The probability of software defects is difficult to estimate. It’s so difficult that the “old” DIN EN IEC 62304:2006 wrote: “However, there is no agreement on how to determine the probability of the occurrence of software failures using traditional statistical methods.” The standard concluded that “the probability of such a malfunction must be assumed to…
DetailsThe cybersecurity standard IEC 81001-5-1 focuses on how IT security needs to be taken into account in the software life cycle. As a special standard for health software, it supplements IEC 82304-1 and IEC 62304 among others, and can close gaps that urgently need to be closed. The EU is currently planning to harmonize IEC…
DetailsLaws and standards require organizations to prepare a risk management report. Notified bodies and authorities examine these reports intensively because risk management is a key regulatory requirement. Therefore, it is important (not only) for manufacturers to prepare precise, complete, and correct risk management reports. This article provides assistance in this regard. 1. What is a…
DetailsBoth the MDR and IVDR introduce the concept of Common Specifications. Definition of Common Specifications MDR and IVDR define Common Specifications as follows: Purpose of Common Specifications EU Directives, such as the MDD and IVDD, as well as EU Regulations, such as the MDR and IVDR impose so-called general requirements on all medical devices must meet. If the requirements are not met, manufacturers must not…
DetailsWe have known how vulnerable IT security is in the healthcare sector since February 2016, when the IT infrastructures of many clinics were brought to a standstill by a simple virus attack. As a result, the authorities are paying closer attention to ensuring that not only clinics but also manufacturers guarantee the IT security of…
DetailsSoftware risk analysis depends on the following: Software itself cannot cause harm. It always happens via hardware or people. However, this does not mean there is no need for risk analysis in software. The opposite is the case! What distinguishes risk analysis for software from other medical devices In the case of (standalone) software, harm…
DetailsThe FDA MAUDE database provides information on the “Manufacturer and User Facility Device Experience.” It thus corresponds roughly to the database used by the BfArM to publish manufacturer reports on risks. Content of the FDA MAUDE database The FDA MAUDE database contains information on Regulatory background Obligation to evaluate Manufacturers are obliged to conduct adequate…
DetailsFault Tree Analysis is a procedure used to search for unknown causes of known effects (in the case of medical devices, harms or hazards). It, therefore, counts as a top-down procedure in risk analysis. Fault Tree Analysis: Notation The name Fault Tree Analysis already clarifies how it is represented graphically: As a tree. Both mind…
DetailsISO 14971 defines harm as “injury or damage to the health of people, or damage to property or the environment”. According to ISO 14971, the harms are usually impairments of body structure (e.g., cut) or body function (e.g., ability to move, ability to see, capability to cleanse blood). To assess the risks, we must know…
Details