Event Details
16 hours
Combination lecture and classroom exercises
Available on-site at Quality Support Group Facilities
Start date: April 07, 2025
End date: April 08, 2025
Start time: 08:30 a.m. EST
End time: 04:30 p.m. EST
Venue: Quality Support Group Facilities
Directions: Training located at Quality Support Group, 319 Littleton Rd STE 206, Westford, MA 01886. Please plan to arrive 15 minutes prior to the training session start time.
Description
The regulatory landscape for medical device software development is changing dramatically. Beginning in February 2026, device manufacturers must comply with the new FDA Quality Management System Regulation (QMSR) which is based on the ISO 13485 Medical Device Quality Management System Standard. In addition, a recently adopted standard for security risk management (AAMI SW96) adds additional requirements for cybersecurity.
This course provides insight into these changes as well as requirements for safety risk management as defined in ISO 14971 Medical Device Risk Management and IEC 62304 Medical Device Software – Software Life Cycle Process. Also discussed is IEC 62366-1 Medical Devices – Application of Usability Engineering.
This intensive two-day course reflects both current FDA regulations as well as the new FDA QMSR due to take effect in February 2026.
Who Should Attend
Software engineers, project managers, quality managers, software quality professionals, RA/QA staff, and anyone who is interested in learning about cost-effective processes and procedures that will enable their organizations to deliver high quality software-based medical devices that comply with FDA/EU regulations and international standards. This course is also appropriate for people who are new to the medical device industry. Extensive reference documents are available by requesting a DropBox link.
Learning Objectives
Through training participants will learn to develop cost-effective processes and procedures that will enable their organizations to deliver high quality software-based medical devices that comply with FDA regulations and international standards.
Course Outline
Design and Development Processes
The course begins with the Regulatory Roadmap that device manufacturers are expected to navigate. The Design and Development process outlined in both the FDA QSR and in the new QMSR (ISO 13485 Section 7.3) are discussed in detail along with corresponding requirements from IEC 62304 Medical Device Software Lifecycle Processes. Woven into the discussion of Design and Development are numerous examples of Best Practices.
Topics covered include:
- Introduction
- FDA’s new Quality Management System Regulation (QMSR)
- Regulatory Roadmap
- FDA QSR, QMSR, Part 11 and EU MDR
- Process and Product Standards and Guidance Documents
- FDA and EU Medical Device Definitions
- FDA and EU Device Classification
- FDA and EU Regulatory Models
- Guidance Documents and International Standards:
- Medical Device Accessories
- Software-specific Guidance Documents including:
- Premarket Submissions for Device Software Functions
- Off the Shelf Software Use for Medical Devices
- Device Software Functions and Mobile Medical Applications
- Deciding When to Submit 510(k) for Software Changes
- General Principles of Software Validation
- Human Factors Guidance
- ISO 13485:2016 Medical Devices – Quality Management Systems
- IEC 62304: 2015 Medical Device Software – Software Lifecycle Processes
- IEC 62366-1:2020 Medical Devices – Application of Usability Engineering
- Related Regulatory Topics
- Planning for Compliance with QMSR
- Types of Software Regulated by FDA – SaMD and SiMD
- FDA View of Research and Development
- Design and Development Planning
- QSR Requirements
- ISO 13485 Requirements
- IEC 62304 Requirements
- Design and Development Inputs
- QSR Requirements
- ISO 13485 Requirements
- IEC 62304 Requirements
- Detour – Writing Software Requirements
- Requirements Family Tree
- Challenges Expressing Requirements
- Techniques to Improve Requirements
- Design and Development Outputs
- QSR Requirements
- ISO 13485 Requirements
- IEC 62304 Requirements
- Design and Development Reviews
- QSR Requirements
- ISO 13485 Requirements
- IEC 62304 Requirements
- Design and Development Verification
- QSR Requirements
- ISO 13485 Requirements
- IEC 62304 Requirements
- Design and Development Validation
- QSR Requirements
- ISO 13485 Requirements
- Detour – Software Tool Validation
- Validation of Software Development Tools
- Validation of Software used in Manufacturing
- Validation of Software used in QMS
- Design and Development Transfer
- QSR Requirements
- ISO 13485 Requirements
- IEC 62304 Requirements
- Design and Development Changes
- QSR Requirements
- ISO 13485 Requirements
- IEC 62304 Requirements
- Design and Development Files
Safety and Security Risk Management
The similarities and differences between Safety Risk Management (ISO 14971) and Security Risk Management (AAMI SW 96) are discussed. Security Risk Management is based on the Risk Management framework defined in ISO 14971 but is focused on establishing a Secure Product Development Framework to minimize the risk of cybersecurity events. FDA and EU Guidance documents are discussed along with AAMI Principles for Medical Device Security – Risk Management TIR 57. Extensive references and examples of Best Practices are included.
Topics covered include:
Safety Risk Management Process as defined by ISO 14971:2019
- Context for Safety Risk Management
- Recent Device Recalls
- Terms and Concepts
- Risk Analysis
- Risk Evaluation
- Risk Control
- Software-specific Issues
- Risk Management Tools and Techniques – Fault Tree Analysis
- Production and Post-production Activities
- Documentation Repositories
Security Risk Management Process as defined by ANSI/AAMI SW96:2023, TIR 57:2016 2023, FDA and EU Guidance documents
- Context for Security RM
- Recent Security Events
- Security Risk Analysis
- Security Risk Evaluation
- Security Risk Control
- Evaluation of Security Risk Acceptability
- Security Risk Management Review
- Production and Post-Product Activities
- Documentation Repositories
Additional Resources
The following additional resources are included in the course notes:
- Summary of Changes in new QMSR
- Quality Pyramid
- Good Documentation Practices
- AI and Machine Learning Overview
- Software as a Medical Device (SaMD)
- MITRE View of Threat Modeling
- EU View of Security
Reference Documents
An extensive set of reference documents are provided in a DropBox folder upon request. These documents include:
- FDA and EU Regulations
- FDA and EU Guidance Documents
- NIST Cybersecurity Standards
- Published whitepapers on selected topics