@neobiotechlabs/neobiotech-dev-agent 0.1.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (155) hide show
  1. package/.claude-plugin/marketplace.json +22 -0
  2. package/.claude-plugin/plugin.json +58 -0
  3. package/.mcp.json +14 -0
  4. package/README.md +442 -0
  5. package/dist/__tests__/adf.test.d.ts +1 -0
  6. package/dist/__tests__/adf.test.js +68 -0
  7. package/dist/__tests__/adf.test.js.map +1 -0
  8. package/dist/__tests__/annex-ii-template.test.d.ts +1 -0
  9. package/dist/__tests__/annex-ii-template.test.js +39 -0
  10. package/dist/__tests__/annex-ii-template.test.js.map +1 -0
  11. package/dist/__tests__/doc-render.test.d.ts +1 -0
  12. package/dist/__tests__/doc-render.test.js +93 -0
  13. package/dist/__tests__/doc-render.test.js.map +1 -0
  14. package/dist/__tests__/help.test.d.ts +1 -0
  15. package/dist/__tests__/help.test.js +31 -0
  16. package/dist/__tests__/help.test.js.map +1 -0
  17. package/dist/__tests__/jira-fields.test.d.ts +1 -0
  18. package/dist/__tests__/jira-fields.test.js +81 -0
  19. package/dist/__tests__/jira-fields.test.js.map +1 -0
  20. package/dist/__tests__/plugin-manifest.test.d.ts +1 -0
  21. package/dist/__tests__/plugin-manifest.test.js +91 -0
  22. package/dist/__tests__/plugin-manifest.test.js.map +1 -0
  23. package/dist/__tests__/setup.test.d.ts +1 -0
  24. package/dist/__tests__/setup.test.js +7 -0
  25. package/dist/__tests__/setup.test.js.map +1 -0
  26. package/dist/__tests__/sync-version.test.d.ts +1 -0
  27. package/dist/__tests__/sync-version.test.js +37 -0
  28. package/dist/__tests__/sync-version.test.js.map +1 -0
  29. package/dist/clients/risk-client.d.ts +17 -0
  30. package/dist/clients/risk-client.js +54 -0
  31. package/dist/clients/risk-client.js.map +1 -0
  32. package/dist/clients/xray-client.d.ts +34 -0
  33. package/dist/clients/xray-client.js +127 -0
  34. package/dist/clients/xray-client.js.map +1 -0
  35. package/dist/config/project-config.d.ts +14 -0
  36. package/dist/config/project-config.js +45 -0
  37. package/dist/config/project-config.js.map +1 -0
  38. package/dist/confluence-client.d.ts +16 -0
  39. package/dist/confluence-client.js +97 -0
  40. package/dist/confluence-client.js.map +1 -0
  41. package/dist/index.d.ts +2 -0
  42. package/dist/index.js +60 -0
  43. package/dist/index.js.map +1 -0
  44. package/dist/jira-client.d.ts +35 -0
  45. package/dist/jira-client.js +119 -0
  46. package/dist/jira-client.js.map +1 -0
  47. package/dist/tools/annex-ii-template.d.ts +30 -0
  48. package/dist/tools/annex-ii-template.js +129 -0
  49. package/dist/tools/annex-ii-template.js.map +1 -0
  50. package/dist/tools/confluence.d.ts +2 -0
  51. package/dist/tools/confluence.js +54 -0
  52. package/dist/tools/confluence.js.map +1 -0
  53. package/dist/tools/cvss.d.ts +2 -0
  54. package/dist/tools/cvss.js +59 -0
  55. package/dist/tools/cvss.js.map +1 -0
  56. package/dist/tools/doc-render.d.ts +2 -0
  57. package/dist/tools/doc-render.js +96 -0
  58. package/dist/tools/doc-render.js.map +1 -0
  59. package/dist/tools/doc-validation.d.ts +2 -0
  60. package/dist/tools/doc-validation.js +221 -0
  61. package/dist/tools/doc-validation.js.map +1 -0
  62. package/dist/tools/help-data.d.ts +7 -0
  63. package/dist/tools/help-data.js +144 -0
  64. package/dist/tools/help-data.js.map +1 -0
  65. package/dist/tools/help.d.ts +2 -0
  66. package/dist/tools/help.js +39 -0
  67. package/dist/tools/help.js.map +1 -0
  68. package/dist/tools/iec.d.ts +2 -0
  69. package/dist/tools/iec.js +203 -0
  70. package/dist/tools/iec.js.map +1 -0
  71. package/dist/tools/init.d.ts +2 -0
  72. package/dist/tools/init.js +38 -0
  73. package/dist/tools/init.js.map +1 -0
  74. package/dist/tools/jira-crud.d.ts +2 -0
  75. package/dist/tools/jira-crud.js +142 -0
  76. package/dist/tools/jira-crud.js.map +1 -0
  77. package/dist/tools/risk.d.ts +2 -0
  78. package/dist/tools/risk.js +172 -0
  79. package/dist/tools/risk.js.map +1 -0
  80. package/dist/tools/traceability.d.ts +2 -0
  81. package/dist/tools/traceability.js +85 -0
  82. package/dist/tools/traceability.js.map +1 -0
  83. package/dist/tools/types.d.ts +13 -0
  84. package/dist/tools/types.js +2 -0
  85. package/dist/tools/types.js.map +1 -0
  86. package/dist/tools/usability.d.ts +2 -0
  87. package/dist/tools/usability.js +149 -0
  88. package/dist/tools/usability.js.map +1 -0
  89. package/dist/tools/xray.d.ts +2 -0
  90. package/dist/tools/xray.js +35 -0
  91. package/dist/tools/xray.js.map +1 -0
  92. package/dist/utils/adf.d.ts +27 -0
  93. package/dist/utils/adf.js +104 -0
  94. package/dist/utils/adf.js.map +1 -0
  95. package/dist/utils/cvss.d.ts +15 -0
  96. package/dist/utils/cvss.js +86 -0
  97. package/dist/utils/cvss.js.map +1 -0
  98. package/dist/utils/doc-render.d.ts +28 -0
  99. package/dist/utils/doc-render.js +50 -0
  100. package/dist/utils/doc-render.js.map +1 -0
  101. package/dist/utils/jira-fields.d.ts +38 -0
  102. package/dist/utils/jira-fields.js +53 -0
  103. package/dist/utils/jira-fields.js.map +1 -0
  104. package/dist/utils/sync-version.d.ts +2 -0
  105. package/dist/utils/sync-version.js +20 -0
  106. package/dist/utils/sync-version.js.map +1 -0
  107. package/package.json +49 -0
  108. package/skills/doc-render/SKILL.md +79 -0
  109. package/vendor/dev-docs-templates/templates/dev_docs/plan_template.md +104 -0
  110. package/vendor/dev-docs-templates/templates/dev_docs/prd_template.md +110 -0
  111. package/vendor/dev-docs-templates/templates/dev_docs/spec_template.md +81 -0
  112. package/vendor/dev-docs-templates/templates/dev_docs/tasks_template.md +122 -0
  113. package/vendor/dev-docs-templates/templates/mdr_docs/CA/checklist-clinical-evaluation.md +81 -0
  114. package/vendor/dev-docs-templates/templates/mdr_docs/CA/checklist-gspr-mdr.md +403 -0
  115. package/vendor/dev-docs-templates/templates/mdr_docs/CA/clinical-evaluation-report.md +492 -0
  116. package/vendor/dev-docs-templates/templates/mdr_docs/CA/instructions-for-use.md +132 -0
  117. package/vendor/dev-docs-templates/templates/mdr_docs/CA/literature-evaluation-table.md +15 -0
  118. package/vendor/dev-docs-templates/templates/mdr_docs/CA/mdr-declaration-of-conformity.md +75 -0
  119. package/vendor/dev-docs-templates/templates/mdr_docs/CA/post-market-clinical-follow-up-plan.md +162 -0
  120. package/vendor/dev-docs-templates/templates/mdr_docs/CA/post-market-surveillance-plan.md +175 -0
  121. package/vendor/dev-docs-templates/templates/mdr_docs/CA/risk-management-cybersecurity-checklist.md +67 -0
  122. package/vendor/dev-docs-templates/templates/mdr_docs/CA/risk-management-report.md +111 -0
  123. package/vendor/dev-docs-templates/templates/mdr_docs/CA/usability-evaluation-report.md +70 -0
  124. package/vendor/dev-docs-templates/templates/mdr_docs/EA/clinical-evaluation-plan.md +154 -0
  125. package/vendor/dev-docs-templates/templates/mdr_docs/EA/list-of-hazard-related-use-scenarios.md +34 -0
  126. package/vendor/dev-docs-templates/templates/mdr_docs/EA/risk-table-fmea.md +155 -0
  127. package/vendor/dev-docs-templates/templates/mdr_docs/EA/software-architecture-description.md +307 -0
  128. package/vendor/dev-docs-templates/templates/mdr_docs/EA/software-requirements-list.md +156 -0
  129. package/vendor/dev-docs-templates/templates/mdr_docs/EA/soup-list.md +82 -0
  130. package/vendor/dev-docs-templates/templates/mdr_docs/EA/usability-evaluation-plan.md +103 -0
  131. package/vendor/dev-docs-templates/templates/mdr_docs/ER/global/bug-fixes-documentation-list.md +35 -0
  132. package/vendor/dev-docs-templates/templates/mdr_docs/ER/global/change-evaluation-list.md +100 -0
  133. package/vendor/dev-docs-templates/templates/mdr_docs/ER/global/list-of-known-anomalies.md +29 -0
  134. package/vendor/dev-docs-templates/templates/mdr_docs/ER/sprint/algorithm-validation-report.md +170 -0
  135. package/vendor/dev-docs-templates/templates/mdr_docs/ER/sprint/checklist-software-release.md +52 -0
  136. package/vendor/dev-docs-templates/templates/mdr_docs/ER/sprint/checklist-software-requirements-review.md +50 -0
  137. package/vendor/dev-docs-templates/templates/mdr_docs/ER/sprint/software-architecture-checklist.md +41 -0
  138. package/vendor/dev-docs-templates/templates/mdr_docs/ER/sprint/software-detailed-design.md +321 -0
  139. package/vendor/dev-docs-templates/templates/mdr_docs/ER/sprint/software-system-test-plan.md +155 -0
  140. package/vendor/dev-docs-templates/templates/mdr_docs/ER/sprint/usability-evaluation-protocol.md +63 -0
  141. package/vendor/dev-docs-templates/templates/mdr_docs/PA/intended-use.md +116 -0
  142. package/vendor/dev-docs-templates/templates/mdr_docs/PA/mdr-classification-document.md +114 -0
  143. package/vendor/dev-docs-templates/templates/mdr_docs/PA/risk-management-plan.md +198 -0
  144. package/vendor/dev-docs-templates/templates/mdr_docs/PA/software-development-maintenance-plan.md +225 -0
  145. package/vendor/dev-docs-templates/templates/mdr_docs/PA/system-requirements-spec.md +182 -0
  146. package/vendor/dev-docs-templates/templates/mdr_docs/global/information_security/information-security-controls.md +966 -0
  147. package/vendor/dev-docs-templates/templates/mdr_docs/global/information_security/information-security-policy-and-scope.md +99 -0
  148. package/vendor/dev-docs-templates/templates/mdr_docs/global/qms/quality-manual-policy-objectives.md +187 -0
  149. package/vendor/dev-docs-templates/templates/mdr_docs/global/qms/sop-capa.md +112 -0
  150. package/vendor/dev-docs-templates/templates/mdr_docs/global/qms/sop-change-management.md +128 -0
  151. package/vendor/dev-docs-templates/templates/mdr_docs/global/qms/sop-clinical-evaluation.md +102 -0
  152. package/vendor/dev-docs-templates/templates/mdr_docs/global/qms/sop-feedback-management.md +140 -0
  153. package/vendor/dev-docs-templates/templates/mdr_docs/global/qms/sop-integrated-software-development.md +361 -0
  154. package/vendor/dev-docs-templates/templates/mdr_docs/global/qms/sop-post-market-surveillance.md +159 -0
  155. package/vendor/dev-docs-templates/templates/mdr_docs/global/qms/sop-software-problem-resolution.md +99 -0
@@ -0,0 +1,70 @@
1
+ # Usability Evaluation Report
2
+
3
+ The Usability Evaluation report describes the results of all (formative and summative) Usability Evaluations.
4
+
5
+ ## Mapping of Standard Requirements to Document Sections
6
+
7
+ | IEC 62366-1:2015 Section | Title | Document Section |
8
+ |--------------------------|---------------------------------------------------|------------------|
9
+ | 4.1.3 | Information for Safety as it relates to Usability | 4.5 |
10
+ | 4.2 | Usability Engineering File | (all) |
11
+
12
+ ## 1. Relevant Processes
13
+
14
+ Usability Engineering and Evaluation activities are defined in the **SOP Integrated Software Development**.
15
+
16
+ ## 2. Related Documents
17
+
18
+ * List of Hazard-Related Use Scenarios
19
+ * Usability Evaluation Protocol
20
+ * Usability Evaluation Plan
21
+
22
+ ## 3. Summary of Formative Evaluations
23
+
24
+ ### 3.1 Formative Evaluation 1
25
+
26
+ ## 4. Summary of Summative Evaluation
27
+
28
+ ## 4.1 Methods
29
+
30
+ > Copy-paste this section from the Usability Evaluation Plan (5.2 Planning (Setting)).
31
+
32
+ ### 4.2 Overview over Tests
33
+
34
+ > Copy-paste this table from the Usability Evaluation Protocol.
35
+
36
+ | ID | Description | App State / Environment | Instructions | Acceptance Criteria | Observations | Hazards encountered |
37
+ |----|-------------|-------------------------|--------------|---------------------|--------------|---------------------|
38
+ | | | | | | | |
39
+
40
+ ### 4.3 Pass / Fail Counts of Tests
41
+
42
+ > Count the pass/fail results from the Usability Evaluation Protocol
43
+
44
+ | Test ID | Description | Total Count | Pass Count | Fail Count |
45
+ |---------|-------------|-------------|------------|------------|
46
+ | | | | | |
47
+
48
+ ### 4.4 Use Errors and Hazards
49
+
50
+ | Test ID | Description | Use Error | Potential Hazard |
51
+ |---------|-------------|-----------|------------------|
52
+ | | | | |
53
+
54
+ ### 4.5 Information for Safety
55
+
56
+ > Describe whether information for safety could correctly be perceived and understood by the users and
57
+ > whether it supported the correct use of the medical device.
58
+
59
+ ### 4.6 Other Findings
60
+
61
+ ## 5. Qualitative Participant Feedback
62
+
63
+ ## 6. Conclusion
64
+
65
+ ---
66
+
67
+ Template Copyright [openregulatory.com](https://openregulatory.com). See [template
68
+ license](https://openregulatory.com/template-license).
69
+
70
+ Please don't remove this notice even if you've modified contents of this template.
@@ -0,0 +1,154 @@
1
+ # Clinical Evaluation Plan
2
+
3
+ The Clinical Evaluation Plan defines methods for creating and updating the Clinical Evaluation Report. This
4
+ plan is updated later by the post-market clinical follow-up, e.g., to include new search criteria for the
5
+ literature search.
6
+
7
+ > While the content of the Clinical Evaluation is simple, writing it, coming up with the right structure and
8
+ > forming a sensible line of reasoning (equivalence) can be a bit tricky.
9
+ >
10
+ > These are the guidance documents on Clinical Evaluation. If you're the person writing it, you should read
11
+ > them:
12
+ >
13
+ > * Regulation (EU) on Medical Devices 2017/745
14
+ > * MEDDEV 2.7/1 "CLINICAL EVALUATION"
15
+ > * MDCG 2020-1 Guidance on Clinical Evaluation & Performance Evaluation of Medical Device Software
16
+ > * MDCG 2020-5 Guidance on Clinical Evaluation – Equivalence
17
+ > * MDCG 2020-6 Guidance on Sufficient Clinical Evidence for Legacy Devices
18
+ > * MDCG 2020-13 Clinical Evaluation Assessment Report Template
19
+ > * GHTF 2006 Clinical Evaluation
20
+ >
21
+ > The following checklist provides an overview of possible documents and information that may be relevant for
22
+ > the clinical evaluation.
23
+ >
24
+ > * Intended use
25
+ > * Product description (indications/ contraindications)
26
+ > * Instructions for use
27
+ > * List of potential equivalent products (competitors, predecessor model)
28
+ > * Instructions for use/marketing brochures of the competitor or predecessor model
29
+ > * Comparison of the equivalent products
30
+ > * Information on possible alternative treatment methods
31
+ > * List of marketing claims that are advertised (especially clinical claims)
32
+ > * Marketing brochures
33
+ > * Risk management files (plan, analysis and report), annual risk management reports
34
+ > * Usability file/ user studies
35
+ > * PMS/PMCF plan
36
+ > * PMS report/ PSUR
37
+ > * Sales figures of the product or predecessor product (incl. details of the period)
38
+ > * Complaint handling; number of safety-related incidents reported (incl. details of the time period)
39
+ > * Reports on clinical studies/clinical trials conducted
40
+ > * Relevant preclinical studies or test reports that support safety and performance
41
+ > * Checklist of general safety and performance requirements
42
+ > * Previous clinical evaluation of the product or predecessor model
43
+ > * List of relevant literature or guidelines
44
+ > * Software tests
45
+
46
+ ## 1. Purpose and Scope
47
+
48
+ According to the Regulation (EU) 2017/745, Article 61 and ANNEX XIV, the evaluation of the clinical
49
+ performance and safety as well as the clinical benefit must be based on 'clinical data' and is required for
50
+ all medical device classes. The clinical evaluation report and the clinical data on which it is based,
51
+ verifies the clinical safety and performance of the \<device name\>. This clinical evaluation plan outlines the
52
+ scope of the clinical evaluation.
53
+
54
+ ## 2. Definitions
55
+
56
+ | Definition / Abbrevitation | Description |
57
+ |---------------------------|--------------------------|
58
+ | MDR | Regulation (EU) 2017/745 |
59
+ | [...] | [...] |
60
+
61
+ ## 3. Product Information
62
+
63
+ | | |
64
+ |-----------------|---|
65
+ | Manufacturer: | |
66
+ | Product name: | |
67
+ | Product models: | |
68
+ | CE marking: | |
69
+ | Classification: | |
70
+
71
+ Further information regarding the device (e.g. intended user group, indications, contraindications can be
72
+ found in the document ISD - Intended Use (provide a reference).
73
+
74
+ ## 4. Clinical Benefits
75
+
76
+ Describe the intended clinical benefit(s) of the device.
77
+
78
+ The clinical evaluation report compares the recognized benefits of the device with its associated risks,
79
+ facilitating a comprehensive benefit-risk assessment.
80
+
81
+ ## 5. Clinical Claims
82
+
83
+ All claims related to the \<medical device\> can be found in the table below. These claims will be thoroughly
84
+ examined as part of the literature search in the clinical evaluation.
85
+
86
+ | No. | Claim | Source | Reference |
87
+ |-----|---------------------------------------------|-----------------------------------|----------------------------------------------------------------------------------------------------------------------------------------|
88
+ | 1 | \<Our device reduces procedure time by 20%\> | \<Website / promotional material\> | \<Usability study / Literature analysis (addressed in clinical evaluation report) / verification and validation / PMS data; PMCF data\> |
89
+ | ... | | | |
90
+
91
+ If there are no claims:
92
+ No claims require validation through the clinical evaluation
93
+
94
+ ## 6. Risk Management
95
+
96
+ A risk analysis, conducted in compliance with EN ISO 14971 for the \<medical device\>, is currently documented
97
+ in:
98
+
99
+ * SOP Risk management
100
+ * Risk Management Plan
101
+ * Risk Analysis
102
+ * Risk Management Report
103
+
104
+ The risk management plan/process of the medical device outlines the methodologies employed to scrutinize both
105
+ qualitative and quantitative aspects of clinical safety. The analysis of clinical data will encompass all
106
+ residual risks and side-effects. Additionally, any hazards, risks, and side-effects identified in the clinical
107
+ evaluation report will undergo evaluation in the risk management file. The device's risks will be assessed
108
+ against its identified benefits to conduct a comprehensive benefit-risk assessment.
109
+
110
+ ## 7. Clinical Development Plan
111
+
112
+ > Provide a brief overview of all the clinical investigations that have either been performed, are ongoing, or
113
+ > are planned in the near future.
114
+ >
115
+ > If you have no studies: For the device we did not conduct clinical studies. Describe your justification.
116
+
117
+ ## 8. Clinical Evidence
118
+
119
+ Clinical evaluation is an on-going process, conducted throughout the life cycle of a MDSW. Both favorable and
120
+ unfavorable data considered in the clinical evaluation shall be included in the technical documentation.
121
+
122
+ Three key components will be taken into account when compiling clinical evidence:
123
+
124
+ **Valid clinical association**
125
+
126
+ Demonstrate that it corresponds to the clinical situation, condition, indication or parameter defined in the
127
+ intended purpose of the MDSW
128
+
129
+ **Technical performance**
130
+
131
+ Demonstration of the MDSW’s ability to accurately, reliably and precisely generate the intended output, from
132
+ the input data.
133
+
134
+ **Clinical performance**
135
+ Demonstration of a MDSW’s ability to yield clinically relevant output in accordance with the intended purpose
136
+
137
+ ## 9. Post-market surveillance
138
+
139
+ The following databases will be searched:
140
+
141
+ * MHRA (Medicines and Healthcare products Regulatory Agency)
142
+ * Swissmedic
143
+ * BfArM (Bundesinstitut für Arzneimittel und Medizinprodukte)
144
+ * FDA database MAUDE
145
+ * FDA database for recalls
146
+
147
+ In addition, a PMCF plan is in place according to MDR, Annex XIV Part B.
148
+
149
+ ---
150
+
151
+ Template Copyright [openregulatory.com](https://openregulatory.com). See [template
152
+ license](https://openregulatory.com/template-license).
153
+
154
+ Please don't remove this notice even if you've modified contents of this template.
@@ -0,0 +1,34 @@
1
+ # List of Hazard-Related Use Scenarios
2
+
3
+ ## Mapping of Standard Requirements to Document Sections
4
+
5
+ | IEC 62366-1:2015 Section | Title | Document Section |
6
+ |--------------------------|------------------------------------------------------------------|------------------|
7
+ | 5.4 | Identify and describe Hazard-Related Use Scenarios | 1 |
8
+ | 5.5 | Select the Hazard-Related Use Scenarios for Summative Evaluation | 1 |
9
+
10
+ ## Summary
11
+
12
+ The goal of the list of Hazard-Related Use Scenarios is to gather all Use Scenarios which could be associated
13
+ with a Hazard, e.g., if a user doesn't understand a certain feature of the app (bad design leading to poor
14
+ usability), then a Hazard could be encountered which could subsequently lead to a Hazardous Situation.
15
+
16
+ ## 1. Hazard-Related Use Scenarios
17
+
18
+ > Fill out this list with Use Scenarios which could be Hazard-related. A good rule of thumb is to have 3-10
19
+ > scenarios, based on the risk profile of your software.
20
+ >
21
+ > Also, note that you should prefer to create a spreadsheet for this table (e.g., in Google Sheets) as putting a
22
+ > table in a document will surely lead to chaos. But then again, there's always a certain level of chaos in
23
+ > regulatory documentation.
24
+
25
+ | ID | User Group | Description | App State / Environment | Tasks | Acceptance Criteria |
26
+ |----|------------|--------------------|-------------------------------------------------------|---------------------------------------------------------------|-------------------------------------|
27
+ | 1 | Physician | Assess COVID score | 1) App is installed<br>2) App displays patient result | Understand COVID score and initiate further medical treatment | COVID score is understood correctly |
28
+
29
+ ---
30
+
31
+ Template Copyright [openregulatory.com](https://openregulatory.com). See [template
32
+ license](https://openregulatory.com/template-license).
33
+
34
+ Please don't remove this notice even if you've modified contents of this template.
@@ -0,0 +1,155 @@
1
+ # Failure Mode and Effects Analysis (FMEA): Risk Table
2
+
3
+ <!-- AI AGENT 작성 지침
4
+ 이 문서는 ISO 14971:2019 기반 위험 분석 테이블입니다. EA 단계 초안을 작성하고, ER 단계 Sprint마다 업데이트합니다.
5
+
6
+ 작성 전 반드시 다음 문서를 참조하세요:
7
+ - 사용 목적 정의서(intended-use.md): 의도된 사용자, 사용 환경, 의료 목적 확인
8
+ - 위험 관리 계획서(risk-management-plan.md): 위험 허용 기준 매트릭스(P1~P5, S1~S4) 확인
9
+ - SW 요구사항 명세서(software-requirements-list.md): SRS-S-xxx 보안 요구사항 확인
10
+
11
+ 작성 지침:
12
+ 1. 위험 ID 체계: HA-xxx (Hazard Analysis), FM-xxx (Failure Mode), RC-xxx (Risk Control)
13
+ 2. 다음 3가지 위험 카테고리를 반드시 포함하세요:
14
+ a) SW 오동작으로 인한 위험 (IEC 62304 Cl.7.1)
15
+ b) 사용 오류로 인한 위험 (IEC 62366-1)
16
+ c) 사이버보안 위협으로 인한 위험 (IEC 81001-5-1, MDR Annex I 17.2)
17
+ 3. 확률(P) 및 중증도(S) 등급은 RMP의 매트릭스 기준을 사용하세요
18
+ 4. 위험 통제 조치 적용 후 잔여 위험(Residual Risk)의 허용 여부를 반드시 명시하세요
19
+ 5. 위험 통제 조치(RC)는 SRS에 반영 후 "위험 통제 조치? = Yes"로 연결하세요
20
+
21
+ 위험 ID 예시:
22
+ HA-001: 초기 위험 식별 (PHA)
23
+ FM-001: 소프트웨어 고장 모드
24
+ RC-001: 위험 통제 조치
25
+ -->
26
+
27
+
28
+ | ISO 14971:2019 Section | Document Section |
29
+ | ---------------------- | -------------------------------------------------- |
30
+ | 5.2 | (all; entries about reasonably foreseeable misuse) |
31
+ | 5.4 | 3 |
32
+ | 5.5 | 3, 4 |
33
+ | 6 | 3 |
34
+ | 7.1 | 4 |
35
+ | 7.2 | 4 |
36
+ | 7.3 | 4 |
37
+ | 7.5 | 4 |
38
+
39
+ | IEC 62366-1:2015 Section | Title | Document Section |
40
+ | ------------------------ | -------------------------------------------------------------- | ---------------- |
41
+ | 4.1.2 | Risk Control as it relates to User Interface design | 4 |
42
+ | 5.3 | Identify known or foreseeable Hazards and Hazardous Situations | 1,3 |
43
+
44
+ This is a Failure Mode and Effects Analysis ([FMEA][wikipedia-fmea]) of the device. It is separated into
45
+ multiple sections:
46
+
47
+ * **Failure Modes** lists everything which can go wrong
48
+ * **Hazards and Analysis** lists everything (harms) which can subsequently happen, including an analysis of
49
+ probability and severity
50
+ * The list of **Risk Control Measures** contains all control measures which were implemented for risk
51
+ reduction, either reducing probability or severity, or both.
52
+
53
+ > Ugh, this became more complex than I initially expected. I am so sorry. From a teaching perspective, it's
54
+ > actually simpler to explain if I throw everything into one table. Instead, we have three here now, because I
55
+ > can't trivially upload spreadsheets to the website, so I had to reduce the column count to make them
56
+ > fit. Painful. I'll try to explain as we go along.
57
+
58
+ ## 1. Preliminary Hazards Analysis (PHA)
59
+
60
+ > A Preliminary Hazards Analysis (PHA) is simply a list of stuff which can go wrong. Typically, you come up
61
+ > with that stuff when you think about your product. Like, when you do Covid predictions, you come up with the
62
+ > thought that a wrong prediction will result in a bad outcome. Makes sense. So, here's a table in which you
63
+ > can collect those ideas. Besides the description it also has the column "source" which describes where the
64
+ > idea came from (typical options are: Intended Use, User Test, 14971 checklist (there is one in the 2012
65
+ > version, otherwise there's TR 24971, I think)) and "Hazard ID(s)" which shows where you've continued the
66
+ > analysis (including probability and severity) of that risk. It refers to the ID(s) in the Hazards and
67
+ > Analysis table below.
68
+
69
+ | ID | Source | Description | Hazard ID(s) |
70
+ | --- | ---------------------- | ------------------------------------- | ------------ |
71
+ | 1 | General Considerations | Wrong Covid Prediction | 1 |
72
+ | 2 | Intended Use | Wrong Covid Prediction | 1 |
73
+ | 3 | Usability Test | User misunderstands prediction result | 1 |
74
+
75
+
76
+ ## 2. Failure Modes
77
+
78
+ > This is a list of stuff which can go wrong in your software. You should be able to come up with things while
79
+ > you write code and when you think about it. Typically, stuff which always can go wrong is 1) something
80
+ > becomes unavailable, 2) something returns invalid data, 3) something gets hacked.
81
+
82
+ > I've written some examples for the Covid predictor application which I cover in my videos - you don't have
83
+ > to watch those for now. The idea is that it's an app which predicts whether a certain patient has Covid,
84
+ > pretty magical. An obvious failure mode would be that the app either calculates wrong predictions on the
85
+ > backend (ID 1), or the frontend displays the predictions wrongly (ID 2). They both lead to the same hazard
86
+ > (ID 1) which is listed in the Hazards and Analysis table below.
87
+
88
+ | ID | Software System | Failure Mode | Hazard ID(s) |
89
+ | --- | --------------- | ---------------------------------- | ------------ |
90
+ | 1 | Backend | Wrong Covid Prediction | 1 |
91
+ | 2 | Frontend | Covid Prediction displayed wrongly | 1 |
92
+
93
+ ## 3. Hazards and Analysis
94
+
95
+ > This is a list of stuff which will subsequently happen after your software has failed. It's more about what
96
+ > happens in the real world, not in your software. The 14971 wants you to analyze Hazards, Hazardous
97
+ > Situations and Harms, so that's what you'll find in the table :)
98
+ >
99
+ > Here's what happens: In the beginning, there's a hazard, like a wrong Covid prediction. That hazard has a
100
+ > certain probability to lead to the (next) hazardous situation, in this case 1% (0.01), in which the user
101
+ > thinks he is healthy, but actually has Covid. You can estimate p1 with some medical knowledge, in this case
102
+ > maybe the prevalence of Covid in your target population.
103
+ >
104
+ > Then, this hazardous situation may lead to a harm, in this case, disease progression - the user who got the
105
+ > wrong Covid prediction (healthy) may actually have Covid and now stay at home instead of going to the
106
+ > hospital. So the disease gets worse. Maybe only 10% (0.1, p2) of users will actually blindly trust my Covid
107
+ > app - so not all of them will get disease progression. Again, estimate this based on your own data.
108
+ >
109
+ > Finally, you multiple p1 with p2, check your Risk Acceptance Matrix (see template for the risk management plan) which Probability
110
+ > Category it is (in this case P4). Also check that matrix which severity that harm would be, I'm just
111
+ > assuming it could be S2 here. Once you have your Probability (P) and Severity (S), check your matrix whether
112
+ > that's acceptable. In this case, it's not.
113
+ >
114
+ > So we need a Risk Control Measure which is referenced here by ID (1). As we can see, it reduced the
115
+ > probability to P3, but not the severity. But that's fine, because the P3 and S2 - combination is acceptable,
116
+ > based on our Risk Acceptance Table.
117
+ >
118
+ > The next table contains the list of Risk Control Measures.
119
+
120
+ | ID | Hazard | p1 | Hazardous Situation | p2 | Harm | p1*p2 | P | S | Acceptable? | Comment | Risk Control ID(s) | P | S | Acceptable? |
121
+ | --- | ---------------------- | ---- | ---------------------------------------- | --- | ------------------- | ----- | --- | --- | ----------- | ------- | ------------------ | --- | --- | ----------- |
122
+ | 1 | Wrong Covid prediction | 0.01 | User thinks he is healthy, but has Covid | 0.1 | Disease progression | 0.001 | P4 | S2 | No | | 1 | P3 | S2 | Yes |
123
+
124
+ ## 4. Risk Control Measures
125
+
126
+ > This is the table of Risk Control Measures which was referenced from the Hazards and Analysis table
127
+ > above. We've used the Risk Control Measure with (ID 1) to reduce the risk of disease progression. For that,
128
+ > we came up with a procedure to check our prediction algorithm with test data before we ship it. That makes
129
+ > sense and that should probably reduce the probability of wrong predictions. In this case, by 0.01 (10^-2,
130
+ > I'm coming up with numbers here). It doesn't reduce the severity, of course - the harm is still disease
131
+ > progression.
132
+
133
+ > Note that the 14971 has three types of Risk Control Measures:
134
+ > * Inherent Safety by Design
135
+ > * Protective Measures
136
+ > * Information for Safety
137
+ >
138
+ > Also note that, in simplified terms, Information for Safety must actually be displayed in your application
139
+ > to have any effect. Like, not in the user manual, because nobody reads the manual.
140
+
141
+ | ID | Description | Type | Probability Reduction | Severity Reduction | Negative Influence on Device Safety / Performance Introduced by Mitigation Measure? | Verification Implementation | Verification Effectiveness |
142
+ | --- | ----------------------------------------- | ------------------ | --------------------- | ------------------ | ----------------------------------------------------------------------------------- | --------------------------- | -------------------------- |
143
+ | 1 | Check prediction algorithm with test data | Protective Measure | 10^-2 | 1 | No | Link Software Test ID | Link Usability Test ID |
144
+
145
+ ---
146
+
147
+ Template Copyright [openregulatory.com](https://openregulatory.com). See [template
148
+ license](https://openregulatory.com/template-license).
149
+
150
+ Please don't remove this notice even if you've modified contents of this template.
151
+
152
+
153
+ <!-- Links -->
154
+
155
+ [wikipedia-fmea]: https://en.wikipedia.org/wiki/Failure_mode_and_effects_analysis