Software as a Medical Device
Second Edition
ix Regulatory Affairs Professionals Society
Challenges With Single-fault Safety of SaMD..........................................................................................................................64
Challenges With Finding Appropriate Risk Control Measures for Software. ...........................................................................65
Strategies for Successful Software Risk Assessment........................................................................................................................66
Strategies for Handling Hazards Causing Indirect Harm..........................................................................................................66
Strategies for Managing Estimation of Probability of Software Errors......................................................................................66
Strategies for Managing Single-Fault Conditions......................................................................................................................67
Strategies for Risk Control Measures in SaMD.........................................................................................................................67
Improving Software Quality............................................................................................................................................................68
IEC 62304..................................................................................................................................................................................68
FDA. ..........................................................................................................................................................................................68
Other Industries. ........................................................................................................................................................................68
Front-loading. ............................................................................................................................................................................68
Semiformal Methods..................................................................................................................................................................68
Failure Assertion Programming.................................................................................................................................................68
Selection of Programming Language. ........................................................................................................................................68
Coding Guidelines. ....................................................................................................................................................................68
Test-Driven Development..........................................................................................................................................................69
Continuous Integration..............................................................................................................................................................69
Conclusion .....................................................................................................................................................................................70
Chapter 7: Security Risk Management. ...........................................................................................................................73
Ben Kokx
Introduction. ...................................................................................................................................................................................73
SaMD Security................................................................................................................................................................................73
Security Risk Management. ............................................................................................................................................................75
Security by Design ..........................................................................................................................................................................75
Threat Modeling..............................................................................................................................................................................76
Vulnerability Handling and Security Monitoring. ..........................................................................................................................76
Total Product Lifecycle. ..................................................................................................................................................................79
Shared Responsibility......................................................................................................................................................................79
Standards.........................................................................................................................................................................................79
Overlapping Legislative Security Requirements. ............................................................................................................................80
Conclusion. .....................................................................................................................................................................................80
Chapter 8: Software Development. .................................................................................................................................83
Coenraad Davidsdochter, MSc
Introduction. ...................................................................................................................................................................................83
Standards and Guidance..................................................................................................................................................................83
Definitions..................................................................................................................................................................................84
Software Development Process. ......................................................................................................................................................85
User Needs. ................................................................................................................................................................................86
Software Development Planning................................................................................................................................................86
Requirements Management. ......................................................................................................................................................87
Architectural Design. .................................................................................................................................................................88
Configuration Management.......................................................................................................................................................88
Design Reviews. .........................................................................................................................................................................88
Safety and Agile. .............................................................................................................................................................................88
Risk Management. .....................................................................................................................................................................88
Gated Development and Agile...................................................................................................................................................90
Usability Engineering.................................................................................................................................................................91
Software Validation. ........................................................................................................................................................................93
Postmarket Activities.......................................................................................................................................................................94
Medical and Nonmedical Software Functions................................................................................................................................95
Software Incorporating AI and/or Machine Learning....................................................................................................................95
Requirements for AI-Enabled Medical Devices. .......................................................................................................................95
Conclusion. .....................................................................................................................................................................................96
Author Acknowledgment................................................................................................................................................................96
Second Edition
ix Regulatory Affairs Professionals Society
Challenges With Single-fault Safety of SaMD..........................................................................................................................64
Challenges With Finding Appropriate Risk Control Measures for Software. ...........................................................................65
Strategies for Successful Software Risk Assessment........................................................................................................................66
Strategies for Handling Hazards Causing Indirect Harm..........................................................................................................66
Strategies for Managing Estimation of Probability of Software Errors......................................................................................66
Strategies for Managing Single-Fault Conditions......................................................................................................................67
Strategies for Risk Control Measures in SaMD.........................................................................................................................67
Improving Software Quality............................................................................................................................................................68
IEC 62304..................................................................................................................................................................................68
FDA. ..........................................................................................................................................................................................68
Other Industries. ........................................................................................................................................................................68
Front-loading. ............................................................................................................................................................................68
Semiformal Methods..................................................................................................................................................................68
Failure Assertion Programming.................................................................................................................................................68
Selection of Programming Language. ........................................................................................................................................68
Coding Guidelines. ....................................................................................................................................................................68
Test-Driven Development..........................................................................................................................................................69
Continuous Integration..............................................................................................................................................................69
Conclusion .....................................................................................................................................................................................70
Chapter 7: Security Risk Management. ...........................................................................................................................73
Ben Kokx
Introduction. ...................................................................................................................................................................................73
SaMD Security................................................................................................................................................................................73
Security Risk Management. ............................................................................................................................................................75
Security by Design ..........................................................................................................................................................................75
Threat Modeling..............................................................................................................................................................................76
Vulnerability Handling and Security Monitoring. ..........................................................................................................................76
Total Product Lifecycle. ..................................................................................................................................................................79
Shared Responsibility......................................................................................................................................................................79
Standards.........................................................................................................................................................................................79
Overlapping Legislative Security Requirements. ............................................................................................................................80
Conclusion. .....................................................................................................................................................................................80
Chapter 8: Software Development. .................................................................................................................................83
Coenraad Davidsdochter, MSc
Introduction. ...................................................................................................................................................................................83
Standards and Guidance..................................................................................................................................................................83
Definitions..................................................................................................................................................................................84
Software Development Process. ......................................................................................................................................................85
User Needs. ................................................................................................................................................................................86
Software Development Planning................................................................................................................................................86
Requirements Management. ......................................................................................................................................................87
Architectural Design. .................................................................................................................................................................88
Configuration Management.......................................................................................................................................................88
Design Reviews. .........................................................................................................................................................................88
Safety and Agile. .............................................................................................................................................................................88
Risk Management. .....................................................................................................................................................................88
Gated Development and Agile...................................................................................................................................................90
Usability Engineering.................................................................................................................................................................91
Software Validation. ........................................................................................................................................................................93
Postmarket Activities.......................................................................................................................................................................94
Medical and Nonmedical Software Functions................................................................................................................................95
Software Incorporating AI and/or Machine Learning....................................................................................................................95
Requirements for AI-Enabled Medical Devices. .......................................................................................................................95
Conclusion. .....................................................................................................................................................................................96
Author Acknowledgment................................................................................................................................................................96