1st Edition
Medical-Grade Software Development How to Build Medical-Device Products That Meet the Requirements of IEC 62304 and ISO 13485
This book is a practical guide to meeting IEC 62304 software-development requirements within the context of an ISO 13485 quality management system (QMS). The book proves this can be done with a minimum amount of friction, overlap, and back-and-forth between development stages. It essentially shows you how you should shape your medical-software development processes to fit in with the QMS processes in the smartest and leanest way possible.
By following the advice in this book, you can reuse processes from your QMS, ensure your product-realization processes meet the requirements for medical-software development, and marry all the requirements together using tried and tested solutions into one efficient system. The expertise of the authors here goes beyond just the experiences of one real-world project as they tap into over 30 years of experience and countless software and software-assessment projects to distill their advice.
The book takes a hands-on approach by first teaching you the top 25 lessons to know before starting to develop a process for medical-software development. It then walks you through the expectations placed on the key aspects of such a process by the key standards. The book progresses from an overview of both standards and the general requirements involved to a detailed discussion of the expected stages from software development and maintenance to risk management, configuration management, and problem resolution. The book provides insightful advice on how the requirements of the IEC 62304 software-development life cycle can be married with an ISO 13485 QMS, how the development of the technical file should be organized, and how to address conformity assessment, the daily after-approval, and the recent trends that will affect the industry in the coming years.
The book is modeled after the IEC 62304 standard and adopts its clause structure in the numbering of sections for easy reference. The book does not attempt to replicate either standard. For the ISO 13485 standard, it recites the necessary requirements succinctly. For IEC 62304, the discussion is in-depth and also addresses the impact of ISO 13485 on the requirements discussed. In this way, the book drills into both standards to expose the core of each requirement and shape these into a practical, cohesive workflow for developing, maintaining, and improving a Lean software development pipeline.
Table of contents
List of Figures and Tables
Preface
Acknowledgments
About the Authors
1. What to Know before Getting Started
2. ISO 13485 as the Backbone of It All
3. IEC 62304 as The Flesh around The Bones
4. General Requirements
5. Software Development
6. Software Maintenance
7. Risk Management
8. Configuration Management
9. Problem Resolution
10. Integration with Your QMS
11. Technical Documentation
12. Seeing into the Future
13. Conformity Assessment
14. Regulatory Approval
15. Business as Usual
16. Conclusions
References
Index
Biography
Dr. Ilkka Juuso, DSc, has 20-plus years of experience working on multidisciplinary R&D projects in both industry and academia. He is one of the founders of the medical device startup Cerenion, a Senior Advisor with the medical device quality consultancy Kasve, and a post-doctoral researcher with the University of Oulu. His main interests are international regulatory affairs, standardization, and healthcare business development. He has successfully led the development of an ISO 13485, ISO 14971, and IEC 62304 compliant Quality Management System (QMS) from the ground up, its subsequent day-to-day operation, and certification by a notified body. He has had a key role in the launch of a CEmarked Class IIb medical device based on artificial intelligence. He has repeatedly served as a committee member and the head of the Finnish national delegation in key committees of the International Organization for Standardization (ISO). He is also the author of the book Developing an ISO 13485-Certified Quality Management System (Routledge 2022). Ilpo Pöyhönen has 30-plus years of experience working on medical device research, development, testing, and safety & performance evaluation including in the context of an accredited certification body. During that time, he has performed approximately 200 software evaluations according to IEC 60601-1-4, IEC 60601-1 cl.14, IEC 62304, and IEC 82304. Particular areas of interest in this work have been the role of programmable database systems and the development of test equipment for diverse needs. The work has taken him across the globe and even to the edge of space. Today his main interests are international regulatory affairs, standardization, and the intelligent control of medical device design processes to continuously meet the requirements imposed by, for example, cyber security, usability engineering, risk management, and agile development models. The use of emerging technologies, such as artificial intelligence, also holds special interest to him. He has been active in research initiatives that have, for example, examined the software development documentation required in a regulated environment, the impact of risk management, the performance of risk analysis itself as part of the software development life cycle, and the reliability factors involved in the supply of complex software systems. He is a long-time committee member of SFS/SR301 on healthcare IT and a sought-after lecturer on topics such as medical device software, risk management, usability, mHealth APS, and cloud services in the context of medical devices.
