SlideShare una empresa de Scribd logo

Rx for FDA Software Compliance

Parasoft
Parasoft

The FDA recommends implementing a coding standard during medical device software development. In practice, this means running a static analysis tool to detect any problematic constructs that could lead to problems down the road. But if you think you can simply download an analyzer and go, you might consider that the FDA requires documented details associated with code quality activities. What standard are you going to check against? What rules in the analyzer cover the standard? Which rules are you suppressing? The implementation of static analysis is enough to cause headaches, gastrointestinal discomfort, and other side-effects. In these webinar slides, we’ll prescribe some static analysis implementation best practices to relieve your FDA compliance symptoms, including:  • The benefits of static analysis and what to look for in an analyzer  • How to automate static analysis execution  • How to integrate static analysis within your software development processes.  • How to reduce noise and stop wasting time manually triaging results 

Software
1 de 53
Descargar para leer sin conexión
Parasoft Corporation © 2016 1 2016-09-26 Rx for FDA Software Compliance August 2016
Parasoft Corporation © 2016 22 Your Presenters Arthur Hicken is Chief Evangelist at Parasoft where he has been involved in automating various software development and testing practices for over 20 years. He has worked on projects including cybersecurity, database development, the software development lifecycle, web publishing and monitoring, and integration with legacy systems. Follow him on Twitter @codecurmudgeon Kelly Weyrauch has more than 30 years of software and systems development experience, and 20 years of focus on software processes and quality systems for medical devices. As an independent consultant, he works with software and systems creators to apply Agile concepts and Quality Management System requirements to the unique context of their development environment. Follow him on LinkedIn @kellyweyrauch
Parasoft Corporation © 2016 33 Agenda What the FDA expects IEC 62304 Benefits of static analysis How to integrate static analysis How to reduce noise and stop wasting time
Parasoft Corporation © 2016 4 2016-09-26 Introduction to Medical Device Software Regulations Where do Static Analysis Tools fit in? Kelly Weyrauch – Agile Quality Systems LLC
Parasoft Corporation © 2016 5  Software as a Medical Device  Software-only  Part of a medical device system  Software used to develop/manufacture/manage a device  Development environments & tools  Automated test systems  Manufacturing systems  …  Quality Management System tools  CAPA & Issue Tracking systems  Complaint handling systems  Document Control  … Scope of Software Regulations (c) Agile Quality Systems 2016
Parasoft Corporation © 2016 6  21 CFR 820  Quality System Regulation  820.30 Design Controls  21 CFR 11  Electronic Records; Electronic Signatures  ISO 13485  Medical devices— Quality management systems  Section 7 – Product Realization  IEC 62304  Medical device software— Software life cycle processes  ISO 14971  Medical devices — Application of risk management to medical devices Software Development Regulations and Standards (c) Agile Quality Systems 2016
Parasoft Corporation © 2016 7  GPSV  General Principles of Software Validation (FDA)  AAMI TIR45:2012  Guidance on the Use of AGILE Practices in the Development of Medical Device Software  AAMI TIR36:2007  Validation of software for regulated processes  Many other, more specialized standards & guidance documents Software Development Guidance (c) Agile Quality Systems 2016
Parasoft Corporation © 2016 8  FDA is responsible for protecting the public health by assuring the safety, efficacy and security of human and veterinary drugs, biological products, medical devices, our nation’s food supply, cosmetics, and products that emit radiation.  FDA is also responsible for advancing the public health by helping to speed innovations that make medicines more effective, safer, and more affordable and by helping the public get the accurate, science-based information they need to use medicines and foods to maintain and improve their health. …  ... (http://www.fda.gov/AboutFDA/WhatWeDo/)  Same things Industry wants!  Industry & Regulatory should align on the same goals  Requires effort to show they are aligned FDA Mission Statement (c) Agile Quality Systems 2016
Parasoft Corporation © 2016 9  Satisfying regulatory expectations should be a natural result of doing good work  Should not be viewed as  Adversarial  Conflicting  Bureaucratic  Legalistic  Impractical  Offensive to your engineering sensibilities  … Industry & Regulatory Alignment (c) Agile Quality Systems 2016
Parasoft Corporation © 2016 11  21 CFR 820 mentions software only 3 times  820.30(g) Design Controls: Design Validation  “Design validation shall include software validation and risk analysis, where appropriate.” (No definition of what “Software Validation” means.)  820.70(i) Production & Process Controls: Automated Processes  “When computers or automated data processing systems are used as part of production or the quality system, the manufacturer shall validate computer software for its intended use according to an established protocol.”  820.181(a) Device Master Record  “Device specifications including … software specifications”  Software “requirements” (expectations) come from Guidance Documents  General Principles of Software Validation (GPSV)  Guidance for the Content of Premarket Submissions for Software Contained in Medical Devices  Others FDA Software Regulations (c) Agile Quality Systems 2016
Parasoft Corporation © 2016 12  Regulators often not experienced with software  For software as a medical device, may bring bias of hardware-development experience, especially with assumptions of a linear lifecycle  For software tools, may bring bias of manufacturing systems  So you should be the software expert  Showing how your process satisfies regulations FDA Software Regulations (c) Agile Quality Systems 2016
Parasoft Corporation © 2016 13  Explain what you do  In Processes and Plans  Demonstrate that you do it  By producing adequate records  “Demonstrate” may seem like non-value- added burden  Especially to those doing the work  Necessary, so find ways to optimize the value/cost, to avoid the perception of “burden” Be In Control, Show That You Are In Control (c) Agile Quality Systems 2016
Parasoft Corporation © 2016 15  …Is ALWAYS a lousy reason  Too simple  Offloads responsibility for owning our process  Often a cover for another argument, usually one that is not well thought out and probably dysfunctional  We own our process (and the FDA does say that)  But regulators are stakeholders to be satisfied  Satisfy ourselves that your process is good, and the regulators will be satisfied “Cuz the FDA Said So…” (c) Agile Quality Systems 2016
Parasoft Corporation © 2016 16  Build a good product  Safe & Effective  Have a good process for building that product  Do good work  With evidence of that good work  Tell a good story that will convince anyone  Why you think your product is good  Why you think your process is good  That you know what you are doing Keys To Success (c) Agile Quality Systems 2016
Parasoft Corporation © 2016 17  Specifically created for medical device software  Though many elements are foundational to any robust software development process IEC 62304 (c) Agile Quality Systems 2016
Parasoft Corporation © 2016 18  A framework – processes, activities and tasks  Identifies requirements for  What needs to be done  What needs to be documented  Software only  Assumes software is part of a broader system that defines higher-level activities for design inputs and design (product) validation IEC 62304 – What it is (c) Agile Quality Systems 2016
Parasoft Corporation © 2016 19  Does not prescribe how to meet the requirements  Not a “how to” with defined methods or practices  Does not require a specific software life cycle  Does not specify documents  Says what to document, not where it must go.  These decisions are left to you IEC 62304 – What it isn’t (c) Agile Quality Systems 2016
Parasoft Corporation © 2016 2020 IEC 62304 Medical Device Software – Software Life Cycle Processes (c) Agile Quality Systems 2016 SYSTEM development ACTIVITIES (including RISK MANAGEMENT) Customer needs Customer needs satisfied 7 Software RISK MANAGEMENT 8 Software configuration management 9 Software problem resolution Activities outside the scope of this standard 5.2 Software requirements analysis 5.1 Software development planning 5.8 Software release 5.7 Software SYSTEM testing 5.3 Software ARCHITECTURAL design 5.4 Software detailed design 5.6 Software integration and integration testing 5.5 Software UNIT implementation
Parasoft Corporation © 2016 21  Mentioned briefly in FDA General Principles of Software Validation, 2002  In 2000’s, driven largely by concerns over the high failure rate in infusion pump systems & software, FDA recognizes value in using Static Analysis techniques to reduce software errors  Often an “expectation” in submissions and quality system inspections Static Analysis (c) Agile Quality Systems 2016
Parasoft Corporation © 2016 2222 Software Unit Implementation (c) Agile Quality Systems 2016 SYSTEM development ACTIVITIES (including RISK MANAGEMENT) Customer needs Customer needs satisfied 7 Software RISK MANAGEMENT 8 Software configuration management 9 Software problem resolution Activities outside the scope of this standard 5.2 Software requirements analysis 5.1 Software development planning 5.8 Software release 5.7 Software SYSTEM testing 5.3 Software ARCHITECTURAL design 5.4 Software detailed design 5.6 Software integration and integration testing 5.5 Software UNIT implementation
Parasoft Corporation © 2016 23  Implement software units – write the code  Establish acceptance criteria for software units  Coding Standards are a “should have” (defined in the Plan)  Establish strategies, methods and procedures for verifying each software unit  Reviews  Static Analysis  Unit Tests  Address this in the Verification Strategy section of the Plan  Perform and document results of software unit verification  According to the strategies and methods  Does not require all software units to be tested Software Unit Implementation (c) Agile Quality Systems 2016
Parasoft Corporation © 2016 2424 Software Integration and Integration Testing (c) Agile Quality Systems 2016 SYSTEM development ACTIVITIES (including RISK MANAGEMENT) Customer needs Customer needs satisfied 7 Software RISK MANAGEMENT 8 Software configuration management 9 Software problem resolution Activities outside the scope of this standard 5.2 Software requirements analysis 5.1 Software development planning 5.8 Software release 5.7 Software SYSTEM testing 5.3 Software ARCHITECTURAL design 5.4 Software detailed design 5.6 Software integration and integration testing 5.5 Software UNIT implementation
Parasoft Corporation © 2016 25  Integrate the software units (build the software system)  Verify that software units have been integrated (build was successful)  Review of build procedures, make-files, configurations, etc.  Compiler checks, static analysis, etc.  Test integrated software system performs as expected in accordance with plan  Functionality, behavior, performance, etc  Regression tests  Document test results  Can be done as part of software system testing (see later slide)  Capture problems (software problem resolution process) Software Integration and Integration Testing (c) Agile Quality Systems 2016
Parasoft Corporation © 2016 26  Define in your Software Development Procedure/Processes:  Strategy for using Static Analysis as a part of your overall verification strategy  Requirements for how and when to use it  As part of code (unit-level) verification  As part of integration verification Recommendation for use of Static Analysis (c) Agile Quality Systems 2016
Parasoft Corporation © 2016 27  Kelly Weyrauch  Kelly@AgileQualitySystems.com  763-688-0980  www.AgileQualitySystems.com  Connect with me on LinkedIn Contact Information (c) Agile Quality Systems 2016
Parasoft Corporation © 2016 2828 Recalls due to Software Failure http://www.fda.gov/downloads/AboutFDA/CentersOffices/OfficeofMedical ProductsandTobacco/CDRH/CDRHReports/UCM308208.pdf
Parasoft Corporation © 2016 2929 FDA on Static Analysis 3.1.2 “Software testing is one of many verification activities intended to confirm that software development output meets its input requirements. Other verification activities include various static and dynamic analyses, code and document inspections, walkthroughs, and other techniques.” 5.2.4 “Source code should be evaluated to verify its compliance with specified coding guidelines.” General Principles of Software Validation; Final Guidance for Industry and FDA Staff
Parasoft Corporation © 2016 3030 What Choice  Prevent Defect Insertion Quality System Design Control Risk Management  Remove Defects by Detection Code Review Design Review Testing: unit, integration, system, alpha, beta Customer Dissatisfaction Recall  Roll the dice John Murray, US FDA, March 2008
Parasoft Corporation © 2016 3131 Fix or Prevent
Parasoft Corporation © 2016 3232 Static analysis is more than detection  Relationship of automated analysis  Preventative static analysis  Flow analysis  Runtime error detection  Uninitialized memory example  Runtime will find it IF the test suite is thorough  Flow analysis may find it depending on complexity  Pattern to prevent: Initialize variables upon declaration  Many standards like MISRA are focused on prevention rather than detection
Parasoft Corporation © 2016 3333 Static analysis – what it can do  Identify defective code - runtime bugs  Flag defect-prone code (possible bugs and “gotchas”)  Suggest defensive programming practices  Monitor application-specific guidelines (e.g. portability)  Enable policy enforcement (security)  Flag unmaintainable / poorly readable / “dialect” code
Parasoft Corporation © 2016 3434 Sample Static Analysis Policy  Which rules run on all code  Which rules run on certain conditions  International, performance, etc  What level of compliance is required  When are suppressions acceptable  Where does SA fit the process
Parasoft Corporation © 2016 3535 Static Analysis Feedback Loop Identify Error Isolate Root Cause Fix New Rule to Prevent Monitor  Code review  Regression  QA  Field bugs
Parasoft Corporation © 2016 3636 How to choose rules  Based on why you’re using static analysis  Study expected issues  Analyze bug-tracking system  Don’t just turn on rules because it’s a good idea  Pick few enough to use sustainably
Parasoft Corporation © 2016 3737 Why MISRA for Medical?  Coding Standards  Well-defined  Updated  Flexible  Deviation Strategy  Auditable  What else would you start with?
Parasoft Corporation © 2016 3838 FDA/MISRA Alignment FDA Guideline MISRA Capability “Least burdensome approach” Lightweight and flexible Company defines standards Proven standards pre-packaged Work must be traceable Provides traceability methodology Process must be auditable Defines auditable reports
Parasoft Corporation © 2016 3939 Sample Rules for FDA Static Analysis  Avoid accessing arrays out of bounds  Avoid use before initialization  Avoid null pointer dereferencing  Avoid overflows due to [various causes]  Avoid division by zero  Ensure deallocation functions guarantee resource freeing  Do not use resources that have been freed  Do not free resources using invalid pointers  Do not abandon unreleased locks  Do not use blocking functions while holding a lock  Ensure resources are freed  Do not abandon unreleased locks  Properly terminate character strings  Never return a reference to a local object
Parasoft Corporation © 2016 4040 Dashboards Vs Process Intelligence 1970s Electrocardiogram • Isolated data points • No priority • No warnings – just data • No analysis 21st Century Monitor • Multi-variate analysis • Customizable • Critical alerts • Valuable data
Parasoft Corporation © 2016 4141 Harnessing “Big” Data  Aggregate data  Correlate data  Mine data  Create  Reports  Dashboards  Tasks  Alerts  Continuous testing/delivery/release
Parasoft Corporation © 2016 4242 Execution / CI Build Parasoft DTP RawObservations Parasoft Development Testing Platform Static Analysis Engine Testing and Coverage PHPMD API FindBugs API CheckStyle API Other 3rd Party … API Desktop IDE Web UI External SystemRequirements and Defects Source Control Workflow (Task) Intelligence (Dashboards/ Reports) Practice/ Domain Data (REST API) Prioritized Findings Web UI Process Intelligence Engine Policy Management
Parasoft Corporation © 2016 4343 Parasoft Development Testing Platform Optimal Routes Historic Data Road Construction Traffic Conditions Map/Road Data Speed Limits
Parasoft Corporation © 2016 4444 Parasoft DTP Process Intelligence Engine PIE – Derivative (Predictive) Analysis External Systems Application Hotspots Prioritized Actionable Information External Processes 3rd Party System CI/CD/CR Infrastru cture System Monitoring Product FeedbackCustomer Support Code Review Metrics People Code Defect Static Analysis Tests User Stories Coverage Parasoft DTP
Parasoft Corporation © 2016 4545 What can PIE do? What do I test first? Where is the business logic and how testable is it? Test Stability Index; Look at your unstable tests. Identify valuable Tests Find Application Hotspots: Technical Risk vs Business Risk, Technical Debt, Density KPIs, Clusters I made changes, which tests need to be re-run? What is the risk of new code? Did I test the new code changes? Don’t make the problem worse & review existing issues when your working with code
Parasoft Corporation © 2016 46 2016-09-26 Real world examples
Parasoft Corporation © 2016 4747 Customer Challenge: Reducing the Burden of Compliance  In order to develop solutions for the pharmaceutical market, a company must not only follow very strict requirements, but also prove that they actually satisfied these rigorous expectations. To achieve this, they must provide evidence that the system is designed, constructed, and tested according to best practices implemented throughout the various phases of the lifecycle.
Parasoft Corporation © 2016 4848 The Benefit: Faster, Easier, Better Documented Compliance  Time saved doing tedious tasks  Better consistency  Easy traceability and auditability  Precisely fit to their needs ”With Parasoft’s solution, previously arduous, boring and difficult-to-document tasks were transformed into tasks that we could perform systematically— in an automated and rapid manner.“
Parasoft Corporation © 2016 4949 Customer Challenge: Streamline Certification for Medical Device Software under IEC 62304 “Our products are used intraoperative. If any failure occurs during an operation, the operation might have to be aborted. Moreover, since we monitor nerves and their signals, incorrect interpretations and decisions made by our software could lead to wrong decisions by the user...and could cause injuries for the patient.” The US FDA accepts IEC 62304 compliance as evidence that medical device software has been designed to an acceptable standard.
Parasoft Corporation © 2016 5050 The Solution: Automating Risk Management Processes with Parasoft  Multiple languages: C, C++, .NET  Integration with existing systems: IDE, bug- tracking, source control
Parasoft Corporation © 2016 5151 The Benefit: Increased Efficiency through Automation “The current level of verification for each requirement task (including task pass/fail status and coverage) is bi-directionally traceable to all associated tests. Full traceability is crucial for IEC compliance. Using the Parasoft solution significantly increases our efficiency because many manual steps could be automated.“
Parasoft Corporation © 2016 5252 Parasoft Support for FDA Static analysis Policy definition management Requirement definition and tracking Unit test Peer review Runtime error detection Coverage
Parasoft Corporation © 2016 5353 Summary Financial and health risks are increasing FDA requires a rigorous mature process Static analysis both provides tight controls and prevents real problems from occuring Proper configuration and deployment reduce common static analysis problems
Parasoft Corporation © 2016 5454 FDA Resources  FDA - “General Principles of Software Validation” http://www.fda.gov/MedicalDevices/DeviceRegulationandGuidance/Guidan ceDocuments/ucm085281.htm …guidance outlines general validation principles that the Food and Drug Administration (FDA) considers to be applicable to the validation of medical device software…  FDA – 21 CFR 820  http://www.accessdata.fda.gov/scripts/cdrh/cfdocs/cfcfr/CFRSearch .cfm?CFRPart=820&showFR=1 …Quality System Regulations  ANSI/AAMI 62304 “Medical device software-Software life cycle processes” http://webstore.ansi.org/ …A recommended practice provides guidelines for the use, care, and/or processing of a medical device or system.
Parasoft Corporation © 2016 5555  Blog: http://alm.parasoft.com  Web: http://www.parasoft.com/jsp/resources  Facebook: https://www.facebook.com/parasoftcorporation  Twitter: @Parasoft @CodeCurmudgeon  LinkedIn: http://www.linkedin.com/company/parasoft  Google+ Community: Static Analysis for Fun and Profit IoT API's session - API World - San Jose, CA Sep 13th Managing Auto Supply Chain Risk – Automotive Software Kongress - Germany Sep 21-22 StarWest Conference - Anaheim CA - Oct 5-6

Recomendados

No Devops Without Continuous Testing
No Devops Without Continuous TestingNo Devops Without Continuous Testing
No Devops Without Continuous TestingParasoft
 
Driving Risks Out of Embedded Automotive Software
Driving Risks Out of Embedded Automotive SoftwareDriving Risks Out of Embedded Automotive Software
Driving Risks Out of Embedded Automotive SoftwareParasoft
 
ABC's of Service Virtualization
ABC's of Service VirtualizationABC's of Service Virtualization
ABC's of Service VirtualizationParasoft
 
The Legend of Software Hollow: Defeating the Headless Horseman of Faulty Appl...
The Legend of Software Hollow: Defeating the Headless Horseman of Faulty Appl...The Legend of Software Hollow: Defeating the Headless Horseman of Faulty Appl...
The Legend of Software Hollow: Defeating the Headless Horseman of Faulty Appl...Parasoft
 
AppsSec In a DevOps World
AppsSec In a DevOps WorldAppsSec In a DevOps World
AppsSec In a DevOps WorldParasoft
 
Deploy + Destroy Complete Test Environments
Deploy + Destroy Complete Test EnvironmentsDeploy + Destroy Complete Test Environments
Deploy + Destroy Complete Test EnvironmentsParasoft
 
Accelerate Agile Development with Service Virtualization - Czech Test
Accelerate Agile Development with Service Virtualization - Czech TestAccelerate Agile Development with Service Virtualization - Czech Test
Accelerate Agile Development with Service Virtualization - Czech TestParasoft
 
FDA software compliance 2016
FDA software compliance 2016FDA software compliance 2016
FDA software compliance 2016Engineering Software Lab
 

Recomendados

No Devops Without Continuous Testing
No Devops Without Continuous TestingNo Devops Without Continuous Testing
No Devops Without Continuous TestingParasoft
 
Driving Risks Out of Embedded Automotive Software
Driving Risks Out of Embedded Automotive SoftwareDriving Risks Out of Embedded Automotive Software
Driving Risks Out of Embedded Automotive SoftwareParasoft
 
ABC's of Service Virtualization
ABC's of Service VirtualizationABC's of Service Virtualization
ABC's of Service VirtualizationParasoft
 
The Legend of Software Hollow: Defeating the Headless Horseman of Faulty Appl...
The Legend of Software Hollow: Defeating the Headless Horseman of Faulty Appl...The Legend of Software Hollow: Defeating the Headless Horseman of Faulty Appl...
The Legend of Software Hollow: Defeating the Headless Horseman of Faulty Appl...Parasoft
 
AppsSec In a DevOps World
AppsSec In a DevOps WorldAppsSec In a DevOps World
AppsSec In a DevOps WorldParasoft
 
Deploy + Destroy Complete Test Environments
Deploy + Destroy Complete Test EnvironmentsDeploy + Destroy Complete Test Environments
Deploy + Destroy Complete Test EnvironmentsParasoft
 
Accelerate Agile Development with Service Virtualization - Czech Test
Accelerate Agile Development with Service Virtualization - Czech TestAccelerate Agile Development with Service Virtualization - Czech Test
Accelerate Agile Development with Service Virtualization - Czech TestParasoft
 
FDA software compliance 2016
FDA software compliance 2016FDA software compliance 2016
FDA software compliance 2016Engineering Software Lab
 
Better Software East 2016: Evolving Automated to Continuous
Better Software East 2016: Evolving Automated to ContinuousBetter Software East 2016: Evolving Automated to Continuous
Better Software East 2016: Evolving Automated to ContinuousParasoft
 
Evolving from Automated to Continous Testing for Agile and DevOps
Evolving from Automated to Continous Testing for Agile and DevOpsEvolving from Automated to Continous Testing for Agile and DevOps
Evolving from Automated to Continous Testing for Agile and DevOpsParasoft
 
EuroSPI 2016 - Software Safety and Security Through Standards
EuroSPI 2016 - Software Safety and Security Through StandardsEuroSPI 2016 - Software Safety and Security Through Standards
EuroSPI 2016 - Software Safety and Security Through StandardsArthur Hicken
 
Shifting the conversation from active interception to proactive neutralization
Shifting the conversation from active interception to proactive neutralization Shifting the conversation from active interception to proactive neutralization
Shifting the conversation from active interception to proactive neutralization Rogue Wave Software
 
Introducing: Klocwork Insight Pro | November 2009
Introducing: Klocwork Insight Pro | November 2009Introducing: Klocwork Insight Pro | November 2009
Introducing: Klocwork Insight Pro | November 2009Klocwork
 
An Essential Guide to Effective Test Automation Leveraging Open Source
An Essential Guide to Effective Test Automation Leveraging Open SourceAn Essential Guide to Effective Test Automation Leveraging Open Source
An Essential Guide to Effective Test Automation Leveraging Open SourceRapidValue
 
A "Firewall" for Bad Binaries
A "Firewall" for Bad BinariesA "Firewall" for Bad Binaries
A "Firewall" for Bad BinariesSonatype
 
DevOps 2017 Conf: evolving from automated to continuous
DevOps 2017 Conf: evolving from automated to continuousDevOps 2017 Conf: evolving from automated to continuous
DevOps 2017 Conf: evolving from automated to continuousArthur Hicken
 
APIs Gone Wild - Star West 2013
APIs Gone Wild - Star West 2013APIs Gone Wild - Star West 2013
APIs Gone Wild - Star West 2013Erika Barron
 
How to Avoid Continuously Delivering Faulty Software
How to Avoid Continuously Delivering Faulty SoftwareHow to Avoid Continuously Delivering Faulty Software
How to Avoid Continuously Delivering Faulty SoftwareParasoft
 
Top 5 best practice for delivering secure in-vehicle software
Top 5 best practice for delivering secure in-vehicle softwareTop 5 best practice for delivering secure in-vehicle software
Top 5 best practice for delivering secure in-vehicle softwareRogue Wave Software
 
Testing a Microservices Architecture
Testing a Microservices ArchitectureTesting a Microservices Architecture
Testing a Microservices ArchitectureParasoft
 
What Do Defects Really Cost? Much More Than You Think
What Do Defects Really Cost? Much More Than You ThinkWhat Do Defects Really Cost? Much More Than You Think
What Do Defects Really Cost? Much More Than You ThinkTechWell
 
A Secure DevOps Journey
A Secure DevOps JourneyA Secure DevOps Journey
A Secure DevOps JourneyVeracode
 
10 Steps To Secure Agile Development
10 Steps To Secure Agile Development10 Steps To Secure Agile Development
10 Steps To Secure Agile DevelopmentCheckmarx
 
Continuous Integration for Mobile App Testing
Continuous Integration for Mobile App TestingContinuous Integration for Mobile App Testing
Continuous Integration for Mobile App TestingInfostretch
 
Continuous testing
Continuous testing Continuous testing
Continuous testing Dr Ganesh Iyer
 
Software Quality as a Competitive Differentiator
Software Quality as a Competitive Differentiator Software Quality as a Competitive Differentiator
Software Quality as a Competitive Differentiator DevOps.com
 
Software Quality as a Competitive Differentiator
Software Quality as a Competitive Differentiator Software Quality as a Competitive Differentiator
Software Quality as a Competitive Differentiator DevOps.com
 
Continuous Testing- A Key Ingredient for Success in Agile & DevOps
Continuous Testing- A Key Ingredient for Success in Agile & DevOpsContinuous Testing- A Key Ingredient for Success in Agile & DevOps
Continuous Testing- A Key Ingredient for Success in Agile & DevOpsSmartBear
 
An Overview for Software as a Medical Device (SaMD)
An Overview for Software as a Medical Device (SaMD)An Overview for Software as a Medical Device (SaMD)
An Overview for Software as a Medical Device (SaMD)DePuy Synthes
 
R eliminating fear, uncertainty and doubt
R eliminating fear, uncertainty and doubtR eliminating fear, uncertainty and doubt
R eliminating fear, uncertainty and doubtMikeKSmith
 

Más contenido relacionado

La actualidad más candente

Better Software East 2016: Evolving Automated to Continuous
Better Software East 2016: Evolving Automated to ContinuousBetter Software East 2016: Evolving Automated to Continuous
Better Software East 2016: Evolving Automated to ContinuousParasoft
 
Evolving from Automated to Continous Testing for Agile and DevOps
Evolving from Automated to Continous Testing for Agile and DevOpsEvolving from Automated to Continous Testing for Agile and DevOps
Evolving from Automated to Continous Testing for Agile and DevOpsParasoft
 
EuroSPI 2016 - Software Safety and Security Through Standards
EuroSPI 2016 - Software Safety and Security Through StandardsEuroSPI 2016 - Software Safety and Security Through Standards
EuroSPI 2016 - Software Safety and Security Through StandardsArthur Hicken
 
Shifting the conversation from active interception to proactive neutralization
Shifting the conversation from active interception to proactive neutralization Shifting the conversation from active interception to proactive neutralization
Shifting the conversation from active interception to proactive neutralization Rogue Wave Software
 
Introducing: Klocwork Insight Pro | November 2009
Introducing: Klocwork Insight Pro | November 2009Introducing: Klocwork Insight Pro | November 2009
Introducing: Klocwork Insight Pro | November 2009Klocwork
 
An Essential Guide to Effective Test Automation Leveraging Open Source
An Essential Guide to Effective Test Automation Leveraging Open SourceAn Essential Guide to Effective Test Automation Leveraging Open Source
An Essential Guide to Effective Test Automation Leveraging Open SourceRapidValue
 
A "Firewall" for Bad Binaries
A "Firewall" for Bad BinariesA "Firewall" for Bad Binaries
A "Firewall" for Bad BinariesSonatype
 
DevOps 2017 Conf: evolving from automated to continuous
DevOps 2017 Conf: evolving from automated to continuousDevOps 2017 Conf: evolving from automated to continuous
DevOps 2017 Conf: evolving from automated to continuousArthur Hicken
 
APIs Gone Wild - Star West 2013
APIs Gone Wild - Star West 2013APIs Gone Wild - Star West 2013
APIs Gone Wild - Star West 2013Erika Barron
 
How to Avoid Continuously Delivering Faulty Software
How to Avoid Continuously Delivering Faulty SoftwareHow to Avoid Continuously Delivering Faulty Software
How to Avoid Continuously Delivering Faulty SoftwareParasoft
 
Top 5 best practice for delivering secure in-vehicle software
Top 5 best practice for delivering secure in-vehicle softwareTop 5 best practice for delivering secure in-vehicle software
Top 5 best practice for delivering secure in-vehicle softwareRogue Wave Software
 
Testing a Microservices Architecture
Testing a Microservices ArchitectureTesting a Microservices Architecture
Testing a Microservices ArchitectureParasoft
 
What Do Defects Really Cost? Much More Than You Think
What Do Defects Really Cost? Much More Than You ThinkWhat Do Defects Really Cost? Much More Than You Think
What Do Defects Really Cost? Much More Than You ThinkTechWell
 
A Secure DevOps Journey
A Secure DevOps JourneyA Secure DevOps Journey
A Secure DevOps JourneyVeracode
 
10 Steps To Secure Agile Development
10 Steps To Secure Agile Development10 Steps To Secure Agile Development
10 Steps To Secure Agile DevelopmentCheckmarx
 
Continuous Integration for Mobile App Testing
Continuous Integration for Mobile App TestingContinuous Integration for Mobile App Testing
Continuous Integration for Mobile App TestingInfostretch
 
Software Quality as a Competitive Differentiator
Software Quality as a Competitive Differentiator Software Quality as a Competitive Differentiator
Software Quality as a Competitive Differentiator DevOps.com
 
Software Quality as a Competitive Differentiator
Software Quality as a Competitive Differentiator Software Quality as a Competitive Differentiator
Software Quality as a Competitive Differentiator DevOps.com
 
Continuous Testing- A Key Ingredient for Success in Agile & DevOps
Continuous Testing- A Key Ingredient for Success in Agile & DevOpsContinuous Testing- A Key Ingredient for Success in Agile & DevOps
Continuous Testing- A Key Ingredient for Success in Agile & DevOpsSmartBear
 

La actualidad más candente (20)

Better Software East 2016: Evolving Automated to Continuous
Better Software East 2016: Evolving Automated to ContinuousBetter Software East 2016: Evolving Automated to Continuous
Better Software East 2016: Evolving Automated to Continuous
 
Evolving from Automated to Continous Testing for Agile and DevOps
Evolving from Automated to Continous Testing for Agile and DevOpsEvolving from Automated to Continous Testing for Agile and DevOps
Evolving from Automated to Continous Testing for Agile and DevOps
 
EuroSPI 2016 - Software Safety and Security Through Standards
EuroSPI 2016 - Software Safety and Security Through StandardsEuroSPI 2016 - Software Safety and Security Through Standards
EuroSPI 2016 - Software Safety and Security Through Standards
 
Shifting the conversation from active interception to proactive neutralization
Shifting the conversation from active interception to proactive neutralization Shifting the conversation from active interception to proactive neutralization
Shifting the conversation from active interception to proactive neutralization
 
Introducing: Klocwork Insight Pro | November 2009
Introducing: Klocwork Insight Pro | November 2009Introducing: Klocwork Insight Pro | November 2009
Introducing: Klocwork Insight Pro | November 2009
 
An Essential Guide to Effective Test Automation Leveraging Open Source
An Essential Guide to Effective Test Automation Leveraging Open SourceAn Essential Guide to Effective Test Automation Leveraging Open Source
An Essential Guide to Effective Test Automation Leveraging Open Source
 
A "Firewall" for Bad Binaries
A "Firewall" for Bad BinariesA "Firewall" for Bad Binaries
A "Firewall" for Bad Binaries
 
DevOps 2017 Conf: evolving from automated to continuous
DevOps 2017 Conf: evolving from automated to continuousDevOps 2017 Conf: evolving from automated to continuous
DevOps 2017 Conf: evolving from automated to continuous
 
APIs Gone Wild - Star West 2013
APIs Gone Wild - Star West 2013APIs Gone Wild - Star West 2013
APIs Gone Wild - Star West 2013
 
How to Avoid Continuously Delivering Faulty Software
How to Avoid Continuously Delivering Faulty SoftwareHow to Avoid Continuously Delivering Faulty Software
How to Avoid Continuously Delivering Faulty Software
 
Top 5 best practice for delivering secure in-vehicle software
Top 5 best practice for delivering secure in-vehicle softwareTop 5 best practice for delivering secure in-vehicle software
Top 5 best practice for delivering secure in-vehicle software
 
Testing a Microservices Architecture
Testing a Microservices ArchitectureTesting a Microservices Architecture
Testing a Microservices Architecture
 
What Do Defects Really Cost? Much More Than You Think
What Do Defects Really Cost? Much More Than You ThinkWhat Do Defects Really Cost? Much More Than You Think
What Do Defects Really Cost? Much More Than You Think
 
A Secure DevOps Journey
A Secure DevOps JourneyA Secure DevOps Journey
A Secure DevOps Journey
 
10 Steps To Secure Agile Development
10 Steps To Secure Agile Development10 Steps To Secure Agile Development
10 Steps To Secure Agile Development
 
Continuous Integration for Mobile App Testing
Continuous Integration for Mobile App TestingContinuous Integration for Mobile App Testing
Continuous Integration for Mobile App Testing
 
Continuous testing
Continuous testing Continuous testing
Continuous testing
 
Software Quality as a Competitive Differentiator
Software Quality as a Competitive Differentiator Software Quality as a Competitive Differentiator
Software Quality as a Competitive Differentiator
 
Software Quality as a Competitive Differentiator
Software Quality as a Competitive Differentiator Software Quality as a Competitive Differentiator
Software Quality as a Competitive Differentiator
 
Continuous Testing- A Key Ingredient for Success in Agile & DevOps
Continuous Testing- A Key Ingredient for Success in Agile & DevOpsContinuous Testing- A Key Ingredient for Success in Agile & DevOps
Continuous Testing- A Key Ingredient for Success in Agile & DevOps
 

Similar a Rx for FDA Software Compliance

An Overview for Software as a Medical Device (SaMD)
An Overview for Software as a Medical Device (SaMD)An Overview for Software as a Medical Device (SaMD)
An Overview for Software as a Medical Device (SaMD)DePuy Synthes
 
R eliminating fear, uncertainty and doubt
R eliminating fear, uncertainty and doubtR eliminating fear, uncertainty and doubt
R eliminating fear, uncertainty and doubtMikeKSmith
 
Building a QMS for Your SaMD
Building a QMS for Your SaMDBuilding a QMS for Your SaMD
Building a QMS for Your SaMDEMMAIntl
 
Computerized system validation (CSV) as a requirement for good manufacturing ...
Computerized system validation (CSV) as a requirement for good manufacturing ...Computerized system validation (CSV) as a requirement for good manufacturing ...
Computerized system validation (CSV) as a requirement for good manufacturing ...Ahmed Hasham
 
Computer system validation
Computer system validation Computer system validation
Computer system validation ShameerAbid
 
Software Quality Assurance
Software Quality Assurance Software Quality Assurance
Software Quality Assurance IMAD HASSAN
 
Ready, Set, Automate - Best Practices in Using Automated Tools for Validation
Ready, Set, Automate - Best Practices in Using Automated Tools for ValidationReady, Set, Automate - Best Practices in Using Automated Tools for Validation
Ready, Set, Automate - Best Practices in Using Automated Tools for ValidationCovance
 
Computer Software Assurance (CSA): Understanding the FDA’s New Draft Guidance
Computer Software Assurance (CSA): Understanding the FDA’s New Draft GuidanceComputer Software Assurance (CSA): Understanding the FDA’s New Draft Guidance
Computer Software Assurance (CSA): Understanding the FDA’s New Draft GuidanceGreenlight Guru
 
Computer system validation review article by-mahesh b wazade
Computer system validation review article by-mahesh b wazadeComputer system validation review article by-mahesh b wazade
Computer system validation review article by-mahesh b wazadeMahesh B. Wazade
 
Quality Control for Medical Device Software - It Arena Lviv Presentation
Quality Control for Medical Device Software - It Arena Lviv PresentationQuality Control for Medical Device Software - It Arena Lviv Presentation
Quality Control for Medical Device Software - It Arena Lviv PresentationRoman Lavriv
 
Webinar: How to Ace Your SaaS-based EDC System Validation for Sponsors and CROs
Webinar: How to Ace Your SaaS-based EDC System Validation for Sponsors and CROsWebinar: How to Ace Your SaaS-based EDC System Validation for Sponsors and CROs
Webinar: How to Ace Your SaaS-based EDC System Validation for Sponsors and CROsStatistics & Data Corporation
 
09 fse qualitymanagement
09 fse qualitymanagement09 fse qualitymanagement
09 fse qualitymanagementMohesh Chandran
 
EduQuest Advisory 4 Pillars Of Qsr Compliance
EduQuest Advisory 4 Pillars Of Qsr ComplianceEduQuest Advisory 4 Pillars Of Qsr Compliance
EduQuest Advisory 4 Pillars Of Qsr ComplianceEduQuest, Inc.
 
Software testing.pdf
Software testing.pdfSoftware testing.pdf
Software testing.pdfSwagatGogoi3
 
Software Validation for Medical Devices
Software Validation for Medical DevicesSoftware Validation for Medical Devices
Software Validation for Medical DevicesEMMAIntl
 
Software controlled electron mechanical systems reliability
Software controlled electron mechanical systems reliabilitySoftware controlled electron mechanical systems reliability
Software controlled electron mechanical systems reliabilityASQ Reliability Division
 
Gamp Riskbased Approch To Validation
Gamp Riskbased Approch To ValidationGamp Riskbased Approch To Validation
Gamp Riskbased Approch To ValidationRajendra Sadare
 

Similar a Rx for FDA Software Compliance (20)

An Overview for Software as a Medical Device (SaMD)
An Overview for Software as a Medical Device (SaMD)An Overview for Software as a Medical Device (SaMD)
An Overview for Software as a Medical Device (SaMD)
 
R eliminating fear, uncertainty and doubt
R eliminating fear, uncertainty and doubtR eliminating fear, uncertainty and doubt
R eliminating fear, uncertainty and doubt
 
Building a QMS for Your SaMD
Building a QMS for Your SaMDBuilding a QMS for Your SaMD
Building a QMS for Your SaMD
 
Computerized system validation (CSV) as a requirement for good manufacturing ...
Computerized system validation (CSV) as a requirement for good manufacturing ...Computerized system validation (CSV) as a requirement for good manufacturing ...
Computerized system validation (CSV) as a requirement for good manufacturing ...
 
Computer system validation
Computer system validation Computer system validation
Computer system validation
 
Software Quality Assurance
Software Quality Assurance Software Quality Assurance
Software Quality Assurance
 
Ready, Set, Automate - Best Practices in Using Automated Tools for Validation
Ready, Set, Automate - Best Practices in Using Automated Tools for ValidationReady, Set, Automate - Best Practices in Using Automated Tools for Validation
Ready, Set, Automate - Best Practices in Using Automated Tools for Validation
 
Computer Software Assurance (CSA): Understanding the FDA’s New Draft Guidance
Computer Software Assurance (CSA): Understanding the FDA’s New Draft GuidanceComputer Software Assurance (CSA): Understanding the FDA’s New Draft Guidance
Computer Software Assurance (CSA): Understanding the FDA’s New Draft Guidance
 
TwinSPIN_Lecture.ppt
TwinSPIN_Lecture.pptTwinSPIN_Lecture.ppt
TwinSPIN_Lecture.ppt
 
Computer system validation review article by-mahesh b wazade
Computer system validation review article by-mahesh b wazadeComputer system validation review article by-mahesh b wazade
Computer system validation review article by-mahesh b wazade
 
Quality Control for Medical Device Software - It Arena Lviv Presentation
Quality Control for Medical Device Software - It Arena Lviv PresentationQuality Control for Medical Device Software - It Arena Lviv Presentation
Quality Control for Medical Device Software - It Arena Lviv Presentation
 
Webinar: How to Ace Your SaaS-based EDC System Validation for Sponsors and CROs
Webinar: How to Ace Your SaaS-based EDC System Validation for Sponsors and CROsWebinar: How to Ace Your SaaS-based EDC System Validation for Sponsors and CROs
Webinar: How to Ace Your SaaS-based EDC System Validation for Sponsors and CROs
 
09 fse qualitymanagement
09 fse qualitymanagement09 fse qualitymanagement
09 fse qualitymanagement
 
EduQuest Advisory 4 Pillars Of Qsr Compliance
EduQuest Advisory 4 Pillars Of Qsr ComplianceEduQuest Advisory 4 Pillars Of Qsr Compliance
EduQuest Advisory 4 Pillars Of Qsr Compliance
 
Software testing.pdf
Software testing.pdfSoftware testing.pdf
Software testing.pdf
 
Software Validation for Medical Devices
Software Validation for Medical DevicesSoftware Validation for Medical Devices
Software Validation for Medical Devices
 
Software controlled electron mechanical systems reliability
Software controlled electron mechanical systems reliabilitySoftware controlled electron mechanical systems reliability
Software controlled electron mechanical systems reliability
 
Gamp Riskbased Approch To Validation
Gamp Riskbased Approch To ValidationGamp Riskbased Approch To Validation
Gamp Riskbased Approch To Validation
 
SQA-Lecture-4.pptx
SQA-Lecture-4.pptxSQA-Lecture-4.pptx
SQA-Lecture-4.pptx
 
ISO 13485: What's Next?
ISO 13485: What's Next?ISO 13485: What's Next?
ISO 13485: What's Next?
 

Más de Parasoft

Software Safety and Security Through Standards
Software Safety and Security Through Standards Software Safety and Security Through Standards
Software Safety and Security Through Standards Parasoft
 
MedicAlert API Testing Case Study
MedicAlert API Testing Case StudyMedicAlert API Testing Case Study
MedicAlert API Testing Case StudyParasoft
 
End-to-end Testing for IoT Integrity
End-to-end Testing for IoT IntegrityEnd-to-end Testing for IoT Integrity
End-to-end Testing for IoT IntegrityParasoft
 
Leveraging Static Analysis to Secure Software
Leveraging Static Analysis to Secure SoftwareLeveraging Static Analysis to Secure Software
Leveraging Static Analysis to Secure SoftwareParasoft
 
BUSTED! How to Find Security Bugs Fast!
BUSTED! How to Find Security Bugs Fast!BUSTED! How to Find Security Bugs Fast!
BUSTED! How to Find Security Bugs Fast!Parasoft
 
Are Your Continuous Tests Too Fragile for Agile?
Are Your Continuous Tests Too Fragile for Agile?Are Your Continuous Tests Too Fragile for Agile?
Are Your Continuous Tests Too Fragile for Agile?Parasoft
 
Software Development Metrics You Can Count On
Software Development Metrics You Can Count On Software Development Metrics You Can Count On
Software Development Metrics You Can Count On Parasoft
 
Accelerating Mobile Testing
Accelerating Mobile TestingAccelerating Mobile Testing
Accelerating Mobile TestingParasoft
 
C/C++test Qualification Kit for DO-178B/C Compliance
C/C++test Qualification Kit for DO-178B/C ComplianceC/C++test Qualification Kit for DO-178B/C Compliance
C/C++test Qualification Kit for DO-178B/C ComplianceParasoft
 
Extreme Automation Enables DirecTV to ”Shift Left” API Testing
Extreme Automation Enables DirecTV to ”Shift Left” API TestingExtreme Automation Enables DirecTV to ”Shift Left” API Testing
Extreme Automation Enables DirecTV to ”Shift Left” API TestingParasoft
 
A Comparison of Three Bug-Finding Techniques and Their Relative Effectiveness
A Comparison of Three Bug-Finding Techniques and Their Relative EffectivenessA Comparison of Three Bug-Finding Techniques and Their Relative Effectiveness
A Comparison of Three Bug-Finding Techniques and Their Relative EffectivenessParasoft
 

Más de Parasoft (11)

Software Safety and Security Through Standards
Software Safety and Security Through Standards Software Safety and Security Through Standards
Software Safety and Security Through Standards
 
MedicAlert API Testing Case Study
MedicAlert API Testing Case StudyMedicAlert API Testing Case Study
MedicAlert API Testing Case Study
 
End-to-end Testing for IoT Integrity
End-to-end Testing for IoT IntegrityEnd-to-end Testing for IoT Integrity
End-to-end Testing for IoT Integrity
 
Leveraging Static Analysis to Secure Software
Leveraging Static Analysis to Secure SoftwareLeveraging Static Analysis to Secure Software
Leveraging Static Analysis to Secure Software
 
BUSTED! How to Find Security Bugs Fast!
BUSTED! How to Find Security Bugs Fast!BUSTED! How to Find Security Bugs Fast!
BUSTED! How to Find Security Bugs Fast!
 
Are Your Continuous Tests Too Fragile for Agile?
Are Your Continuous Tests Too Fragile for Agile?Are Your Continuous Tests Too Fragile for Agile?
Are Your Continuous Tests Too Fragile for Agile?
 
Software Development Metrics You Can Count On
Software Development Metrics You Can Count On Software Development Metrics You Can Count On
Software Development Metrics You Can Count On
 
Accelerating Mobile Testing
Accelerating Mobile TestingAccelerating Mobile Testing
Accelerating Mobile Testing
 
C/C++test Qualification Kit for DO-178B/C Compliance
C/C++test Qualification Kit for DO-178B/C ComplianceC/C++test Qualification Kit for DO-178B/C Compliance
C/C++test Qualification Kit for DO-178B/C Compliance
 
Extreme Automation Enables DirecTV to ”Shift Left” API Testing
Extreme Automation Enables DirecTV to ”Shift Left” API TestingExtreme Automation Enables DirecTV to ”Shift Left” API Testing
Extreme Automation Enables DirecTV to ”Shift Left” API Testing
 
A Comparison of Three Bug-Finding Techniques and Their Relative Effectiveness
A Comparison of Three Bug-Finding Techniques and Their Relative EffectivenessA Comparison of Three Bug-Finding Techniques and Their Relative Effectiveness
A Comparison of Three Bug-Finding Techniques and Their Relative Effectiveness
 

Último

Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsArshad QA
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVshikhaohhpro
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Steffen Staab
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...MyIntelliSource, Inc.
 
Diamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionDiamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionSolGuruz
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...MyIntelliSource, Inc.
 
How To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsHow To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsAndolasoft Inc
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...harshavardhanraghave
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsAlberto González Trastoy
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Modelsaagamshah0812
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxbodapatigopi8531
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️Delhi Call girls
 
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female service
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female serviceCALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female service
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female serviceanilsa9823
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsJhone kinadey
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfkalichargn70th171
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...ICS
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdfWave PLM
 

Último (20)

Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview Questions
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTV
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
 
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICECHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
 
Diamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionDiamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with Precision
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
 
How To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsHow To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.js
 
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS LiveVip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Models
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptx
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
 
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female service
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female serviceCALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female service
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female service
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial Goals
 
Microsoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdfMicrosoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdf
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf
 

Rx for FDA Software Compliance

  • 1. Parasoft Corporation © 2016 1 2016-09-26 Rx for FDA Software Compliance August 2016
  • 2. Parasoft Corporation © 2016 22 Your Presenters Arthur Hicken is Chief Evangelist at Parasoft where he has been involved in automating various software development and testing practices for over 20 years. He has worked on projects including cybersecurity, database development, the software development lifecycle, web publishing and monitoring, and integration with legacy systems. Follow him on Twitter @codecurmudgeon Kelly Weyrauch has more than 30 years of software and systems development experience, and 20 years of focus on software processes and quality systems for medical devices. As an independent consultant, he works with software and systems creators to apply Agile concepts and Quality Management System requirements to the unique context of their development environment. Follow him on LinkedIn @kellyweyrauch
  • 3. Parasoft Corporation © 2016 33 Agenda What the FDA expects IEC 62304 Benefits of static analysis How to integrate static analysis How to reduce noise and stop wasting time
  • 4. Parasoft Corporation © 2016 4 2016-09-26 Introduction to Medical Device Software Regulations Where do Static Analysis Tools fit in? Kelly Weyrauch – Agile Quality Systems LLC
  • 5. Parasoft Corporation © 2016 5  Software as a Medical Device  Software-only  Part of a medical device system  Software used to develop/manufacture/manage a device  Development environments & tools  Automated test systems  Manufacturing systems  …  Quality Management System tools  CAPA & Issue Tracking systems  Complaint handling systems  Document Control  … Scope of Software Regulations (c) Agile Quality Systems 2016
  • 6. Parasoft Corporation © 2016 6  21 CFR 820  Quality System Regulation  820.30 Design Controls  21 CFR 11  Electronic Records; Electronic Signatures  ISO 13485  Medical devices— Quality management systems  Section 7 – Product Realization  IEC 62304  Medical device software— Software life cycle processes  ISO 14971  Medical devices — Application of risk management to medical devices Software Development Regulations and Standards (c) Agile Quality Systems 2016
  • 7. Parasoft Corporation © 2016 7  GPSV  General Principles of Software Validation (FDA)  AAMI TIR45:2012  Guidance on the Use of AGILE Practices in the Development of Medical Device Software  AAMI TIR36:2007  Validation of software for regulated processes  Many other, more specialized standards & guidance documents Software Development Guidance (c) Agile Quality Systems 2016
  • 8. Parasoft Corporation © 2016 8  FDA is responsible for protecting the public health by assuring the safety, efficacy and security of human and veterinary drugs, biological products, medical devices, our nation’s food supply, cosmetics, and products that emit radiation.  FDA is also responsible for advancing the public health by helping to speed innovations that make medicines more effective, safer, and more affordable and by helping the public get the accurate, science-based information they need to use medicines and foods to maintain and improve their health. …  ... (http://www.fda.gov/AboutFDA/WhatWeDo/)  Same things Industry wants!  Industry & Regulatory should align on the same goals  Requires effort to show they are aligned FDA Mission Statement (c) Agile Quality Systems 2016
  • 9. Parasoft Corporation © 2016 9  Satisfying regulatory expectations should be a natural result of doing good work  Should not be viewed as  Adversarial  Conflicting  Bureaucratic  Legalistic  Impractical  Offensive to your engineering sensibilities  … Industry & Regulatory Alignment (c) Agile Quality Systems 2016
  • 10. Parasoft Corporation © 2016 11  21 CFR 820 mentions software only 3 times  820.30(g) Design Controls: Design Validation  “Design validation shall include software validation and risk analysis, where appropriate.” (No definition of what “Software Validation” means.)  820.70(i) Production & Process Controls: Automated Processes  “When computers or automated data processing systems are used as part of production or the quality system, the manufacturer shall validate computer software for its intended use according to an established protocol.”  820.181(a) Device Master Record  “Device specifications including … software specifications”  Software “requirements” (expectations) come from Guidance Documents  General Principles of Software Validation (GPSV)  Guidance for the Content of Premarket Submissions for Software Contained in Medical Devices  Others FDA Software Regulations (c) Agile Quality Systems 2016
  • 11. Parasoft Corporation © 2016 12  Regulators often not experienced with software  For software as a medical device, may bring bias of hardware-development experience, especially with assumptions of a linear lifecycle  For software tools, may bring bias of manufacturing systems  So you should be the software expert  Showing how your process satisfies regulations FDA Software Regulations (c) Agile Quality Systems 2016
  • 12. Parasoft Corporation © 2016 13  Explain what you do  In Processes and Plans  Demonstrate that you do it  By producing adequate records  “Demonstrate” may seem like non-value- added burden  Especially to those doing the work  Necessary, so find ways to optimize the value/cost, to avoid the perception of “burden” Be In Control, Show That You Are In Control (c) Agile Quality Systems 2016
  • 13. Parasoft Corporation © 2016 15  …Is ALWAYS a lousy reason  Too simple  Offloads responsibility for owning our process  Often a cover for another argument, usually one that is not well thought out and probably dysfunctional  We own our process (and the FDA does say that)  But regulators are stakeholders to be satisfied  Satisfy ourselves that your process is good, and the regulators will be satisfied “Cuz the FDA Said So…” (c) Agile Quality Systems 2016
  • 14. Parasoft Corporation © 2016 16  Build a good product  Safe & Effective  Have a good process for building that product  Do good work  With evidence of that good work  Tell a good story that will convince anyone  Why you think your product is good  Why you think your process is good  That you know what you are doing Keys To Success (c) Agile Quality Systems 2016
  • 15. Parasoft Corporation © 2016 17  Specifically created for medical device software  Though many elements are foundational to any robust software development process IEC 62304 (c) Agile Quality Systems 2016
  • 16. Parasoft Corporation © 2016 18  A framework – processes, activities and tasks  Identifies requirements for  What needs to be done  What needs to be documented  Software only  Assumes software is part of a broader system that defines higher-level activities for design inputs and design (product) validation IEC 62304 – What it is (c) Agile Quality Systems 2016
  • 17. Parasoft Corporation © 2016 19  Does not prescribe how to meet the requirements  Not a “how to” with defined methods or practices  Does not require a specific software life cycle  Does not specify documents  Says what to document, not where it must go.  These decisions are left to you IEC 62304 – What it isn’t (c) Agile Quality Systems 2016
  • 18. Parasoft Corporation © 2016 2020 IEC 62304 Medical Device Software – Software Life Cycle Processes (c) Agile Quality Systems 2016 SYSTEM development ACTIVITIES (including RISK MANAGEMENT) Customer needs Customer needs satisfied 7 Software RISK MANAGEMENT 8 Software configuration management 9 Software problem resolution Activities outside the scope of this standard 5.2 Software requirements analysis 5.1 Software development planning 5.8 Software release 5.7 Software SYSTEM testing 5.3 Software ARCHITECTURAL design 5.4 Software detailed design 5.6 Software integration and integration testing 5.5 Software UNIT implementation
  • 19. Parasoft Corporation © 2016 21  Mentioned briefly in FDA General Principles of Software Validation, 2002  In 2000’s, driven largely by concerns over the high failure rate in infusion pump systems & software, FDA recognizes value in using Static Analysis techniques to reduce software errors  Often an “expectation” in submissions and quality system inspections Static Analysis (c) Agile Quality Systems 2016
  • 20. Parasoft Corporation © 2016 2222 Software Unit Implementation (c) Agile Quality Systems 2016 SYSTEM development ACTIVITIES (including RISK MANAGEMENT) Customer needs Customer needs satisfied 7 Software RISK MANAGEMENT 8 Software configuration management 9 Software problem resolution Activities outside the scope of this standard 5.2 Software requirements analysis 5.1 Software development planning 5.8 Software release 5.7 Software SYSTEM testing 5.3 Software ARCHITECTURAL design 5.4 Software detailed design 5.6 Software integration and integration testing 5.5 Software UNIT implementation
  • 21. Parasoft Corporation © 2016 23  Implement software units – write the code  Establish acceptance criteria for software units  Coding Standards are a “should have” (defined in the Plan)  Establish strategies, methods and procedures for verifying each software unit  Reviews  Static Analysis  Unit Tests  Address this in the Verification Strategy section of the Plan  Perform and document results of software unit verification  According to the strategies and methods  Does not require all software units to be tested Software Unit Implementation (c) Agile Quality Systems 2016
  • 22. Parasoft Corporation © 2016 2424 Software Integration and Integration Testing (c) Agile Quality Systems 2016 SYSTEM development ACTIVITIES (including RISK MANAGEMENT) Customer needs Customer needs satisfied 7 Software RISK MANAGEMENT 8 Software configuration management 9 Software problem resolution Activities outside the scope of this standard 5.2 Software requirements analysis 5.1 Software development planning 5.8 Software release 5.7 Software SYSTEM testing 5.3 Software ARCHITECTURAL design 5.4 Software detailed design 5.6 Software integration and integration testing 5.5 Software UNIT implementation
  • 23. Parasoft Corporation © 2016 25  Integrate the software units (build the software system)  Verify that software units have been integrated (build was successful)  Review of build procedures, make-files, configurations, etc.  Compiler checks, static analysis, etc.  Test integrated software system performs as expected in accordance with plan  Functionality, behavior, performance, etc  Regression tests  Document test results  Can be done as part of software system testing (see later slide)  Capture problems (software problem resolution process) Software Integration and Integration Testing (c) Agile Quality Systems 2016
  • 24. Parasoft Corporation © 2016 26  Define in your Software Development Procedure/Processes:  Strategy for using Static Analysis as a part of your overall verification strategy  Requirements for how and when to use it  As part of code (unit-level) verification  As part of integration verification Recommendation for use of Static Analysis (c) Agile Quality Systems 2016
  • 25. Parasoft Corporation © 2016 27  Kelly Weyrauch  Kelly@AgileQualitySystems.com  763-688-0980  www.AgileQualitySystems.com  Connect with me on LinkedIn Contact Information (c) Agile Quality Systems 2016
  • 26. Parasoft Corporation © 2016 2828 Recalls due to Software Failure http://www.fda.gov/downloads/AboutFDA/CentersOffices/OfficeofMedical ProductsandTobacco/CDRH/CDRHReports/UCM308208.pdf
  • 27. Parasoft Corporation © 2016 2929 FDA on Static Analysis 3.1.2 “Software testing is one of many verification activities intended to confirm that software development output meets its input requirements. Other verification activities include various static and dynamic analyses, code and document inspections, walkthroughs, and other techniques.” 5.2.4 “Source code should be evaluated to verify its compliance with specified coding guidelines.” General Principles of Software Validation; Final Guidance for Industry and FDA Staff
  • 28. Parasoft Corporation © 2016 3030 What Choice  Prevent Defect Insertion Quality System Design Control Risk Management  Remove Defects by Detection Code Review Design Review Testing: unit, integration, system, alpha, beta Customer Dissatisfaction Recall  Roll the dice John Murray, US FDA, March 2008
  • 29. Parasoft Corporation © 2016 3131 Fix or Prevent
  • 30. Parasoft Corporation © 2016 3232 Static analysis is more than detection  Relationship of automated analysis  Preventative static analysis  Flow analysis  Runtime error detection  Uninitialized memory example  Runtime will find it IF the test suite is thorough  Flow analysis may find it depending on complexity  Pattern to prevent: Initialize variables upon declaration  Many standards like MISRA are focused on prevention rather than detection
  • 31. Parasoft Corporation © 2016 3333 Static analysis – what it can do  Identify defective code - runtime bugs  Flag defect-prone code (possible bugs and “gotchas”)  Suggest defensive programming practices  Monitor application-specific guidelines (e.g. portability)  Enable policy enforcement (security)  Flag unmaintainable / poorly readable / “dialect” code
  • 32. Parasoft Corporation © 2016 3434 Sample Static Analysis Policy  Which rules run on all code  Which rules run on certain conditions  International, performance, etc  What level of compliance is required  When are suppressions acceptable  Where does SA fit the process
  • 33. Parasoft Corporation © 2016 3535 Static Analysis Feedback Loop Identify Error Isolate Root Cause Fix New Rule to Prevent Monitor  Code review  Regression  QA  Field bugs
  • 34. Parasoft Corporation © 2016 3636 How to choose rules  Based on why you’re using static analysis  Study expected issues  Analyze bug-tracking system  Don’t just turn on rules because it’s a good idea  Pick few enough to use sustainably
  • 35. Parasoft Corporation © 2016 3737 Why MISRA for Medical?  Coding Standards  Well-defined  Updated  Flexible  Deviation Strategy  Auditable  What else would you start with?
  • 36. Parasoft Corporation © 2016 3838 FDA/MISRA Alignment FDA Guideline MISRA Capability “Least burdensome approach” Lightweight and flexible Company defines standards Proven standards pre-packaged Work must be traceable Provides traceability methodology Process must be auditable Defines auditable reports
  • 37. Parasoft Corporation © 2016 3939 Sample Rules for FDA Static Analysis  Avoid accessing arrays out of bounds  Avoid use before initialization  Avoid null pointer dereferencing  Avoid overflows due to [various causes]  Avoid division by zero  Ensure deallocation functions guarantee resource freeing  Do not use resources that have been freed  Do not free resources using invalid pointers  Do not abandon unreleased locks  Do not use blocking functions while holding a lock  Ensure resources are freed  Do not abandon unreleased locks  Properly terminate character strings  Never return a reference to a local object
  • 38. Parasoft Corporation © 2016 4040 Dashboards Vs Process Intelligence 1970s Electrocardiogram • Isolated data points • No priority • No warnings – just data • No analysis 21st Century Monitor • Multi-variate analysis • Customizable • Critical alerts • Valuable data
  • 39. Parasoft Corporation © 2016 4141 Harnessing “Big” Data  Aggregate data  Correlate data  Mine data  Create  Reports  Dashboards  Tasks  Alerts  Continuous testing/delivery/release
  • 40. Parasoft Corporation © 2016 4242 Execution / CI Build Parasoft DTP RawObservations Parasoft Development Testing Platform Static Analysis Engine Testing and Coverage PHPMD API FindBugs API CheckStyle API Other 3rd Party … API Desktop IDE Web UI External SystemRequirements and Defects Source Control Workflow (Task) Intelligence (Dashboards/ Reports) Practice/ Domain Data (REST API) Prioritized Findings Web UI Process Intelligence Engine Policy Management
  • 41. Parasoft Corporation © 2016 4343 Parasoft Development Testing Platform Optimal Routes Historic Data Road Construction Traffic Conditions Map/Road Data Speed Limits
  • 42. Parasoft Corporation © 2016 4444 Parasoft DTP Process Intelligence Engine PIE – Derivative (Predictive) Analysis External Systems Application Hotspots Prioritized Actionable Information External Processes 3rd Party System CI/CD/CR Infrastru cture System Monitoring Product FeedbackCustomer Support Code Review Metrics People Code Defect Static Analysis Tests User Stories Coverage Parasoft DTP
  • 43. Parasoft Corporation © 2016 4545 What can PIE do? What do I test first? Where is the business logic and how testable is it? Test Stability Index; Look at your unstable tests. Identify valuable Tests Find Application Hotspots: Technical Risk vs Business Risk, Technical Debt, Density KPIs, Clusters I made changes, which tests need to be re-run? What is the risk of new code? Did I test the new code changes? Don’t make the problem worse & review existing issues when your working with code
  • 44. Parasoft Corporation © 2016 46 2016-09-26 Real world examples
  • 45. Parasoft Corporation © 2016 4747 Customer Challenge: Reducing the Burden of Compliance  In order to develop solutions for the pharmaceutical market, a company must not only follow very strict requirements, but also prove that they actually satisfied these rigorous expectations. To achieve this, they must provide evidence that the system is designed, constructed, and tested according to best practices implemented throughout the various phases of the lifecycle.
  • 46. Parasoft Corporation © 2016 4848 The Benefit: Faster, Easier, Better Documented Compliance  Time saved doing tedious tasks  Better consistency  Easy traceability and auditability  Precisely fit to their needs ”With Parasoft’s solution, previously arduous, boring and difficult-to-document tasks were transformed into tasks that we could perform systematically— in an automated and rapid manner.“
  • 47. Parasoft Corporation © 2016 4949 Customer Challenge: Streamline Certification for Medical Device Software under IEC 62304 “Our products are used intraoperative. If any failure occurs during an operation, the operation might have to be aborted. Moreover, since we monitor nerves and their signals, incorrect interpretations and decisions made by our software could lead to wrong decisions by the user...and could cause injuries for the patient.” The US FDA accepts IEC 62304 compliance as evidence that medical device software has been designed to an acceptable standard.
  • 48. Parasoft Corporation © 2016 5050 The Solution: Automating Risk Management Processes with Parasoft  Multiple languages: C, C++, .NET  Integration with existing systems: IDE, bug- tracking, source control
  • 49. Parasoft Corporation © 2016 5151 The Benefit: Increased Efficiency through Automation “The current level of verification for each requirement task (including task pass/fail status and coverage) is bi-directionally traceable to all associated tests. Full traceability is crucial for IEC compliance. Using the Parasoft solution significantly increases our efficiency because many manual steps could be automated.“
  • 50. Parasoft Corporation © 2016 5252 Parasoft Support for FDA Static analysis Policy definition management Requirement definition and tracking Unit test Peer review Runtime error detection Coverage
  • 51. Parasoft Corporation © 2016 5353 Summary Financial and health risks are increasing FDA requires a rigorous mature process Static analysis both provides tight controls and prevents real problems from occuring Proper configuration and deployment reduce common static analysis problems
  • 52. Parasoft Corporation © 2016 5454 FDA Resources  FDA - “General Principles of Software Validation” http://www.fda.gov/MedicalDevices/DeviceRegulationandGuidance/Guidan ceDocuments/ucm085281.htm …guidance outlines general validation principles that the Food and Drug Administration (FDA) considers to be applicable to the validation of medical device software…  FDA – 21 CFR 820  http://www.accessdata.fda.gov/scripts/cdrh/cfdocs/cfcfr/CFRSearch .cfm?CFRPart=820&showFR=1 …Quality System Regulations  ANSI/AAMI 62304 “Medical device software-Software life cycle processes” http://webstore.ansi.org/ …A recommended practice provides guidelines for the use, care, and/or processing of a medical device or system.
  • 53. Parasoft Corporation © 2016 5555  Blog: http://alm.parasoft.com  Web: http://www.parasoft.com/jsp/resources  Facebook: https://www.facebook.com/parasoftcorporation  Twitter: @Parasoft @CodeCurmudgeon  LinkedIn: http://www.linkedin.com/company/parasoft  Google+ Community: Static Analysis for Fun and Profit IoT API's session - API World - San Jose, CA Sep 13th Managing Auto Supply Chain Risk – Automotive Software Kongress - Germany Sep 21-22 StarWest Conference - Anaheim CA - Oct 5-6