Medical Device Software Verification,Validation, and Compliance -- Contents -- Preface -- Acknowledgments -- PART I Background -- Chapter 1 The Evolution of Medical Device Software Validation and the Need forThis Book -- The Evolution of Validation in the Medical Device Industry -- Building a Language to Discuss Validation -- Terminology is the Foundation -- Correct Versus Consistent Terminology -- Terminology Need Not Be Entertaining -- Risk Management and Validation of Medical Device Software -- About This Book -- Goals of This Book -- Intended Audience -- Are You Wasting Time? -- References -- Chapter 2 Regulatory Background -- The FDA: 1906 Through 1990 -- How the FDA Assures Safety, Efficacy, and Security -- Quality System Regulations and Design Controls -- Understanding How Regulation Relates to Getting the Job Done -- Medical Devices Sold Outside the United States -- References -- Chapter 3 The FDA Software Validation Regulations and Why You Should Validate Software Anyway -- Why the FDA Believes Software Should Be Validated -- Therac 25 -- Building Confidence -- The Validation Regulations -- Why You Should Validate Software Anyway -- References -- Chapter 4 Organizational Considerations for Software Validation -- Regulatory Basis of Organizational Responsibility -- A Model for Quality Systems -- Roles, Responsibilities and Goals for the Quality System -- The Structure of the Quality System -- Quality System Processes -- Quality System Procedures -- Thinking Analytically About Responsibility -- Untangling Responsibilities, Approvals, and Signatures -- What Happened to the Author? -- The Meaning of Approval: What That Signature Means -- So, What Could Go Wrong with a Design Control Quality System? -- What Happened? -- Designing Streamlined RR&A Requirements for the Quality System.

Fixing the Problem: Designing a Value-Added Approval/SignatureProcess -- Regulatory Basis for Treating Approvals and Signatures Seriously -- Reference -- Chapter 5 The Software (Development) Life Cycle -- What Is a Software Life Cycle? -- Software Validation and SDLCs: The Regulatory Basis -- Why Are Software Development Life Cycle Models Important? -- What Do Different Software Development Life Cycle Models Look Like? -- Waterfall and Modified Waterfall -- Sashimi Modified Waterfall Model -- Spiral Model -- Extreme Programming: Agile Development Models1 -- How Do You Know What Life Cycle Model to Choose? -- How Do Software Development Life Cycles Relate to the Quality System? -- The ANSI/AAMI/IEC 62304:2006 Standard -- An Organization for the Remainder of This Book -- Reference -- Chapter 6 Verification and Validation: What They Are, What They Are Not -- What Validation is NOT -- Validation and Its Relationship to Verification and Testing -- Software Validation According to Regulatory Guidance -- Can Other Definitions of Validation Be Used? -- User Needs and Intended Uses -- Software Verification According to Regulatory Guidance -- How Design Controls, Verification, and Validation Are Related -- Validation Commensurate with Complexity and Risk -- Is All Validation Created Equal? -- Reference -- Chapter 7 The Life Cycle Approach to Software Validation -- Validation and Life Cycles -- Combined Development and Validation Waterfall Life Cycle Model -- A Validation Life Cycle Model -- The Generic or Activity Track Life Cycle Model -- Life Cycles and Industry Standards -- Final Thoughts on Selecting an Appropriate Life Cycle Model -- References -- Chapter 8 Supporting Activities that Span the Life Cycle: Risk Management -- Introduction to Activities Spanning the Life Cycle -- Risk Management -- Risk in the Regulations and Guidance Documents.

ISO 14971: Application of Risk Management to Medical Devices -- AAMI's TIR32:2004: Medical Device Software Risk Management -- Risk and the IEC 62304 Standard on Life Cycle Processes -- IEC/TR 80002-1: Application of 14971 to Medical Device Software -- The Risk Management Process -- The Language of Risk Management -- Risk Management Outputs -- The Risk Management Plan -- The Risk Management File -- Risk Management Concepts and Definitions -- Risk Management Activities -- Risk Analysis -- Qualitative Probability Analysis -- Ignoring Probability -- Qualitative Probabilities -- Risk Evaluation -- Risk Control -- Overall Residual Risk Evaluation -- Summary -- References -- Chapter 9 Other Supporting Activities: Planning, Reviews, Configuration Management,and Defect Management -- Planning -- Design and Development Planning -- Why Planning Is Important -- How Many Plans Are Required? -- Plan Structure and Content -- What Does a Plan Look Like? -- Evolving the Plan -- Configuration Management -- Regulatory Background -- Why Configuration Management? -- What Goes into a Configuration Management Plan? -- Defect (and Issue) Management -- Regulatory Background -- Why Defect Management Plans and Procedures Are Important -- Relationship to Configuration (Change) Management -- Planning for Defect Management -- Reviews -- Regulatory Background -- Why the Focus on Reviews? -- What Is Meant by a Review? -- Who Should Be Participating in the Reviews? -- How Reviews Are Conducted -- Traceability -- Why Traceability? -- Regulatory Background -- Traceability Beyond the Regulatory Guidance -- Practical Considerations: How It Is Done -- Trace Tools -- Trace Mapping -- Can Traceability Be Overdone? -- References -- PART II Validation of Medical Device Software -- Chapter 10 The Concept Phase Activities -- The Concept Phase -- Regulatory Background.

Why a System Requirements Specification Is Needed -- Validation Activities During the Concept Phase -- Make or Buy? Should Off-the-Shelf (OTS) Software Be Part of theDevice? -- The System Requirements Specification -- Who Is the Intended Audience? -- What Information Belongs in an SyRS? -- How Are System Requirements Gathered? -- Further Reading -- Select Bibliography -- Chapter 11 The Software Requirements Phase Activities -- Introduction -- Regulatory Background -- Why Requirements Are So Important -- The Role of Risk Management During Requirements Development -- Who Should Write the Software Requirements? -- The Great Debate: What Exactly Is a Requirement? -- Anatomy of a Requirement -- How Good Requirements Are Written -- Summary -- References -- Chapter 12 The Design and Implementation Phase Activities -- Introduction -- Regulatory Background -- Validation Tasks Related to Design Activities -- The Software Design Specification (Alias the Software Design Description) -- Evaluations and Design Reviews -- Communication Links -- Traceability Analysis -- Risk Management -- Validation Tasks Related to Implementation Activities -- Coding Standards and Guidelines -- Reuse of Preexisting Software Components -- Documentation of Compiler Outputs -- Static Analysis -- References -- Chapter 13 The Testing Phase Activities -- Introduction -- Regulatory Background -- Why We Test Software -- Defining Software Testing -- Testing Versus Exercising -- The Psychology of Testing -- Levels of Testing -- Unit-Level Testing -- Unit-Level Testing and Path Coverage -- McCabe Cyclomatic Complexity Metric and Path Coverage -- Other Software Complexity Metrics and Unit Test Prioritization -- Integration-Level Testing -- Device Communications Testing -- System-Level Software Testing -- System-Level Verification Testing Versus Validation Testing -- Testing Methods.

Equivalence Class Testing -- Boundary Value Testing -- Calculations and Accuracy Testing -- Error Guess Testing -- Ad Hoc Testing -- Captured Defect Testing -- Other Test Methods -- Test Designs, Test Cases, and Test Procedures -- Managing Testing -- The Importance of Randomness -- Independence -- Informal Testing -- Formal Testing -- Regression Testing -- Automated Testing -- Summary -- References -- Select Bibliography -- Chapter 14 The Maintenance Phase Validation Activities -- Introduction -- A Model for Maintenance Activities -- Software Release Activities: Version n -- Collection of Post-Market Data -- Process and Planning -- Sources of Post-Market Data -- Analysis -- The Maintenance Software Development Life Cycle(s) -- Software Development and Validation Activities -- Software Release Activities: Version n + 1 -- References -- PART III Validation of Nondevice Software -- Chapter 15 Validating Automated Process Software: Background -- Introduction -- Regulatory Background -- 21 CFR 820.70 (i) on Automated Processes -- 21 CFR 11 (Part 11)-Electronic Records and Electronic Signatures -- Nondevice Software Covered by These Regulations -- Factors that Determine the Nondevice Software Validation Activities -- Level of Control -- Type of Software -- Source of the Software -- Other Factors That Influence Validation -- Risk -- Size and Complexity -- Intended Use -- Confidence in the Source of the Software -- Intended Users -- Industry Guidance -- AAMI TIR36:2007: Validation of Software for Regulated Processes -- GAMP 5: Good Automated Manufacturing Practice -- Who Should Be Validating Nondevice Software? -- Reference -- Chapter 16 Planning Validation for Nondevice Software -- Introduction -- Choosing Validation Activities -- Do-It-Yourself Validation or Validation for Nonsoftware Engineers -- The Nondevice Software Validation Spectrum.

Life Cycle Planning of Validation.