Page 167 - Safety Risk Management for Medical Devices
P. 167

146   Safety Risk Management for Medical Devices


                         minimum, Software System test records should be made available (see IEC
                         62304 [9] sec 5.7.5).
                            Note—Ensure that any Risk Controls that are implemented in the legacy
                         software are included in software requirements.
                      c. Assess the continuing validity of the available deliverables.
                      d. Evaluate the adequacy of existing risk management documentation vis-a `-vis
                         ISO 14971.



                15.8 SOFTWARE OF UNKNOWN PROVENANCE

                Software of Unknown Provenance or Unknown Pedigree (SOUP) refers to software
                that is obtained from a third party, for which adequate documentation and records of
                development process is not available. SOUP is of particular interest in areas where
                software plays a pivotal role in the safety of the System.
                   Most medical device software uses some SOUP, as it is not practical to produce
                software from scratch. So, managing the risk of SOUP becomes a fact of life.
                   FDA Guidance [27] states that “It may be difficult for you to obtain, generate, or
                reconstruct appropriate design documentation as described in this guidance for
                SOUP. Therefore, we recommend that you explain the origin of the software and the
                circumstances surrounding the software documentation. Additionally, your Hazard
                Analysis should encompass the risks associated with the SOUP regarding missing or
                incomplete documentation or lack of documentation of prior testing. Nonetheless,
                the responsibility for adequate testing of the device and for providing appropriate doc-
                umentation of software test plans and results remains with you.”
                   IEC 62304 [9] requires that the software configuration, integration, and change
                management plan include SOUP.
                   With respect to risk management, the functional and performance requirements of
                SOUP, and hardware and software that is necessary for the proper function of SOUP
                must be identified.
                   If failure or unexpected results from SOUP could potentially contribute to a
                Hazardous Situation, at a minimum evaluate any anomaly list that is published by the
                supplier of the SOUP to determine if any of the known anomalies could potentially
                create a System Hazard, or lead to a Hazardous Situation.



                15.9 SOFTWARE MAINTENANCE AND RISK MANAGEMENT

                For most medical devices, software is continuously updated over time. The reasons
                could be bug fixes, feature improvement, or cybersecurity fixes. Changes to software
                can disrupt existing Risk Control measures, and/or introduce new Causes and
   162   163   164   165   166   167   168   169   170   171   172