Description

This webinar will focus on medical device validation and the many challenges we face. We will explain both Computer System Validation (CSV), the traditional, phased approach to validation that has been followed for decades, and Computer Software Assurance (CSA), a risk-based approach offered in the FDA’s draft guidance (September 2022) that incorporates critical thinking as a main driver of validation. We will walk through all phases of validation, including planning, requirements, testing, and maintenance. We’ll discuss risk assessment and management, and GAMP®5, Second Edition (July 2022) as tools for improving the efficiency and effectiveness of the validation process. The material includes a discussion of automated testing and documentation of validation results to provide continuous validation of software.

In particular, we will discuss the components of maintaining a system in a validated state. Software maintenance must be done through a formal change control process, usually described in an SOP. It is critical to have a firm understanding between client and vendor as to who is responsible for what maintenance activities to ensure accountability. We will also discuss best practices related to vendor audit and the importance of establishing a solid contract and Service Level Agreement (SLA).

Cybersecurity is a key concern for those who develop, manufacture, test, and distribute these SaMD products. A serious threat, cyberattack must be dealt with at all levels to make sure the end product being used by a patient or consumer is perfectly safe and delivers the effective treatment required. Protecting medical devices from hacking is critical to preventing someone from altering the actual code embedded in the device, which could result in injury or death to a patient or consumer.

There are many forms of cybersecurity and many remedies for thwarting attempts to penetrate medical device software.  Most of these are based in physical and logical security practices that are becoming best industry practices. This session will provide some insight into current trends in cybersecurity threats to medical devices and how to follow industry best practices to prevent and/or mitigate these threats. We will discuss current best practices, including SOC 2 certification that should be part of the infrastructure reviewed during qualification.

We will talk about trends noted by the FDA, including a majority of software recalls in the 1990s that were due to software defects that were a result of software being updated or patched. Without solid controls over software development, testing, and release, some companies fixed one thing but broke something else in the code in the process. In some cases, new and fixed functionality now worked, but some other functions and features that worked previously now failed, causing medical devices to fail.

FDA recognized there is a need to improve overall standards for medical device software to account for this high-risk potential, and we will discuss newer technologies and approaches to validating them. FDA is working with  

industry to improve the system development life cycle process followed by those involved in producing SaMD products by standardizing the approach.

This webinar will also focus on IEC 62304. Medical devices can use very complex software applications, and any failure to function properly could lead to potential injury or death of a consumer or patient. As there is a need to restructure the medical device software development processes, adopting IEC 62304 provides a standard for design that is accepted in the United States (US) and European Union (EU).

IEC 62304 is a risk-based approach to compliance that ensures the standards followed are appropriate for their potential assessed risk. IEC 62304 is a lifecycle approach that defines the activities and tasks required to ensure software for medical devices will be safe and reliable. Applying IEC 62304 will reduce your overall rate of software failure and improve your bottom line.

Finally, we will touch on the use of Artificial Intelligence (AI) & Machine Learning (ML) in Software-as-a-Medical Device (SaMD) products. FDA has issued a discussion paper intended for review and feedback from stakeholders in industry. Many questions remain, and over time, the feedback will help FDA answer these.

Areas Covered:-

This webinar includes the following key objectives:

• Provide an overview of validation and a comparison of Computer System Validation (CSV) and Computer Software Assurance (CSA)
• Offer best practices to reduce validation effort and costs, such as leveraging vendor documentation, as appropriate
• Offer the best approach to risk assessment and mitigation
• Provide highlights of GAMP®5, Second Edition, and differences from the first edition
• Provide guidance for meeting 21 CFR Part 11 compliance for electronic records and electronic signatures (ER/ES)
• Provide guidance for meeting FDA’s Data Integrity Guidance issued in December 2018 that focuses on the “ALCOA+” principles
• Offer a streamlined approach to managing Part 11 and data integrity compliance through validation and maintenance
• Provide best practices for managing privacy data in compliance with worldwide regulations that differ
• Offer industry best practices for managing cyber threats
• Provide an overview of cybersecurity and guidance on medical device software
• Provide an overview of IEC 62304 and compliance
• Provide an overview of the most common problems faced by the industry in terms of medical device security, efficacy, and safety
• Provide industry best practices for developing, testing, releasing, and maintaining SaMD products in compliance with FDA, particularly those incorporating Artificial Intelligence (AI) & Machine Learning (ML) components
• Learn about the FDA’s discussion paper on using AI & ML in SaMD & other software products related to medical devices
• Gain an understanding of the importance of a vendor contract and Service Level Agreement (SLA) and what key areas to focus on
• Q&A.

Background:-

Providing safe and effective medical devices is in the best interests of all those involved in the development, manufacturing, testing, and distribution of these products.  This webinar will focus on validation techniques, such as the traditional Computer System Validation (CSV) approach, and the newer methodology recommended by the FDA in their draft guidance on Computer Software Assurance (CSA).

GAMP®5 was updated to 2^nd Edition in July 2022 and is more aligned with CSA. In particular, both focus on the value of critical thinking and a risk-based approach. Both also consider non-linear forms of software development, testing and release, including the agile methodology.

FDA recognizes that many companies are incorporating Artificial Intelligence (AI) & Machine Learning (ML) into their code used as software in a device and Software-as-a-Medical Device (SaMD) products. AI and ML provide greater efficiency and effectiveness. FDA issued a discussion paper on the subject, seeking industry input on a variety of questions that remain unclear.

IEC 62304 is a standard that may be adopted by medical device software design and development. This is accepted in both the US by the FDA and in the European Union (EU). Adopting this standard is critical to developing medical device software products that are reliable, safe and effective.

One of the largest current threats to these devices working safely and effectively is cyberattacks that can wreak havoc on code and device functionality.  Preventing these attacks by identifying sources of threats and rooting them out before they can take effect is of the utmost concern.

Compliance with the FDA’s 21 CFR Part 11 guidance for Electronic Records/Electronic Signatures (ER/ES) and data integrity, based on the “ALCOA+” principles are critical for safe and effective products. These compliance topics must be understood in order to apply them across the board for all types of medical device software and SaMD products.

Why You Should Attend:-

In this webinar, you will learn just how cyberattacks threaten medical devices and how the industry is currently responding to them.  We will discuss the many ways of preventing and mitigating the cybersecurity risk, and the industry best practices that can help your company do the same. This webinar will provide guidance for considering cybersecurity issues when validating and maintaining medical device software in a validated state. We will touch on key areas of preparing a medical device Premarket Submission (510k) with a focus on cybersecurity and FDA compliance.

Who Should Attend:-

• Information Technology (IT) Analysts
• IT Solution Architects, Developers & Testers
• IT Support Staff
• IT Cybersecurity Staff
• QC/QA Managers and Analysts
• Manufacturing Personnel
• Quality Control Personnel
• Quality Audit Personnel
• Supply Chain Specialists
• Compliance Managers and Auditors
• Lab Managers and Analysts
• Computer System Validation Specialists
• GMP Training Specialists
• Business Stakeholders using Computer Systems regulated by the FDA
• Regulatory Affairs Personnel
• Consultants in the Life Sciences and Tobacco Industries
• Interns working at the companies listed above
• College students attending schools and studying computer system validation, regulatory affairs/matters (related to FDA), or any other discipline that involves adherence to FDA regulatory requirements.