When it comes to medical devices, the term software is certainly nothing new. Definitions and requirements for software in the EU have already been clearly laid out in the prior medical device regulation, the Medical Device Directive (MDD or 93/42/CEE).
But while it is now clear that MDR requirements will be considerably more stringent, especially in terms of monitoring, software will be no exception to the rule.
The first major MDR software change relates to how software is classified. Before addressing all the requirements needed by the new regulation, it is first necessary to define the software classes, which is not so straightforward.
It is essential to refer to MDR Annex VIII: “Classification rules.” Chapter II of this annex states that software used as an accessory to a medical device “fall within the same class as the device” (for example, software which displays sensor data). Software used independently will be classified “in its own right” (for example, software that calculates the dose of insulin to inject). In this case, Section 6.3, Rule 11 will need to be referred to and considered when classifying software.
Enjoying this article? You may also enjoy this Industry Brief:
"EU MDR: How to Prepare for the Upcoming Changes in Regulation"Download Free Industry Brief
Another major change covers safety, data integrity, risk management and validation requirements. Annex I, Chapter II, Rule 17 clearly states that repeatability, reliability and performance in line with their intended use must be ensured. Also, software developments must bear in mind “the principles of the development life cycle, risk management, including information security, verification and validation.” It is therefore essential to pay the utmost attention to these requirements, if possible before development has even begun to consider and evaluate traceability of needs, specifications, verification and validation by unit tests, functional and clinical trials etc. The required documentation for software validation is detailed in Annex II, Section 6. MDR EN 62304 standards for the software life-cycle process and ISO 14971 for risk management can help meet these requirements.
But the MDR transition process does not end when CE marking has been obtained — it is also important to retain the marks over time. To do this, it is essential to establish a stable quality management system (QMS) proportionate to the class of the device, in accordance with the requirements found in MDR Chapter 1 of Appendix IX. Documentation, traceability, risk management, audits, changes, improvement, etc. are all key points to be taken into account.
Automated Enterprise Quality management systems (EQMS) are now available to meet this requirement. The use of a validated solution designed to optimize quality management may in fact be essential, given MDR’s more stringent requirements for medical devices.
Camille Bouscaud has worked in the pharmaceutical industry for over five years. She is an experienced quality engineer consultant with experience in quality management and compliance. During her time at Sanofi, Camille supported vigilance as well as risk assessments and validation of computerized systems. She is passionate about helping create positive change and quality culture. At Apsalys, Camille provides a wide range of services, including compliance auditing, implementation of corrective action plans, deployment of software quality systems, and the preparation of specific software deliverables such as user requirements specifications, validation plans, etc. She implements methodologies and procedures to ensure compliance to GxP, ISO 13485, ICH Q9/Q10, FDA 21 CFR parts 11, and ISO 9001 requirements. Apsalys is a Value-Added Reseller (VAR) Partner of MasterControl.