![]() ![]() ![]() When something goes wrong with the software, should it be discovered by a sales person (customer communication), by the regulatory affairs (post market surveillance), by the quality manager (CAPA), it should be "passed" to the software teams, which will treat it according to IEC 62304. This problem resolution process/procedure of IEC 62304 should be linked to the other activities of ISO 13485 I quoted above. The last chapter of IEC 62304 is devoted to problems resolution (ie how to fix problems and especially software bugs). All these processes required by ISO may (and will, for sure!) result in bugs discovered in the software. CAPA, Change control, Post Market surveillance, Customer Communication are activities required by ISO 13485, which are all "active" when the software is used and maintained. A software is never finished and there are always fixes and enhancements to do. Maintenance of software is an important task. CAPA, Change control, Post Market surveillance, customer communication Again, production shouldn't be underestimated. All what is shipped with the software itself shall be controlled and this can result in a list of procedures, work instructions and forms. A software company shall have a rigorous production process/procedures to ensure that the delivered software is the right one: software version + patches, plugins, extensions (customer tailor made or not), configuration files, input data. This is also the case for software and production shouldn't be underestimated. This is obviously mandatory for any company, since the quality level of products as to be controlled. ISO 13485 has a list of requirements about production. ![]() It is true that a developer working on a bad/slow workstation could have an impact on the quality of the software but this is again a very minor source of risks, compared to a company which manufactures goods. Controlling the working environment is still mandatory and a software company could limit this control to the good working conditions of the software developers: good PC with good tools, good servers, processes to archive data. ![]() But this is abolutely not a big deal for software companies. This is adapted to companies with sterile conditions, with production lines. ISO 13485 has requirements about controlling the working environment. The working environment of a pure software company is very simple to set-up and maintain: offices for software developers and a coffee machine to share ideas. But purchases remain a very minor source of risks, compared to a company which buys, say, sterile items. Yet, purchase control is still helpful, especially for the paper documents shipped with the software. So a software company has to control its purchases and its suppliers even if the purchased items don't have any impact on the final product. But purchase control is mandatory in ISO 13485, to ensure that purchased items have the good level of quality and won't be the cause of a hazardous situation. This is just annoying and doesn't a-priori result in any danger for a patient. This is not a big problem if you buy corrupted CDROMs or crap printer cartridges, you just replace them. The types of purchase for a pure software company are very limited: computers, peripherals, storage media, books. I want however to focus on a few points which it is not straightforward to deal with. Most of what they contain is implemented the same way for any company (certainly with differences in implementation, but not in the spirit of the standard). OK, everything is mandatory in Chapter 4 to 6 and Chapter 8. So, that's simple, you have to do everything that is mandatory in ISO 13485, excepted requirements in chapter 7, with good justifications! ISO 13485 doesn't make any difference for software and all requirements from chapter 4 to 6 and chapter 8 of the standard are mandatory. The content of chapter 7 is optional and a company has the right to exclude some paragraphs of this chapter, with good justification based on rationale about its organization and the type of medical devices it sells.ĭealing with software is like dealing with any other type of medical device. ISO 13845 states that everything it contains is mandatory, excepted chapter 7. Applying ISO 13485 for software industry needs a few adjustments. Software is a peculiar industry, compared to others, with a big design phase, a tiny production phase and huge maintenance (bugs fixes and enhancements) phase. Its requirements have high-level considerations without dealing with the specific tasks of any type of medical devices (excepted a few requirements for active implantable medical devices). Since it is made for any medical device manufacturer or repackager or even distributor, ISO 13485 is very generic. ![]()
0 Comments
|
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |