Safety Critical Software Process Assessment: How MDevSPICE Addresses the Challenge of Integrating Compliance and Capability

Clarke, Paul; Lepmets, Marion; Dorling, Alec; McCaffery, Fergal

doi:10.1007/978-3-319-19860-6_2

Safety Critical Software Process Assessment: How MDevSPICE^® Addresses the Challenge of Integrating Compliance and Capability

Paul Clarke⁴,
Marion Lepmets⁴,
Alec Dorling⁴ &
Fergal McCaffery⁴

Conference paper
First Online: 03 June 2015

814 Accesses
5 Citations

Part of the Communications in Computer and Information Science book series (CCIS,volume 526)

Abstract

One of the primary outcomes of a software process assessment is visibility of the capability of a software process which among other things, informs us of the ability of a process to deliver consistent product quality levels. In safety critical domains, such as the medical device sector, high product quality – and particularly high product safety - is an important consideration. To address this safety concern, the medical device sector traditionally employs audits to determine compliance to software process standards and guidance. Unlike an audit which results in a pass/fail outcome, an assessment provides a process capability profile which identifies areas for improvement and enables a comparison with broader best practice. MDevSPICE^® integrates the various medical device software standards and guidance within the infrastructure of a SPICE assessment model, thus encompassing aspects of compliance and capability. This paper describes some of the key enablers of this integration.

Keywords

Safety critical software
Medical device software
Software process improvement
Software process assessment
MDevSPICE^®

This is a preview of subscription content, access via your institution.

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 54.99; Price excludes VAT (USA)

Softcover Book: USD 69.99; Price excludes VAT (USA)

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

Turk, D., France, R., Rumpe, B.: Limitations of agile software processes. In: Proceedings of Third International Conference on eXtreme Programming and Agile Processes in Software Engineering Italy (2002)
Google Scholar
Clarke, P., O’Connor, R.V., Yilmaz, M.: A hierarchy of SPI activities for software SMEs: results from ISO/IEC 12207-based SPI assessments. In: Mas, A., Mesquida, A., Rout, T., O’Connor, R.V., Dorling, A. (eds.) SPICE 2012. CCIS, vol. 290, pp. 62–74. Springer, Heidelberg (2012)
Google Scholar
European Commission: Directive 93/42/EEC of the European Parliament and of the Council concerning medical devices, in OJ o L 247 of 2007-09-21. EC, Brussels, Belgium (1993)
Google Scholar
European Commission: Council directive 90/385/EEC on active implantable medical devices (AIMDD). Brussels, Belgium (1990)
Google Scholar
European Commission: Directive 98/79/EC of the European parliament and of the council of 27 October 1998 on in vitro diagnostic medical devices. Brussels, Belgium (1998)
Google Scholar
European Commission: Directive 2007/47/EC of the European Parliament and of the Council concerning medical devices, OJ no L247 2007-09-21. EC: Brussels, Belgium (2007)
Google Scholar
FDA: Chapter I - Food and drug administration, department of health and human services subchapter H - Medical devices, Part 820 - Quality system regulation. http://www.accessdata.fda.gov/scripts/cdrh/cfdocs/cfcfr/CFRSearch.cfm?CFRPart=820 (cited June 03, 2015)
ISO 14971:2007, Medical Devices — Application of risk management to medical devices. ISO, Geneva (2007)
Google Scholar
ISO 13485:2003, Medical devices — Quality management systems — Requirements for regulatory purposes. ISO, Geneva (2003)
Google Scholar
IEC/TR 80002-1:2009, Medical device software Part 1: Guidance on the application of ISO 14971 to medical device software. BSI, London (2009)
Google Scholar
IEC 62304:2006, Medical device software—Software life cycle processes. IEC, Geneva (2006)
Google Scholar
IEC/TR 80002-3:2014, Medical Device Software - Part 3: Process reference model for medical device software life cycle processes (IEC 62304). ISO: Geneva, Switzerland (2014)
Google Scholar
IEC 62366:2007, Medical devices - Application of usability engineering to medical devices. IEC, Geneva (2007)
Google Scholar
BS EN 60601-1:2005 Medical electrical equipment – Part 1: General requirements for basic safety and essential performance. IEC, Geneva (2005)
Google Scholar
IEC/CD 82304:2014, Health Software - Part 1: General Requirements for Product Safety. ISO, Geneva (2014)
Google Scholar
US FDA Center for Devices and Radiological Health: Guidance for the Content of Premarket Submissions for Software Contained in Medical Devices. CDRH, Rockville (2005)
Google Scholar
US FDA Center for Devices and Radiological Health: Off-The-Shelf Software Use in Medical Devices; Guidance for Industry, medical device Reviewers and Compliance. CDRH, Rockville (1999)
Google Scholar
US FDA Center for Devices and Radiological Health: General Principles of Software Validation; Final Guidance for Industry and FDA Staff. CDRH, Rockville (2002)
Google Scholar
Lepmets, M., Clarke, P., McCaffery, F., Finnegan, A., Dorling, A.: Development of MDevSPICE^® - the Medical Device Software Process Assessment Framework. Journal of Software: Evolution and Process (To appear)
Google Scholar
FDA: FDA News on Software Failures Responsible for 24% of all Medical Device Recalls (2012). http://www.fdanews.com/newsletter/article?articleId=147391&issueId=15890 (cited June 03, 2015)
Automotive SIG, Automotive SPICE Process Assessment V 2.2 (August 21, 2005)
Google Scholar
McCaffery, F., Clarke, P., Lepmets, M.: A lightweight assessment method for medical device software processes. In: Mitasiunas, A., Rout, T., O’Connor, R.V., Dorling, A. (eds.) SPICE 2014. CCIS, vol. 477, pp. 144–156. Springer, Heidelberg (2014)
Google Scholar
Clarke, P., O’Connor, R.V.: An approach to evaluating software process adaptation. In: O’Connor, R.V., Rout, T., McCaffery, F., Dorling, A. (eds.) SPICE 2011. CCIS, vol. 155, pp. 28–41. Springer, Heidelberg (2011)
Google Scholar

Download references

Author information

Authors and Affiliations

Regulated Software Research Centre, Dundalk Institute of Technology, Dundalk, Ireland
Paul Clarke, Marion Lepmets, Alec Dorling & Fergal McCaffery

Authors

Paul Clarke
View author publications
You can also search for this author in PubMed Google Scholar
Marion Lepmets
View author publications
You can also search for this author in PubMed Google Scholar
Alec Dorling
View author publications
You can also search for this author in PubMed Google Scholar
Fergal McCaffery
View author publications
You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Paul Clarke .

Editor information

Editors and Affiliations

Griffith University, Brisbane, Queensland, Australia
Terry Rout
Dublin City University, Dublin, Ireland
Rory V. O’Connor
Impronova AB, Lindome, Sweden
Alec Dorling

Rights and permissions

Reprints and Permissions

Copyright information

About this paper

Cite this paper

Clarke, P., Lepmets, M., Dorling, A., McCaffery, F. (2015). Safety Critical Software Process Assessment: How MDevSPICE^® Addresses the Challenge of Integrating Compliance and Capability. In: Rout, T., O’Connor, R., Dorling, A. (eds) Software Process Improvement and Capability Determination. SPICE 2015. Communications in Computer and Information Science, vol 526. Springer, Cham. https://doi.org/10.1007/978-3-319-19860-6_2

Download citation

DOI: https://doi.org/10.1007/978-3-319-19860-6_2
Published: 03 June 2015
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-19859-0
Online ISBN: 978-3-319-19860-6
eBook Packages: Computer ScienceComputer Science (R0)