Page 166 - Safety Risk Management for Medical Devices
P. 166

Software Risk Management  145


                   evidence that it was developed in compliance with the current version of this stan-
                   dard” [9]. Note that legacy software is not the same thing as SOUP. See Section 15.8
                   to learn more about risk management of SOUP.
                      A manufacturer may intend to continue to use existing legacy software in their medi-
                   cal devices. In this case, objective evidence supporting the claim of safe continued-use of
                   the legacy software is required. Evidence may be derived from comprehensive assessment
                   of available postproduction field data. Sources of postproduction field data include:
                      •  Complaints and feedback on the device
                      •  Reported adverse events that are attributable to the device
                      •  Anomalies that are found in-house during testing
                      When a new product uses legacy software, that software is still subject to IEC
                   62304 [9].
                      Legacy software may be used without change, or may be modified to create new
                   software, or it may be integrated into a new software system. In case of modification
                   or integration into a new software system, new risks may be introduced. Analysis
                   must identify, estimate, and evaluate any potential additional risks.

                      To demonstrate compliance of legacy software with IEC 62304 [9] perform the
                   following steps:
                      1. “Assess any feedback, including postproduction information, on legacy software
                         regarding incidents and/or near incidents, both from inside manufacturer’s own
                         organization and/or from users.”
                      2. Evaluate the legacy software for:
                         a. integration in the overall device architecture
                         b. continued validity of the Risk Control measures that are implemented in
                            the legacy software
                         c. any Hazardous Situations associated with the continued use of the legacy
                            software
                         d. any potential Causes that could induce Hazardous Situations via the legacy
                            software
                      3. Define Risk Controls for each potential cause that could induce Hazardous
                         Situations via the legacy software.
                      4. Perform gap analysis
                         a. Examine the required deliverables per IEC 62304 [9] for the safety class of
                            the legacy software.
                         b. Compare what’s required versus what’s available. Where gaps are identified,
                            evaluate the potential reduction in risk resulting from the generation of the
                            missing deliverables and associated activities. Based on this evaluation,
                            determine what additional deliverables and activities to perform. At a
   161   162   163   164   165   166   167   168   169   170   171