The CDRH Software Message(October 19, 2002)
John F Murray Jr..
Center for Devices & Radiological Health
US Food and Drug Administration
Mr. John F Murray Jr.
• Mr. Murray currently serves as the:– Software and Part 11
Compliance Expert– Office of Compliance– Center for Devices and
Radiological Health (CDRH)
– US Food and Drug Administration.
Mr. John F Murray Jr.
• In this position Mr. Murray is the primary advisor to the Director of the Office of Compliance in the areas of:– Software validation– Software policy– Software classification and – Part 11 compliance issues.
• He is also responsible for: – the software standards program and – the software engineering training program at CDRH.
Mr. John F Murray Jr.
• Mr. John F Murray Jr. joined the FDA in March 1994. • Prior to becoming an FDA staffer, he was:
– A qualified Reactor Operator with United States Navy Submarine Fleet
– A Computer Field Engineer with Telex Computer Products– An Electronics and Software Engineer with The General
Dynamics Corporation and a– Systems Engineer at Technology Management & Analysis
Mr. John F Murray Jr.
• Prior to joining the Office of Compliance in June 2001, Mr. Murray served as the Team Leader for Software and Intelligent Medical Devices with the United States Food and Drug Administration, Rockville, MD.
• Mr. Murray is the primary Advisor to the Chief of the Medical Electronics Branch in the areas of software engineering, software safety and software standards.
Mr. John F Murray Jr.
• The software team is responsible for:– Maintaining the technical foundations that are required for
the regulation of medical device software. – Regulatory decisions regarding the safety and effectiveness
of medical device software are based on engineering and scientific foundations.
– Software Standards is one example of these engineering
foundations.
Mr. John F Murray Jr.
• Mr. Murray is chairperson for the FDA Software Standards Technical Group (STG). – The Software STG is responsible for review and recognition
of software engineering standards for use in the regulatory
process.
• Mr. Murray also serves as Co-Chair of the AAMI
Software Committee.
Mr. John F Murray Jr.
• Mr. Murray earned a:– BS Degree in Electrical Engineering from George
Mason University– MS Degree in Computer Science from Rensselaer
Polytechnic University (RPI).
The CDRH Software Message
John F Murray Jr..
Center for Devices & Radiological Health
US Food and Drug Administration
Public Health and Software
The Quality of Pubic Health is highly dependent on the Quality of Medical Software
i.e. Medical Device Software, Clinical Information Systems, Hospital Information Systems, Manufacturing Systems etc
What type of Quality do we Want?
To get some perspective lets try what I call the YB scale. [yugo vs. bmw]
I ask the following questions:
Where would Microsoft be on this scale?Where do we want our software quality to be?Where do you want your software to be?
Do the regulations recognize this need
Yes they do:
21 CFR 820.30
21 CFR 820.30 (a) (2) (i)
21 CFR 820.30 (g)
21 CFR 820.70 (i)
21 CFR 820.30 Design Controls
• Each manufacturer of any Class II or Class III device, and the Class I devices listed in paragraph (a)(2) of this section, shall establish and maintain procedures to control the design of the device in order to ensure that the specified design requirements are meet.
21 CFR 820.30 (a)(2)(i)
• Class I – The following Class I devices are subject to
design controls:• Devices automated with computer software
21 CFR 820.30 (g)
• Design validation shall include software validation and risk analysis where appropriate
21 CFR 820.70 (i)
• Automated processes– When computers or automated data processing
systems are used as part of production or the quality system, the manufacturer shall validate computer software for its intended use according to an established protocol. All software changes shall be validated before approval and issuance. These validation activities shall be documented.
Software is Different
Traditionally not engineered, but crafted
Not physics based
Easy to change or is it?
Does not fail the hardware way.
etc
What is the goal?
• By Law: Medical Devices must be reasonably safe and effective
• By default: Software must be safe and effective
Safe and Effective
• It depends!
• Cannot be easily defined
• What is safe and effective software– Software Engineering– Risk Management– Quality System
Conclusion
• The law and regulations are written in broad terms
• Software should be engineered using:– Software Engineering– Risk Management– Quality System
This is the CDRH Software Message
Keys to Success
• Avoid denial• Make a plan• Document your activities • Remember the three A’s of meeting the
regulatory requirement– Activities– Attributes– Artifacts