Adopting Agile Methods for Medical Device Software Development

Many medical device companies develop software using a traditional waterfall methodology, which means, they have to document, review and approve every implementation they want to make. Although this has been an approach that has been widely accepted, many organizations are seeking approaches that produce value quicker and are able to adapt to business needs as they are changing.

According to Dr. Marion Lepmets, our Partner and CEO of SoftComply, mentions that when combined with empowered product development teams, agile methods can address common problems which include:

Time to market is resource- and time-consuming.

There are several international standards that provide guidance in regards to regulations in safety-critical domains like ISO13485, ISO14971, IEC62304 and IEC 60601 for medical devices. Implementation of the required processes is considerably easier when appropriate software tools are used that help automate various regulatory aspects and that integrate with the software development environment used in the companies.

Detailed and formal specifications are mandatory

Teams have to work together to communicate any required dependencies, risks, and changes that affect various aspects of the product. They also mitigate any foreseeable risks of the sub-systems to ensure the effectiveness and safety of the entire device.

Verification and traceability

Safety-critical software systems are subject to a documented formal verification process. Regulatory audits require full traceability of software development activities. Checks are carried out which confirm that everything that has been specified was built and that everything that was built has also been appropriately verified.

Products like Applied SAFe allow you to have traceability as you map your own processes to the specific reference models.

Regulatory Compliance

Safety-critical domains like medical devices are highly regulated because their products cannot and should not be placed on the market before they have been approved as safe to use.

One of the major concerns that companies have when it comes to agile methodologies is regulatory compliance. Next, we’ll look at how agile methods can actually enhance compliance in product development.

According to Consensia, there are two important considerations that are key to maintaining regulatory compliance when transitioning to agile methods:

Agile methods may need some adjustments to fit with medical device design controls. Don’t assume that methods described in books and articles, from non-regulated industries, can be directly applied to your medical device development, which is a common source of confusion. For example, many agile teams get rid of or don’t look at software requirements and rely only on user stories to drive development. This may be efficient, but it is not an option for medical device software development. Regulators expect detailed, traceable software requirements and you will need to integrate them into your agile processes.
Your quality system procedures will likely need revisions to support and integrate with agile methods. For example, regulations do not mandate that you complete all the software requirements before starting on software design and coding but your own quality system may require this (all design inputs completed before proceeding to design outputs). A thorough analysis of affected portions of your quality system should be part of any transition to using agile methods.

Medical device companies can take advantage of the many long-lasting benefits of agile methods if they understand how to integrate them properly into a regulated environment.

Adopt Agile Methods for Medical Device Development

Learn More

Initial Recommendations by TIR45

This TIR provides recommendations for ways to effectively apply agility to medical device software. Here are some of the initial recommendations:

Agile is driven by the value statements written in the Manifesto for Agile Software Development. These value statements can seem to be contradictory to the values of the regulated world of medical device software, but they need not be interpreted that way. Instead, they can be aligned to enhance the effectiveness of the quality management system.

Apply the values of agile in a way that enhances a robust quality management system.

Agile emphasizes the need for the team to own its practices, inspect them, adapt them, and optimize them to their context. Regulatory requirements emphasize the need to establish a robust quality management system. Within the context of an established quality management system, agile practices can be applied without disrupting the quality system and without raising undue concern among regulators.

Apply the practices of agile within the context of an established quality management system.

Agile embraces a highly incrementally/evolutionary lifecycle for software development. Although regulations and standards do not mandate a particular lifecycle model if stakeholders have expectations for linear lifecycle models, an incrementally/evolutionary lifecycle might bring challenges.

Set the correct expectations by defining the software development lifecycle model.
Demonstrate how an incrementally/evolutionary lifecycle satisfies regulatory requirements.

As part of its incrementally/evolutionary lifecycle, agile emphasizes the ability to respond quickly to change. Because rapid change can increase risks to product quality, effective change management systems are essential to align the desire to change quickly and the need to manage risk.

Establish robust change management systems to manage changes and mitigate risks associated with rapid change.

PEDCO strongly recommends this paper if you are interested in an unbiased view on agile and to truly establish scaled agility in a medical device development environment.

You can read a preview of the TIR45
FDA recognition statement
Purchase TIR45 (PEDCO has no connection or interest in selling this paper)

How does Applied SAFe relate?

Organizations must demonstrate that their system meets its intended purpose and has no unintended consequences that might cause harm. They must also develop the objective evidence required to prove that the system conforms to regulatory standards. To that end, organizations that build high-assurance systems define their approved practices, policies, and procedures in a QMS.

As required and also stated by SAFe®, you can tailor all elements of the process model to your needs. You will be supported and guided by Applied SAFe® in tailoring, while still maintaining compliance with regulatory requirements of each process instance.

Our product Applied SAFe enables you to directly establish practices as described in the Technical Information Report #45 (TIR45) by the ‘Association of Advancement of Medical Instrumentation’ [AAMI TIR45:2012]. This paper lays out the agile manifesto, several practices (e.g. Definition of Done), its application and tailoring in relation to reference models like IEC 62304, ISO 13485, ISO 14971 and ‘FDA CFR, Title 21, Part 820.30’.