Implementing a Medical Device Software Risk Management Process by ISO 14971 in compliance with Agile Principles
Granlund, Tuomas (2016)
Granlund, Tuomas
2016
MDP in Software Development
Informaatiotieteiden yksikkö - School of Information Sciences
This publication is copyrighted. You may download, display and print it for Your own personal use. Commercial use is prohibited.
Hyväksymispäivämäärä
2016-12-14
Julkaisun pysyvä osoite on
https://urn.fi/URN:NBN:fi:uta-201612222901
https://urn.fi/URN:NBN:fi:uta-201612222901
Tiivistelmä
The development of medical device software is strictly regulated by competent authorities. In addition to producing significant medical benefits, the medical device software can be a potential source of serious safety hazard to patients or healthcare professionals. The International Standard ISO 14971 was created to minimize the risks related to treatment of patients with the medical devices.
Although agile software development has become a widely used method for developing software products, medical device manufacturers and regulators have been uncertain whether these practices are appropriate for the regulated environment. The purpose of this thesis is to research similarities and differences between ISO 14971 risk management process and agile principles. Furthermore, the aim is also to provide guidance and produce practical ideas for the implementation of the risk management process that meets the regulatory requirements and follows agile values and principles.
The risk management standard ISO 14971 was thoroughly analyzed in order to find all process requirements. Similarly, the agile practices were studied through the Agile Manifesto and other essential resources of the field. The synthesis of the two concepts was produced based on the information gathered.
The ideas produced in the research are presented as an example development process model which can be used as a reference implementation. The relatively high abstraction level of the model secures the generalizability of the research.
When designing the risk management process implementation, it is essential to thoroughly understand the goals and principles of the regulatory framework. By following the guidance and instructions provided in this thesis, medical device software manufacturers should be able to create the applicable risk management process and to claim conformity to ISO 19471.
Although agile software development has become a widely used method for developing software products, medical device manufacturers and regulators have been uncertain whether these practices are appropriate for the regulated environment. The purpose of this thesis is to research similarities and differences between ISO 14971 risk management process and agile principles. Furthermore, the aim is also to provide guidance and produce practical ideas for the implementation of the risk management process that meets the regulatory requirements and follows agile values and principles.
The risk management standard ISO 14971 was thoroughly analyzed in order to find all process requirements. Similarly, the agile practices were studied through the Agile Manifesto and other essential resources of the field. The synthesis of the two concepts was produced based on the information gathered.
The ideas produced in the research are presented as an example development process model which can be used as a reference implementation. The relatively high abstraction level of the model secures the generalizability of the research.
When designing the risk management process implementation, it is essential to thoroughly understand the goals and principles of the regulatory framework. By following the guidance and instructions provided in this thesis, medical device software manufacturers should be able to create the applicable risk management process and to claim conformity to ISO 19471.