Regulatory Open Forum

This message was posted by a user wishing to remain anonymous

Hi All,

A couple of questions regarding SaMD verification - 

1. Are user requirements necessary for units? My interpretation is System User Reqs --> System SW Reqs --> Unit SW Reqs. One thing to consider here is that the user is an internal company user, and cannot access individual units with the exception of launching the first one. The output of the first unit is the input for the second and so on.

2. For System User Reqs like "Software must be able to run on a commercially available computer" leading to System SW Reqs like "Software must be able to run on Windows OS, MacOS, and Linux (etc.)", do we need Unit reqs that provide traceability? Or will system level verification be enough for requirements like these? How has your experience been with the FDA in these situations?

Appreciate all your help and recommendations. 
Cheers!

Hello Anon,

Software documentation can be quite subjective and without seeing current documentation also understanding the type of SaMD which is subject of this discussion, it would be hard to answer specific questions.  I would refer you to IEC 62304, FDA guidance documents, MHRA guidance, and some other expertly written documents.  Depending on the SaMD, the software verification is typically the lowest level of requirements, at the "code level" for how calculations are done, algorithms are completed, and database callouts.  User requirements are usually at a higher level which are tested as part of software validation.  You also mention this is an internal company user, which seems to indicate this is not a SaMD, but a Non-Product Software (NPS) application.  If this is purchased off-the-shelf then there may or may not be verification testing.  To answer the second questions, again system level requirements are usually tested as part of software validation though it really depends on the software application because some verification testing may be done for operating system call-outs, operating system libraries, and operating system functions.  From my perspective, following IEC 62304, FDA guidance, and other information (e.g. ISO 82304) it is most important internally you define the System Requirements, User Requirements, System Architecture, Software Design, Software Units, and then define what is tested in verification and what is tested in validation.

------------------------------
Richard Vincins RAC
Vice President Global Regulatory Affairs
------------------------------

Original Message:
Sent: 04-Jan-2022 17:35
From: Anonymous Member
Subject: SaMD Verification

This message was posted by a user wishing to remain anonymous

Hi All,

A couple of questions regarding SaMD verification -

1. Are user requirements necessary for units? My interpretation is System User Reqs --> System SW Reqs --> Unit SW Reqs. One thing to consider here is that the user is an internal company user, and cannot access individual units with the exception of launching the first one. The output of the first unit is the input for the second and so on.

2. For System User Reqs like "Software must be able to run on a commercially available computer" leading to System SW Reqs like "Software must be able to run on Windows OS, MacOS, and Linux (etc.)", do we need Unit reqs that provide traceability? Or will system level verification be enough for requirements like these? How has your experience been with the FDA in these situations?

Appreciate all your help and recommendations.
Cheers!

This message was posted by a user wishing to remain anonymous

Hi Anon,
  Answering to the best of my expertise here. SaMD may be classified based on the Diagnosis level that it affects - consequently there may be be some software which are Life Critical - imagine a Digital Microscope that runs on Windows/Android which supports life critical care. 

In continuation, the software for these Class -I.IIa, IIb or III software need to have appropriate traceability that the specific feature that may cause a patient Risk needs to be both documented as a requirement and has been verified at the Unit level(for Color/raster/contrast etc) or at a System level where the reliability of the device under certain hours of operation mitigate any issue during the usable service life.

In short, the User Needs is for a Display which has to work for a service life of xx hours may mean multiple(say 2) requirements for Software :
1) for Usability and Durability of Product during Surgery
2) Risk Mitigation when the failure is about to occur and for a notification to switch to other means

The Verification consequently would mean that the Usability/Durability #1 would be a System Requirement and #2 ​​would be a Software Requirement and appropriate V&V methodology needs completion.
Original Message:
Sent: 04-Jan-2022 17:35
From: Anonymous Member
Subject: SaMD Verification

This message was posted by a user wishing to remain anonymous

Hi All,

A couple of questions regarding SaMD verification -

1. Are user requirements necessary for units? My interpretation is System User Reqs --> System SW Reqs --> Unit SW Reqs. One thing to consider here is that the user is an internal company user, and cannot access individual units with the exception of launching the first one. The output of the first unit is the input for the second and so on.

2. For System User Reqs like "Software must be able to run on a commercially available computer" leading to System SW Reqs like "Software must be able to run on Windows OS, MacOS, and Linux (etc.)", do we need Unit reqs that provide traceability? Or will system level verification be enough for requirements like these? How has your experience been with the FDA in these situations?

Appreciate all your help and recommendations.
Cheers!