ieve's software quality blorg

(for medical device)

A little bit of a plan

September 27, 2024 by ieve
My Research Team (Claude) helped me come up with a plan based on me and my company's gaps. And also they suggested where to focus for next phase milestone / to ensure inputs are captured appropriately:
  1. SDLC Procedure
  2. Software Requirements Management Procedure (outline how requirements are gathered / documented / managed throughout development process, ensure traceability and ensure all requirements are addressed.)
  3. Software Risk Management Procedure (How are software risks identified, analyzed, mitigated - integrated with existing risk system)
  4. Cybersecurity Procedure
  5. Software Configuration Management (how we manage different versions of software including source code, docs, and built artifacts)
  6. Software V&V Plan - What types of testing will be performed, how will we approach V&V
We have a lot of reading to do lol.

Holy Crap - We'd better get started

September 26, 2024 by ieve

Company doing in-house software development for active implantable for the first time. (We have an existing device on market, but software was developed through a contract manufacturer / on their platform.)
There is no one on staff who knows how to do the QMS / QE aspects of software development and maintenance. (We have 2 programmers, 2 software tester guys (totally ignoring hardware development / production here) and they are full speed ahead actually making a product.)

My job... get the thing they're building to market without anybody dying or anyone going to jail.

Luckily I think... if I can focus and get out of sustaining [the current generation product] hell, that I am actually the person for the job. I'm a bit of a jack of all trades, with some comfort in manufacturing/process engineering, electrical design, software development (coding my own crap), IT/linux/server admin, navigating regulations and satisfying (lol) regulators. And there's an opportunity here -- the product development team is so focused on building a "thing" that they aren't thinking about the changes that need to take place in the business (staffing, systems).

So, in a little more detail, we need to build software quality management systems into our business, and ensure our development processes / outputs / sustaining processes are complaint to the relevant "state-of-the-art" standards and guidances.
On one hand, I feel like I have no idea what that entails. But FDA is real serious about it I think. Also about cybersecurity. And this product is coming down the pipe fast, so we better figure it out.