On November 21, the Johner Institute, together with TÜV SÜD, TÜV Nord, and with the support of Dr. Heidenreich (Siemens), published a guideline on IT security specifically for medical device manufacturers. Who the IT Security Guideline is aimed at The guideline is aimed at all manufacturers of medical devices (persons placing on the market, service…
DetailsMedical device manufacturers are obliged to observe and comply with legal retention periods for documents and records. This article provides an overview of the regulatory requirements for the retention periods for the various document classes. 1. Retention periods for different classes of documents The legal requirements regarding retention periods usually distinguish between the following types…
DetailsTIR 57 is a “Technical Information Report” from the American AAMI. It is intended to assist in recognizing and controlling risks due to inadequate IT security of medical devices, thus fulfilling the requirements of ISO 14971 for risk management. TIR 57: Summary for readers in a hurry The AAMI TIR 57 is a guidance document…
DetailsSoftware risk analysis depends on the following: Software itself cannot cause harm. It always happens via hardware or people. However, this does not mean there is no need for risk analysis in software. The opposite is the case! What distinguishes risk analysis for software from other medical devices In the case of (standalone) software, harm…
DetailsThe FDA MAUDE database provides information on the “Manufacturer and User Facility Device Experience.” It thus corresponds roughly to the database used by the BfArM to publish manufacturer reports on risks. Content of the FDA MAUDE database The FDA MAUDE database contains information on Regulatory background Obligation to evaluate Manufacturers are obliged to conduct adequate…
DetailsFault Tree Analysis is a procedure used to search for unknown causes of known effects (in the case of medical devices, harms or hazards). It, therefore, counts as a top-down procedure in risk analysis. Fault Tree Analysis: Notation The name Fault Tree Analysis already clarifies how it is represented graphically: As a tree. Both mind…
DetailsA medical device can cause harm to patients, users, or third parties. The manufacturer must identify this harm to determine the device’s risks and control them. This article provides guidance on how to determine and document harm in accordance with ISO 14971 and how to use the term “harm” correctly. 1. Definition ISO 14971 defines…
Details