Regulatory Open Forum

 View Only
Rimsys 2024 RegEx AMA
Back to discussions
Expand all | Collapse all

TRF File for Compliance - applicability over Design Life

  • 1.  TRF File for Compliance - applicability over Design Life

    Posted 03-Jan-2020 05:31
    Hi 
       I have a lingering doubt regards the applicability of the Test Evidence of a Software driven Medical device. The Product Design Life is for a period of X years. The Software has had intermediate releases through-out this period and Test evidences are available for the releases

    In preparing the TRF for the Product, we have to check evidences for covered features and releases and update the Verdict. Would the Test evidence need to be re-run if the resport is older than the intended design life. i.e. the Test reports are older than the stated design life. 

    How would we map the Product TRF evidence to the Release Test evidence?. Is there a rationale to be listed to say that the Test results/verdict is valid for the last released Software/Product?. Would end of Design life of the product affect validity of Test results?.

    The TRF maps to EN/62304:2006 AMD1:2015.  



    ------------------------------
    Vikram U
    Tech Lead MDD-MDR Transition
    India
    ------------------------------


  • 2.  RE: TRF File for Compliance - applicability over Design Life

    Posted 03-Jan-2020 09:23
    Hi Vikram,

    Your question is not entirely clear to me - so you'll get some comments and return questions.

    I assume that with 'Product Design Life' you refer to 'expected service life' as defined by clause 3.28 of IEC 60601-1? This term relates to the time period during which the device is expected to remain safe. I.e. from device being taken into use until device is scrapped. 
    This is different from the time period where the product is placed on the market after having been developed.
    As such, you can have several software releases / updates to a device that has been on the market for a time period being longer than the expected service life.

    As you are preparing a TRF (presumably a Test Report Form?), I assume you are in the process of performing a safety test according to IEC 60601-1 or a specific product standard?
    In this process, you should evaluate if and justify how you test evidence is valid and relevant to support the verdict in the TRF. For any old test evidence, this can be challenge for software which has been subject to multiple updates and indeed retesting could be justified. But the case that the test reports are older than the expected services life does not in and by itself justify / require re-testing.

    I would propose, that in the TRF you refer to existing release test evidence and justify that it is valid to document compliance with each of the test requirements. This justification could be a separate engineering rationale.
    In cases where existing release test evidence is found to be inadequate or insufficient to demonstrate compliance with a test requirement you retest and refer to the new test evidence.

    Does this help at all, or did I misunderstand your question?

    ------------------------------
    Claus Rømer Andersen
    Hørsholm, Denmark
    claus@roemerconsulting.dk
    ------------------------------

    Original Message


  • 3.  RE: TRF File for Compliance - applicability over Design Life

    Posted 03-Jan-2020 18:57
    Hi Andreas,
      Thank you for covering most parts of my question. 
    The TRF as you have listed is the Test Report Format for 62304 covering software development and configuration process.

    The correction on service life over a design life is duly noted. Does the planned design life of 5 years' mean that there has to be some redesign needed after introduction of the product?

    The main question here though was to know and provide rationale for a verdict based on Test results. Is there a validity period for a test evidence(software product) if no redesign is done?. The complexity is that some test evidence does not list version/combination of OS, individual requirement breakup and their Pass/Fail status.  It is only possible to say Req#X.Y passed,but there is insufficient evidence and observation details for all steps under Req#X.
    Retesting could be justified if there were changes in functionality, feature specific changes are tested on a project basis and this is not as per 62304 acceptance criteria defined for release. How do we map to this acceptance criteria ?





    ------------------------------
    Regards,
    Vikram U
    Tech Lead, MDD-MDR transition
    India
    ------------------------------

    Original Message


  • 4.  RE: TRF File for Compliance - applicability over Design Life

    Posted 04-Jan-2020 06:08
    Hi Vikram,

    Reading your posts it seems you have a complicated case - I'll try to elaborate below. If my assumptions are incorrect I apologize.
    It seems to me, that you have a few separate issues - I recommend to split up your case into as many minor issues as possible, and then manage eat issue individually - while adhering to he whole picture. If you don't split it up you'll get confused.

    Regarding design life:
    Planned design life (expected service life) of 5 years only indicates that each individual device has an in use life-time expectancy of 5 years after being sold. 
    So no, this does not in any way trigger a need for redesign by itself.

    Regarding validity of test results:
    I'll split this question in two parts below.

    a) On validity period:
    No, there is no time period limiting validity of test results.
    What could trigger a need for retesting is redesign of hardware, redesign of software or a change in standards or regulations.
    So, if there is no change in the device or its requirements the existing test evidence should be sufficient (see below).

    b) On adequacy of test evidence:
    If I understand correctly, your existing test evidence is incomplete. It reports the conclusion (pass) bot there is a lack of traceability, description of how things were tested and so on.
    As such, I assume that at some point in the past when the device was developed, the evidence was written, evaluated and accepted by the standards of that time.
    Secondly I assume that you are re-evaluating the device documentation - perhaps due to MDR transition? Which brings you to re-evaluate documentation that was found to be acceptable in the past in a new light. Yes, the MDR changes how we evaluate documentation for software, and yes interpretation of IEC 62304 has evolved over the years, to some degree reflected in the TRF.
    So, your dilemma is that existing documentation does not meet the expectations of current regulations and standards and you are in the process of re-authorizing under the MDR.
    If correct, then yes you most likely will have to improve the test evidence documentation to meet the standards of today. And if the existing documentation lacks traceability, evidence and observations, the most effective approach can certainly be to re-test - perhaps with limited scope.

    Regarding 'Retesting ...':
    IEC 62304 defines the life-cycle processes for software development and maintenance.
    It requires, that retesting is performed when there is a change in functionality, etc. 
    It does not say that you can not retest for other reasons.
    I would refer you to Figure 2 of IEC 62304 and propose you treat this retest as a 'maintenance request', which triggers that you go through the entire maintenance process and update your documentation as relevant along the way.

    ------------------------------
    Claus Rømer Andersen
    Hørsholm, Denmark
    claus@roemerconsulting.dk
    ------------------------------

    Original Message


  • 5.  RE: TRF File for Compliance - applicability over Design Life

    Posted 05-Jan-2020 02:46
    Good Day Claus,
      From the multiple suggestions I have been provided, I thank you for bringing simplicity by breaking the problem.



    1.Regarding design life:
    Planned design life (expected service life) of 5 years only indicates that each individual device has an in use life-time expectancy of 5 years after being sold. 
    So no, this does not in any way trigger a need for redesign by itself.

    This Service and Design life are subject to GSPR/14971/62304 standards and a redesign may be necessary when the software handles data privacy. I will put forth my observation to my team regards changed standards and hence the need to re-test the product
    2. So, your dilemma is that existing documentation does not meet the expectations of current regulations and standards and you are in the process of re-authorizing under the MDR.
    If correct, then yes you most likely will have to improve the test evidence documentation to meet the standards of today. And if the existing documentation lacks traceability

    Traceability is bidirectional and needs to link Requirements(functional mapped from Product specifications and Non functional from Standards) to the test procedures all through to the Test Results. I will recheck if any test procedures need to be modified as part of maintenance. This way the TRF generated earlier would be valid, only newer changes would need external testing

    Would these assessments be correct?.
    Thanking your for your guidance and for sharing my concern.

    ------------------------------
    Vikram Upadhya
    Tech Lead
    MDD-MDR Transition
    HCL Tech
    India
    ------------------------------

    Original Message


  • 6.  RE: TRF File for Compliance - applicability over Design Life

    Posted 04-Jan-2020 06:11
    Hi Vikram,

    Just a thought: During the >service life< of a medical software, the manufacture must apply clauses 6 & 7 of the IEC 62304. Here a report of the initial SW release originating from a TRF might be useful.
    For the following SW maintenance process, I would use the mandatory plan (per clause 6.1) and I would establish a SW maintenance file. This file might uses an initial report as baseline; but I would not plan to apply a TRF based report over the maintenance period.

    ------------------------------
    Uwe Zeller | Regulatory Affairs / Risk Management Consultant
    Biberach an der Riß, Germany
    ------------------------------

    Original Message


  • 7.  RE: TRF File for Compliance - applicability over Design Life

    Posted 04-Jan-2020 21:30
    Guten Tag Uwe

    I will recheck the scope of maintenance plan as applicable for MDR transition.
    Our RAA and DofConformity list 62304 as the standard for software development process. If we go with the maintenance plan, it would mean there would be significant process outside of design dealing with change management and it's approval process.

    62304 is being applied to this as a Legacy software, development of this product having started prior to 2006. The maintenance plan, as you suggest, must cover development, configuration, V&V, Release and Post-Market feedback. This would need approval outside my purview. Does the  maintenance plan have to be valid within the design/service period or does it have a specific duration listed in the certification/approval documentation?

    ------------------------------
    Vikram Upadhya
    Tech Lead
    MDD-MDR Transition
    HCL Tech
    India
    ------------------------------

    Original Message


  • 8.  RE: TRF File for Compliance - applicability over Design Life

    Posted 06-Jan-2020 05:17
    Dear Vikram,

    About your question: Does the  maintenance plan have to be valid within the design/service period. 
    >> In my understanding, it has to be valid as long as at least one Instance of your SW is legitimately used in the field.

    ------------------------------
    Uwe Zeller | Regulatory Affairs / Risk Management Consultant
    Biberach an der Riß, Germany
    ------------------------------

    Original Message


  • 9.  RE: TRF File for Compliance - applicability over Design Life

    Posted 06-Jan-2020 06:47
    Guten Tag Uwe,
      Thanks again for that clarification. I hope to mean that the Service Duration can exceed the Design Life( tentatively listed as 5 Years previously). Would a user using the Product outside of this duration be valid under warranty or considered legitimate business if the design life is exceeded..this applies to a software product scope. 





    ------------------------------
    Vikram Upadhya
    Tech Lead
    MDD-MDR Transition
    HCL Tech
    India
    ------------------------------

    Original Message


  • 10.  RE: TRF File for Compliance - applicability over Design Life

    Posted 06-Jan-2020 07:16

    Dear Vikram,

    Answering your question directly requires in detail knowledge of your design / technical documentation which can't be done here.

    In general, the answers should be coming out of your design planning / risk management system.

    ------------------------------
    Uwe Zeller | Regulatory Affairs / Risk Management Consultant
    Biberach an der Riß, Germany
    ------------------------------

    Original Message


  • 11.  RE: TRF File for Compliance - applicability over Design Life

    Posted 06-Jan-2020 07:32
    Guten Tag Uwe,
        I agree with this. For sure there are external risks that need to be evaluated outside of our Risk Management process as the Software Product is supported on Windows 7/8/10. 

    I will split this question as the original post(About TRF Test Results) is getting diluted.

    Danke

    ------------------------------
    Vikram Upadhya
    Tech Lead
    MDD-MDR Transition
    HCL Tech
    India
    ------------------------------

    Original Message


  • 12.  RE: TRF File for Compliance - applicability over Design Life

    Posted 04-Jan-2020 11:56

    When I see TRF I think of the test report forms managed by IECEE. They are, in my experience, issued for product safety standards and not for process standards. I checked the IECEE web page and did not find a 62304 related TRF. In addition, you say, "The TRF maps to EN/62304:2006 AMD1:2015". I checked the CENELEC website and did not find a TRF.

    I infer that you have a completed TRF that you either did yourself or used an external organization.

    There are two questions. How do software changes made after the completed TRF affect the TRF? What should happen when the completed TRF is older than the design life of products currently shipping?

    For the first question, the test report is, typically, a type test which represents a specific product configuration. Evaluate each software change to see if affects any characteristic in the test report. If not, document the evaluation in the design history file. If yes, then conduct the TRF tests on the new configuration. Also, since you have a software driven medical device a software change could result in changes covered by other test reports.

    If you not have been conducting the evaluations, do them retrospectively and then, if necessary, test the current configuration.

    For the second question, the age of the test report doesn't matter. What matters is that the most recent test report covers the configuration shipping.

    On another note, the CENELEC website says that EN 62304:2006/A1:2015 is superseded by prEN IEC 62304:2019. It is not yet published, but anticipate EN IEC 62304:2020 this year. You should develop a plan to transition to the new standard.



    ------------------------------
    Dan O'Leary CQA, CQE
    Swanzey NH
    United States
    ------------------------------

    Original Message


  • 13.  RE: TRF File for Compliance - applicability over Design Life

    Posted 04-Jan-2020 21:12
    Hi Claus, Dan,
     Many thanks and appreciate the details provided regards applicability of the results to the TRF. The TRF was provided by customer as part of their process from their other plants.

    Dan,
    You are correct to point out the validity mapping to the tested configuration vis-a-vis the shipped configuration.

    Evaluate each software change to see if affects any characteristic in the test report. If not, document the evaluation in the design history file. If yes, then conduct the TRF tests on the new configuration. Also, since you have a software driven medical device a software change could result in changes covered by other test reports.
    This is exactly what I need to confirm about the test results captured earlier as evidence.

    Regarding the 62304, the standard listed in DofConformity refers to 62304 : 2006 Amd12015 referring to software development and release through maintenance process
      :They are, in my experience, issued for product safety standards and not for process standards.:
    The evidence in the TRF maps to procedures and process rather than an actual test .
    I also confirm your assessment about validity of Test results as objective evidence for the last product software release.

    My action now would be to check software and product functionality changes from Release History mapped in the STED(for MDR).

    Claus,
     Thank you again for the detail provided. 

    In summary, the product being tested is classified as Legacy software and hence would partially conform to 62304:2006 clauses. I appreciate the time and detail provided.

    ------------------------------
    Vikram Upadhya
    Tech Lead
    MDD-MDR Transition
    HCL Tech
    India
    ------------------------------

    Original Message


  • 14.  RE: TRF File for Compliance - applicability over Design Life

    Posted 07-Jan-2020 04:04
    Good Day Dan,
      I did find this article with some information about the the 62304:2020 and its applicability for LEGACY Software. 
    https://blog.cm-dm.com/post/2019/11/22/IEC-62304%3A2019-or-2020-next-generation.

    thank you for your guidance.

    ------------------------------
    Vikram Upadhya
    Tech Lead
    MDD-MDR Transition
    HCL Tech
    India
    ------------------------------

    Original Message


  • 15.  RE: TRF File for Compliance - applicability over Design Life

    Posted 05-Jan-2020 01:28
    You mention that a TRF (Test Report Form) per the IECEE CB Scheme is being filled out (& Dan is questioning that issue).  I have the answer to that.

    In OD-2055. The test house that is issuing a CB test certificate and CB test report to IEC 60601-1, edition 3.1 (or 3rd edition + A1) needs to evaluate the applicable clauses of IEC 62304 and must be addressed in the CB Test Report but the standard IEC 62304 is not to be listed on the CB Test Certificate.   A current copy of OD-2055 can be accessed at https://www.iecee.org/documents/refdocs/downloads/od-2055_ed.2.1.pdf. Refer to Annex C and you will see the reference.  Also, there is a TRF that the test houses use for this but is not listed on the CB scheme website but I am not sure why that is. 

    Not, I am a member of the recently reconstituted Risk Management group under ETF-3 of the CB Scheme.

    ------------------------------
    Leonard (Leo) Eisner, P.E.
    The "IEC 60601 Guy"
    Principal Consultant, Eisner Safety Consultants
    Phone: (503) 244-6151
    Mobile: (503) 709-8328
    Email: Leo@EisnerSafety.com
    Website: www.EisnerSafety.com
    ------------------------------

    Original Message


  • 16.  RE: TRF File for Compliance - applicability over Design Life

    Posted 06-Jan-2020 02:00
    Just clarifying one minor point in my last post.  The last sentence should say note instead of not.  I was recovering from a minor surgery and was still in pain when I posted and so a typo.  I am on this Risk Management group under ETF-3 of the CB Scheme.

    ------------------------------
    Leonard (Leo) Eisner, P.E.
    The "IEC 60601 Guy"
    Principal Consultant, Eisner Safety Consultants
    Phone: (503) 244-6151
    Mobile: (503) 709-8328
    Email: Leo@EisnerSafety.com
    Website: www.EisnerSafety.com
    ------------------------------

    Original Message


  • 17.  RE: TRF File for Compliance - applicability over Design Life

    Posted 06-Jan-2020 02:19
    Hi Leo,
      Wishing you a faster (and less painful) recovery!.

    Thanks for that Input. As you list, the CB certification authorities are in a position to provide a TRF for EN 62304:2006. If this is the case then i would like to check the sections related to Post Market Surveillance Evidences requested by the Test lab as part of SDLC. How would Agile Products and Usability related Test reports map into the 62304 Sections covering Release and Risk Management processes.

    Please help me understand the scope of TRF if referred outside of a formal evaluation and correct my understanding.

    Existing Sections i see where i have no visibility regards evidence are:
    5.0 Software Development Process - Documentation and Evidence Present
    6.0 Software Maintenance Process  -  Documentation and Evidence Present
    7.0 Software Risk Management Process  Documentation and Evidence Present
    8.0 Software Configuration Management Process - Documentation and Evidence Present
    9.0 Software Problem Resolution Process -  Limited Documentation and Evidence provided

    In effect any CB needs to have access to Internal documentation to complete the entire SDLC evaluation and the Acceptance criteria for Release needs to be documented( if done via a Change Control Board).

    ------------------------------
    Vikram Upadhya
    Tech Lead
    MDD-MDR Transition
    HCL Tech
    India
    ------------------------------

    Original Message


Related Content