Guideline IT Security
On November 21, the Johner Institute, together with TÜV SÜD, TÜV Nord, and with the support of Dr. Heidenreich (Siemens), published a guideline on IT security specifically for medical device manufacturers.
Recognized consensus standards of the FDA
The FDA offers manufacturers the opportunity to use so-called recognized consensus standards for the approval of their devices. The US authority has published a “guidance” document on these consensus standards, presented in this article. It also describes the requirements for using the standards and the advantages for manufacturers, but also points out typical mistakes.
DetailsEU General Data Protection Regulation GDPR
The EU General Data Protection Regulation must be complied with starting at 25 May 2018, at the latest. Many companies, amongst them also medical device manufacturer and operators such as hospitals, are not adequately prepared. This article gives you a review of the main concepts and requirements of the General Data Protection Regulation and examines…
DetailsProcess validation: Definition & examples ~ What to look out for
Process validation is the verification that a process meets the requirements imposed on its process results. Learn when you must validate which processes (in the context of software) and how to ace validation. Furthermore, find out what process validation has to do with PQ, IQ, and OQ.
DetailsRetention periods
Medical device manufacturers are obliged to observe and comply with legal retention periods for documents and records. This article provides an overview of the regulatory requirements for the retention periods for the various document classes.
DetailsIVD software manufacturers take note
This article describes the requirements of the in vitro diagnostic medical device regulation (IVDR) for software development and documentation. The requirements apply to software that is part of an IVD (embedded software) and to software that is an IVD itself (“standalone” software). This article also compares the software requirements of the MDR and the IVDR.
DetailsUnannounced audits by notified bodies
Unannounced audits are random sampling checks of the quality management systems by notified bodies with the aim of Initial experience with unannounced audits is now available.
DetailsAAMI TIR 57: IT security and risk management
TIR 57 is a “Technical Information Report” from the American AAMI. It is intended to assist in recognizing and controlling risks due to inadequate IT security of medical devices, thus fulfilling the requirements of ISO 14971 for risk management.
DetailsCoding guidelines for medical device software
Coding guidelines are intended to promote source code that is understandable, maintainable, testable, and error-free. This article describes the regulatory requirements for coding guidelines and provides specific examples.
IEC 82304 – What the standard requires of “health software”
IEC 82304 is now available. This is a good reason to take a closer look at this standard for “health software products.”