FDA has also been working on a regulatory model for more agile approaches for software as a medical device, through the precertification program. There haven't been many recent updates, but here is their website on what they are attempting to achieve -
Digital Health Software Precertification (Pre-Cert) Program
U.S. Food and Drug Administration |
remove preview |
|
Digital Health Software Precertification (Pre-Cert) Program |
The Software Precertification (Pre-Cert) Pilot Program, as outlined in the FDA's Digital Health Innovation Action Plan [PDF], will help inform the development of a future regulatory model that will provide more streamlined and efficient regulatory oversight of software-based medical devices developed by manufacturers who have demonstrated a robust culture of quality and organizational excellence, and who are committed to monitoring real-world performance of their products once they reach the U.S. |
View this on U.S. Food and Drug Administration > |
|
|
We work primarily with cybersecurity for medical devices and approaches with this domain can also be a bit different. The core activities remain the same; however, the integration with the agile processes becomes a bit more fluent (devsecops). You would still need threat modeling, security requirements (written as user stories), cybersecurity risk assessment and product labeling; however, security testing can and should become more integrated. Security testing tools should be integrated with the build pipeline and ci/cd tools, such that code is continuously being scanned and evaluated each time it is checked in. This enables the developer to fix security flaws throughout design and development, rather then finding issues right before or during V&V.
------------------------------
Colin Morgan
Managing Director
Apraciti, Medical Device Cybersecurity
colinmorgan@apraciti.comUnited States
------------------------------
Original Message:
Sent: 15-Jul-2020 02:21
From: Homi Dalal
Subject: Software as Medical Device Design and Development Process - Waterfall Vs Agile Approach
AAMI TIR45:2012 - Guidance on the use of Agile practices in the development of medical device software - provides guidance for SaMD manufacturers to avail of benefits provided by Agile development while satisfying regulatory requirements and expectations.
Regards
------------------------------
Homi Dalal RAC
Consultant - Brandwood CKC
Sydney NSW
Australia
Original Message:
Sent: 14-Jul-2020 02:00
From: Tze Yan Chia
Subject: Software as Medical Device Design and Development Process - Waterfall Vs Agile Approach
Hi All,
Is there anyone here who is in the Software as Medical Device field? I have a question regarding the software design and development process.
To give you some context, the regulatory authorities (FDA, Europe, etc.) are using the waterfall approach (as below) in their guidance document as the preferred format for Software as Medical Device History File submission. However, this is an old model and most of the software companies are using the agile approach these days.
The difference between the two methods is illustrated below:
In the waterfall approach, all activities in one phase have to be completed before moving into the next phase; whereas in the agile approach, the requirements and specifications are broken down into smaller projects and are treated as a 'sub-project'. As a result, there are some challenges from a Quality and Regulatory perspective when documenting the device life cycle.
Can anyone share how do you integrate the agile practices with a Medical Device Software Development Life cycle in the QMS?
Does anyone have any experience with the electronic QMS software 'qmsWrapper'? I googled this software and noticed that it integrates with Jira (software used by most developers with the agile approach) to generate FDA and ISO13485 compliant documents.
Looking forward to your input.
Many thanks.
Regards
Yan
------------------------------
Yan Chia
QARA Manager
Australia
------------------------------