Understanding the FDA guideline on 'Off-The-Shelf Software Use in Medical Devices' and the pitfalls that are associated with using OTS software

Off-the Shelf (OTS) software is often incorporated into medical devices as the use of general-purpose computer hardware becomes more prevalent. The use of OTS software allows medical device manufacturers to concentrate on the application software needed to run device-specific functions; however, this software may not be appropriate for use in critical medical devices. To address the many questions asked by medical device manufacturers concerning OTS software, the FDA published a guidance document in 1998. This guidance document covers the issue of adequate control and documentation of OTS software used in critical medical device systems, as well as outlines a disciplined method for evaluating and documenting OTS software. It is based on three major tenets: 1) An OTS software component may not pose a greater hazard than the entire system it is imbedded within. 2) Once it has been established that the system may pose a health or safety hazard, then each component of the system needs to be analyzed to determine the component’s contribution to the overall system hazard. 3) If the component poses a significant hazard, then appropriate hazard abatement steps must be applied. This report provides a documentation checklist to be used in the primary FDA OTS software documentation process. Some common pitfalls in using OTS software are explored and suggested methods for avoidance are recommended. One school of thought is to just use OTS software and hope for the best, and the other school is to pursue trying to obtain quality certification for the OTS software from its source. Obtaining quality certification from an OTS software vendor is like wrestling a 3000-pound gorilla! Neither of these extremes is the right approach. This presentation will recommend the approach that should be taken on the use of OTS software must be based on software engineering principles and common sense.

Areas Covered in the seminar:

• The approach to use when evaluating OTS software
• FDA Definition of OTS software
• Types of OTS software
• What are Minimal Hazards?
• What are Significant Hazards?
• The steps required to meet the FDA guidelines for the use of OTS software
• Documentation required by the guidelines
• Pitfalls that can occur in the use of OTS software
• IEC 62304:2006 requirements for using (OTS) SOUP-- software of unknown provenance

What will Attendees Learn:

• How to select OTS software based on software engineering principles and common sense
• FDA definition of OTS software
• FDA major tenet in using OTS software
• Common types of OTS software used by Medical Devices’ companies
• The steps required to evaluate OTS software from a Hazard Analysis standpoint
• Hazard Analysis and Mitigation process for OTS software
• Basic documentation required for OTS software
• The IEC 62304:2006 requirements for using (OTS) SOUP-- software of unknown provenance
• Major Pitfalls in using OTS software
• Learn to walk away from using OTS if the risk is too great

Who Will Benefit:
The designations This webinar will provide valuable assistance to all medical device companies that use OTS software in their product. The employees who will benefit include:

• Software buyers
• Documentation experts
• Quality Assurance experts
• Regulatory affairs
• Risk analysis
• Software architects
• Software engineers
• Software test engineers
• V&V personnel

Instructor Profile
Stan Magee, is president of Software Engineering Process Technology Company, a firm specializing in the implementation of software process technology for U.S. and international corporations and organizations. Mr. Magee is past convener (1999-2002) of WG 7 (Life Cycle Management) for ISO/IEC JTC1 SC 7 (Systems and Software Engineering) standards group. During his tenure the standard ISO/IEC Standard 15288-System Engineering-System Life Cycle Processes, was developed.

He was a U.S. delegate to the International Plenary meetings from 1986 -- 2002. In 1995 he was elected to the IEEE Computer Society Golden Core of 500 people who have significantly served the IEEE Society in standards development over its 50 year history. Mr. Magee is co-author of the books, Guide to Software Engineering Standards and Specifications, Artech House Publishers, 1997, ISBN 0-89006-919-0 and Guide to Standards and Specifications for Designing Web Software, 1998, Artech House Publishers ISBN 0-89006-819-4. He has authored many technical reports relating to software engineering standards issues. In 1997 Mr. Magee was part of a “People to People” quality mission to China and lectured at Shanghai University on software quality standards. He gives seminars on meeting the requirements of ISO 9001/90003 for medical device firms. In 1994 he established a software business and quality system plan, for VNIPI Sport of Moscow, Russia for obtaining ISO 9001 certification. VNIPI is the privatized MIS section of the Russian Olympic Committee. In 2002, Mr. Magee established a plan for the Thailand Government to be in the upper quartile producers of software in the world market place by 2010. Mr. Magee has over 42 years experience in the software field and is considered an expert in the area of software life cycle methodology.

Mr. Magee holds BS from the School of Engineering from Oregon State University and an MBA in International Business from the University of Puget Sound.