Formal method demonstrating validity of a claim by providing a convincing argument supported by evidence. It is risk based and uses the scientific method to help discuss and draw conclusions based on statistical measurements of the reliability of the system. Assurance case addressing safety is a safety case.
Vip Mumbai Call Girls Kalyan Call On 9920725232 With Body to body massage wit...
Assurance Cases: Medical Device Summit West, San Francisco, CA. June 13, 2013
1. Assurance Cases
Medical Device Summit West, San Francisco, CA.
June 13, 2013
Erik Hilliard, Director of Business Development
2. What we do:
o System development and test
Software and Electronics Experts
Any Phase
o Risk planning and hazard identification
o DHF Remediation
o Project Rescue
o Quality System Consulting
300+ Projects, 100+ Clients
Who is Sterling?
ISO 13485
FM 543438
Registered
IEC 62304 Compliant
Your Partner in Medical Device Development
There when you need us!
3. Assurance Cases Background
• Based on the new draft guidance for Infusion Pumps
from the FDA, manufacturers recommended to use
assurance cases (report) to demonstrate substantial
equivalence.
• FDA expects technology changes… Under 513(i)(1)(A)
of the Act, demonstrate new or changed device is as
safe and effective as predicate
• Use of assurance cases is used to organize and dictate
the content of 510(k) premarket submissions for
infusion pumps to satisfy this requirement
4. Assurance Case
• Formal method demonstrating validity of a
claim by providing a convincing argument
supported by evidence
• It is risk based and uses the scientific method
to help discuss and draw conclusions based on
statistical measurements of the reliability of
the system.
• Assurance case addressing safety is a safety
case
5. Elements of an Assurance Case
• Claim
– Statement about property of system (a requirement…)
• Evidence
– Information demonstrating validity of claim
• Argument
– Links the evidence to the claim… Arguments may introduce sub-
claims
• Presentation of Information Already Gathered?
– System Architecture (Hardware and Software + Integration)
– Do your Design Outputs Meet the Design Inputs?
– Change Tracking and the Effect of those Changes on Design?
6. Hazard Analysis
The assurance cases starts with the analysis of hazards or
hazardous situations.
• Mitigated hazard or situation = Claim
• What makes the system safe?
• Extrapolate those properties into safety requirements
• Supported in Different Formats
– Narrative
– Graphical
– Tabular
7. Evidence
• Types
– Requirements Validation
– Requirements Satisfaction
– Requirements Traceability
• Is
– Test Data
– Results of experiment
– Analysis
– Compliance with Standards
9. Arguments
• Linkage
– Links the Evidence to the Claim
• Description of what is being proved (the
claim)
• Identify Items of Evidence along with the
Reasoning (Conclusion)
• May introduce sub-claims (which will require
more evidence and arguments)
• State the Assumptions!
10. Logical Schema Approach
• As detailed by Richard Chapman, FDA
• Each claim;
– must have at least 1 child argument
– can have zero or more subsidiary child claims
– must have no child evidence
• Each argument
– Must have one or more parent claims
– Must have one or more child evidence
– Can have zero or more child claims
• Each bit of evidence
– must have one or more parent arguments
– must have no child evidence, child claims or child arguments
11. Example
• Battery Power Nearing Exhaustion
– Claim : Multi-Level Warnings Based on Time Remaining
• First Warning with x minutes to go
• Second Warning with y minutes to go
• Final Alarm at exhaustion; possible switchover to reserve battery
– Evidence
• System Verification Test
• User Impact Test
– Arguments – Ensuring the Evidence covers the Claim for Multiple
Potential Causes
• Battery Profile Change – Level of Charge/Discharge Changes over Time
• Different Use Scenarios
12. Battery Safety Assurance
ARGUMENT
First level notification/warning
allows user ample time to
charge batteries/connect to line
power.
CLAIM
Warning Shall Occur
When Battery
Remaining is < X but >
Y
EVIDENCE
User Impact Testing
showed user reacted to
warning to rectify issue
ARGUMENT
Multiple Batteries Used With
Differerent Ages Will Show Battery
Usage Does Not Affect the Trigger
of the Alarm
EVIDENCE
System Verification Test
IDs xyz123, xyz124,
xyz125
CLAIM
Higher Priority
Warning Shall Occur
When Battery
Remaining is < Y but > Z
ARGUMENT
Different Load Usage Will Show
Battery Usage Does Not Affect the
Trigger of the Alarm
EVIDENCE
System Verification Test
IDs abc123, abc124,
abc125
13. Risk Management and Assurance
Case
• Assurance Case is a methodology that has a
set of disciplines to structurally demonstrate
that a safety claim is fulfilled.
• Risk Management is a systematic life cycle
process to identify, control, and evaluate
safety risks (as defined by your QMS).
14. Tools to Help: GessNet
GessNet provides a powerful all-in-one environment to develop and
maintain risk management file through the product life cycle,
and integrate safety assurance case into the risk management
process.
15. Erik Hilliard
Director of Business Development
Sterling Medical Devices
201-227-7569 x155
ehilliard@sterlingmedicaldevices.com
www.sterlingmedicaldevices.com
Assurance Cases
Editor's Notes
Act is Federal Food, Drug, and Cosmetic Act
2nd bullet – … and does not raise different questions of safety and effectiveness than the predicate device
An assurance case is a formal method for demonstrating the validity of a claim by providing a convincing argument together with supporting evidence.
Claim – … or subsystem
Evidence - This can include facts (e.g., based on observations or established scientific principles), analysis, research conclusions, test data, or expert opinions.
Argument - Arguments can be deterministic, probabilistic, or qualitative. The argument will describe what is being proved or established (i.e., the claim(s)), identify the items of evidence you are appealing to, and the reasoning (inference, rationale) that the evidence is adequate to satisfy the claim. Arguments may also introduce sub-claims or assumptions which require further exposition, as the preceding examples illustrate.
Your premarket notification should clearly describe the method used to analyze the hazards and each hazardous event mitigation.
What properties of the system make it safe?
Section 6A: Operational Hazards
19 Section 6B: Environmental Hazards
20 Section 6C: Electrical Hazards
21 Section 6D: Hardware Hazards
22 Section 6E: Software Hazards
23 Section 6F: Mechanical Hazards
24 Section 6G: Biological and Chemical Hazards
25 Section 6H: Use Hazards
Types - Complete and Accurate to All have been met than traced to development and continued analysis throughout
Support
Single – One premise supports
Linked – Several premises interdependent as a group
Convergent – Several premises each separately support