Three steps for traceability in medical device software development quality and compliance
Table of Contents
This article originally appeared in Medical Design and Outsourcing News on September 7, 2024.
When reviewing the software in software-as-a-medical-device (SaMD), software-in-medical-devices (SiMD) and systems-of-systems-of-medical-devices (SosMD) at the FDA, I was always looking for sufficient evidence to justify the sponsor’s claim that the device performs as intended — safely and effectively.
The arguments to support this claim are derived from the manufacturers’ quality management system (QMS) quality assurance, design controls, and corrective and preventative action (CAPA) process artifacts, which include device distribution, post-market monitoring, and updates.
The concept of traceability between these artifacts was essential to establishing my confidence in a submission’s claimed safety and effectiveness. To understand why this is, you must first understand how a software (or most any product) application is created.
Paul is a world-renowned software safety expert who joined Ketryx following 25 years at the Food and Drug Administration (FDA). He helped create the FDA’s approach to safety-critical software and medical devices and founded the FDA’s software engineering lab. While holding committee positions with groups that handled medical software safety standards like ISO 13485, ISO/IEC 62304, and ISO 14971, he reviewed over 300 devices, carried out numerous inspections, and provided training to FDA staff on software quality, risk management, and software engineering. Prior to the FDA, he worked 20 years as a systems/software engineer for companies like Ford Motor, Electronic Data Systems, Honeywell, and SAIC. He holds a Master of Science degree in Computer Engineering from Loyola University, Maryland.
