Assessing Software Design and Software Quality for Medical Devices
If you have spent any time reading guidance information from the FDA you may have come away with a feeling of uncertainty or frustration that the guidance does not tell you *exactly* what to do to produce software that will be accepted by the FDA. The FDA guidance is general, by design, to not mandate an approach that can become out of date with evolving best practices and to not stifle creativity in how the industry approaches developing software for medical devices. However, if you are developing a medical device with a software component for the first time, how can you have confidence that your software component will meet FDA expectations? The most successful method of gaining confidence is to have a firm with FDA approval experience perform an assessment of your software.
An assessment of your software should cover the mandatory process and documentation requirements for submitting your software to the FDA, but should also carefully inspect the design and implementation of the software to ensure that the software will function reliably in the field once released. Software that is high quality and reliable has the characteristics of being designed and written in accordance with software engineering best practices; you will want to have your software designed and built this way, rather than “prototyped and evolved”.
Assessing the design and quality of software involves at least these minimum steps:
- Reviewing the software development plan, which includes methodologies, release plans, and tools
- Reviewing software-specific requirements documentation
- Reviewing software architecture documentation
- Reviewing software detailed design documentation
- Reviewing code review evidence
- Reviewing source code using coding standards/best practices as guidance
- Reviewing and executing unit tests
- Reviewing use of continuous integration technologies
The absence of any of these items to review is not necessarily indicative of poor design or poor quality, as the absence could just be related to the fact that the software is in early phases of development. The absence of the first three items would be a concern for an assessor, however, if there is any significant amount of code written.
Assessments generally follow a pattern of off-site review of material and source code, on-site review and interviews of staff, and preparation of a summary report with findings and recommendations. The summary report typically includes some form of “gap” analysis that identifies the differences between expected (best practice) deliverables and processes and the current, actual deliverables and processes.
The hardest part of an assessment can be taking the necessary steps after the assessment to address the “gaps”. Good luck and let us know how we can help!
The RND Group has worked with the leading companies in the medical device industry since 1997. The RND Group fully understands the rigor required in designing, developing, documenting, and testing products that are regulated by the FDA. The RND Group has applied that rigor to the software engineering support it has provided for countless product development efforts, and The RND Group can point with pride to products that have been successfully introduced into the medical device marketplace.
Please visit www.rndgroup.com, call 317-558-6701 or visit our Booth #1847