IBM - IEC62304 and Agile 5-6-13_Bakal

7/23/2019 IBM - IEC62304 and Agile 5-6-13_Bakal

http://slidepdf.com/reader/full/ibm-iec62304-and-agile-5-6-13bakal 1/22

®

IBM Software Group

© 2010 IBM Corporation

IEC 62304 for medical device softwaredevelopment – Steps to Compliance

May 15, 2013

Marty Bakal, Electronics Industry Leader,IBM Rational software



IBM Software Group | Rational software

Five forces affecting the industry today

Legal issues

Patient lawsuits Patents Product recalls Liability Data retention

Technology

Systems integration New technologies Compliance

Markets and financial issues

Consolidation Overseas marketplace

expansion Slowing marketplaces Profitability and cost

Regulations

FDA New forms of regulation Patient privacy, HIPAA SOX

New product development

Speed to market Strategic agreements

Significant R & D spend

Healthcare is shifting to a patient-centric model




IEC 62304 Overview – Stronger focus on Software

IEC 62304:2006 Medical device software – Software life cycle processes

Focused on software development processes for medical devices but does notspecify the methodologies, artifacts or life cycle models themselves

Derived from ISO/IEC 12207, a general standard for software processes

Adoption

FDA Consensus Standard since September 2008

FDA regards complying with IEC62304 as fulfilling “Software Development EnvironmentDescription” section of the Guidance for the Content of Premarket Submissions for Software Contained in Medical Devices

Normative standard in Europe for conformance marking

Standard available for purchase from ISO website (~$225 USD)




IEC 62304 Structure

Activities

ProcessesSet of interrelated or interacting activities thattransforms inputs into outputs

Tasks

Set of interrelated or interactingtasks

Single piece of work that needsto be done and results in adeliverable




What IEC 62304 does not do

Does not specify an organizational structure

You can have a hierarchical, matrix, or mixed organization

Does not specify the content of the documentation to be developed

You need to show traceability through all the artifacts but not in some setformat

Does not prescribe a specific lifecycle model

Waterfall, Iterative, Agile, … it is all up to you




Standards Landscape and Process

Source: European Medical Device & Technology, June 2010

Quality management system

RISK MANAGEMENT

Software safety classification

Software development PROCESS

Software development planning

Software requirements analysis

Software ARCHITECTURAL design

Software detailed design

SOFTWARE UNIT implementation and

verification

Software integration and integration testing

SOFTWARE SYSTEM testing

Software release

Software maintenance PROCESS

Software RISK MANAGEMENT PROCESS

Software configuration managementPROCESS

Software problem resolution PROCESS

Documentation Requirements

Gap Analysis

6




Overview of SW Development / Maintenance

Systems Development / Maintenance ACTIVITIES (including RISK MANAGEMENT)

Customer Needs/ Maintenance

Customer Needs/ Maintenance

Satisfied

Software RISK MANAGEMENT

Development/ Maintenance

Planning

Requirements/ Problem &Modification

Analysis

ARCHITECTURALdesign

Detaileddesign

UNITImplementation and

VERIFICATION

Integration andintegration

testing

SYSTEMtesting

Softwarerelease

Modification implementation

Software configuration management

Software problem resolution

PROCESSES and ACTIVITIES – as defined in the IEC 62304 standard

7




Product Development and Verification Life Cycle (Process)

Implementation Software UnitTest

DEFINITION / DEVELOPMENT TEST / VERIFICATION

Change Management and Problem Reporting

Configuration Management

P r o j e c t P l anni n g an d A s s e s sm en t

RequirementTraceability

RequirementsCapture and

Analysis

System Analysisand Design

Software Design Component

Integration andTest

System/SubsystemIntegration and Test

SystemAcceptance

Validating the Product

Traceability for Test Coverage

Verifying the System

Qualifying the ComponentsRequirement

Traceability

RequirementTraceability

Engineering

Test

(Quality)

SystemsEngineering

SoftwareEngineering

DOORS

DOORSRhapsody

DOORSRhapsody

Rhapsody Rhapsody

RhapsodyRQM

RhapsodyRQM

RQM

RTC

Ri sk M an a g em en

t an d S af e t yA s s e s sm en t P r o c e

s s

RT C

D O OR S

Rh a p s o d y

Step - IBM Rational Software Platform for SystemsRational DOORS, Rational Rhapsody, Rational Team Concert, Rational Quality Manager, Rational Publishing Engine

I n t e gr a t e d c ov er a g e of t h e s of t w a

r e an d

s y s t em s en

gi n e er i n gl i f e c y cl e

( i n cl u d e s c om pl i an c e c ov er a g ef or S O UP )

Automate Document Generation RPE

8

Design

HistoryFile

I E C 6 2 3 0 4 s e c t i on 5




Step - Gap Analysis: Rational DOORS

Determine compliance with IEC 62304 by performing gap analysis

1. Capturing your existing processes in a solution for tagging (Rational DOORS)

2. Identify and tag each of the respective control points in your existing process

3. Capture the IEC 62304 standard as the yardstick to evaluate each of "your processes"control points (Rational DOORS)

4. Display a traceability matrix between the process standard ( IEC 62304) and your process

Identify and remediate process gaps

Document updated process into Rational Method Composer

o Allows change control, version control, publication, and general oversight of processchanges as the process matures.

Compliancestatement

BusinessProcess DefinitionsRegulations

Rich

tracing

9




Quality Management SystemMake quality management a continuous lifecycle activity

Unify the entire team witha shared view of quality assets

Integrates with RequirementsManagement to insure Customer needs are met

Intelligent automation to improveaccuracy and efficiency

Automated reporting to enhanceproject decision-making andcompliance

QA Manager

Security Officer

Project Manager

Tester

Business Stakeholder

Test Cases

SkillAvailability

Project Logs

Use Cases

Requirements

SecurityMandates

Defect Logs

BusinessObjectives

Quality AssetInfrastructure

Central hubcaptures

everything thatmatters

for qualityreleases

QA Manager

Security Officer Security Officer

Project Manager Project Manager

Tester Tester

Business Stakeholder Business Stakeholder

Test Cases

SkillAvailability

Project Logs

Use Cases

Requirements

SecurityMandates

Defect Logs

BusinessObjectives

Test Cases

SkillAvailability

Project Logs

Use Cases

Requirements

SecurityMandates

Defect Logs

BusinessObjectives

Quality AssetInfrastructure

Central hubcaptures

everything thatmatters

for qualityreleases

“The manufacturer of medical device software shall demonstrate the ability to provide medical devicesoftware that consistently meets customer requirements and applicable regulatory requirements.”

Demonstration of this ability can be by the use of a quality management system that complies with ISO 13485

10




Step - Risk Management: Rational DOORS

Anticipate possible failures of the system

Define control measureso Inherently safe, Preventive, Corrective, Informative

Systematic risk analysis is to anticipate failuresTop-down: Function analysis - ISO 14971

o Hazard AnalysisBottom-up: Design Analysis – FMEA, FTA

o Failure Modes and Effects Analysis

Each failure leads to risk control (RCM) measures

Each RCM leads to requirements implemented inproduct hardware, software or documentation

Risk Management File documents traceably risk tocontrol measure, to verification of control measure

Risk Management Activities continue after release

Document TRACEABILITY of software HAZARDS

• From hazardous situation to the SOFTWARE ITEM • From SOFTWARE ITEM to the specific software cause

• From the software cause to RISK CONTROL measure

• From RISK CONTROL measure to VERIFICATION of

• RISK CONTROL measure

Hazards

Failures

RCMs

Requirements

User Needs

System

Sub-system

Design

Implementation

Risk Management File

Product Function

DesignRational

DOORS

11




Step - Safety Critical with MDD: Rational Rhapsody

Typical Safety Critical Workflow

Implement code from textual requirements

Test only on target late in development cycle

Safety Critical with Model-DrivenDevelopment

Consistent Design, Code and Documentation

Visualization of complex requirements

High quality code generation (tool dependent)

Test Driven Development support

Early functional verification on host, detectbugs early in development

Harmony for Embedded RealTime™ processdefines a safety workflow and providesguidance

Safety analysis profile supports FTA, FMEA,FMECA and Hazard analysis – s u p p o r t s

safety classif icat ion and compliance to

section 4.3 of IEC 62304

12

Software safety classification




Connecting FTA to Requirements (TraceToReq)




Traceability - Encourage Collaboration Across the Lifecycle Multi-level graphical analysis

Dynamic traceability in columnsSystem

Requirements Linked

SubsystemRequirements

LinkedStakeholder

Requirements




Agile Development

Grifols Case study




•Grifols: Agile Case Study

– Plasma derivatives, in vitro diagnostic products and pharmaceutical

products. – €2,600M total turnover (40% US, 40% EU, 20% ROW).

– €130M diagnostic division turnover.




Waterfall development – Agile development

VS

•Moves in stages.

•Proceeds when stage is

completed.

• Allows some feedback.

•Emphasis in working

software.

•Time boxed iterations.

•Continuous change and

adaptation.Scrum Diagram Source: Scott Ambler




Making both worlds work together: conflicts and trade-offs

Conflicts Trade-offs

Design Inputs Design Outputs

Design Inputs

Design Outputs

•Guidance from AAMI TIR 45 on applying agile in the development of

medical device software.




Grifols’ agile cycle




Grifols - Agile success story

•Planning – building – hardening.

•Off - sprint tasks:

– Backlog “grooming”.

– Formal test procedures.

•Leveraged DOORS




21




© Copyright IBM Corporation 2008. All rights reserved.

The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsiblefor any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materialsto IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities referenced in these materials maychange at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way.

IBM, the IBM logo, the on-demand business logo, Rational, the Rational logo, and other IBM products and services are trademarks of the International Business Machines Corporation,in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others.

22

Date post:	17-Feb-2018
Category:	Documents
Upload:	luis-garcia
View:	214 times
Download:	0 times

IBM - IEC62304 and Agile 5-6-13_Bakal

Documents