Zertifizierung eines Werkzeugs nach IEC 62304 nur ein

Zertifizierung eines Werkzeugs nach IEC 62304 – nur ein Traum? Sven Wittorf und Daniel Morris

Warum interessiert uns das Thema? Medsoto Gmb. H Villa Rheinburg Reichenaustraße 1 78467 Konstanz http: //www. medsoto. de/ Email: info@medsoto. de Bildquelle: villa-rheinburg. htwg-konstanz. de

ü 2004 Founded with Groundbreaking Vision ü 2005 First Unified, 100% Browser-Based ALM ü 10 Years Focus on Unlocking Synergies: • Real-Time Collaboration • Intuitive UI • Full Traceability 250+ 2. 5+M 200+ Fortune 1000 Deployments Users Extensions 15 K Registered Community Members

Warum interessiert Sie das Thema?

„Ist dieses Tool validiert? “ Auditor Tool-Hersteller /Berater Medizinprodukte. Hersteller

Nur ein Traum …? „Liebe Freunde, diese Geschichte hat einen entscheidenden Fehler – etwas entscheidendes fehlt, nämlich …“ Bildquelle: sueddeutsche. de

Anforderungen an Software-Tool-Validierung ISO/DIS 13485: 2014 4. 1. 6

Anforderungen an Software-Tool-Validierung “The organization shall document procedures for the validation of the application of computer software used in the quality management system, including production and service provision. Such software applications shall be validated for their intended use prior to initial use, and after any changes to such software and/or application. Records of such activities shall be maintained. […]” ISO/DIS 13485: 2014 4. 1. 6

Anforderungen an Software-Tool-Validierung “[…] NOTE Computer software can be used to implement, monitor, measure, or analyze the quality management system. Computer software can be used but is not limited to product design, testing, production, labelling, distribution, inventory control, data management, complaint handling, equipment calibration and maintenance, corrective action or preventive action. ” ISO/DIS 13485: 2014 4. 1. 6

Anforderungen an Software-Tool-Validierung “[…] For each application of computer software used in the quality management system, the organization shall determine and justify the specific approach and the level of effort to be applied for software validation activities based on the risk associated with the use of the software. […]” ISO/DIS 13485: 2014 4. 1. 6

Anforderungen an Software-Tool-Validierung FDA Guidance: General Principles of Software Validation

Anforderungen an Software-Tool-Validierung “ 2. 1. APPLICABILITY This guidance applies to: [. . . ] • Software used in implementation of the device manufacturer's quality system (e. g. , software that records and maintains the device history record). […] ” FDA Guidance: General Principles of Software Validation

Anforderungen an Software-Tool-Validierung “SECTION 2. SCOPE […] Based on the intended use and the safety risk associated with the software to be developed, the software developer should determine the specific approach, the combination of techniques to be Used, and the level of effort to be applied. […]” FDA Guidance: General Principles of Software Validation

Begriff „Validierung“ ISO 9000: 2000 • Bestätigung durch Bereitstellung eines objektiven Nachweises, dass die Anforderungen für einen spezifischen beabsichtigten Gebrauch oder eine spezifische beabsichtigte Anwendung erfüllt worden sind IEC 60601 -1 • Vorgang der Beurteilung eines PEMS oder einer Komponente eines PEMS während oder am Ende des Entwicklungsprozesses, um festzustellen, ob es die Anforderungen für seine beabsichtigte Verwendung erfüllt. FDA: General Principles of Software Validation • confirmation by examination and provision of objective evidence that software specifications conform to user needs and intended uses, and that the particular requirements implemented through software can be consistently fulfilled

Begriff „Validierung“ ISO 9000: 2000 • Bestätigung durch Bereitstellung eines objektiven Nachweises, dass die Anforderungen für einen spezifischen beabsichtigten Gebrauch oder eine spezifische beabsichtigte Anwendung erfüllt worden sind g n u r idie t k u d o r l P a n V i e n e s t s IEC 60601 -1 g a i t d h , c s i i s e b w twährend a • Vorgang der Beurteilung eines PEMScoder einer Komponente eines PEMS s h i e t b a e Anforderungen n N oder am Ende des Entwicklungsprozesses, um festzustellen, ob esndie e r g i d e e r v i e ü t für seine beabsichtigte Verwendung erfüllt. f g k t s e f Obj Prozes auerha der auch d o FDA: General Principles of r. Software Validation Geb • confirmation by examination and provision of objective evidence that software specifications conform to user needs and intended uses, and that the particular requirements implemented through software can be consistently fulfilled

Black-box Sicht Erfordernisse Anforderungen White-box Sicht Lösungsraum Problemraum Ebenen von „Anforderungen“ Spezifikationen

Validierung vs. Verifikation Validierung (in der Betriebsumgebung) Verifikation (am Endprodukt) Verifikation (entwicklungsbegleitend) Erfordernisse Anforderungen Spezifikationen

In der Praxis – Medizintechnik eine einfache Tabelle pro Tool ein Dokument pro Tool ein eigenes Projekt eine eigene Ressource

Einfluss von Tools auf die Sicherheit des Patienten Medizinprodukt (Software) beeinflusst erstellt Software. Tool beeinflusst Mediziner/ Anwender bedient Hersteller behandelt Medizinprodukt (PEMS) erstellt Patient behandelt

Einfluss von Tools auf die Erstellung eines Produktes Entwicklung Anforderungen Design Produktion Baumustertest Komponententest Umsetzung Serienspezifikation Endtest Serienproduktion Zulieferkomponenten

“If I feel like my song is sung, I don’t care if it’s short!” Bildquelle: kbrocking. com

GAMP Good Practice Guide: Testing of Gx. P Systems

GAMP Software Categories 1 Operating Systems 2 Firmware 3 Standard Software Packages 4 Configurable Software Packages 5 Costum (Bespoke) Software

Test Framework for Standard Software Packages (Cat. 3) GAMP Good Practice Guide: Testing of Gx. P Systems, Fig. 2. 6

Test Framework for Configurable Software Packages (Cat. 4) GAMP Good Practice Guide: Testing of Gx. P Systems, Fig. 2. 7

Test Framework for Custom (Bespoke) Software (Cat. 5) GAMP Good Practice Guide: Testing of Gx. P Systems, Fig. 2. 8

Functional Safety 1884 20 th Century Today

Basic standards of certification

Basic standards of certification – IEC 61508 IEC 61511 IEC 62061 ISO 13849 IEC 61513 IEC 62138 IEC 60880 EN 50156 -1 DIN EN 50126 DIN EN 50128 DIN EN 50129 ISO 25119 ISO 26262

Basic standards of certification – ISO 26262 Terms Management Guidelines Concept Software Manufacturing & Usage Supporting Processes System Requirements ASIL & Safety Analysis Hardware Guidelines

ISO 26262 – Part 6 • Part 6: Product development at the software level - Initial Requirements for Software Development in Production Level - Specification of SW Safety Requirements - Architecture & Design - SW Unit Design & Implementation - SW Unit Test - SW Integration and Integration-Test - Verification of SW Safety Requirements

ISO 26262 – Part 8 • Part 8: Supporting Processes - Chapter 11: Confidence in the use of software tools - Interfaces within distributed development Specification & Management of safety requirements Configuration management Change management Verification Documentation Confidence in the use of software tools Qualification of SW components Qualification of HW components Proven in use argument

What is certified?

Polarion ALM - Components Requirements Management Test & Quality Management ALM RM QA Variant Management ALM Issue & Defect Management Change & Configuration Build & Release Management Resource Management Audits, Metrics, & Reports

Polarion ALM - Architecture

Certification Roadmap

First Thoughts What are the customers pains? • The process of tool validation is very unclear. • What is the risk of non compliant tools in use? • What is the difference to other Tools?

1 - The Reason For the Users • An OEM delivering components relevant for the functional safety of a vehicle is required to fulfill the requirements of ISO 26262. • Developing own Tools is very time consuming. • The qualification of bought tools is very time consuming. For Us • Increased attractivity • Increased Trust

2 - Preconditions The qualification is a deep check of the tool. Before start, beginning of 2012: • Definition of scope and target • Definition of basic norms/standards Creation of required work products • Software Tool Specification Plan • Documentation of Polarion ALM • Software Tool Classification Analysis • And many more…

3. 1 – Required Elements • Artifacts ‑ Requirements ‑ Tests • Attributes ‑ Creation Date ‑ Priority ‑ etc. • Dependencies • Processes

3. 2 – Work Products – Documents Templates for: ‑ Requirement Specifications ‑ Test Plans ‑ Undefined others For customizable documents and external storage according to required standards.

3. 3 – Proof of correct data • History & Traceability ‑ Audit Trail • Metrics ‑ ‑ Compliance Dependencies & Coverage

Examined Use Cases The following Areas have been checked: ‑ Project Administration ‑ ‑ Project & Access Configuration Working with Documents § Creation & edit § Search § Configuration § Collaboration § User management § Reuse § Permissions § Moving & rename § Export Working with Work Items ‑ Creation of Wiki Pages § Creation & edit § Linking § Create & edit § Management § Dynamic content § Export § History Baseline Management ‑ Tool Development

The Result

Results • ISO 26262 Template ‑ ‑ ‑ Hazards Safety Goals Safety Requirements • Certification Template ‑ ‑ All Use Cases included Base for any other certification • Trusted Tool Certification

The Certificate

IEC 62304 – Software Lebenszyklus Prozesse

Im Tool: Artefakte anpassen

Im Tool: Linkmodell anpassen

Im Tool: Reports generieren

Überprüfung der Umsetzung (Verifikation)

Überprüfung der Tauglichkeit (Validierung) Use Case 1 Use Case 2 Use Case 3 … Use Case n

„Zertifizierung“ eines Tools nach IEC 62304 – Fazit Vorgaben Tool. Konfiguration Tool. Verifikation Use Cases Validierung

Fragen?

Danke! Dipl. -Ing. Sven Wittorf, M. Sc. (sven. wittorf@medsoto. de) Geschäftsführer, Medsoto Gmb. H Daniel Morris (daniel. morris@polarion. com) Professional Services, Polarion Software Gmb. H Hinweis zu Bildquellen: sofern nicht anders angegeben, wurden die in dieser Präsentation verwendeten Bilder von 123 rf. com bezogen.