Common Specifications – Competing with standards?
Both the MDR and IVDR introduce the concept of Common Specifications.
IT security in healthcare
We have known how vulnerable IT security is in the healthcare sector since February 2016, when the IT infrastructures of many clinics were brought to a standstill by a simple virus attack. As a result, the authorities are paying closer attention to ensuring that not only clinics but also manufacturers guarantee the IT security of…
DetailsThird edition of ISO 14971 – What is changing
The third edition of ISO 14971 has been available since December 2019. This new version of ISO 14971 was published as ISO 14971:2019. It is an evolutionary development of ISO 14971:2007 and does not break with previous concepts. Manufacturers should familiarize themselves with the new and amended requirements of this standard. In December 2019, the…
DetailsQuality Assurance Agreement (QAA)
A Quality Assurance Agreement (QAA) is a contract between companies such as medical device manufacturers and their suppliers (subcontractors). In these contracts, both parties regulate which obligations the suppliers must fulfill regarding the quality of the devices and services supplied. Find out in this article what content a Quality Assurance Agreement should contain and when…
DetailsGuideline IT Security
On November 21, the Johner Institute, together with TÜV SÜD, TÜV Nord, and with the support of Dr. Heidenreich (Siemens), published a guideline on IT security specifically for medical device manufacturers.
Retention periods
Medical device manufacturers are obliged to observe and comply with legal retention periods for documents and records. This article provides an overview of the regulatory requirements for the retention periods for the various document classes.
DetailsAAMI TIR 57: IT security and risk management
TIR 57 is a “Technical Information Report” from the American AAMI. It is intended to assist in recognizing and controlling risks due to inadequate IT security of medical devices, thus fulfilling the requirements of ISO 14971 for risk management.
DetailsRisk management and risk analysis for software
Software risk analysis depends on the following: Software itself cannot cause harm. It always happens via hardware or people. However, this does not mean there is no need for risk analysis in software. The opposite is the case!
FDA MAUDE database: Input for risk management
The FDA MAUDE database provides information on the “Manufacturer and User Facility Device Experience.” It thus corresponds roughly to the database used by the BfArM to publish manufacturer reports on risks.
FTA: Fault Tree Analysis
Fault Tree Analysis is a procedure used to search for unknown causes of known effects (in the case of medical devices, harms or hazards). It, therefore, counts as a top-down procedure in risk analysis.