Unannounced audits by notified bodies
Unannounced audits are random sampling checks of the quality management systems by notified bodies with the aim of Initial experience with unannounced audits is now available.
DetailsAAMI TIR 57: IT security and risk management
TIR 57 is a “Technical Information Report” from the American AAMI. It is intended to assist in recognizing and controlling risks due to inadequate IT security of medical devices, thus fulfilling the requirements of ISO 14971 for risk management.
DetailsCoding guidelines for medical device software
Coding guidelines are intended to promote source code that is understandable, maintainable, testable, and error-free. This article describes the regulatory requirements for coding guidelines and provides specific examples.
IEC 82304 – What the standard requires of “health software”
IEC 82304 is now available. This is a good reason to take a closer look at this standard for “health software products.”
Health Breach Notification Rule
The Health Breach Notification Rule defines when health records providers have to report which security issues to whom, within what time frame and in what form. This article provides a brief overview of the requirements of the US Federal Trace Commission (FTC).
Federal Trade Commission FTC: for medical device manufacturers?
The Federal Trade Commission (FTC) is an US agency that aims to ensure compliance with competition law and consumer protection. This article explains the circumstances that require you (e.g., as a medical device manufacturer) to comply with the FTC requirements and the specifics of these requirements. The case of Lumosity shows how radically the FTC…
DetailsSoftware audit: What really matters
“Will a software audit take place?” is a question that reached me via our micro-consulting. ‘And can I avoid a software audit by choosing the appropriate software safety class?” At first, I didn’t realize exactly what ‘software audit’ meant or what the exact concern was. But then I understood and found the question to be…
DetailsRisk management and risk analysis for software
Software risk analysis depends on the following: Software itself cannot cause harm. It always happens via hardware or people. However, this does not mean there is no need for risk analysis in software. The opposite is the case!
Software unit: specifying and testing according to IEC 62304
The term software unit is defined in IEC 62304. Many manufacturers experience difficulties when specifying and testing these software units. This article gives you tips on how to avoid them.
DetailsFDA MAUDE database: Input for risk management
The FDA MAUDE database provides information on the “Manufacturer and User Facility Device Experience.” It thus corresponds roughly to the database used by the BfArM to publish manufacturer reports on risks.