This document discusses FDA regulations for medical device software and how Parasoft Concerto can help with compliance. It notes that many medical device recalls are due to software defects introduced after release. The FDA provides guidance on software validation best practices including verification activities throughout the software development lifecycle (SDLC) and requirements traceability. Parasoft Concerto implements these practices by automating processes, providing visibility into activities, and enabling traceability between requirements, code, tests and validation scenarios. It also allows managing the software development process through policy-driven compliance checks.

1. Parasoft Quality Systems
Automated Processes for FDA Software Compliance
2011

2. Why the need for Regulation?
FDA Analysis Reveals:
3,140 Medical Device Recalls (1992-1998)
242 (7.7%) attributable to Software Failures
192/242 (79%) caused by software defects introduced
when changes were made to the software after release
Software Validation Best Practices
A principle means of Avoiding such Defects &
Resultant Recalls

3. FDA Guidance on Software Compliance
“General Principles of Software Validation”
Based on generally recognized software validation
principles
Lists elements acceptable to FDA for Software Validation
Recommends conducting Verification Activities throughout
the SDLC
Recommends integration of SDLC Mgt & Risk Mgt activities

4. FDA Verification & Validation
Software Verification
Software Development Output meets Input Requirements
Software Testing
Static Analysis
Dynamic Analysis
Code Inspections
Walkthroughs
Others…

5. FDA Verification & Validation
Software Validation
The Software consistently fulfills all of the requirements,
which in turn meet the end users needs
Traceability
“…the validation of software typically includes evidence that all software
requirements have been implemented correctly and completely and are
traceable to system requirements”
Visibility
“A conclusion that software is validated is highly dependent upon
comprehensive software testing, inspections, analyses, and other
verification tasks performed at each stage of the software development
life cycle”

6. FDA Compliance – Summary
A set of Effective Software Verification Activities
Should be performed Throughout the SDLC
Outside Visibility into these regular Activities (Audit)
Full Requirements Traceability
Effective Regression Tests for Post-Release Code Changes
Data Collection, Correlation & Report Generation (Audit)
Process Improvement
Integration of SDLC Management and Risk Management

7. One Final Consideration…
“FDA Worried That Class I Recall Jump
Reflects Industry Rush To Market”
Article preview from "The Gray Sheet"- May 24, 2010
“A recent spike in Class I medical device recalls has led
FDA to question whether manufacturers are sacrificing
quality to rush products to market”

8. Parasoft Concerto = FDA Compliance
Processes and best practices that assists organizations to meet
FDA guidelines and medical device industry standards for
software development
1

9. Working Within IDE
Deliver Tasks and Monitor Work

10. Project Overview
Will it have the right functionality? on budget? project on time?
Is your project Is your

11. Parasoft Concerto = FDA Compliance
Processes and best practices that assists organizations to meet
FDA guidelines and medical device industry standards for
software development
Control the Process
Manage the Process 1 2

12. Iteration Overview
Real-Time Traceability

13. Traceability – Natural Workflow
Automated Traceability: Requirements are correlated to Tasks
Tasks are correlated to Code… & Automated Tests… & Validation Scenarios

14. Parasoft Concerto = FDA Compliance
Policy-Driven FDA Compliance allows you to
manage the process by exception
Manage By Exception
3
Control the Process
Manage the Process 1 2

15. Policy Driven Compliance
Productivity
Verification
Traceability
More V&V Policies in Part2!

16. Policies for SDLC Management
Will it have the right functionality?
Red = Exception: Take Action
Is you project on time?
Yellow = Warning
Is your project on budget?
Green = On Track

17. Policies for Risk Management

18. Software Development Process Improvement
A closed-loop process to manage and improve the software
development lifecycle
Manage By Exception
3
Control the Process Analyze and Improve
Manage the Process 1 2 4

19. Real-Time FDA Process Compliance
FDA Software Validation Compliance
Verification and Validation
Best Practices, Visibility & Traceability
Parasoft Concerto, the infrastructure for FDA compliance
plus real-time data that tracks:
Is your project on time?
Is your project on budget?
Will it have the right functionality?
Will it work?
Parasoft Proprietary and Confidential