Regulatory Open Forum

Hi All, 

Is there anyone here who is in the Software as Medical Device field? I have a question regarding the software design and development process.



------------------------------
Yan Chia
QARA Manager
Australia
------------------------------

AAMI TIR45:2012 - Guidance on the use of Agile practices in the development of medical device software - provides guidance for SaMD manufacturers to avail of benefits provided by Agile development while satisfying regulatory requirements and expectations.

Regards

------------------------------
Homi Dalal RAC
Consultant - Brandwood CKC
Sydney NSW
Australia
------------------------------

Original Message:
Sent: 14-Jul-2020 02:00
From: Tze Yan Chia
Subject: Software as Medical Device Design and Development Process - Waterfall Vs Agile Approach

Hi All,

Is there anyone here who is in the Software as Medical Device field? I have a question regarding the software design and development process.

To give you some context, the regulatory authorities (FDA, Europe, etc.) are using the waterfall approach (as below) in their guidance document as the preferred format for Software as Medical Device History File submission. However, this is an old model and most of the software companies are using the agile approach these days. 

The difference between the two methods is illustrated below:

In the waterfall approach, all activities in one phase have to be completed before moving into the next phase; whereas in the agile approach, the requirements and specifications are broken down into smaller projects and are treated as a 'sub-project'. As a result, there are some challenges from a Quality and Regulatory perspective when documenting the device life cycle.

Can anyone share how do you integrate the agile practices with a Medical Device Software Development Life cycle in the QMS?
Does anyone have any experience with the electronic QMS software 'qmsWrapper'? I googled this software and noticed that it integrates with Jira (software used by most developers with the agile approach) to generate FDA and ISO13485 compliant documents.

Looking forward to your input.
Many thanks.

Regards
Yan

------------------------------
Yan Chia
QARA Manager
Australia
------------------------------

FDA has also been working on a regulatory model for more agile approaches for software as a medical device, through the precertification program.  There haven't been many recent updates, but here is their website on what they are attempting to achieve - Digital Health Software Precertification (Pre-Cert) Program

U.S. Food and Drug Administration		remove preview
Digital Health Software Precertification (Pre-Cert) Program The Software Precertification (Pre-Cert) Pilot Program, as outlined in the FDA's Digital Health Innovation Action Plan [PDF], will help inform the development of a future regulatory model that will provide more streamlined and efficient regulatory oversight of software-based medical devices developed by manufacturers who have demonstrated a robust culture of quality and organizational excellence, and who are committed to monitoring real-world performance of their products once they reach the U.S. View this on U.S. Food and Drug Administration >

We work primarily with cybersecurity for medical devices and approaches with this domain can also be a bit different.  The core activities remain the same; however, the integration with the agile processes becomes a bit more fluent (devsecops).  You would still need threat modeling, security requirements (written as user stories), cybersecurity risk assessment and product labeling; however, security testing can and should become more integrated.  Security testing tools should be integrated with the build pipeline and ci/cd tools, such that code is continuously being scanned and evaluated each time it is checked in.  This enables the developer to fix security flaws throughout design and development, rather then finding issues right before or during V&V. 


------------------------------
Colin Morgan
Managing Director

Apraciti, Medical Device Cybersecurity
colinmorgan@apraciti.com
United States
------------------------------

Original Message:
Sent: 15-Jul-2020 02:21
From: Homi Dalal
Subject: Software as Medical Device Design and Development Process - Waterfall Vs Agile Approach

AAMI TIR45:2012 - Guidance on the use of Agile practices in the development of medical device software - provides guidance for SaMD manufacturers to avail of benefits provided by Agile development while satisfying regulatory requirements and expectations.

Regards

------------------------------
Homi Dalal RAC
Consultant - Brandwood CKC
Sydney NSW
Australia

Original Message:
Sent: 14-Jul-2020 02:00
From: Tze Yan Chia
Subject: Software as Medical Device Design and Development Process - Waterfall Vs Agile Approach

Hi All,

Is there anyone here who is in the Software as Medical Device field? I have a question regarding the software design and development process.

To give you some context, the regulatory authorities (FDA, Europe, etc.) are using the waterfall approach (as below) in their guidance document as the preferred format for Software as Medical Device History File submission. However, this is an old model and most of the software companies are using the agile approach these days. 

The difference between the two methods is illustrated below:

In the waterfall approach, all activities in one phase have to be completed before moving into the next phase; whereas in the agile approach, the requirements and specifications are broken down into smaller projects and are treated as a 'sub-project'. As a result, there are some challenges from a Quality and Regulatory perspective when documenting the device life cycle.

Can anyone share how do you integrate the agile practices with a Medical Device Software Development Life cycle in the QMS?
Does anyone have any experience with the electronic QMS software 'qmsWrapper'? I googled this software and noticed that it integrates with Jira (software used by most developers with the agile approach) to generate FDA and ISO13485 compliant documents.

Looking forward to your input.
Many thanks.

Regards
Yan

------------------------------
Yan Chia
QARA Manager
Australia
------------------------------

Hi Yan,

I recommend you take a look at AAMI Technical Information Report (TIR) 45, "Guidance on the use of AGILE practices in the development of medical device software", which aims to address exactly what you are asking about.

Good luck!

Tom

------------------------------
Tom Peter
Medical Device Specialist
Farmington Hills MI
United States
------------------------------

Original Message:
Sent: 14-Jul-2020 02:00
From: Tze Yan Chia
Subject: Software as Medical Device Design and Development Process - Waterfall Vs Agile Approach

Hi All,

Is there anyone here who is in the Software as Medical Device field? I have a question regarding the software design and development process.

To give you some context, the regulatory authorities (FDA, Europe, etc.) are using the waterfall approach (as below) in their guidance document as the preferred format for Software as Medical Device History File submission. However, this is an old model and most of the software companies are using the agile approach these days. 

The difference between the two methods is illustrated below:

In the waterfall approach, all activities in one phase have to be completed before moving into the next phase; whereas in the agile approach, the requirements and specifications are broken down into smaller projects and are treated as a 'sub-project'. As a result, there are some challenges from a Quality and Regulatory perspective when documenting the device life cycle.

Can anyone share how do you integrate the agile practices with a Medical Device Software Development Life cycle in the QMS?
Does anyone have any experience with the electronic QMS software 'qmsWrapper'? I googled this software and noticed that it integrates with Jira (software used by most developers with the agile approach) to generate FDA and ISO13485 compliant documents.

Looking forward to your input.
Many thanks.

Regards
Yan

------------------------------
Yan Chia
QARA Manager
Australia
------------------------------

I found this article on the AAMI TIR report interesting.  A bit of a summary of what's in the report and how it aligns with IEC 62304.

https://blog.cm-dm.com/post/2013/02/08/AAMI-TIR45-on-the-use-of-agile-methods-becomes-new-FDA-recognized-standard

By the way, I was not able to see the images in your original post on the RAPS site Yan.  Not sure what happened there.


------------------------------
Rick Muller RAC
Technical Director
Aurora CO
United States
------------------------------

Original Message:
Sent: 15-Jul-2020 08:20
From: Tom Peter
Subject: Software as Medical Device Design and Development Process - Waterfall Vs Agile Approach

Hi Yan,

I recommend you take a look at AAMI Technical Information Report (TIR) 45, "Guidance on the use of AGILE practices in the development of medical device software", which aims to address exactly what you are asking about.

Good luck!

Tom

------------------------------
Tom Peter
Medical Device Specialist
Farmington Hills MI
United States

Original Message:
Sent: 14-Jul-2020 02:00
From: Tze Yan Chia
Subject: Software as Medical Device Design and Development Process - Waterfall Vs Agile Approach

Hi All,

Is there anyone here who is in the Software as Medical Device field? I have a question regarding the software design and development process.

To give you some context, the regulatory authorities (FDA, Europe, etc.) are using the waterfall approach (as below) in their guidance document as the preferred format for Software as Medical Device History File submission. However, this is an old model and most of the software companies are using the agile approach these days. 

The difference between the two methods is illustrated below:

In the waterfall approach, all activities in one phase have to be completed before moving into the next phase; whereas in the agile approach, the requirements and specifications are broken down into smaller projects and are treated as a 'sub-project'. As a result, there are some challenges from a Quality and Regulatory perspective when documenting the device life cycle.

Can anyone share how do you integrate the agile practices with a Medical Device Software Development Life cycle in the QMS?
Does anyone have any experience with the electronic QMS software 'qmsWrapper'? I googled this software and noticed that it integrates with Jira (software used by most developers with the agile approach) to generate FDA and ISO13485 compliant documents.

Looking forward to your input.
Many thanks.

Regards
Yan

------------------------------
Yan Chia
QARA Manager
Australia
------------------------------

Hi Rick, 

Thanks for sharing the article, it is very interesting, especially this line "It gives a list of recommendations throughout the documents. Some are conceptual, some are practical. Not all of them are immediately useful, I would say. They need to be reviewed many times before they can be applied, with teams maturing in agile methods"

Apologies, I am not sure why you can't see the images, those images are an illustration of the differences between the waterfall and agile methods.

------------------------------
Yan Chia
QARA Manager
Australia
------------------------------

Original Message:
Sent: 15-Jul-2020 11:05
From: Rick Muller
Subject: Software as Medical Device Design and Development Process - Waterfall Vs Agile Approach

I found this article on the AAMI TIR report interesting.  A bit of a summary of what's in the report and how it aligns with IEC 62304.

https://blog.cm-dm.com/post/2013/02/08/AAMI-TIR45-on-the-use-of-agile-methods-becomes-new-FDA-recognized-standard

By the way, I was not able to see the images in your original post on the RAPS site Yan.  Not sure what happened there.


------------------------------
Rick Muller RAC
Technical Director
Aurora CO
United States

Original Message:
Sent: 15-Jul-2020 08:20
From: Tom Peter
Subject: Software as Medical Device Design and Development Process - Waterfall Vs Agile Approach

Hi Yan,

I recommend you take a look at AAMI Technical Information Report (TIR) 45, "Guidance on the use of AGILE practices in the development of medical device software", which aims to address exactly what you are asking about.

Good luck!

Tom

------------------------------
Tom Peter
Medical Device Specialist
Farmington Hills MI
United States

Original Message:
Sent: 14-Jul-2020 02:00
From: Tze Yan Chia
Subject: Software as Medical Device Design and Development Process - Waterfall Vs Agile Approach

Hi All,

Is there anyone here who is in the Software as Medical Device field? I have a question regarding the software design and development process.

To give you some context, the regulatory authorities (FDA, Europe, etc.) are using the waterfall approach (as below) in their guidance document as the preferred format for Software as Medical Device History File submission. However, this is an old model and most of the software companies are using the agile approach these days. 

The difference between the two methods is illustrated below:

In the waterfall approach, all activities in one phase have to be completed before moving into the next phase; whereas in the agile approach, the requirements and specifications are broken down into smaller projects and are treated as a 'sub-project'. As a result, there are some challenges from a Quality and Regulatory perspective when documenting the device life cycle.

Can anyone share how do you integrate the agile practices with a Medical Device Software Development Life cycle in the QMS?
Does anyone have any experience with the electronic QMS software 'qmsWrapper'? I googled this software and noticed that it integrates with Jira (software used by most developers with the agile approach) to generate FDA and ISO13485 compliant documents.

Looking forward to your input.
Many thanks.

Regards
Yan

------------------------------
Yan Chia
QARA Manager
Australia
------------------------------

Hi Yan,

We have struggled with this as well. Our approach has been to develop the software through agile processes and then when there is a release, we set it up in more of a waterfall using IQ/OQ/PQ. We know it is not ideal so we are constantly working on improving the process and using the guidances to get closer to a well developed and well documented process. I appreciate everyone's input here so I can dig in and keep working towards best practices. 

There is a key gap with the precertification program mentioned in this thread. That gap being Class I medical devices. Maybe it isn't as much of a gap as I think. However, what I see is that a Class I SaMD developer would not get a pre-cert because it does take a lot of resources up front. But then there is no guarantee that an auditor will accept your development process. The pre-cert seems to divide developers into established vs. startup categories which doesn't seem like a level playing field. I still have questions as to what an auditor would be expecting or understand. If they are primarily familiar with traditional IQ/OQ/PQ, are they going to accept the more modern software validation language and processes without too much hassle? 

The biggest issue we have is the communication between our traditional medical device regulatory and quality team with the software developers and testers. I think there is a lot of work that goes into making these departments speak the same language and understand the jargon and perspectives of the other.

------------------------------
Maddi Myers
Regulatory and Quality Project Manager
Carver MN
United States
------------------------------

Original Message:
Sent: 14-Jul-2020 02:00
From: Tze Yan Chia
Subject: Software as Medical Device Design and Development Process - Waterfall Vs Agile Approach

Hi All,

Is there anyone here who is in the Software as Medical Device field? I have a question regarding the software design and development process.

To give you some context, the regulatory authorities (FDA, Europe, etc.) are using the waterfall approach (as below) in their guidance document as the preferred format for Software as Medical Device History File submission. However, this is an old model and most of the software companies are using the agile approach these days. 

The difference between the two methods is illustrated below:

In the waterfall approach, all activities in one phase have to be completed before moving into the next phase; whereas in the agile approach, the requirements and specifications are broken down into smaller projects and are treated as a 'sub-project'. As a result, there are some challenges from a Quality and Regulatory perspective when documenting the device life cycle.

Can anyone share how do you integrate the agile practices with a Medical Device Software Development Life cycle in the QMS?
Does anyone have any experience with the electronic QMS software 'qmsWrapper'? I googled this software and noticed that it integrates with Jira (software used by most developers with the agile approach) to generate FDA and ISO13485 compliant documents.

Looking forward to your input.
Many thanks.

Regards
Yan

------------------------------
Yan Chia
QARA Manager
Australia
------------------------------

Hi Maddi!
I think you put the pragmatic approach very well. As a consultant, I often go to visit a company that has developed software using "state of the art" agile techniques and essentially have to cross-reference their work back into a more conventional waterfall model and cross reference key documents. This strikes me as an appalling waste of resource that contributes nothing to patient safety or product performance.
Working across the EU and US we see differences in the definition and classification of medical devices and no clear equivalent to the FDA's pre-certification program.
I fear this is another case of people trying to produce software and devices for the next decade in a regulatory system designed for the last century.
We must find a better, more pragmatic, way of regulating industries in a time of rapid and disruptive technology change.
Rant Over! I share your pain!
Neil

------------------------------
Neil Armstrong FRAPS
CEO MeddiQuest Limited
Peterborough
United Kingdom
------------------------------

Original Message:
Sent: 15-Jul-2020 13:16
From: Maddi Myers
Subject: Software as Medical Device Design and Development Process - Waterfall Vs Agile Approach

Hi Yan,

We have struggled with this as well. Our approach has been to develop the software through agile processes and then when there is a release, we set it up in more of a waterfall using IQ/OQ/PQ. We know it is not ideal so we are constantly working on improving the process and using the guidances to get closer to a well developed and well documented process. I appreciate everyone's input here so I can dig in and keep working towards best practices.

There is a key gap with the precertification program mentioned in this thread. That gap being Class I medical devices. Maybe it isn't as much of a gap as I think. However, what I see is that a Class I SaMD developer would not get a pre-cert because it does take a lot of resources up front. But then there is no guarantee that an auditor will accept your development process. The pre-cert seems to divide developers into established vs. startup categories which doesn't seem like a level playing field. I still have questions as to what an auditor would be expecting or understand. If they are primarily familiar with traditional IQ/OQ/PQ, are they going to accept the more modern software validation language and processes without too much hassle?

The biggest issue we have is the communication between our traditional medical device regulatory and quality team with the software developers and testers. I think there is a lot of work that goes into making these departments speak the same language and understand the jargon and perspectives of the other.

------------------------------
Maddi Myers
Regulatory and Quality Project Manager
Carver MN
United States

Original Message:
Sent: 14-Jul-2020 02:00
From: Tze Yan Chia
Subject: Software as Medical Device Design and Development Process - Waterfall Vs Agile Approach

Hi All,

Is there anyone here who is in the Software as Medical Device field? I have a question regarding the software design and development process.

To give you some context, the regulatory authorities (FDA, Europe, etc.) are using the waterfall approach (as below) in their guidance document as the preferred format for Software as Medical Device History File submission. However, this is an old model and most of the software companies are using the agile approach these days. 

The difference between the two methods is illustrated below:

In the waterfall approach, all activities in one phase have to be completed before moving into the next phase; whereas in the agile approach, the requirements and specifications are broken down into smaller projects and are treated as a 'sub-project'. As a result, there are some challenges from a Quality and Regulatory perspective when documenting the device life cycle.

Can anyone share how do you integrate the agile practices with a Medical Device Software Development Life cycle in the QMS?
Does anyone have any experience with the electronic QMS software 'qmsWrapper'? I googled this software and noticed that it integrates with Jira (software used by most developers with the agile approach) to generate FDA and ISO13485 compliant documents.

Looking forward to your input.
Many thanks.

Regards
Yan

------------------------------
Yan Chia
QARA Manager
Australia
------------------------------

Hi Maddi, 

Thanks for sharing, I think we are going through the same thing! We are using the same approach at this stage, where we develop the software through agile processes and then when there is a release, we set it up in more of a waterfall using IQ/OQ/PQ. Totally agree with you that it is not ideal and is looking for ways to improve the current practice. 

Given the tremendous amounts of change occurring in the software design and development phase using the agile method, it is also a challenge to record all of the changes through change control. Do you have the same problem?

Have you ever considered using an eQMS software with the ability to integrate with the development software (e.g. JIRA)?

The integration allows software medical device companies to reduce the risk of noncompliance by ensuring the appropriate Jira artifacts are captured in their quality management system. Software development teams have the freedom to leverage the agile functionality of Jira for tracking implementation work and issues related to software components, while simultaneously ensuring traceability to their Design Control and Risk Management system of record. 

Greenlight guru and qmsWrapper seems to have this function. Has anyone heard of these eQMS software?

------------------------------
Yan Chia
QARA Manager
Australia
------------------------------

Original Message:
Sent: 15-Jul-2020 13:16
From: Maddi Myers
Subject: Software as Medical Device Design and Development Process - Waterfall Vs Agile Approach

Hi Yan,

We have struggled with this as well. Our approach has been to develop the software through agile processes and then when there is a release, we set it up in more of a waterfall using IQ/OQ/PQ. We know it is not ideal so we are constantly working on improving the process and using the guidances to get closer to a well developed and well documented process. I appreciate everyone's input here so I can dig in and keep working towards best practices.

There is a key gap with the precertification program mentioned in this thread. That gap being Class I medical devices. Maybe it isn't as much of a gap as I think. However, what I see is that a Class I SaMD developer would not get a pre-cert because it does take a lot of resources up front. But then there is no guarantee that an auditor will accept your development process. The pre-cert seems to divide developers into established vs. startup categories which doesn't seem like a level playing field. I still have questions as to what an auditor would be expecting or understand. If they are primarily familiar with traditional IQ/OQ/PQ, are they going to accept the more modern software validation language and processes without too much hassle?

The biggest issue we have is the communication between our traditional medical device regulatory and quality team with the software developers and testers. I think there is a lot of work that goes into making these departments speak the same language and understand the jargon and perspectives of the other.

------------------------------
Maddi Myers
Regulatory and Quality Project Manager
Carver MN
United States

Original Message:
Sent: 14-Jul-2020 02:00
From: Tze Yan Chia
Subject: Software as Medical Device Design and Development Process - Waterfall Vs Agile Approach

Hi All,

Is there anyone here who is in the Software as Medical Device field? I have a question regarding the software design and development process.

To give you some context, the regulatory authorities (FDA, Europe, etc.) are using the waterfall approach (as below) in their guidance document as the preferred format for Software as Medical Device History File submission. However, this is an old model and most of the software companies are using the agile approach these days. 

The difference between the two methods is illustrated below:

In the waterfall approach, all activities in one phase have to be completed before moving into the next phase; whereas in the agile approach, the requirements and specifications are broken down into smaller projects and are treated as a 'sub-project'. As a result, there are some challenges from a Quality and Regulatory perspective when documenting the device life cycle.

Can anyone share how do you integrate the agile practices with a Medical Device Software Development Life cycle in the QMS?
Does anyone have any experience with the electronic QMS software 'qmsWrapper'? I googled this software and noticed that it integrates with Jira (software used by most developers with the agile approach) to generate FDA and ISO13485 compliant documents.

Looking forward to your input.
Many thanks.

Regards
Yan

------------------------------
Yan Chia
QARA Manager
Australia
------------------------------

This message was posted by a user wishing to remain anonymous

I also want second the TIR45 recommendation ---> You can use agile approaches in between, but when you actually release software TO BE USED WITH HUMAN PATIENTS, seek input from your internal physicians, or seem input from regulators, it needs to be a "final" form that can be shared. And when it is release, it needs to be completely verified and validated since any change can affect the health and safety of the patient.

There was a talk about this at an Advamed Digital conference last year related to the Digihaler product. The point was that agile refers to what the developers are doing, but they were doing things that ran completely contrary to their internal physicians and those physicians (as well as the regulators) had to had some defined points.
Original Message:
Sent: 14-Jul-2020 02:00
From: Tze Yan Chia
Subject: Software as Medical Device Design and Development Process - Waterfall Vs Agile Approach

Hi All,

Is there anyone here who is in the Software as Medical Device field? I have a question regarding the software design and development process.

To give you some context, the regulatory authorities (FDA, Europe, etc.) are using the waterfall approach (as below) in their guidance document as the preferred format for Software as Medical Device History File submission. However, this is an old model and most of the software companies are using the agile approach these days. 

The difference between the two methods is illustrated below:

In the waterfall approach, all activities in one phase have to be completed before moving into the next phase; whereas in the agile approach, the requirements and specifications are broken down into smaller projects and are treated as a 'sub-project'. As a result, there are some challenges from a Quality and Regulatory perspective when documenting the device life cycle.

Can anyone share how do you integrate the agile practices with a Medical Device Software Development Life cycle in the QMS?
Does anyone have any experience with the electronic QMS software 'qmsWrapper'? I googled this software and noticed that it integrates with Jira (software used by most developers with the agile approach) to generate FDA and ISO13485 compliant documents.

Looking forward to your input.
Many thanks.

Regards
Yan

------------------------------
Yan Chia
QARA Manager
Australia
------------------------------