When it comes to medical devices, the term software is certainly nothing new. Definitions and requirements for software in the EU have already been clearly laid out in the prior medical device regulation, the Medical Device Directive (MDD or 93/42/CEE).
But while it is now clear that MDR requirements will be considerably more stringent, especially in terms of monitoring, software will be no exception to the rule.
The first major MDR software change relates to how software is classified. Before addressing all the requirements needed by the new regulation, it is first necessary to define the software classes, which is not so straightforward.
It is essential to refer to MDR Annex VIII: “Classification rules.” Chapter II of this annex states that software used as an accessory to a medical device “fall within the same class as the device” (for example, software which displays sensor data). Software used independently will be classified “in its own right” (for example, software that calculates the dose of insulin to inject). In this case, Section 6.3, Rule 11 will need to be referred to and considered when classifying software.
Another major change covers safety, data integrity, risk management and validation requirements. Annex I, Chapter II, Rule 17 clearly states that repeatability, reliability and performance in line with their intended use must be ensured. Also, software developments must bear in mind “the principles of the development life cycle, risk management, including information security, verification and validation.” It is therefore essential to pay the utmost attention to these requirements, if possible before development has even begun to consider and evaluate traceability of needs, specifications, verification and validation by unit tests, functional and clinical trials etc. The required documentation for software validation is detailed in Annex II, Section 6. MDR EN 62304 standards for the software life-cycle process and ISO 14971 for risk management can help meet these requirements.
But the MDR transition process does not end when CE marking has been obtained — it is also important to retain the marks over time. To do this, it is essential to establish a stable quality management system (QMS) proportionate to the class of the device, in accordance with the requirements found in MDR Chapter 1 of Appendix IX. Documentation, traceability, risk management, audits, changes, improvement, etc. are all key points to be taken into account.
Automated Enterprise Quality management systems (EQMS) are now available to meet this requirement. The use of a validated solution designed to optimize quality management may in fact be essential, given MDR’s more stringent requirements for medical devices.
Enjoying this blog? Learn More.
EU MDR: How to Prepare for the Upcoming Changes in RegulationDownload Now