Implementing a Medical Device Software Risk Management Process by ISO 14971 in compliance with Agile Principles

The development of medical device software is strictly regulated by competent authorities. In addition to producing significant medical benefits, the medical device software can be a potential source of serious safety hazard to patients or healthcare professionals. The International Standard ISO 14971 was created to minimize the risks related to treatment of patients with the medical devices. Although agile software development has become a widely used method for developing software products, medical device manufacturers and regulators have been uncertain whether these practices are appropriate for the regulated environment. The purpose of this thesis is to research similarities and differences between ISO 14971 risk management process and agile principles. Furthermore, the aim is also to provide guidance and produce practical ideas for the implementation of the risk management process that meets the regulatory requirements and follows agile values and principles. The risk management standard ISO 14971 was thoroughly analyzed in order to find all process requirements. Similarly, the agile practices were studied through the Agile Manifesto and other essential resources of the field. The synthesis of the two concepts was produced based on the information gathered. The ideas produced in the research are presented as an example development process model which can be used as a reference implementation. The relatively high abstraction level of the model secures the generalizability of the research. When designing the risk management process implementation, it is essential to thoroughly understand the goals and principles of the regulatory framework. By following the guidance and instructions provided in this thesis, medical device software manufacturers should be able to create the applicable risk management process and to claim conformity to ISO 19471

On Medical Device Software CE Compliance and Conformity Assessment

Manufacturing of medical devices is strictly controlled by authorities, and manufacturers must conform to the regulatory requirements of the region in which a medical device is being marketed for use. In general, these requirements make no difference between the physical device, embedded software running inside a physical device, or software that constitutes the device in itself. As a result, standalone software with intended medical use is considered to be a medical device. Consequently, its development must meet the same requirements as the physical medical device manufacturing. This practice creates a unique challenge for organizations developing medical software. In this paper, we pinpoint a number of regulatory requirement mismatches between physical medical devices and standalone medical device software. The view is based on experiences from industry, from the development of all -software medical devices as well as from defining the manufacturing process so that it meets the regulatory requirements.Peer reviewe

Towards Regulatory-Compliant MLOps: Oravizio’s Journey from a Machine Learning Experiment to a Deployed Certified Medical Product

Peer reviewe

Extending SOUP to ML Models in Certified Medical Systems

Peer reviewe

MLOps Challenges in Multi-Organization Setup: Experiences from Two Real-World Cases

Workshop on AI Engineering - Software Engineering for AI , WAIN ; Conference date: 30-05-2021 Through 31-05-2021Peer reviewe

Towards RegOps : A DevOps Pipeline for Medical Device Software

The manufacture of medical devices is a strictly regulated domain in the European Union. Traditionally, medical software compliance activities have been considered manual, document-centric, and burdensome. At the same time, over the last decade, software companies have maintained competitiveness and improved by relying on essential practices of DevOps, such as process automation and delivery pipelines. However, applying the same principles in medical software can be challenging due to regulatory requirements. In this paper, we utilize a systematic approach to align the essential medical device software regulatory requirements from the standards IEC 62304 and IEC 82304-1 and integrate them into the software delivery pipeline, which is the main contribution of our work. The outcome supports practitioners to establish more efficient software delivery models while maintaining compliance with the medical device standards.acceptedVersionPeer reviewe

Implementing a Medical Device Software Risk Management Process by ISO 14971 in compliance with Agile Principles

The development of medical device software is strictly regulated by competent authorities. In addition to producing significant medical benefits, the medical device software can be a potential source of serious safety hazard to patients or healthcare professionals. The International Standard ISO 14971 was created to minimize the risks related to treatment of patients with the medical devices. Although agile software development has become a widely used method for developing software products, medical device manufacturers and regulators have been uncertain whether these practices are appropriate for the regulated environment. The purpose of this thesis is to research similarities and differences between ISO 14971 risk management process and agile principles. Furthermore, the aim is also to provide guidance and produce practical ideas for the implementation of the risk management process that meets the regulatory requirements and follows agile values and principles. The risk management standard ISO 14971 was thoroughly analyzed in order to find all process requirements. Similarly, the agile practices were studied through the Agile Manifesto and other essential resources of the field. The synthesis of the two concepts was produced based on the information gathered. The ideas produced in the research are presented as an example development process model which can be used as a reference implementation. The relatively high abstraction level of the model secures the generalizability of the research. When designing the risk management process implementation, it is essential to thoroughly understand the goals and principles of the regulatory framework. By following the guidance and instructions provided in this thesis, medical device software manufacturers should be able to create the applicable risk management process and to claim conformity to ISO 19471

On Medical Device Cybersecurity Compliance in EU

Peer reviewe