Safety Critical Software Process Assessment: How MDevSPICE® Addresses the Challenge of Integrating Compliance and Capability

  • Paul ClarkeEmail author
  • Marion Lepmets
  • Alec Dorling
  • Fergal McCaffery
Conference paper
Part of the Communications in Computer and Information Science book series (CCIS, volume 526)


One of the primary outcomes of a software process assessment is visibility of the capability of a software process which among other things, informs us of the ability of a process to deliver consistent product quality levels. In safety critical domains, such as the medical device sector, high product quality – and particularly high product safety - is an important consideration. To address this safety concern, the medical device sector traditionally employs audits to determine compliance to software process standards and guidance. Unlike an audit which results in a pass/fail outcome, an assessment provides a process capability profile which identifies areas for improvement and enables a comparison with broader best practice. MDevSPICE® integrates the various medical device software standards and guidance within the infrastructure of a SPICE assessment model, thus encompassing aspects of compliance and capability. This paper describes some of the key enablers of this integration.


Safety critical software Medical device software Software process improvement Software process assessment MDevSPICE® 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Turk, D., France, R., Rumpe, B.: Limitations of agile software processes. In: Proceedings of Third International Conference on eXtreme Programming and Agile Processes in Software Engineering Italy (2002)Google Scholar
  2. 2.
    Clarke, P., O’Connor, R.V., Yilmaz, M.: A hierarchy of SPI activities for software SMEs: results from ISO/IEC 12207-based SPI assessments. In: Mas, A., Mesquida, A., Rout, T., O’Connor, R.V., Dorling, A. (eds.) SPICE 2012. CCIS, vol. 290, pp. 62–74. Springer, Heidelberg (2012)Google Scholar
  3. 3.
    European Commission: Directive 93/42/EEC of the European Parliament and of the Council concerning medical devices, in OJ o L 247 of 2007-09-21. EC, Brussels, Belgium (1993)Google Scholar
  4. 4.
    European Commission: Council directive 90/385/EEC on active implantable medical devices (AIMDD). Brussels, Belgium (1990)Google Scholar
  5. 5.
    European Commission: Directive 98/79/EC of the European parliament and of the council of 27 October 1998 on in vitro diagnostic medical devices. Brussels, Belgium (1998)Google Scholar
  6. 6.
    European Commission: Directive 2007/47/EC of the European Parliament and of the Council concerning medical devices, OJ no L247 2007-09-21. EC: Brussels, Belgium (2007)Google Scholar
  7. 7.
    FDA: Chapter I - Food and drug administration, department of health and human services subchapter H - Medical devices, Part 820 - Quality system regulation. (cited June 03, 2015)
  8. 8.
    ISO 14971:2007, Medical Devices — Application of risk management to medical devices. ISO, Geneva (2007)Google Scholar
  9. 9.
    ISO 13485:2003, Medical devices — Quality management systems — Requirements for regulatory purposes. ISO, Geneva (2003)Google Scholar
  10. 10.
    IEC/TR 80002-1:2009, Medical device software Part 1: Guidance on the application of ISO 14971 to medical device software. BSI, London (2009)Google Scholar
  11. 11.
    IEC 62304:2006, Medical device software—Software life cycle processes. IEC, Geneva (2006)Google Scholar
  12. 12.
    IEC/TR 80002-3:2014, Medical Device Software - Part 3: Process reference model for medical device software life cycle processes (IEC 62304). ISO: Geneva, Switzerland (2014)Google Scholar
  13. 13.
    IEC 62366:2007, Medical devices - Application of usability engineering to medical devices. IEC, Geneva (2007)Google Scholar
  14. 14.
    BS EN 60601-1:2005 Medical electrical equipment – Part 1: General requirements for basic safety and essential performance. IEC, Geneva (2005)Google Scholar
  15. 15.
    IEC/CD 82304:2014, Health Software - Part 1: General Requirements for Product Safety. ISO, Geneva (2014)Google Scholar
  16. 16.
    US FDA Center for Devices and Radiological Health: Guidance for the Content of Premarket Submissions for Software Contained in Medical Devices. CDRH, Rockville (2005)Google Scholar
  17. 17.
    US FDA Center for Devices and Radiological Health: Off-The-Shelf Software Use in Medical Devices; Guidance for Industry, medical device Reviewers and Compliance. CDRH, Rockville (1999)Google Scholar
  18. 18.
    US FDA Center for Devices and Radiological Health: General Principles of Software Validation; Final Guidance for Industry and FDA Staff. CDRH, Rockville (2002)Google Scholar
  19. 19.
    Lepmets, M., Clarke, P., McCaffery, F., Finnegan, A., Dorling, A.: Development of MDevSPICE® - the Medical Device Software Process Assessment Framework. Journal of Software: Evolution and Process (To appear)Google Scholar
  20. 20.
    FDA: FDA News on Software Failures Responsible for 24% of all Medical Device Recalls (2012). (cited June 03, 2015)
  21. 21.
    Automotive SIG, Automotive SPICE Process Assessment V 2.2 (August 21, 2005)Google Scholar
  22. 22.
    McCaffery, F., Clarke, P., Lepmets, M.: A lightweight assessment method for medical device software processes. In: Mitasiunas, A., Rout, T., O’Connor, R.V., Dorling, A. (eds.) SPICE 2014. CCIS, vol. 477, pp. 144–156. Springer, Heidelberg (2014)Google Scholar
  23. 23.
    Clarke, P., O’Connor, R.V.: An approach to evaluating software process adaptation. In: O’Connor, R.V., Rout, T., McCaffery, F., Dorling, A. (eds.) SPICE 2011. CCIS, vol. 155, pp. 28–41. Springer, Heidelberg (2011)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  • Paul Clarke
    • 1
    Email author
  • Marion Lepmets
    • 1
  • Alec Dorling
    • 1
  • Fergal McCaffery
    • 1
  1. 1.Regulated Software Research CentreDundalk Institute of TechnologyDundalkIreland

Personalised recommendations