Guest Speaker Paul Jones works at FDA in the Center for Devices and Radiological Health, Office of Science and Engineering Laboratories (OSEL). He serves as an in-house consultant on regulatory matters involving medical device software system safety, software engineering, risk management, and safety assurance cases

Course Description:

Managing software risk in medical devices is critical and challenging. While the risk management standard ISO 14971 provides a process framework and is FDA recognized for medical device risk management, its practical implementation for software applications can be difficult and confusing. The FDA has issued number of guidance documents related to software risk management over recent years, such as those on mobile medical applications, cybersecurity devices, and infusion pump total product life cycle.

This seminar on medical device software risk management aims to address the following questions:

  • How can a medical device manufacturer or healthcare information system provider overcome these technical as well as regulatory compliance challenges?
  • What are the resources and tools available?
  • What are the industry’s best practices?
  • What are FDA’s latest updates on medical device software best practices?

During this two day course, the instructor will also introduce the standards and guidance relevant to medical device software, discuss the FDA’s updates on software risk management, and provide industry best practices including techniques and tools to achieve compliance and effectively assure medical device software safety.

Learning Objectives:

Upon completing this course on managing software risk in medical device, participants will be able to:

  • Use FDA’s latest research on medical device software best practices
  • Get an overview of software risk management related standards and guidance including:
    • ISO 14971:2007 and EN ISO 14971:2012, IEC 62304 Medical Device Life Cycle Process, IEC TR 80002-1 Application of ISO 14971 for Software
    • FDA Guidance on Mobile Medical Applications, Cybersecurity in Medical Devices, Infusion Pump Total Product Life Cycle
  • Learn techniques and best practices on how to:
    • identify software related risks
    • identify software risk control and mitigation measures
    • assess and evaluate risk contributed/caused by software (pre-market and post-market field issues)
    • assure the completeness and adequacy of risk management
    • communicate risk management information throughout the life of the product
  • Understand key success factors for effective software risk management

Who will Benefit:

This course will be beneficial for the personnel in medical device companies. The following job titles/ positions will benefit from attending this seminar:

  • Software/System Engineers/Managers/Directors
  • QA/RA members/Managers/Directors
  • Risk Management Engineers/Managers/Directors
  • Hospital Biomedical Engineers
  • Hospital Risk Managers
  • Regulators of government or notified bodies
  • Compliance Officers

Topic Background:

Software has increasingly become a critical part of our healthcare system. More and more medical devices have software embedded or interface with another device or healthcare system that has software as an integral part. Fast advancement and broad availability of digital technology, internet, wireless, mobile devices and apps have enabled us to utilize software to process medical and healthcare information that ranges from basic information sharing, connectivity, device/system interoperability and control to health disease diagnostics, clinical decision making, or smart device-driven patient treatments. While we strongly demand and greatly benefit from these medical applications, the complexity of the applications and the healthcare system as a whole is continuously increasing and has introduced new vulnerabilities such as cybersecurity. As a brain to our body, software is the brain of these applications and the healthcare system. The “brain” needs to consider, control and mitigate risks associated. Given the increased complexity of the applications and healthcare system as a whole, medical device software risk management is critical and challenging.

Course Outline:

Day One (8:30 AM – 4:30 PM) Day Two (8:30 AM – 1:00 PM)

Registration Process: 8:30 AM – 9:00 AM

Session Start Time: 9:00 AM

Welcome and Introductions (30 Minutes)

  1. FDA’s research on medical device software best practices (1 hour) [Paul Jones, FDA]
  2. Related Standards and Guidance (2.5 hours) [Fubin]
    • ISO14971:2007 and EN ISO 14971:2012
    • IEC 62304 Risk Management Section
    • IEC TR 80002-1 Application of ISO 14971 for Software
    • Recent FDA Guidance: Mobile Medical Applications, Cybersecurity, Infusion Pump
  3. Characteristics of Software Risk Management (1 hour) [Fubin]
    • Difference between Software and Hardware
    • Uniqueness of Software Risk Management
    • Introduction of Causal Chain
    • Software Risk Assessment and Evaluation Method
  4. Software Risk Identification (1.5 hours) [Fubin]
    • Top Down Analysis – Hazard Analysis, Fault Tree Analysis
    • Bottom Up Analysis – Design FMEA, Function FMEA, Use FMEA
    • HAZOP – Hazard and Operability Analysis
  5. Software Risk Control Measures (30 minutes) [Fubin]
    • Software Life Cycle Process Control Measures
    • Control through Safe Design (e.g. Fail Safe Design)
  6. Software Risk Assessment and Evaluation (30 minutes) [Fubin]
    • Pre-market Risk Assessment
    • Post-market Risk Assessment
    • Software Recalls
  7. Day one Q&As and Wrap Up (30 minutes) [Paul & Fubin]

Welcome (15 Minutes)

  1. Software Risk Traceability Matrix (0.5 hour)[Fubin]
    • Pre-market Establishment – 510(k)
    • Maintenance through Product Life
  2. Software Risk Management Completeness and Adequacy Assurance (1.5 hours) [Fubin]
    • Introduction of Assurance Case
    • Application of Assurance Case on Medical Device Software Risk Management
  3. Cybersecurity Risk Management and Assurance Case (1 hour)[Fubin & Paul]
    • FDA Guidance on Cybersecurity
    • Risk Management and Cybersecurity
    • Application of Assurance Case on Cybersecurity
  4. Overview of Key Success Factors for Risk Management (0.5 hour) [Fubin]
    • People, Process, Information, Techniques and Tools
  5. Final Q&As and Wrap Up (30 minutes) [Paul & Fubin]

Meet Your Instructors

Fubin Wu
Co-founder of GessNet

Fubin Wu is the Co-Founder of GessNet (// He architected and led the development of TurboAC™ risk management & assurance case software, in close communications with FDA - Office of Science & Engineering Lab (OSEL) and Office of Device Evaluation (ODE), and in collaboration with AAMI (Association for the Advancement of Medical Instrumentation), infusion pump manufacturers, hospitals, and industry experts. Fubin has spent over 16 years on medical device quality management systems, hardware/software reliability engineering and risk management, serving various roles from quality engineers to quality managers and quality directors, and working on various medical device platforms – implantable devices and remote monitoring systems at Medtronic, infusion pumps at Hospira, and blood management systems at Haemonetics. He managed numerous FDA inspections as the management representative with no 483 observations indicated.

Fubin has a MS degree in Electrical and Computer Engineering from Oregon Health & Science University (OHSU), and was a software developer at Intel prior to his career with the medical device industry.

Guest Speaker: Paul L. Jones
FDA CDRH Office of Science and Engineering Lab

Paul L. Jones works at the U. S. Food and Drug Administration. He is a Senior Systems/Software Engineer in the Center for Devices and Radiological Health, Office of Science and Engineering Laboratories (OSEL) where he serves as an in-house consultant on regulatory matters involving medical device software system safety, software engineering, risk management, and safety assurance cases. He divides his time between transitioning high confidence software and systems research work into FDA’s regulatory science process and national and international standards development, and managing OSEL’s software lab.

Prior to joining FDA, Mr. Jones worked in industry for 20 years gaining extensive experience in systems/software engineering developing business systems, operating systems, configuration management systems, and quality assurance systems.

Mr. Jones earned a MS degree in Computer Engineering from Loyola College in 1999 and BSE degree in Naval Architecture and Marine Engineering from the University of Michigan in 1974.

Register Now

Online using Credit card

Get the Invitation
Pre-Register yourself and get the official Invite when venue and dates are announced for this seminar.
Call here to register +1-888-717-2436 or email at

Other Registration Option

By order form / PO#

Payment Mode

By Check -
Pay your check to (payee name) “MetricStream Inc” our parent company and Mail the check to:

ComplianceOnline (MetricStream, Inc),
2479 East Bayshore Road Suite 200
Palo Alto, CA 94303

By Wire -

Register / Pay by Wire Transfer

Please contact us to get details of wire transfer option.

Terms & Conditions to register for the Seminar/Conference/Event

Your Registration for the seminar is subject to following terms and conditions. If you need any clarification before registering for this seminar please call us @ +1-888-717-2436 or email us @

Payment is required before 2 days of the date of the conference. We accept American Express, Visa and MasterCard. Make checks payable to MetricStream Inc. ( our parent company)

Cancellations and Substitutions:
Written cancellations through fax or email (from the person who has registered for this conference) received at least 10 calendar days prior to the start date of the event will receive a refund — less a $200 administration fee. No cancellations will be accepted — nor refunds issued — within 10 calendar days from the start date of the event.

On request by email or fax (before the seminar) a credit for the amount paid minus administration fees ($200) will be transferred to any future ComplianceOnline event and a credit note will be issued.

Substitutions may be made at any time. No-shows will be charged the full amount.

We discourage onsite registrations, however if you wish to register onsite payment to happen through credit card immediately or check to be submitted onsite. Conference material will be given on the spot if it is available after distributing to other attendees. In case it is not available we will send the material after the conference is over.

In the event ComplianceOnline cancels the seminar, ComplianceOnline is not responsible for any airfare, hotel, other costs or losses incurred by registrants. Some topics and speakers may be subject to change without notice.

Attendance confirmation and Documents to carry to the seminar venue:
After we receive the payment from the registered attendee an electronic event pass will be sent to the email address associated with the registrant before 5 working days from the seminar date. Please bring the pass to the venue of the event.

Conference photograph / video:
By registering and attending ComplianceOnline conference you agree to have your photographs or videos taken at the conference venue and you do not have any objections to use these photos and videos by ComplianceOnline for marketing, archiving or any other conference related activities. You agree to release ComplianceOnline for any kind of claims arising out of copyright or privacy violations.

Media Partners


Media Partner Benefits
  • Logo and company data on the event website.
  • Logo on the conference material distributed during the conference.
  • Media Partner’s brochure distributed along with conference material.
  • Logo on all the mailings before and after the event.
  • 10% discount to media partner's subscribers.

Media Partner to do
  • Banner (min 728x90 or 468x60) on the Media Partner website.
  • Insertion of the event in the event calendar, both printed and/or online.
  • Announcement article of the conference on the Magazine and/or Website.
  • Dedicated email blast to all subscribers of Media Partner.
  • Article on the Magazine and/or Website after the conference.

Local Attractions

This Frederick Law Olmsted-designed park, famous for its Swan Boats, has over 600 varieties of trees and an ever-changing array of flowers. It is America's first public garden.

The Boston Public Library was the first large municipally-funded public library in America. It has a central location right in the heart of Copley Square, facing the Trinity Church, easily accessible by taking the Green Line to Copley station (or also near to Orange Line Back Bay stop).

Fenway Park is the oldest Major League baseball park in the United States. Its small, intimate atmosphere really allows you to feel like you are "in the game." The park is situated right in downtown Boston - so it is very accessible if you are visiting the area.

Boston's oldest, largest and best-known art institution, the MFA houses one of the world's most comprehensive art collections and is renowned for its Impressionist paintings, Asian and Egyptian collections and early American art.

The Boston Museum of Science is a long-standing tradition for families in Boston, but that doesn't mean adults won't enjoy themselves too! Their exhibits range from dinosaurs to space travel to wildlife to physics to human biology to an in-depth look at Boston's "Big Dig" project.

This Italian neighborhood, Boston's oldest, is known for its wonderful restaurants and historic sights.

The signal from the steeple of Boston's oldest church triggered the War for Independence that led to the birth of America. On that fateful night in 1775, the two lanterns in the steeple told Paul Revere that the British were approaching by boat, not on foot.

We need below information to serve you better

Best Sellers
You Recently Viewed