Software Tools and Development Environment

Lecture 3: Software Risk Management (IEC62304 / FDA software reviewers’ guidance):

  • Software Unit and Integration Testing
  • Real-Time System Challenges
  • Software Verification and Validation
  • Mitigation Traceability and Effectiveness
  • Software Maintenance and Configuration Control
  • Software Risk Management Process integration into ISO14971
  • Legacy Software issues
  • FDA documentation requirements
  • Upcoming changes in IEC62304:2014
  • Tips and Tricks

Lecture 4: Safety / Assurance case

  • Safety classes
    • Basic Safety / Environment
    • Essential performance
  • Documentation of Basic Safety
    • Electrical Safety
    • Mechanical Safety
    • EMC / RFI safety
    • Safety margins
  • Documentation of essential performance
    • What is essential performance?
    • Device architectures and mitigation allocation
    • Device specific mitigations
    • Software mitigations
  • External safety
    • User intervention and alarms
    • Organizational measures
    • Levels of protection concept
  • Verification of safety properties
    • Type testing
    • Sample testing
    • Software verification testing
    • Inspections
    • Analyses
  • Assurance case vs. Risk Management Report
    • General safety and hazard avoidance
    • Device / application specific issues
  • Tips and Tricks
  • Q&A

Speaker:

Markus Weber

Principal Consultant, System Safety Inc. 
Markus Weber, Principal Consultant with System Safety, Inc., specializes in safety engineering and risk management for critical medical devices. He graduated from Ruhr University in Bochum, Germany with a MS in Electrical Engineering. Before founding System Safety, Inc., he was a software safety engineer for the German approval agency, TUV. Since 1991, Mr. Weber has been a leading consultant to the medical device industry on safety and regulatory compliance issues, specifically for active and software-controlled devices. In conjunction with the FDA, he has published works on risk management issues and software-related risk mitigations. Mr. Weber has helped multiple companies, from startups to Fortune 500 firms.

Location: Zurich, Switzerland Date: May 18th & 19th, 2017 and Time: 9:00 AM to 6:00 PM

 

Venue: Hilton Zurich Airport

Address: Hohenbuhlstrasse 10, 8152 Opfikon-Glattbrugg, Switzerland

 

Price:

 

Register now and save $200. (Early Bird)

Price: $1,695.00 (Seminar Fee for One Delegate)

Until April 10, Early Bird Price: $1,695.00 from April 11 to May 16, Regular Price: $1,895.00

Register for 5 attendees   Price: $5085.00 $8,475.00 You Save: $3390.00 (40%)*

 

Quick Contact:

NetZealous DBA as GlobalCompliancePanel

Phone: 1-800-447-9407

Fax: 302-288-6884

Email: support@globalcompliancepanel.com

Website: http://www.globalcompliancepanel.com

 

Registration Link – http://www.globalcompliancepanel.com/control/globalseminars/~product_id=900892SEMINAR?channel=mailer&camp=seminar&AdGroup=wordpress_May_2017_SEO

Follow us on LinkedIn: https://www.linkedin.com/company/globalcompliancepanel

 

 

ISO 14971: 2012 and IEC 62304: 2006 mitigate risks in medical device software

ISO 14971:2012 and IEC 62304:2006 are related but different global standards for risk management pertaining to software used in medical devices. Judicious application of these two standards is the way to go for medical device companies.

ISO 14971 and IEC 62304:2006 are global standards that govern risk management and lay out regulations and guidelines for software used in medical devices. The need for regulation of software in medical devices arises from the fact that software is the heart of a medical device. It is the medical device’s software that ensures that the device performs its intended purposes. Hence regulation is of utmost importance to enable medical device and software organizations facilitate this in their products.

The ISO 14971: 2012 -a brief understanding

  • The primary aim of ISO 14971, the global regulatory compliance standard is to ensure that a medical device carries medical safety into it
  • This standard requires medical device manufacturers to undertake steps and measures by which they can foresee and eliminate risks in a medical device in the optimal manner
  • Taking off from the above point, ISO 14971 requires medical devices to take steps to at least mitigate risks to the best extent. The ISO 14971standard prescribes the processes necessary for enabling this.

The ISO 14971’s update in 2012

In 2012, the ISO carried out an update to the application of this standard within the European regulatory framework. This amendment to ISO 14971: 2012 is at the periphery and not at the core. Annex ZA is the main area in which this standard has been updated:

The use of the “As Low as Reasonably Practicable” (ALARP) approach is from now excluded in the risk acceptance process. This standard proscribes labelling as a risk control measure that can play a role in decreasing risk occurrence.

The IEC 62304:2006

The requirements for medical device software’s life cycle are stated in IEC 62304:2006. This standard’s group of activities, processes and tasks creates a common basis for the software life cycle processes in a medical device.

When it comes to the risk management aspect, IEC 62304:2006 supplements and strengthens ISO 14971. If ISO 14971 is the global standard for the development of medical software; IEC 62304:2006 standard is concerned with medical device software and their software lifecycle processes.

The following tripod of software-related issues forms the IEC 62304:2006’s foundation:

These three attributes form the backbone of the test of a medical device company’s successful compliance with the regulatory requirements. For a medical device company to be successful in applying ISO 14971:2012 and IEC 62304:2006; it has to implement a cross-standard and resourceful way of integrating activities covering these requirements documents.

Read More

Ways of conducting a hassle-free internal and supplier audit for medical devices

Carrying out efficient and effective internal and supplier audits that meet all the requirements of external auditors is a must for medical device manufacturers. These audits should not only serve this purpose; they should also add value to the medical device organization.

Part of both ISO 13485 and QMS

Internal audits are required as part of ISO 13485 and the FDA’s Quality System Regulation (QMS). However, these procedures are quite complicated for many professionals in the medical device industry.  They are often confusing and cumbersome, mainly because of the jargon and regulatory language they contain. Many organizations find it difficult to get the import of these words while wading through them all the way to a successful internal audit.

quality-management

A tad complicated

Another couple of complicating factors come into play: Since the FDA does not look at the content of internal audits; many medical device organizations do not get feedback on the true effectiveness of their internal audit system from the FDA during the time of FDA inspections.

images-1

Secondly, while on the other hand ISO 13485 auditors do look at internal audits; they are most concerned with the process. For them, a proper definition of a process that meets the requirements of the standard and the assurance that the company is following these are more important than anything else.

Auditor training is necessary

Both these regulations require that the medical device manufacturer define Auditor training. But there is a catch, because auditor training sometimes just requires reading the company’s procedure, while most external auditors will look for more than this.

medical-device3

How does a medical device company extricate itself out of this quagmire? The solution to all these vexing questions will be offered at a two-day seminar from GlobalCompliancePanel, a globally known provider of regulatory compliance trainings.

At this seminar to enroll for which you need to just log on to http://www.globalcompliancepanel.com/control/globalseminars/~product_id=900601SEMINAR; the Director, Betty Lane, who is Founder and President, Be Quality Associates, LLC, will explain all the issues relating to these aspects of external and internal supplier audits, in a way that is comprehensible and easy to implement.

In the process of explaining what makes for efficient and effective internal and supplier quality systems auditing for medical devices; she will also offer an explanation of best practices for creating and managing a value-added auditing process that will meet both company business needs and regulatory requirements.

At this seminar, which has been pre-approved by RAPS as eligible for up to 12 credits towards a participant’s RAC recertification upon full completion; Betty will get participants to review all the quality management system requirements of FDA and ISO 13485 and then allow them to learn how to set up and manage an audit system that complies with these requirements, yet is risk-based so that their organization makes the most efficient use of auditing resources for both internal and supplier audits.

compliance2

She will also include interactive exercises at this two-day session, which will help to strengthen the fundamentals of conducting and documenting quality system audits. The auditing principles taught in this seminar will be based on ISO 19011:2011 Guidelines for auditing management systems.

Applied Statistics for product and process evaluation in design and manufacturing

Evaluating product and processes is an imperative for almost all design and/or manufacturing companies. These are the reasons for which this evaluation needs to be made:

  • Managing risks
  • Validation of processes
  • Establishing product/process specifications to QC to such specifications
  • Monitoring compliance to such specifications

risk

Lack of proper and thorough grasp of and correct implementation of statistical methods leads a company to having to face significant increases in its complaint rates, scrap rates, and time-to-market. As a result, such companies churn out poor quality in their products, leading to lowered customer satisfaction levels, severely impacting their bottom line.

A learning session to help understand statistical methods

In order to help professionals in process and manufacturing meet challenges associated with statistical methods with greater confidence, GlobalCompliancePanel, a highly reputable provider of professional trainings for the regulatory compliance areas, is organizing a highly educative two-day seminar on the topic, “Applied Statistics, with Emphasis on Verification, Validation, and Risk Management, in R&D, Manufacturing, and QA/QC”.

regulatory-compliance

John N. Zorich, Statistical Consultant & Trainer, Ohlone College & SV Polytechnic, will be the Director at this seminar, which has been pre-approved by RAPS as eligible for up to 12 credits towards a participant’s RAC recertification upon full completion.

To enroll for this seminar, participants can log on to http://www.globalcompliancepanel.com/control/globalseminars/~product_id=900537SEMINAR.

Hands on approach to statistical methods toolbox

The aim of this seminar is to offer a hands-on approach by which the participants could comprehend the ways to interpret and use a standard tool-box of statistical methods that consist of confidence intervals, t-tests, Normal K-tables, Normality tests, confidence/reliability calculations, AQL sampling plans, measurement equipment analysis, and Statistical Process Control.

The Director will equip the seminar delegates with clarity on how to accurately employ and administer statistical methods, which can be used as a launchpad for introducing new products.

medical-device

This two-day session will help participants understand the proper way of avoiding issues relating to these aspects of statistical methods. John will explain how to apply statistics to manage risk in R&D, QA/QC, and Manufacturing by giving real life examples derived mainly from the medical device design/manufacturing industry.

fda2

John will cover the following areas at this seminar:

  • FDA, ISO 9001/13485, and MDD requirements related to statistical methods
  • How to apply statistical methods to manage product-related risks to patient, doctor, and the designing/manufacturing company
  • Design Control processes (verification, validation, risk management, design input)
  • QA/QC processes (sampling plans, monitoring of validated processes, setting of QC specifications, evaluation of measurement equipment)
  • Manufacturing processes (process validation, equipment qualification).

The ISO 13485:2016 standard is new and needs to be looked at afresh

With the ISO making the final version of the ISO 13485:2016 standard available; it is now up to companies to start planning ways of implementing it. The major area in which it differs from the earlier version (of 2003) is in the extent of its alignment with the FDA’s Quality Management System (QMS) requirement. Although this version shows a higher level of this aspect; there still exist points of deviation from the FDA’s QMS, making this the area that companies that need to comply with this standard need to focus on.

In order to help such companies understand the ways of grasping the 2016 ISO 13485 standard better and to offer them insights into it; GlobalCompliancePanel, a highly reputable provider of professional trainings for the regulatory compliance area, is organizing a seminar.

iso-13485-2016-300x300

A learning session to help professionals understand the ISO 13485:2016 better

This seminar will offer clarity on how to implement the new ISO 13485:2016 standard. This seminar assumes significance in the light of the fact that not only is the new regulation quite complex; for many companies, the implementation period is quite short, depending on the expiry date of their current certificate.

More details of the seminar can be had from

http://www.globalcompliancepanel.com/control/globalseminars/~product_id=900592SEMINAR

The Director of this seminar, Dan O’Leary, who has experience of over 30 years in various quality, operations, and program management in regulated industries, will offer practical implementation advice and suggestions to participants. He will explain the points at which there is both convergence and divergence between this revised standard and the FDA’s QSR requirements. He will also show that the regulatory systems in a few jurisdictions will continue to depend on ISO 13485:2016 through the Medical Device Single Audit Program (MDSAP).

Areas of concurrence and departure

Dan will describe the areas in which the US and the EU differ in this regard. It is in these: The US will participate in MDSAP, but will not expect to change its regulations. On the other hand, the EU is not going to participate. It will implement its own published version, the EN ISO 13485:2016, and will continue with the existing Notified Body system. However, the EU will implement its own set of new regulations that will replace the directives. These will lead to new regulations that will be newer versions of EN ISO 13485:2016 and EN ISO 14971:2012.

In the course of this explanation, Dan will make use of exercises and examples with which participants will understand the ways of implementing according to the new guidelines. He will also use these to help them analyze the consequences of the newly revised regulation in a few regulatory systems including MDASP and its nonconformity grading system.