Contents. List of Acronyms Preface

Transcription

1 Contents List of Acronyms Preface xi xv PART I Introduction 1 1 Introduction The evolution of medical purpose software Product quality and software quality On the need for quality in medical purpose software Regulatory environments Verification and validation Structure of the book 14 PART II Regulations 17 2 EU MDD 93/42/EEC Background Content of the Directive 93/42/EEC The approval process for software as a medical device Qualification Classification Selection of the Authorized Representative and notified body Implementation of a quality management system Documenting software as a medical device Auditing by the notified body Display of the CE marking 30 3 FDA title 21 of US CFR The role of the Food and Drug Administration Content of the Codes of Federal Regulation 21 CFR The approval process for Software as a Medical Device Qualification Classification Implementation of a Quality Management System Documenting the Software as a Medical Device FDA clearance and premarket approval 40

2 vi Engineering high quality medical software 4 Regulations for other markets Regulatory environment and approval process in Australia Regulatory environment and approval process in Brazil Regulatory environment and approval process in Canada Regulatory environment and approval process in China Regulatory environment and approval process in Japan Regulatory environment and approval process in Russia 49 PART III Standards 51 5 ISO 13485: medical devices quality management systems requirements for regulatory purposes Introduction Contents The Quality Management System Management responsibility Resource management Product realization Measurement, analysis, and improvement ISO 13485:2016 versus other Quality Systems ISO certification Use of ISO in each jurisdiction 66 6 ISO 14971: medical devices application of risk management to medical devices Introduction Contents Risk concepts applied to medical devices Examples of hazards, foreseeable sequences of events and hazardous situations Risk-management methods and tools Failure mode effects analysis Failure mode, effects, and criticality analysis Fault tree analysis Hazard analysis and critical control points Hazard operability (HAZOP) analysis Preliminary hazard analysis Markov analysis Use of ISO 14971:2007 in each jurisdiction 84 7 IEC 62304: medical device software software life-cycle processes Introduction Content Software Development Process Maintenance process 90

3 Contents vii Software risk management process Software configuration management process Software problem resolution process Use of IEC in each jurisdiction 92 8 IEEE 1012 and ISO/IEC 29119: standards for software verification IEEE Std 1012 for system and software verification and validation Integrity levels Common V&V activities Software V&V activities ISO/IEC software testing ISO/IEC : concepts & definitions ISO/IEC : test processes ISO/IEC : test documentation ISO/IEC : test techniques ISO/IEC : keyword-driven testing 105 PART IV Verification and validation techniques Static testing Introduction and background Static testing Static analysis Control flow analysis Data dependence analysis Control dependence analysis Dynamic testing Introduction Specification-based testing technique Equivalence partitioning Boundary value analysis State transition testing Cause effect graphing and decision table testing Syntax testing Combinatorial test techniques Scenario testing and use case testing Random testing Structure-based testing technique Statement testing Branch/decision testing Condition testing Data flow testing Error-guessing testing technique Error-guessing 136

4 viii Engineering high quality medical software 11 Formal verification Introduction and background Formal specification Ambient calculus and ambient logic Linear temporal logic Model checking Static and dynamic (formal) verification Summary 145 PART V Techniques, methodologies, and engineering tasks for the development, configuration, and maintenance Prescriptive software development life cycles Software as a product Software development strategies Waterfall models The waterfall The V-model Evolutionary models Prototype models The incremental model The spiral model Choosing the best software development model Agile software development life cycles The Agile Manifesto Scrum Roles Events Agile testing practices Test-Driven Development Acceptance Test-Driven Development Behavior-Driven Development Agile in a regulated environment Project management Introduction Initiating Planning Setting the goals Assigning the responsibilities Defining the scope Planning time and costs Executing 184

5 Contents ix 14.5 Monitoring and controlling Closing Risk management Risk assessment overview Risk assessment workflow Static versus dynamic safety risk scenarios Probabilistic risk model Application to the case study Safety critical factor identification Risk analysis Risk scenario development Probabilistic risk model PRM analysis and risk evaluation Requirements management Background Types of requirements Requirements development Requirements elicitation Requirements specification Requirements verification and validation Requirements traceability Design controls and development management Background Design controls Design control and development templates Intended use template Risk management file template Software development plan template Software requirements specification template Software architectural design template Software detailed design template Test plan template Test case specification template Test procedure specification template Test incident report template Test summary report template Review report template Meeting report template Test management and defect management Software testing principles Software testing strategies 234

6 x Engineering high quality medical software 18.3 A software testing process Test planning, monitoring, and control Test analysis Test design Test implementation Test execution Test evaluation exit criteria Test closure Test metrics Defect management Change management, configuration management, and change management Change management Configuration management Incident management 251 PART VI Conclusions Conclusions Perspectives Criticality Conclusions 265 References 267 Index 271