The International Medical Device Regulators Forum has issued a proposed document explaining how to use quality management systems to regulate software as a medical device.
According to the document developed by IMDRF’s SaMD Working Group, effective QMS should include:
The governance structure should include periodic internal audits of the QMS process, the document says. In addition, management should review verification results to ensure the QMS is suitable, adequate and effective, adjusting it as necessary. The managers should also ensure any staffers working on SaMD projects are properly trained. Maintenance of networks and other work-from-home tools may become more important as offices become more virtual, the guidance says.
The group recommends that SaMD manufacturers monitor potential patient risks throughout the software development process. This should include consideration of user-based risks, such as whether the software could be used by elderly patients, as well as device-based risks, such as whether the software could be used safely on a small smartphone screen. Firms should also consider whether the SaMD will be safe if used in a noisy or distracting environment and what cybersecurity risks the software presents.
In terms of control, IMDRF suggests SaMD developers “align document complexity with organizational maturity” — that is, a small company may not need recordkeeping procedures that are as elaborate as those used by a larger company.
The working group suggests manufacturers design their QMS policy to comply with international standards ISO 13485:2003 on medical devices and ISO 12207:2008 on software development.