Safety Critical Medical Device

Introduction

Bitwise has over 15 years’ experience of developing and delivering safety critical software for medical devices. The company has developed software that is deployed in several million products currently being used by patients and health care professionals worldwide. Bitwise’s capabilities support the entire IEC 62304 software development lifecycle and associated ISO 14971 risk management activities from prototype to product realisation including contributing to, and supporting, Clients through their regulatory submissions.

This case study considers the development of a hand held diagnostic device used by patients, several times a day, to determine their required dose of medication. The product was to be manufactured in high volumes and was cost sensitive resulting in requirements that the software to be developed had to run on a low specification microprocessor with minimal memory footprint; with a limited user interface; and with a constrained power budget.

Analysis and Architecture

The development process commenced with the analysis of the Client’s product level requirements to determine both the scope of the software and the required safety classification. In this case the device was to be distributed worldwide, including to the US market. The device, therefore, needed to be certified by the Food and Drugs Administration (FDA), as well as attaining European CE marking. In this context the product was to be considered a Class B device and the risks that might compromise the safe operation of the software needed to be appropriately considered.

A modular architectural approach was selected and incorporated a hardware abstraction layer which allowed for portable code to be developed. This same architecture had previously been deployed on a number of the Client’s earlier products and the continued use of this approach was expected to support the future product roadmap. The result was a cost effective solution for the Client with much of the design, and indeed code, being re-usable.

At the project outset the architecture also considered design for testability and maintainability with interfaces to appropriate test points being identified as early requirements.

Design and Implementation

Bitwise designed and developed all the embedded software running on the device from the drivers through middleware, algorithm implementation to the user interface. Supporting tools for the target development, including a PC based simulator to aid testing and debugging, were also developed.

A close relationship with the Clients’ hardware development team during the design and implementation phase ensured that the platform was designed to meet the overall product requirements.

Similarly, collaboration was also required with the user interface designers – a third party contracted by the Client. Due to the low cost LCD display’s limitations technical input was needed during the user interface design to ensure the device was capable of rendering the proposed screens. This was done by producing PC based simulated screen shots.

During the software development phase the Client refined the diagnostic algorithm, as a result of early clinical trials. This led to changes being required which had to be documented and controlled using formal change control processes.

All the resultant design specifications were released and formed part of Bitwise’s contribution to the Client’s FDA Design History File.

The target software for the device was developed in C++. All software adhered to strict guidelines for a number of metrics including McCabe complexity, lines of code and code coverage. Additionally, all code was run through PC Lint to confirm MISRA compliance. In addition, to the automated steps all code was peer reviewed by another developer. Development was controlled through JIRA, linked to a Subversion source control system with Crucible being used to manage and support formal code reviews.

Test and Verification

Tests developed ensured the requirements were met in full and more specifically extended to consider corner cases and safety related test cases as an integrated part of the process. Unit tests were fully automated, allowing them to be continually run throughout the development lifecycle. Integration and system level tests were also automated where possible through use of Bitwise’s in-house test tool. This tool allowed test protocols to be developed rapidly in C# and then run in both a host environment, using the PC based the simulator, and on the target device.

All the test harnesses and tools developed and used automatically produced appropriate test specifications and test logs required for the Client’s FDA and other regulatory submissions. This included code coverage metrics through use of a third party tool. Manual testing was also carried out to compliment the automated tests to cover user interaction test cases and increase overall confidence.

Defects identified during testing were managed using formal change control processes.

A cross reference requirements trace matrix of all software requirements to design and respective tests including unit, integration and system tests was produced. This was done using a bespoke tool developed in house to provide this functionality and, additionally, gather all the project artifacts and evidence necessary for the software contribution to the regulatory Design History File.

Software Risk Management

Tests developed ensured the requirements were met in full and more specifically extended to consider corner cases and safety related test cases as an integrated part of the process. Unit tests were fully automated, allowing them to be continually run throughout the development lifecycle. Integration and system level tests were also automated where possible through use of Bitwise’s in-house test tool. This tool allowed test protocols to be developed rapidly in C# and then run in both a host environment, using the PC based the simulator, and on the target device.

Risk management was an iterative activity which started in the early stages of the project and continued throughout the full software development lifecycle.

The process was controlled via a Risk Management Plan which defined the process to estimate and evaluate the identified risks, to control these risks, and to validate the effectiveness of the controls to ensure that the product was free from unacceptable risk. When a risk was identified it was assessed through a Failure Mode Effects Analysis process which facilitated the evaluation of failure modes, hazards, causes, associated Severity, Occurrence and Detectability pre-mitigation. Risk Control Measures were then identified as requirements and following their implementation a further evaluation was carried out resulting in a post mitigation residual risk ranking.

As all Risk Control Measures identified at any point in the software development lifecycle were managed as requirements they were fully included in the trace matrix deliverable. The conclusions of the risk assessment process and Failure Mode Effect Analysis results were delivered in a Risk Management Report.

Project Management

The complete project lifecycle was undertaken and, at each stage, appropriately reviewed and released using Bitwise’s ISO 13485 accredited Quality Management System, including documentation control.

The project was managed by a Bitwise Project Manager who was directly responsible for managing the budgets, issues, risks and deliverables as well as written and verbal reporting to the Client. The Bitwise Project Manager also managed interactions with third party companies responsible for hardware development, user interface design and manufacture, were appropriate.