Parasoft provides automated quality systems to help companies achieve FDA software compliance. It offers integrated defect prevention and detection technologies like static code analysis, dynamic analysis, code inspections, and automated unit testing. These technologies automate various software validation best practices recommended by the FDA. Parasoft's solutions can find bugs, analyze code quality, review code, generate test cases, track testing coverage, and manage the software development lifecycle to improve quality and ensure traceability.

1. Parasoft Quality Systems
Automated Processes for FDA Software Compliance
2011

2. FDA Verification & Validation
“Software validation is accomplished through a series of
activities and tasks that are planned and executed at various
stages of the software development life cycle”
“Developers should use a mixture of methods and techniques
to prevent software errors and to detect software errors”
Software Testing
Static Analysis
Dynamic Analysis
Code Inspections
Walkthroughs
Others…
Parasoft Proprietary and Confidential

3. Parasoft Test
A Broad set of integrated defect prevention and
detection technologies for C, C++, Java, .NET
and SOA
Automates the validation practices named in the
FDA's General Principles of Software Validation,
including:
Static code analysis - coding standards, data flow, metrics.
Dynamic analysis - unit/component testing, integration testing,
functional testing, memory error detection, continuous regression
testing.
Coverage analysis - Multiple coverage metrics
Peer review (and document review) process automation
Parasoft Proprietary and Confidential

4. Parasoft Test – Static Analysis
Pattern-Based Static Analysis
Increases productivity by preventing errors
Extensive breadth of rules
Over 1,700 for C/C++
Over 1,000 for Java
Over 700 for .NET
Parasoft Test rule quality based on over 20 years of research
Graphical interface for custom rule creation and customization
Extensive security Ruleset for (PCI, OWASP, Sun Java Security…
Flow-Based Static Analysis
Find bugs
Deep, multi-file path analysis
Very low false positives
Metrics Analysis
Finds complex code prone to errors
Directly pinpoints areas of code/application prone to errors
Large breadth of metrics available
Parasoft Proprietary and Confidential

5. Implementation of Static Analysis
1 Chose Rulesets and workflow
3 Cross-reference with source
2 Scan Code
4 Deliver Results
Parasoft Proprietary and Confidential

6. Results within IDE
2 Directly access line of code to fix
3 Check-in
1 Results delivered as uniform view within IDE
Parasoft Proprietary and Confidential

7. Parasoft Test – Code Review
Automated infrastructure for peer code review
Language independent, works in all development
environments
Ada, Fortan, Perl, SQL, etc…
Pre check-in code review
Code reviewed prior to check into source
Post check-in code review
Automatic creation of a code review session for the code
checked into source but not reviewed
Guarantees 100% code review for new or modified code
Full traceability of code review sessions
Prioritization and categorization of issues found
Parasoft Proprietary and Confidential

8. Implementation Code Review – Post Check
Author
1 Check in code
2 Scan and analyze code
Reviewer
3 Review code within IDE
4 Review/Suggest changes
Parasoft Proprietary and Confidential

9. Parasoft Test – Unit Testing
Maintenance of test suites
Assertions in unit test suites maintained on a daily basis to keep
test suites in-sync
Workflow to achieve this is fundamental
Automatic creation of unit test cases from code
Out of the box coverage 50-60%
Ideal for the creation of baseline test suites
Support for stubs and mock objects
Ability to capture or create repositories of initialized objects ready to be used in
unit test cases
For embedded systems, execution on target (C/C++)
Parasoft Proprietary and Confidential

10. Parasoft Test – Coverage Analysis
Full application analysis
Reports combined coverage of executed code as test suites
are executed
Unit testing coverage analysis
Reports combined coverage of entire unit test suite
Target execution coverage
Reports on both target and host coverage
Combined coverage of both unit test suites and functional test
suites
Multiple types of coverage analysis
Line
Path
Branch
Statement
More…
Parasoft Proprietary and Confidential

11. Implementation of Unit Testing
1 Creation of unit test cases in IDE (auto or manual)
5 Deliver results within IDE
4 Cross reference
2 Check into Source
3 Execute nightly
Parasoft Proprietary and Confidential

12. Policy Driven Compliance
Productivity
Verification
Traceability
More V&V Policies in Part2!
Parasoft Proprietary and Confidential

13. Parasoft Concerto = FDA Compliance
A closed-loop process to manage and improve the software
development lifecycle
Manage By Exception
3
Control the Process Analyze and Improve
Manage the Process 1 2 4
Parasoft Proprietary and Confidential

14. FDA Reports
Parasoft Proprietary and Confidential

15. Questions?
For More Information…
Web:
http://www.parasoft.com (Look for FDA Validation)
Contact:
support-psa@parasoft.com
Parasoft Proprietary and Confidential