Software Standards and Software Validation Guidance
Download
Report
Transcript Software Standards and Software Validation Guidance
The CDRH Software Message
(October 19, 2002)
John F Murray Jr..
Center for Devices & Radiological Health
US Food and Drug Administration
[email protected]
Mr. John F Murray Jr.
• Mr. Murray currently
serves as the:
– Software and Part 11
Compliance Expert
– Office of Compliance
– Center for Devices and
Radiological Health
(CDRH)
– US Food and Drug
Administration.
Mr. John F Murray Jr.
• In this position Mr. Murray is the primary advisor to
the Director of the Office of Compliance in the areas
of:
–
–
–
–
Software validation
Software policy
Software classification and
Part 11 compliance issues.
• He is also responsible for:
– the software standards program and
– the software engineering training program at CDRH.
Mr. John F Murray Jr.
• Mr. John F Murray Jr. joined the FDA in March 1994.
• Prior to becoming an FDA staffer, he was:
– A qualified Reactor Operator with United States Navy
Submarine Fleet
– A Computer Field Engineer with Telex Computer Products
– An Electronics and Software Engineer with The General
Dynamics Corporation and a
– Systems Engineer at Technology Management & Analysis
Mr. John F Murray Jr.
• Prior to joining the Office of Compliance in June
2001, Mr. Murray served as the Team Leader for
Software and Intelligent Medical Devices with the
United States Food and Drug Administration,
Rockville, MD.
• Mr. Murray is the primary Advisor to the Chief of the
Medical Electronics Branch in the areas of software
engineering, software safety and software standards.
Mr. John F Murray Jr.
• The software team is responsible for:
– Maintaining the technical foundations that are required for
the regulation of medical device software.
– Regulatory decisions regarding the safety and effectiveness
of medical device software are based on engineering and
scientific foundations.
– Software Standards is one example of these engineering
foundations.
Mr. John F Murray Jr.
• Mr. Murray is chairperson for the FDA Software
Standards Technical Group (STG).
– The Software STG is responsible for review and recognition
of software engineering standards for use in the regulatory
process.
• Mr. Murray also serves as Co-Chair of the AAMI
Software Committee.
Mr. John F Murray Jr.
• Mr. Murray earned a:
– BS Degree in Electrical Engineering from George
Mason University
– MS Degree in Computer Science from Rensselaer
Polytechnic University (RPI).
The CDRH Software Message
John F Murray Jr..
Center for Devices & Radiological Health
US Food and Drug Administration
[email protected]
Public Health and Software
The Quality of Pubic Health is highly
dependent on the Quality of Medical
Software
i.e. Medical Device Software, Clinical Information Systems,
Hospital Information Systems, Manufacturing Systems etc
What type of Quality do we
Want?
To get some perspective lets try what I call the YB
scale. [yugo vs. bmw]
I ask the following questions:
Where would Microsoft be on this scale?
Where do we want our software quality to be?
Where do you want your software to be?
Do the regulations recognize this need
Yes they do:
21 CFR 820.30
21 CFR 820.30 (a) (2) (i)
21 CFR 820.30 (g)
21 CFR 820.70 (i)
21 CFR 820.30 Design Controls
• Each manufacturer of any Class II or Class
III device, and the Class I devices listed in
paragraph (a)(2) of this section, shall
establish and maintain procedures to control
the design of the device in order to ensure
that the specified design requirements are
meet.
21 CFR 820.30 (a)(2)(i)
• Class I
– The following Class I devices are subject to
design controls:
• Devices automated with computer software
21 CFR 820.30 (g)
• Design validation shall include software
validation and risk analysis where
appropriate
21 CFR 820.70 (i)
• Automated processes
– When computers or automated data processing
systems are used as part of production or the
quality system, the manufacturer shall validate
computer software for its intended use
according to an established protocol. All
software changes shall be validated before
approval and issuance. These validation
activities shall be documented.
Software is Different
Traditionally not engineered, but crafted
Not physics based
Easy to change or is it?
Does not fail the hardware way.
etc
What is the goal?
• By Law: Medical Devices must be
reasonably safe and effective
• By default: Software must be safe and
effective
Safe and Effective
• It depends!
• Cannot be easily defined
• What is safe and effective software
– Software Engineering
– Risk Management
– Quality System
Conclusion
• The law and regulations are written in broad
terms
• Software should be engineered using:
– Software Engineering
– Risk Management
– Quality System
This is the CDRH Software Message
Keys to Success
•
•
•
•
Avoid denial
Make a plan
Document your activities
Remember the three A’s of meeting the
regulatory requirement
– Activities
– Attributes
– Artifacts