Modernizing the Medical Device Factory to Work With Software

Medical device manufacturers have mastered the hardware factory — a systematic approach to building devices such as insulin pumps and pacemakers with a focus on quality, safety, and efficiency. However, taking a hardware factory approach to building software is like trying to use a Model T assembly line to build a Tesla. 

Companies that want to modernize and maintain a competitive advantage must embrace software manufacturing, a process and tooling framework for achieving optimal levels of speed, compliance, and scale for software products. Additionally, a growing number of FDA recalls are for software issues, which is why a streamlined software factory floor is not just a best practice but a must-have for MedTech companies.

The software manufacturing process 

The software manufacturing process is a way to think about software development and deployment in highly regulated industries such as medical devices. Instead of focusing only on developing innovative, feature-rich software, MedTech organizations also need to make sure it aligns well with its intended use and can be continuously monitored to ensure quality and safety.

This is analogous to the medical hardware manufacturing process as it requires tremendous rigor, consistency, standardization, and repeatable processes to ensure quality and scalability. However, software is different in that it is constantly being updated and is often being built on components that are also in flux, opening up new cybersecurity risks and attack surfaces.

Why companies need to modernize their digital factory floors  

Medical device manufacturers are very experienced at running hardware factories and high-quality manufacturing processes. For almost half a century, they’ve employed a systematic, good practice (GxP) approach to building medical devices with a focus on quality and safety in order to meet regulatory requirements that dictate whether or not their products can go to market. However, many companies struggle to apply a similar level of efficient quality control and postmarket surveillance at scale to their software products. 

Consider the industry's history: In the early days of medical device software, companies had small development teams that worked closely with manufacturing teams on limited projects, such as embedding software in device chips. But as time went on and software became more complex, development teams started working independently to develop what became known as software as a medical device (SaMD). SaMD can be standalone or part of connected systems. 

As a result, developers and their preferred tools and workflows have become siloed from the quality systems used to ensure medical device compliance and safety. Quality and product management tools such as PLMs and ALMS were originally created for hardware or small software systems within hardware systems. This means developers had to frequently leave their coding environments to complete quality and compliance tasks, slowing them down and dampening innovation.

Instead of building software in a hardware factory (i.e., using outdated, ill-fitting tools and processes), medical device companies need to modernize and adopt a streamlined software manufacturing approach. 

The modern software factory floor 

To help advance your medical device software development into the 21st century, let’s examine what an agile software factory looks like and the processes and tools required for long-term success across the software development lifecycle (SDLC).  

Software development planning

Careful planning is vital to developing high-quality software products. A well-planned development process helps ensure that the end product meets the needs of users and stakeholders while also considering important factors such as budget, resources, and time constraints. 

The planning process should include defining project goals and objectives, identifying the target audience, determining the project scope and requirements, and developing a detailed project plan with clear milestones and deadlines. 

Essential Criteria: Unlike a few decades ago when hardware requirements were practically set in stone, regulated software development requirements are constantly changing. This means your plan must remain highly flexible and adaptable. For example, you need to manage your requirements traceability in an agile way throughout development sprints. 

Software requirements analysis 

Software requirements analysis involves identifying and examining the needs, expectations, and constraints of all stakeholders, including end users, customers, and regulators. This information is then used to create a comprehensive set of requirements that the software must meet, including functional and non-functional requirements, constraints, and any other relevant details. 

Requirements analysis helps ensure that the final software product meets the needs of all stakeholders and is fit for purpose. It also helps minimize ambiguity and misunderstandings, reduce the risk of project failures, and ensure that the software development team has a clear understanding of the project goals and objectives. To be effective, software requirements analysis should be carried out by a multi-disciplinary team that includes representatives from relevant departments, such as product management, engineering, and quality assurance. 

Essential Criteria: To perform effective requirements analysis beyond this initial phase, companies need a way to connect their tools to ensure requirements are properly implemented and can be adjusted based on subsequent steps. They also need to continuously monitor software to identify potential risks and vulnerabilities that could impact product performance and patient safety. 

Software architecture and detailed design

Software architecture design involves creating a high-level, abstract representation of the software system, including its components, their relationships, and the constraints that must be considered. The goal of software architecture design is to create a blueprint for the software system that can guide the development process, ensuring that the final product meets the needs of stakeholders and supporting the evolution and maintenance of the software over time. Because of the inherent complexity and variability of software systems, this is more challenging compared to architecting physical products on factory floors. 

Software detailed design then takes the high-level concepts from the architecture design phase and defines the specific implementation details for each component of the software system. The detailed design phase defines how the software system will be built, including the specific algorithms and data structures that will be used, the interactions between components, and any constraints that must be considered. 

The detailed design phase should also consider important factors such as performance, scalability, and maintainability, as well as any relevant standards or regulations that must be followed (like IEC 62304). The output of the detailed design phase should be a comprehensive set of design documents, including technical specifications, flow charts, and algorithms, that serve as a road map for the software implementation phase. 

Essential Criteria: An architecture designed for change can adapt to future product requirements while still ensuring compliance with regulatory standards. Leading companies will take advantage of opportunities to relieve their regulatory burden by syncing popular developer tools with quality management systems to automate key tasks such as traceability updates. 

Software unit implementation and verification  

Software unit implementation and verification is a critical phase in which the detailed design specifications are transformed into working software. During this phase, individual software components are implemented and tested in isolation to verify that they meet the design specifications. This process helps to identify and correct any issues early in the development process when they are easier and less expensive to fix. 

Effective software unit implementation and verification requires a thorough understanding of the detailed design specifications and the use of best practices for software development, such as using version control systems and a formal software development process. 

The output of this phase should be a set of verified software units ready to be integrated into the larger software system. Each unit should be reviewed by multiple software developers or architects as required by the FDA. Thorough testing and verification, including unit testing, integration testing, and regression testing, are important to ensure the quality of the software units. This confirms that the software system meets stakeholders' requirements and is ready to be deployed to production. 

Essential Criteria: During this core development phase, software teams are typically expected to jump between their preferred tools (e.g., Jira) and manual spreadsheets to ensure they are taking the right steps in the correct sequence. To make this more seamless, look for a tool capable of automatically enforcing guardrails based on QMS procedures and generating Part 11-compliant audit trails to save developers time and boost productivity. 

Software integration and integration testing 

Software integration and integration testing are crucial phases in the software manufacturing process where individual software units are combined to form a complete software system. During this phase, the software components are integrated and tested together to verify that they interact correctly and meet the overall requirements of the software system. The process of software integration is often iterative, as issues may arise during the testing phase that must be addressed. 

Essential Criteria: The integration testing phase should be carried out using a systematic and methodical approach, including integration test cases and automated testing tools, to ensure that the software system meets stakeholders' requirements. 

Software system testing and validation 

Software system testing is one of the last phases of the software manufacturing process. In this phase, the complete software system is tested to verify that it meets stakeholders' requirements and is fit for purpose. The software system is subjected to a comprehensive battery of tests to identify any issues or defects that may impact its functionality or performance. Testing is an ideal place to incorporate automation, as these processes are traditionally very manual. 

Thorough testing and verification, including performance testing, security testing, and regression testing, are important to ensure the quality of the software system. Similar to unit testing, the goal of system testing is to identify any issues with the software system before it is released when those issues are easier and less expensive to fix. 

Essential Criteria: Ideally, your developer tools and quality systems should be connected in a way that allows you to connect and trace automated tests to requirements, risk controls, and specifications. Without streamlined traceability, teams will have to spend a great deal of time managing information across multiple systems and will run the risk of making errors as this burden grows. 

Software release and distribution 

Software release is the final phase in which the completed software system is made available to stakeholders. During this phase, the software system is packaged and deployed to production, and any necessary documentation is updated to reflect the latest version of the software. 

The release process should be carefully planned and managed to ensure that the deployment is carried out smoothly and with minimal disruption. At this point, you should be very confident that the software is ready to enter the market and that all regulatory and quality requirements have been met.

Essential Criteria: This is another area in which automated guardrails provide significant value, as they can ensure that only validated releases are deployed to production. Taking advantage of opportunities to leverage automation and computer-driven quality and compliance checks can speed up your release cycle from months to as little as two weeks. 

Postmarket surveillance and cybersecurity 

Postmarket surveillance and change control are ongoing activities that are carried out after the main software manufacturing process is complete. Activities such as monitoring, reporting, and corrective actions are necessary to maintain the quality of medical software and to address any issues or user feedback. 

Security concerns are a major element of postmarket surveillance. Companies must be able to monitor the current cybersecurity landscape and continuously update their software as new threats and vulnerabilities emerge. As these updates are made, it’s also important to have proper change control processes in place to ensure that all changes made to the software are approved, validated, and documented. 

Essential Criteria: Manually monitoring your software stack for vulnerabilities is very time- and resource-intensive. That’s why it’s recommended that you adopt a tool that can continuously monitor for vulnerabilities and provide real-time alerts for issues that come up at any point in the product lifecycle. 

The fastest way to achieve a best-in-class software factory 

Considering the criteria we’ve recommended for each phase of the SDLC, a streamlined, end-to-end software manufacturing process has two principal needs: 

• The ability to automatically enforce QMS procedures in developers’ systems of work. 
• The ability to automatically generate FDA-compliant evidence from systems of work.

Ketryx is the best way to meet both of these requirements and establish a best-in-class software factory. Our Connected Lifecycle Management platform connects your quality systems and essential developer tools to automatically enforce procedures, generate required documentation, and orchestrate releases with optimal efficiency. 

Specifically, Ketryx provides:

• Seamless integration with preferred developer tools: Ketryx integrates directly with native development environments, including CI/CD pipelines and familiar tools like Jira, Bitbucket, and GitHub. 
• Full SDLC traceability: Ketryx automatically provides real-time traceability of the entire SDLC and links activities to your requirements traceability matrix. 
• Automated SBOM generation: Ketryx automates the entire process of generating and maintaining an FDA-compliant SBOM directly from source code or an imported SPDX or CycloneDX file. 
• Submission-ready reports: Ketryx generates Part 11-compliant audit trails directly from your team’s favorite tools, automatically creating evidence while they are coding. 
• Automated process enforcement: Ketryx embeds controls that prevent process deviation by enforcing your standard operating procedures across your software development stack. 

As medical software grows increasingly complex (e.g., AI-driven) and interconnected, companies will struggle to keep up if they continue using a hardware factory approach. Modernizing your digital factory floor is required to ensure speed, quality, reuse, and scalability. Ketryx is the best way to strategize and execute a best-in-class software manufacturing process while freeing up developers to work within their preferred tools. 

‍Download the PCCP template to learn more about how you can invest in your AI/ML-enabled software factory.