Abstract
Software traceability is central to medical device software development and essential for regulatory approval. In order to comply with the regulatory requirements of the medical device industry it is essential to have clear linkages and traceability from requirements – including risks – through the different stages of the software development and maintenance life cycles. The regulatory bodies request that medical device software development organizations clearly demonstrate how they follow a software development life cycle without mandating a particular life cycle. However, due to the traceability requirements of the industry most medical device companies adopt the V-model. Within this chapter we will discuss the importance of traceability to medical device software development, the current state of practice within the industry in relation to traceability and how we feel that traceability could be improved within the industry. The chapter also describes the development and implementation of a medical device traceability software process assessment method (Med-Trace) in two medical device software development organizations. We include these two case studies as one involved a medical device SME based in Ireland and the other a medical device SME based in the UK as we want to illustrate that Med-Trace can be applied within different countries.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
AAMI TIR32:2004: Medical Device Software Risk Management. AAMI, Arlington (2005)
ANSI/AAMI SW68:2001: Medical Device Software – Software Life Cycle Process. AAMI, Arlington (2001)
ANSI/AAMI/IEC 62304:2006: Medical Device Software—Software Life Cycle Processes. AAMI, Arlington (2006)
Automotive SIG Automotive SPICE Process Assessment Ver. 2.2. August 2005
BS EN 60601-1-4:2000 Medical Electrical Equipment, Part 1 – General Requirements for Safety. BSI, London (2000)
Burton, J., Mc Caffery, F., Richardson, I.: A risk management capability model for use in medical device companies. In: International Workshop on Software Quality (WoSQ ’06), Shanghai, China, May 2006. ACM, New York, NY, pp. 3–8
Casey, V.: Virtual software team project management. J. Brazil. Comp. Soc. 16(2), 83–96 (2010)
CMMI Product Team: Capability Maturity Model® Integration for Development Version 1.2. Software Engineering Institute. Pittsburgh, PA (2006)
Damian, D., Moitra, D.: Global software development: How far have we come? IEEE Softw. 23(5), 17–19 (2006)
de Leon, D., Alves-Foss, J.: Hidden implementation dependencies in high assurance and critical computing systems. IEEE Trans. Softw. Eng. 32(10), 790–811 (2006)
Denger, C., Feldmann, R., Host, M., Lindholm, C., Shull, F.: A snapshot of the state of practice in software development for medical devices. In: First International Symposium on Empirical Software Engineering and Measurement, Madrid, Spain, 2007, pp. 485–487
DO-178B: Software Considerations in Airborne Systems and Equipment Certification. RTCA, USA, 1st Dec 1992
Espinoza, A., Garbajosa, J.: A proposal for defining a set of basic items for project-specific traceability methodologies. In: Proceedings of the 32nd Annual IEEE Software Engineering Workshop, Kassandra, Greece, pp. 175–184 (2008)
European Council: Council Directive 93/42/EEC Concerning Medical Devices. Official Journal of the European Communities, Luxembourg (1993)
European Council: Council Directive 2000/70/EC (Amendment). Official Journal of the European Union, Luxembourg (2000)
European Council: Council Directive 2001/104/EC (Amendment). Official Journal of the European Union, Luxembourg (2001)
European Council: Council Directive 2003/32/EC (Amendment). Official Journal of the European Union, Luxembourg (2003)
European Council: Council Directive 2007/47/EC (Amendment). Official Journal of the European Union, Luxembourg (2007)
Feldmann, R.L., Shull, F., Denger, C., Host, M., Lindholm, C.: A survey of software engineering techniques in medical device development. In: Joint Workshop on High Confidence Medical Devices, Software, and Systems and Medical Device Plug-and-Play Interoperability, Cambridge, MA, USA, 25th–27th June 2007, pp. 46–54
GAMP 5:2008: A Risk-Based Approach to Compliant GxP Computerized System. ISPE, Florida (2008)
Gotel, O., Finkelstein, A.: Extended Requirements Traceability: Results of an Industrial Case Study. In: Proceedings of the 3rd International Symposium on Requirements Engineering, Annapolis, MD, USA, 6th–10th Jan 1997, pp. 169–178
Higgins, S.A., de Laat, M., Gieles, P.M.C., Geurts, E.M.: Managing requirements for medical IT products. IEEE Softw. 20(1), 26–33 (2003)
IEC 60812:2006: Analysis Technique for System Reliability – Procedure for Failure Modes and Effects Analysis (FMEA), 2nd edn. IEC, Geneva, Switzerland (2006)
IEC 60880:2006: Nuclear Power Plants – Instrumentation and Control Systems Important to Safety – Software Aspects for Computer-Based Systems Performing Category A Functions. IEC, Geneva, Switzerland (2006)
IEC 62366:2007: Medical Devices – Application of Usability Engineering to Medical Devices. IEC, Geneva, Switzerland (2007)
IEC/TR 61508:2005: Functional Safety of Electrical/Electronic/Programmable Electronic Safety Related Systems. BSI, London (2005)
IEC/TR 80002-1:2009: Medical Device Software Part 1: Guidance on the Application of ISO 14971 to Medical Device Software. BSI, London (2009)
ISO 13485:2003: Medical Devices — Quality Management Systems — Requirements for Regulatory Purposes, 2nd edn. ISO, Geneva, Switzerland (2003)
ISO 14971:2007: Medical Devices — Application of Risk Management to Medical Devices, 2nd edn. ISO, Geneva (2007)
ISO/DIS 26262: Road Vehicles – Functional Safety. ISO, Geneva, Switzerland (2009)
ISO/IEC 12207:1995: Information Technology — Software Life Cycle Processes. ISO, Geneva, Switzerland (1995)
ISO/IEC 15504-5:2006: Information Technology — Process Assessment — Part 5: An Exemplar Process Assessment Model. ISO, Geneva, Switzerland (2006)
Kannenberg, A., Saiedian, H.: Why software requirements traceability remains a challenge. Cross Talk: The Journal of Defense Software Engineering 22(5), 14–17 (2009)
Lee, I., Pappas, G., Cleaveland, R., Hatcliff, J., Krogh, B., Lee, P., Rubin, H., Sha, L.: High-confidence medical device software and systems. Computer 39(4), 33–38 (2006)
Liao, L., Qu, Y., Leung, H.: A software process ontology and its application. In: Workshop on Semantic Web Enabled Software Engineering, Galway, Ireland, Nov 2005
Mason, P.: On traceability for safety critical systems engineering. In: Proceedings of the 12th Asia-Pacific Software Engineering Conference, 2005, Taipei, Taiwan, 15th–17th Dec 2005
Mc Caffery, F., Burton, J., Casey, V., Dorling, A.: Software process improvement in the medical device industry. In: Laplante, P. (ed.) Encyclopedia of Software Engineering, vol. 1. CRC Press Francis Taylor Group, New York, NY (2010a)
Mc Caffery, F., Dorling, A.: Medi SPICE: An overview. In: International Conference on Software Process Improvement and Capability Determinations (SPICE), Turku, Finland, 2nd–4th June 2009, pp. 34–41
Mc Caffery, F., Dorling, A., Casey, V.: Medi SPICE: An update. In: International Conference on Software Process Improvement and Capability Determinations (SPICE), Pisa, Italy, 18–20 May 2010. Edizioni ETS, pp. 195–198 (2010b)
Mc Caffery, F., Taylor, P.S., Coleman, G.: Adept: A unified assessment method for small software companies. IEEE Software – Special Issue SE Challenges in Small Software Organization 24(1), 24–31 (2007)
Medical & Radiation Emitting Device Recalls: FDA. http://www.accessdata.fda.gov/scripts/cdrh/cfdocs/cfres/res.cfm. Accessed 25 Nov 2010 (2010)
Nuseibeh, B., Easterbrook, S.: Requirements engineering: A roadmap. In: International Conference on Software Engineering, Limerick, Ireland (2000), pp. 35–46
Panesar-Walawege, R., Sabetzadeh, M., Briand, L., Coq, T.: Characterizing the chain of evidence for software safety cases: A conceptual model based on the IEC 61508 Standard. In: Third International Conference on Software Testing, Verification and Validation, Paris, 6th–10th Apr 2010, pp. 335–344
Rakitin, R.: Coping with defective software in medical devices. Computer 39(4), 40–45 (2006)
Ramesh, B.: Factors influencing requirements traceability practice. Communications ACM 41(12), 37–44 (1998)
US FDA Center for Devices and Radiological Health: General Principles of Software Validation; Final Guidance for Industry and FDA Staff. CDRH, Rockville (2002)
US FDA Center for Devices and Radiological Health: Guidance for the Content of Premarket Submissions for Software Contained in Medical Devices. CDRH, Rockville (2005)
US FDA Center for Devices and Radiological Health: Off-The-Shelf Software Use in Medical Devices; Guidance for Industry, Medical Device Reviewers and Compliance. CDRH, Rockville (1999)
Wallace, D.R., Kuhn, D.R.: Failure modes in medical device software: An analysis of 15 years of recall data. Int. J. Reliability, Quality, Safety Eng. 8(4) (2001)
Acknowledgments
This research is supported by the Science Foundation Ireland (SFI) Stokes Lectureship Programme, grant number 07/SK/I1299, the SFI Principal Investigator Programme, grant number 08/IN.1/I2030 (the funding of this project was awarded by Science Foundation Ireland under a co-funding initiative by the Irish Government and European Regional Development Fund), and supported in part by Lero – the Irish Software Engineering Research Centre (http://www.lero.ie) grant 03/CE2/I303-1. The research presented in this chapter was partially funded by the ARTEMIS Joint Undertaking of the European Commission, under grant agreement n° 100022 (CHARTER).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Appendix: Sample Scripted Med-Trace Questions
Appendix: Sample Scripted Med-Trace Questions
Question | Source – Software Traceability Literature | Source – Medical Device Standards |
|---|---|---|
What kind of resources are provided for the activity of traceability management? | Ramesh (1998)a | |
Is there a documented procedure in place for traceability? Is training provided on traceability and to what extent is explicit knowledge made available on software traceability | Ramesh (1998)a | |
Implementation of traceability – Forward, Backward Traceability and the Relationship between Requirements (Dependent Requirements), Traceability tracking from the safety perspective and traceability to hazards/risk management | de Leon and Alves-Foss (2006)a |
(continued) | ||
|---|---|---|
Question | Source – Software Traceability Literature | Source – Medical Device Standards |
Where does traceability start – market requirements, product roadmap, system specifications? Where does proper requirement tagging start and how is it documented? Does any tool support this? How is safety classification in traceability achieved? | ||
How is traceability established between System Requirements, Software Requirements, and Software System testing? | Section 5.1.1 (ANSI/AAMI/IEC 62304:2006, 2006)a | |
How are software requirements traceable to system requirements and how is this verified? | Section 5.2.6 (ANSI/AAMI/IEC 62304:2006, 2006)a | |
How is traceability demonstrated between the software requirements and software system testing? | Section 5.7.4 (ANSI/AAMI/IEC 62304:2006, 2006)a | |
What traceability activities are undertaken during the design phase? | Section 3.2 (US FDA Center for Devices and Radiological Health, 2002)a | |
What traceability activities are undertaken during the coding and construction phase? | Section 5.2.4 (US FDA Center for Devices and Radiological Health, 2002)a | |
How are software systems test procedures traced to software and verified? What elements of system test procedures need to be traced? What are the difficulties in tracing? How does updating of results happen and how are they traced? | Section 5.7.4 (ANSI/AAMI/IEC 62304:2006, 2006)a | |
How are risk control measures traced to the software requirements? | Section 7.3.3 (ANSI/AAMI/IEC 62304:2006, 2006)a | |
How is traceability established between the risk control measures implemented in software? | Section 6.3 (ISO 14971:2007, 2007)a | |
The standard IEC 62304 specifies that the manufacturer shall document traceability of software hazards as appropriate: How is such complex traceability achieved? What are the tools available for achieving this? | Section 7.3.3 (ANSI/AAMI/IEC 62304:2006, 2006)a | |
How is traceability undertaken from the software related hazards and the software risk control measures to the corresponding safety-related software requirements and the software items that satisfy those requirements? | Section 3.5 (ISO 14971:2007, 2007)a | |
(continued) | ||
|---|---|---|
Question | Source – Software Traceability Literature | Source – Medical Device Standards |
How is software requirements traceability analysis conducted to trace software requirements to (and from) system requirements to risk analysis results? | Section 5.2.2 (US FDA Center for Devices and Radiological Health, 2002)a | |
What documentation do you use to provide traceability to link together design, implementation, testing, and risk management? | US FDA Center for Devices and Radiological Health (2005)a | |
In a software release, there is usually a process of noting down the known errors/known bugs. Is there a concept of traceability from these known bugs to the requirements or any other technical documentation? | Section 5.1.1 (ANSI/AAMI/IEC 62304:2006, 2006)a | |
How is the process of traceability measured and managed for effectiveness? Is there a way of consolidating feedback periodically on how well this process is performed? | Ramesh (1998)a | |
To what extent has the organization automated traceability? What kind of tools are available which you think are useful for your organization? Have you evaluated them? | Higgins et al. (2003)a, Feldmann et al. (2007)a | |
Rights and permissions
Copyright information
© 2012 Springer-Verlag London Limited
About this chapter
Cite this chapter
Caffery, F.M., Casey, V., Sivakumar, M.S., Coleman, G., Donnelly, P., Burton, J. (2012). Medical Device Software Traceability. In: Cleland-Huang, J., Gotel, O., Zisman, A. (eds) Software and Systems Traceability. Springer, London. https://doi.org/10.1007/978-1-4471-2239-5_15
Download citation
DOI: https://doi.org/10.1007/978-1-4471-2239-5_15
Published:
Publisher Name: Springer, London
Print ISBN: 978-1-4471-2238-8
Online ISBN: 978-1-4471-2239-5
eBook Packages: Computer ScienceComputer Science (R0)