@neobiotechlabs/neobiotech-dev-agent 0.1.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (155) hide show
  1. package/.claude-plugin/marketplace.json +22 -0
  2. package/.claude-plugin/plugin.json +58 -0
  3. package/.mcp.json +14 -0
  4. package/README.md +442 -0
  5. package/dist/__tests__/adf.test.d.ts +1 -0
  6. package/dist/__tests__/adf.test.js +68 -0
  7. package/dist/__tests__/adf.test.js.map +1 -0
  8. package/dist/__tests__/annex-ii-template.test.d.ts +1 -0
  9. package/dist/__tests__/annex-ii-template.test.js +39 -0
  10. package/dist/__tests__/annex-ii-template.test.js.map +1 -0
  11. package/dist/__tests__/doc-render.test.d.ts +1 -0
  12. package/dist/__tests__/doc-render.test.js +93 -0
  13. package/dist/__tests__/doc-render.test.js.map +1 -0
  14. package/dist/__tests__/help.test.d.ts +1 -0
  15. package/dist/__tests__/help.test.js +31 -0
  16. package/dist/__tests__/help.test.js.map +1 -0
  17. package/dist/__tests__/jira-fields.test.d.ts +1 -0
  18. package/dist/__tests__/jira-fields.test.js +81 -0
  19. package/dist/__tests__/jira-fields.test.js.map +1 -0
  20. package/dist/__tests__/plugin-manifest.test.d.ts +1 -0
  21. package/dist/__tests__/plugin-manifest.test.js +91 -0
  22. package/dist/__tests__/plugin-manifest.test.js.map +1 -0
  23. package/dist/__tests__/setup.test.d.ts +1 -0
  24. package/dist/__tests__/setup.test.js +7 -0
  25. package/dist/__tests__/setup.test.js.map +1 -0
  26. package/dist/__tests__/sync-version.test.d.ts +1 -0
  27. package/dist/__tests__/sync-version.test.js +37 -0
  28. package/dist/__tests__/sync-version.test.js.map +1 -0
  29. package/dist/clients/risk-client.d.ts +17 -0
  30. package/dist/clients/risk-client.js +54 -0
  31. package/dist/clients/risk-client.js.map +1 -0
  32. package/dist/clients/xray-client.d.ts +34 -0
  33. package/dist/clients/xray-client.js +127 -0
  34. package/dist/clients/xray-client.js.map +1 -0
  35. package/dist/config/project-config.d.ts +14 -0
  36. package/dist/config/project-config.js +45 -0
  37. package/dist/config/project-config.js.map +1 -0
  38. package/dist/confluence-client.d.ts +16 -0
  39. package/dist/confluence-client.js +97 -0
  40. package/dist/confluence-client.js.map +1 -0
  41. package/dist/index.d.ts +2 -0
  42. package/dist/index.js +60 -0
  43. package/dist/index.js.map +1 -0
  44. package/dist/jira-client.d.ts +35 -0
  45. package/dist/jira-client.js +119 -0
  46. package/dist/jira-client.js.map +1 -0
  47. package/dist/tools/annex-ii-template.d.ts +30 -0
  48. package/dist/tools/annex-ii-template.js +129 -0
  49. package/dist/tools/annex-ii-template.js.map +1 -0
  50. package/dist/tools/confluence.d.ts +2 -0
  51. package/dist/tools/confluence.js +54 -0
  52. package/dist/tools/confluence.js.map +1 -0
  53. package/dist/tools/cvss.d.ts +2 -0
  54. package/dist/tools/cvss.js +59 -0
  55. package/dist/tools/cvss.js.map +1 -0
  56. package/dist/tools/doc-render.d.ts +2 -0
  57. package/dist/tools/doc-render.js +96 -0
  58. package/dist/tools/doc-render.js.map +1 -0
  59. package/dist/tools/doc-validation.d.ts +2 -0
  60. package/dist/tools/doc-validation.js +221 -0
  61. package/dist/tools/doc-validation.js.map +1 -0
  62. package/dist/tools/help-data.d.ts +7 -0
  63. package/dist/tools/help-data.js +144 -0
  64. package/dist/tools/help-data.js.map +1 -0
  65. package/dist/tools/help.d.ts +2 -0
  66. package/dist/tools/help.js +39 -0
  67. package/dist/tools/help.js.map +1 -0
  68. package/dist/tools/iec.d.ts +2 -0
  69. package/dist/tools/iec.js +203 -0
  70. package/dist/tools/iec.js.map +1 -0
  71. package/dist/tools/init.d.ts +2 -0
  72. package/dist/tools/init.js +38 -0
  73. package/dist/tools/init.js.map +1 -0
  74. package/dist/tools/jira-crud.d.ts +2 -0
  75. package/dist/tools/jira-crud.js +142 -0
  76. package/dist/tools/jira-crud.js.map +1 -0
  77. package/dist/tools/risk.d.ts +2 -0
  78. package/dist/tools/risk.js +172 -0
  79. package/dist/tools/risk.js.map +1 -0
  80. package/dist/tools/traceability.d.ts +2 -0
  81. package/dist/tools/traceability.js +85 -0
  82. package/dist/tools/traceability.js.map +1 -0
  83. package/dist/tools/types.d.ts +13 -0
  84. package/dist/tools/types.js +2 -0
  85. package/dist/tools/types.js.map +1 -0
  86. package/dist/tools/usability.d.ts +2 -0
  87. package/dist/tools/usability.js +149 -0
  88. package/dist/tools/usability.js.map +1 -0
  89. package/dist/tools/xray.d.ts +2 -0
  90. package/dist/tools/xray.js +35 -0
  91. package/dist/tools/xray.js.map +1 -0
  92. package/dist/utils/adf.d.ts +27 -0
  93. package/dist/utils/adf.js +104 -0
  94. package/dist/utils/adf.js.map +1 -0
  95. package/dist/utils/cvss.d.ts +15 -0
  96. package/dist/utils/cvss.js +86 -0
  97. package/dist/utils/cvss.js.map +1 -0
  98. package/dist/utils/doc-render.d.ts +28 -0
  99. package/dist/utils/doc-render.js +50 -0
  100. package/dist/utils/doc-render.js.map +1 -0
  101. package/dist/utils/jira-fields.d.ts +38 -0
  102. package/dist/utils/jira-fields.js +53 -0
  103. package/dist/utils/jira-fields.js.map +1 -0
  104. package/dist/utils/sync-version.d.ts +2 -0
  105. package/dist/utils/sync-version.js +20 -0
  106. package/dist/utils/sync-version.js.map +1 -0
  107. package/package.json +49 -0
  108. package/skills/doc-render/SKILL.md +79 -0
  109. package/vendor/dev-docs-templates/templates/dev_docs/plan_template.md +104 -0
  110. package/vendor/dev-docs-templates/templates/dev_docs/prd_template.md +110 -0
  111. package/vendor/dev-docs-templates/templates/dev_docs/spec_template.md +81 -0
  112. package/vendor/dev-docs-templates/templates/dev_docs/tasks_template.md +122 -0
  113. package/vendor/dev-docs-templates/templates/mdr_docs/CA/checklist-clinical-evaluation.md +81 -0
  114. package/vendor/dev-docs-templates/templates/mdr_docs/CA/checklist-gspr-mdr.md +403 -0
  115. package/vendor/dev-docs-templates/templates/mdr_docs/CA/clinical-evaluation-report.md +492 -0
  116. package/vendor/dev-docs-templates/templates/mdr_docs/CA/instructions-for-use.md +132 -0
  117. package/vendor/dev-docs-templates/templates/mdr_docs/CA/literature-evaluation-table.md +15 -0
  118. package/vendor/dev-docs-templates/templates/mdr_docs/CA/mdr-declaration-of-conformity.md +75 -0
  119. package/vendor/dev-docs-templates/templates/mdr_docs/CA/post-market-clinical-follow-up-plan.md +162 -0
  120. package/vendor/dev-docs-templates/templates/mdr_docs/CA/post-market-surveillance-plan.md +175 -0
  121. package/vendor/dev-docs-templates/templates/mdr_docs/CA/risk-management-cybersecurity-checklist.md +67 -0
  122. package/vendor/dev-docs-templates/templates/mdr_docs/CA/risk-management-report.md +111 -0
  123. package/vendor/dev-docs-templates/templates/mdr_docs/CA/usability-evaluation-report.md +70 -0
  124. package/vendor/dev-docs-templates/templates/mdr_docs/EA/clinical-evaluation-plan.md +154 -0
  125. package/vendor/dev-docs-templates/templates/mdr_docs/EA/list-of-hazard-related-use-scenarios.md +34 -0
  126. package/vendor/dev-docs-templates/templates/mdr_docs/EA/risk-table-fmea.md +155 -0
  127. package/vendor/dev-docs-templates/templates/mdr_docs/EA/software-architecture-description.md +307 -0
  128. package/vendor/dev-docs-templates/templates/mdr_docs/EA/software-requirements-list.md +156 -0
  129. package/vendor/dev-docs-templates/templates/mdr_docs/EA/soup-list.md +82 -0
  130. package/vendor/dev-docs-templates/templates/mdr_docs/EA/usability-evaluation-plan.md +103 -0
  131. package/vendor/dev-docs-templates/templates/mdr_docs/ER/global/bug-fixes-documentation-list.md +35 -0
  132. package/vendor/dev-docs-templates/templates/mdr_docs/ER/global/change-evaluation-list.md +100 -0
  133. package/vendor/dev-docs-templates/templates/mdr_docs/ER/global/list-of-known-anomalies.md +29 -0
  134. package/vendor/dev-docs-templates/templates/mdr_docs/ER/sprint/algorithm-validation-report.md +170 -0
  135. package/vendor/dev-docs-templates/templates/mdr_docs/ER/sprint/checklist-software-release.md +52 -0
  136. package/vendor/dev-docs-templates/templates/mdr_docs/ER/sprint/checklist-software-requirements-review.md +50 -0
  137. package/vendor/dev-docs-templates/templates/mdr_docs/ER/sprint/software-architecture-checklist.md +41 -0
  138. package/vendor/dev-docs-templates/templates/mdr_docs/ER/sprint/software-detailed-design.md +321 -0
  139. package/vendor/dev-docs-templates/templates/mdr_docs/ER/sprint/software-system-test-plan.md +155 -0
  140. package/vendor/dev-docs-templates/templates/mdr_docs/ER/sprint/usability-evaluation-protocol.md +63 -0
  141. package/vendor/dev-docs-templates/templates/mdr_docs/PA/intended-use.md +116 -0
  142. package/vendor/dev-docs-templates/templates/mdr_docs/PA/mdr-classification-document.md +114 -0
  143. package/vendor/dev-docs-templates/templates/mdr_docs/PA/risk-management-plan.md +198 -0
  144. package/vendor/dev-docs-templates/templates/mdr_docs/PA/software-development-maintenance-plan.md +225 -0
  145. package/vendor/dev-docs-templates/templates/mdr_docs/PA/system-requirements-spec.md +182 -0
  146. package/vendor/dev-docs-templates/templates/mdr_docs/global/information_security/information-security-controls.md +966 -0
  147. package/vendor/dev-docs-templates/templates/mdr_docs/global/information_security/information-security-policy-and-scope.md +99 -0
  148. package/vendor/dev-docs-templates/templates/mdr_docs/global/qms/quality-manual-policy-objectives.md +187 -0
  149. package/vendor/dev-docs-templates/templates/mdr_docs/global/qms/sop-capa.md +112 -0
  150. package/vendor/dev-docs-templates/templates/mdr_docs/global/qms/sop-change-management.md +128 -0
  151. package/vendor/dev-docs-templates/templates/mdr_docs/global/qms/sop-clinical-evaluation.md +102 -0
  152. package/vendor/dev-docs-templates/templates/mdr_docs/global/qms/sop-feedback-management.md +140 -0
  153. package/vendor/dev-docs-templates/templates/mdr_docs/global/qms/sop-integrated-software-development.md +361 -0
  154. package/vendor/dev-docs-templates/templates/mdr_docs/global/qms/sop-post-market-surveillance.md +159 -0
  155. package/vendor/dev-docs-templates/templates/mdr_docs/global/qms/sop-software-problem-resolution.md +99 -0
@@ -0,0 +1,114 @@
1
+ # MDR Classification Document
2
+
3
+ ## Mapping of Requirements
4
+
5
+ | Medical Device Regulation (MDR) | Document Section |
6
+ | ------------------------------- | ---------------- |
7
+ | Annex VIII | (All) |
8
+
9
+ **Related documents:**
10
+
11
+ * Intended Use
12
+ * SOP Product Certification and Registration
13
+
14
+ ## Summary
15
+
16
+ | Product: | (enter content) |
17
+ |-----------------|-----------------|
18
+ | Version: | (enter content) |
19
+ | Classification: | (enter content) |
20
+ | Rule: | (enter content) |
21
+
22
+ Rationale for the qualification of the product as a medical device (MDR Annex II, para. 1.1.e):
23
+ See Intended Use Statement
24
+
25
+ ## Chapter 1: Applicable Definitions
26
+
27
+ > You will need to carefully check and fill out all rows below. Some rows are pre-filled for applicability
28
+ > under the assumption of a stand-alone software medical device. However, this is quite an essential document
29
+ > and you're better off checking twice.
30
+
31
+ **1. Duration of Use**
32
+
33
+ | Term | Definition | Applicable |
34
+ |------------|-----------------------------------------------------------------|------------|
35
+ | Transient | Normally intended for continuous use for less than 60 minutes. | |
36
+ | Short term | Normally intended for continuous use for not more than 30 days. | |
37
+ | Long term | Normally intended for continuous use for more than 30 days. | |
38
+ | | | |
39
+
40
+ **2. Invasive and Active Devices**
41
+
42
+ | Definition | Applicable |
43
+ | ---------- | ---------- |
44
+ | **2.1 Body orifice** means any natural opening in the body, as well as the external surface of the eyeball, or any permanent artificial opening, such as a stoma. | No |
45
+ | **2.2 Surgically invasive device** means:<br>(a) an invasive device which penetrates inside the body through the surface of the body, including through mucous membranes of body orifices with the aid or in the context of a surgical operation; and<br>(b) a device which produces penetration other than through a body orifice. | No |
46
+ | **2.3 Reusable surgical instrument** means an instrument intended for surgical use in cutting, drilling, sawing, scratching, scraping, clamping, retracting, clipping or similar procedures, without a connection to an active device and which is intended by the manufacturer to be reused after appropriate procedures such as cleaning, disinfection and sterilization have been carried out. | No |
47
+ | **2.4 Active therapeutic device** means any active device used, whether alone or in combination with other devices, to<br>support, modify, replace or restore biological functions or structures with a view to treatment or alleviation of an<br>illness, injury or disability. | |
48
+ | **2.5 Active device intended for diagnosis and monitoring** means any active device used, whether alone or in combination with other devices, to supply information for detecting, diagnosing, monitoring or treating physio logical conditions, states of health, illnesses or congenital deformities. | |
49
+ | **2.6 Central circulatory system** means the following blood vessels:<br>arteriae pulmonales, aorta ascendens, arcus aortae, aorta descendens to the bifurcatio aortae, arteriae coronariae, arteria carotis communis, arteria carotis externa, arteria carotis interna, arteriae cerebrales, truncus brachiocephalicus, venae cordis, venae pulmonales, vena cava superior and vena cava inferior. | |
50
+ | **2.7 Central nervous system** means the brain, meninges and spinal cord. | |
51
+ | **2.8 Injured skin or mucous membrane** means an area of skin or a mucous membrane presenting a pathological<br>change or change following disease or a wound. | |
52
+
53
+ ## Chapter 2: Implementing Rules
54
+
55
+ | Rules | Applicable |
56
+ | ----- | ---------- |
57
+ | **3.1** Application of the classification rules shall be governed by the intended purpose of the devices. | Yes |
58
+ | **3.2** If the device in question is intended to be used in combination with another device, the classification rules shall apply separately to each of the devices. Accessories for a medical device and for a product listed in Annex XVI MDR shall be classified in their own right separately from the device with which they are used. | |
59
+ | **3.3** Software, which drives a device or influences the use of a device, shall fall within the same class as the device.<br>If the software is independent of any other device, it shall be classified in its own right. | |
60
+ | **3.4** If the device is not intended to be used solely or principally in a specific part of the body, it shall be considered and classified on the basis of the most critical specified use. | |
61
+ | **3.5** If several rules, or if, within the same rule, several sub-rules, apply to the same device based on the device's intended purpose, the strictest rule and sub-rule resulting in the higher classification shall apply. | |
62
+ | **3.6** In calculating the duration referred to in Section 1, continuous use shall mean:<br>(a) the entire duration of use of the same device without regard to temporary interruption of use during a procedure or temporary removal for purposes such as cleaning or disinfection of the device. Whether the interruption of use or the removal is temporary shall be established in relation to the duration of the use prior to and after the period when the use is interrupted or the device removed; and<br>(b) the accumulated use of a device that is intended by the manufacturer to be replaced immediately with another of the same type. | |
63
+ | **3.7** A device is considered to allow direct diagnosis when it provides the diagnosis of the disease or condition in question by itself or when it provides decisive information for the diagnosis. | |
64
+
65
+ ## Chapter 3: Classification Rules
66
+
67
+ **4.) Non-Invasive Devices**
68
+
69
+ | Rules | Applicable |
70
+ | ----- | ---------- |
71
+ | ***Rule 1***<br>All non-invasive devices are classified as class I, unless one of the rules set out hereinafter applies. | |
72
+ | ***Rule 2***<br>All non-invasive devices intended for channelling or storing blood, body liquids, cells or tissues, liquids or gases for the purpose of eventual infusion, administration or introduction into the body are classified as class IIa:<br>— if they may be connected to a class IIa, class IIb or class III active device; or<br>— if they are intended for use for channelling or storing blood or other body liquids or for storing organs, parts<br>of organs or body cells and tissues, except for blood bags; blood bags are classified as class IIb.<br>In all other cases, such devices are classified as class I. | No |
73
+ | ***Rule 3***<br>All non-invasive devices intended for modifying the biological or chemical composition of human tissues or cells, blood, other body liquids or other liquids intended for implantation or administration into the body are classified as class IIb, unless the treatment for which the device is used consists of filtration, centrifugation or exchanges of gas, heat, in which case they are classified as class IIa.<br><br>All non-invasive devices consisting of a substance or a mixture of substances intended to be used in vitro in direct<br>contact with human cells, tissues or organs taken from the human body or used in vitro with human embryos<br>before their implantation or administration into the body are classified as class III. | No |
74
+ | ***Rule 4***<br>All non-invasive devices which come into contact with injured skin or mucous membrane are classified as:<br>— class I if they are intended to be used as a mechanical barrier, for compression or for absorption of exudates;<br>— class IIb if they are intended to be used principally for injuries to skin which have breached the dermis or<br>mucous membrane and can only heal by secondary intent;<br>— class IIa if they are principally intended to manage the micro-environment of injured skin or mucous membrane; and<br>— class IIa in all other cases.<br><br>This rule applies also to the invasive devices that come into contact with injured mucous membrane. | No |
75
+
76
+ **5.) Invasive Devices**
77
+
78
+ | Rules | Applicable |
79
+ | ----- | ---------- |
80
+ | ***Rule 5***<br>All invasive devices with respect to body orifices, other than surgically invasive devices, which are not intended for connection to an active device or which are intended for connection to a class I active device are classified as:<br>— class I if they are intended for transient use;<br>— class IIa if they are intended for short-term use, except if they are used in the oral cavity as far as the pharynx, in an ear canal up to the ear drum or in the nasal cavity, in which case they are classified as class I; and<br>— class IIb if they are intended for long-term use, except if they are used in the oral cavity as far as the pharynx, in an ear canal up to the ear drum or in the nasal cavity and are not liable to be absorbed by the mucous membrane, in which case they are classified as class IIa.<br><br>All invasive devices with respect to body orifices, other than surgically invasive devices, intended for connection<br>to a class IIa, class IIb or class III active device, are classified as class IIa. | No |
81
+ | ***Rule 6***<br>All surgically invasive devices intended for transient use are classified as class IIa unless they:<br>— are intended specifically to control, diagnose, monitor or correct a defect of the heart or of the central circulatory system through direct contact with those parts of the body, in which case they are classified as class III;<br>— are reusable surgical instruments, in which case they are classified as class I;<br>— are intended specifically for use in direct contact with the heart or central circulatory system or the central nervous system, in which case they are classified as class III;<br>— are intended to supply energy in the form of ionising radiation in which case they are classified as class IIb;<br>— have a biological effect or are wholly or mainly absorbed in which case they are classified as class IIb; or<br>— are intended to administer medicinal products by means of a delivery system, if such administration of a medicinal product is done in a manner that is potentially hazardous taking account of the mode of application, in which case they are classified as class IIb. | No |
82
+ | ***Rule 7***<br>All surgically invasive devices intended for short-term use are classified as class IIa unless they:<br>— are intended specifically to control, diagnose, monitor or correct a defect of the heart or of the central circulatory system through direct contact with those parts of the body, in which case they are classified as class III;<br>— are intended specifically for use in direct contact with the heart or central circulatory system or the central nervous system, in which case they are classified as class III;<br>— are intended to supply energy in the form of ionizing radiation in which case they are classified as class IIb;<br>— have a biological effect or are wholly or mainly absorbed in which case they are classified as class III;<br>— are intended to undergo chemical change in the body in which case they are classified as class IIb, except if the devices are placed in the teeth; or<br>— are intended to administer medicines, in which case they are classified as class IIb. | No |
83
+ | ***Rule 8***<br>All implantable devices and long-term surgically invasive devices are classified as class IIb unless they:<br>— are intended to be placed in the teeth, in which case they are classified as class IIa;<br>— are intended to be used in direct contact with the heart, the central circulatory system or the central nervous system, in which case they are classified as class III;<br>— have a biological effect or are wholly or mainly absorbed, in which case they are classified as class III;<br>— are intended to undergo chemical change in the body in which case they are classified as class III, except if the devices are placed in the teeth;<br>— are intended to administer medicinal products, in which case they are classified as class III;<br>— are active implantable devices or their accessories, in which cases they are classified as class III;<br>— are breast implants or surgical meshes, in which cases they are classified as class III;<br>— are total or partial joint replacements, in which case they are classified as class III, with the exception of ancillary components such as screws, wedges, plates and instruments; or<br>— are spinal disc replacement implants or are implantable devices that come into contact with the spinal column, in which case they are classified as class III with the exception of components such as screws, wedges, plates and instruments. | No |
84
+
85
+ **6.) Active Devices**
86
+
87
+ | Rules | Applicable |
88
+ | ----- | ---------- |
89
+ | ***Rule 9***<br>All active therapeutic devices intended to administer or exchange energy are classified as class IIa unless their characteristics are such that they may administer energy to or exchange energy with the human body in a potentially hazardous way, taking account of the nature, the density and site of application of the energy, in which case they are classified as class IIb.<br><br>All active devices intended to control or monitor the performance of active therapeutic class IIb devices, or intended directly to influence the performance of such devices are classified as class IIb.<br><br>All active devices intended to emit ionizing radiation for therapeutic purposes, including devices which control or monitor such devices, or which directly influence their performance, are classified as class IIb.<br><br>All active devices that are intended for controlling, monitoring or directly influencing the performance of active implantable devices are classified as class III. | |
90
+ | ***Rule 10***<br>Active devices intended for diagnosis and monitoring are classified as class IIa:<br>— if they are intended to supply energy which will be absorbed by the human body, except for devices intended to illuminate the patient's body, in the visible spectrum, in which case they are classified as class I;<br>— if they are intended to image in vivo distribution of radiopharmaceuticals; or<br>— if they are intended to allow direct diagnosis or monitoring of vital physiological processes, unless they are specifically intended for monitoring of vital physiological parameters and the nature of variations of those parameters is such that it could result in immediate danger to the patient, for instance variations in cardiac performance, respiration, activity of the central nervous system, or they are intended for diagnosis in clinical situations where the patient is in immediate danger, in which cases they are classified as class IIb.<br><br>Active devices intended to emit ionizing radiation and intended for diagnostic or therapeutic radiology, including interventional radiology devices and devices which control or monitor such devices, or which directly influence their performance, are classified as class IIb. | |
91
+ | ***Rule 11***<br>Software intended to provide information which is used to take decisions with diagnosis or therapeutic purposes is classified as class IIa, except if such decisions have an impact that may cause:<br>— death or an irreversible deterioration of a person's state of health, in which case it is in class III; or<br>— a serious deterioration of a person's state of health or a surgical intervention, in which case it is classified as class IIb.<br><br>Software intended to monitor physiological processes is classified as class IIa, except if it is intended for monitoring of vital physiological parameters, where the nature of variations of those parameters is such that it could result in immediate danger to the patient, in which case it is classified as class IIb. All other software is classified as class I. | Yes |
92
+ | ***Rule 12***<br>All active devices intended to administer and/or remove medicinal products, body liquids or other substances to or from the body are classified as class IIa, unless this is done in a manner that is potentially hazardous, taking account of the nature of the substances involved, of the part of the body concerned and of the mode of application in which case they are classified as class IIb. | |
93
+ | ***Rule 13***<br>All other active devices are classified as class I. | |
94
+
95
+ **7.) Special Rules**
96
+
97
+ | Rules | Applicable |
98
+ | ----- | ---------- |
99
+ | ***Rule 14***<br>All devices incorporating, as an integral part, a substance which, if used separately, can be considered to be a medicinal product, as defined in point 2 of Article 1 of Directive 2001/83/EC, including a medicinal product derived from human blood or human plasma, as defined in point 10 of Article 1 of that Directive, and that has an action ancillary to that of the devices, are classified as class III. | No |
100
+ | ***Rule 15***<br>All devices used for contraception or prevention of the transmission of sexually transmitted diseases are classified as class IIb, unless they are implantable or long term invasive devices, in which case they are classified as class III. | No |
101
+ | ***Rule 16***<br>All devices intended specifically to be used for disinfecting, cleaning, rinsing or, where appropriate, hydrating contact lenses are classified as class IIb.<br><br>All devices intended specifically to be used for disinfecting or sterilising medical devices are classified as class IIa, unless they are disinfecting solutions or washer-disinfectors intended specifically to be used for disinfecting invasive devices, as the end point of processing, in which case they are classified as class IIb.<br><br>This rule does not apply to devices that are intended to clean devices other than contact lenses by means of physical action only. | No |
102
+ | ***Rule 17***<br>Devices specifically intended for recording of diagnostic images generated by X-ray radiation are classified as class IIa. | No |
103
+ | ***Rule 18***<br>All devices manufactured utilizing tissues or cells of human or animal origin, or their derivatives, which are non-viable or rendered non-viable, are classified as class III, unless such devices are manufactured utilizing tissues or cells of animal origin, or their derivatives, which are non-viable or rendered non-viable and are devices intended to come into contact with intact skin only. | No |
104
+ | ***Rule 19***<br>All devices incorporating or consisting of nanomaterial are classified as:<br>— class III if they present a high or medium potential for internal exposure;<br>— class IIb if they present a low potential for internal exposure; and<br>— class IIa if they present a negligible potential for internal exposure. | No |
105
+ | ***Rule 20***<br>All invasive devices with respect to body orifices, other than surgically invasive devices, which are intended to administer medicinal products by inhalation are classified as class IIa, unless their mode of action has an essential impact on the efficacy and safety of the administered medicinal product or they are intended to treat life-threatening conditions, in which case they are classified as class IIb. | No |
106
+ | ***Rule 21***<br>Devices that are composed of substances or of combinations of substances that are intended to be introduced into the human body via a body orifice or applied to the skin and that are absorbed by or locally dispersed in the human body are classified as:<br>— class III if they, or their products of metabolism, are systemically absorbed by the human body in order to achieve the intended purpose;<br>— class III if they achieve their intended purpose in the stomach or lower gastrointestinal tract and they, or their products of metabolism, are systemically absorbed by the human body;<br>— class IIa if they are applied to the skin or if they are applied in the nasal or oral cavity as far as the pharynx, and achieve their intended purpose on those cavities; and<br>— class IIb in all other cases. | No |
107
+ | ***Rule 22***<br>Active therapeutic devices with an integrated or incorporated diagnostic function which significantly determines the patient management by the device, such as closed loop systems or automated external defibrillators, are classified as class III. | |
108
+
109
+ ---
110
+
111
+ Template Copyright [openregulatory.com](https://openregulatory.com). See [template
112
+ license](https://openregulatory.com/template-license).
113
+
114
+ Please don't remove this notice even if you've modified contents of this template.
@@ -0,0 +1,198 @@
1
+ # Risk Management Plan
2
+
3
+ <!-- AI AGENT 작성 지침
4
+ 이 문서는 ISO 14971:2019 기반 위험 관리 계획서입니다. PA 단계에서 작성하는 핵심 산출물입니다.
5
+
6
+ 작성 전 반드시 다음 문서를 참조하세요:
7
+ - 사용 목적 정의서(intended-use.md): 의도된 사용자, 사용 환경, 의료 목적 확인
8
+
9
+ 작성 지침:
10
+ 1. 제품명과 버전을 문서 상단에 명시하세요
11
+ 2. 1.2.1 사용량 추정은 실제 제품의 예상 사용자 수와 수명을 기반으로 작성하세요
12
+ - 예: 제품 수명 3년, 일일 100회 사용 -> 총 109,575회 사용
13
+ 3. 1.2.2 중증도 등급(S1~S4)은 실제 제품에서 발생 가능한 위해 예시로 변경하세요
14
+ - 진단 보조 SW의 경우: 오진으로 인한 불필요한 시술, 치료 지연 등
15
+ 4. 1.2.3 확률 등급(P1~P5)의 "Estimated Maximum Event Count"를 실제 사용량 계산 결과로 업데이트하세요
16
+ 5. 1.2.4 위험 허용 매트릭스는 제품의 의료적 이득-위험 균형을 반영하여 결정하세요
17
+ 6. 담당자(Roles) 섹션에 실제 담당자 이름과 역할을 기재하세요
18
+
19
+ 위험 관리 계획서 완성 체크리스트:
20
+ [ ] 제품명/버전 명시
21
+ [ ] 위험 관리자(Risk Manager) 지정
22
+ [ ] 사용량 추정 수치 입력
23
+ [ ] 중증도 정의가 제품 특성에 맞게 수정됨
24
+ [ ] 위험 허용 매트릭스 경영진 승인 완료
25
+ [ ] SOP Integrated Software Development 참조 확인
26
+ -->
27
+
28
+
29
+ The Risk Management Plan contains the risk policy and defines the criteria for risk acceptance. It also
30
+ references relevant processes and activities which will be conducted for product-specific risk management as
31
+ part of the integrated software development process (SOP Integrated Software Development).
32
+
33
+ ## Mapping of Standard Requirements to Document Sections
34
+
35
+ | ISO 14971:2019 Section | Document Section |
36
+ | ---------------------- | ----------------------------------------------- |
37
+ | 4.1 | 1 |
38
+ | 4.2 | 1.2, 3 |
39
+ | 4.3 | (Records of competence are kept as Part of QMS) |
40
+ | 4.4 | (all) |
41
+ | 4.5 | (all) |
42
+ | 5.1 | 1.1 |
43
+ | 7.2 | 1.3 |
44
+ | 10.1 | 1.4 |
45
+
46
+ ## 1. Relevant Processes
47
+
48
+ ### 1.1 Risk Management Process and Activities
49
+
50
+ Risk Management Activities are integrated in the software development lifecycle as described in SOP Integrated
51
+ Software Development. The scope of this risk management plan therefore covers the entire software device lifecycle.
52
+
53
+ When creating a first-time risk analysis for a product, Annex C of ISO 14971 should be reviewed for applicable examples.
54
+
55
+ ### 1.2 Risk Policy and Risk Acceptability
56
+
57
+ The following policy establishes criteria for risk acceptability following ISO 14971:2019 and ISO/TR
58
+ 24971:2020. It applies to all people and activities involved in the design, development and distribution
59
+ process of the medical device, and intends to ensure highest levels of medical device safety consistent with
60
+ stakeholder expectations.
61
+
62
+ The manufacturer defines framework criteria for risk acceptability in the form of estimated usage, severity of
63
+ harm and probability of occurrence. The criteria are initially defined as part of the early software development process and reviewed during each post-market surveillance cycle.
64
+
65
+ Estimated usage, categories of severity / probability and risk matrix acceptance are defined based on
66
+ applicable regulatory requirements, relevant international norms and standards, as well as the generally
67
+ acknowledged state of the art (e.g. accepted results of scientific research, reports published by authorities,
68
+ established industry best practices).
69
+
70
+ Acceptability for individual risks always must be established based on both, the estimated severity and the
71
+ estimated probability of a risk. The risk is deemed acceptable based on a combination of both, following the
72
+ risk matrix defined in para. 1.2.4.
73
+
74
+ All identified risks must be reduced as far as possible (AFAP) without adversely affecting the
75
+ benefit-risk-ratio. Risk control measures implemented to reduce the risks must be chosen in the following
76
+ order:
77
+
78
+ 1. Inherent safety by design
79
+ 2. Protective measures
80
+ 3. Information for safety
81
+
82
+ Users of the device must be informed about any remaining residual risks.
83
+
84
+ Acceptability of the overall residual risk is established as part of the clinical evaluation process by
85
+ weighing benefits from intended use against the overall residual risk. Benefits may be described by their
86
+ magnitude or extent, the probability of experience within the intended patient population, the duration and
87
+ frequency of the benefit. For example, the manufacturer may compare the device to similar medical devices
88
+ available on the market: residual risks can be compared individually to corresponding risks of the similar
89
+ device, considering differences in intended use. The overall evaluation of the benefit-risk-ratio should take
90
+ into account knowledge of the intended medical indication, the generally acknowledged state of the art in
91
+ technology and medicine, and the availability of alternative medical devices or treatments.
92
+
93
+ #### 1.2.1 Estimates for Usage
94
+
95
+ > Define estimates for how much you think your device is going to be used in the market.
96
+
97
+ | Usage | Values |
98
+ | ----------------- | ------------------------------------------------------------------------------------------------------------------ |
99
+ | Product life span | Enter number of years you expect the device to be in the market (from design conceptualization to decommissioning) |
100
+ | Users | Enter number of estimated users here |
101
+ | Usages / user | Enter number of estimated times the device is used per user |
102
+ | Total usages | Do the math! |
103
+
104
+ The software's lifetime is established to be [for example: three years]. This is what is expected to be the
105
+ maximum time until the implementation of a significant change, by which the manufacturer is able to react to
106
+ the relevant changes to the software device environment, such as SOUP changes, cybersecurity innovations, or
107
+ the evolving technological or medical state of the art.
108
+
109
+ Estimated product lifetime may not align with the planned PMS / PMCF surveillance periods, as continuous risk
110
+ management involves continuous updates of the risk management file in order to account for new information in
111
+ a timely manner.
112
+
113
+ #### 1.2.2 Severity of Harm
114
+
115
+ > Define what can go wrong with your product here. Make the examples specific - chances are, your product
116
+ > can't cause skin lacerations. In all likelihood it also doesn't cause death. So, feel free to remove
117
+ > severity rows here. But most importantly, customize the definitions and examples so that they resemble the
118
+ > harms in your product.
119
+
120
+ | Severity | Definition and Examples |
121
+ | ---------------- | --------------------------------------------------------------------------------------------------------- |
122
+ | S1: Negligible | Minor, reversible damage, e.g. superficial skin irritation, delay of non-critical treatment |
123
+ | S2: Marginal | Minor, reversible damage with required medical intervention, e.g. skin laceration requiring stitches |
124
+ | S3: Critical | Major, irreversible damage with required medical intervention, e.g. irreversible deterioration of disease |
125
+ | S4: Catastrophic | Death |
126
+
127
+ #### 1.2.3 Probability of Occurrence
128
+
129
+ > Define your probabilities. You can probably just use these definitions. The idea is that each probability
130
+ > row is 10^2 apart from adjacent ones.
131
+
132
+ > Also, change the "Estimated Maximum Event Count". That's the usage number you estimate for your (not yet
133
+ > released product) during its entire lifecycle (which you need to define). So, if you assume that your
134
+ > product will be on the market for 4 years and that it'll be used 100 times per day, that results in 146.100
135
+ > usages (100 usages/day * 365.25 days/year * 4 years). The numbers in the lower columns of "Estimated Maximum
136
+ > Event Count" are simply the total usage number multiplied by the upper limit probability of the same row,
137
+ > e.g. you want to know "how often can probability P3 occur if the product is being used 100 times per day?"
138
+
139
+ | Probability | Upper Limit | Lower Limit | Estimated Maximum Event Count |
140
+ | --------------- | ----------- | ----------- | ----------------------------- |
141
+ | P5: Certain | 1 | 10^-2 | 1000000 *(change this*) |
142
+ | P4: Likely | 10^-2 | 10^-4 | 10000 |
143
+ | P3: Unlikely | 10^-4 | 10^-6 | 100 |
144
+ | P2: Rare | 10^-6 | 10^-8 | 1 |
145
+ | P1: Unthinkable | 10^-8 | 0 | 0 |
146
+
147
+ #### 1.2.4 Risk Acceptance Matrix
148
+
149
+ > The most important part. You assess each severity-probability combination whether it's acceptable for you as
150
+ > a company. There are no definitive rules on what's deemed acceptable. It depends on your company's risk
151
+ > policy and, more importantly, the benefits of your product which you show in your clinical evaluation. So,
152
+ > for example, if your product saves 10 lives per day, it might be acceptable to cause one death per day. If
153
+ > your product doesn't save any lives, it might not be acceptable to cause any deaths. You get the idea, I
154
+ > hope.
155
+
156
+ | Probability | S1: Negligible | S2: Marginal | S3: Critical | S4: Catastrophic | Estimated Maximum Event Count |
157
+ | --------------- | -------------- | ---------------- | ---------------- | ---------------- | ----------------------------- |
158
+ | P5: Certain | acceptable | **unacceptable** | **unacceptable** | **unacceptable** | 1000000 |
159
+ | P4: Likely | acceptable | **unacceptable** | **unacceptable** | **unacceptable** | 10000 |
160
+ | P3: Unlikely | acceptable | acceptable | **unacceptable** | **unacceptable** | 100 |
161
+ | P2: Rare | acceptable | acceptable | acceptable | **unacceptable** | 1 |
162
+ | P1: Unthinkable | acceptable | acceptable | acceptable | acceptable | 0 |
163
+
164
+ ### 1.3 Verification of Risk Control Measures
165
+
166
+ Risk Control Measures are verified as described in the software development lifecycle as described in SOP
167
+ Integrated Software Development.
168
+
169
+ ### 1.4 Assessment of the overall residual risk
170
+
171
+ After determination of the Risk Control Measures any risk that could arise from the combination of the
172
+ individual risks or mitigating measures is assessed. For this purpose, the probability and severity of the
173
+ possible residual risk are estimated and evaluated using the existing risk matrix.
174
+
175
+ ### 1.5 Collection and Review of Post-Production Information
176
+
177
+ Review and collection of Post-Production information is described in SOP Post-Market Surveillance.
178
+
179
+ ## 2. Related Documents
180
+
181
+ * SOP Integrated Software Development
182
+ * Risk Acceptance Matrix
183
+ * Risk Table
184
+ * Risk Management Report
185
+
186
+ ## 3. Roles
187
+
188
+ | Title | Name(s) |
189
+ | ----------------------------------------------- | ------- |
190
+ | Risk Manager | |
191
+ | Context / Subject Matter Expert, e.g. physician | |
192
+
193
+ ---
194
+
195
+ Template Copyright [openregulatory.com](https://openregulatory.com). See [template
196
+ license](https://openregulatory.com/template-license).
197
+
198
+ Please don't remove this notice even if you've modified contents of this template.
@@ -0,0 +1,225 @@
1
+ # Software Development and Maintenance Plan
2
+
3
+ <!-- AI AGENT 작성 지침
4
+ 이 문서는 IEC 62304 Cl.5.1 기반 SW 개발 및 유지보수 계획서입니다. PA 단계 핵심 산출물입니다.
5
+
6
+ 작성 전 반드시 다음 문서를 참조하세요:
7
+ - 시스템 요구사항 명세서(system-requirements-spec.md): 팀 구성, 타겟 환경 확인
8
+ - 사용 목적 정의서(intended-use.md): 제품명, SW 안전 등급 확인
9
+
10
+ 작성 지침:
11
+ 1. Section 2.2 (SW 안전 등급): IEC 62304 Cl.4.3 기준으로 Class A/B/C를 결정하고 근거를 기술하세요
12
+ 2. Section 3 (Design Phases): 우리 Gate 프로세스에 맞게 PA/EA/ER/CA로 업데이트하세요
13
+ - PA: 기획 및 계획 -> 개발 시작 전 승인
14
+ - EA: 요구사항 및 설계 -> 코딩 시작 전 승인
15
+ - ER: 구현 및 검증 -> Sprint 반복 (Sprint No, 완료 일자 기입)
16
+ - CA: 최종 릴리스 -> 검증 완료 후 승인
17
+ 3. Section 5 (Configuration Management): 반드시 상세히 작성하세요 (형상관리 계획 역할)
18
+ - Git 브랜치 전략 (feature/release/main 등)
19
+ - 버전 체계 (semantic versioning: MAJOR.MINOR.PATCH)
20
+ - 변경 통제 절차 (Change Evaluation List 참조)
21
+ 4. 사이버보안 계획은 별도 파일 없이 이 SDP 내에 챕터로 작성하세요:
22
+ - 보안 설계 원칙 (Security by Design)
23
+ - 취약점 모니터링 주기 (CVE 검토)
24
+ - 보안 사고 대응 절차
25
+ 5. Section 2.1 팀 구성에 실제 인원을 기재하고 역할을 구체화하세요
26
+
27
+ 완성 체크리스트:
28
+ [ ] 제품명 및 SW 안전 등급 명시
29
+ [ ] Design Phases에 PA/EA/ER/CA Gate 반영
30
+ [ ] Section 5 형상관리 상세 기술 (Git 브랜치, 버전 체계)
31
+ [ ] 사이버보안 챕터 추가 (IEC 81001-5-1)
32
+ [ ] 담당자 역할(R&R) 기재
33
+ -->
34
+
35
+
36
+ This document summarizes development and maintenance activities.
37
+
38
+ ## Mapping of Standard Requirements to Document Sections
39
+
40
+ | ISO 13485:2016 Section | Document Section |
41
+ | ------------------------------------- | ---------------- |
42
+ | 7.3.2 Design and Development Planning | 1, 2, 3, 7 |
43
+
44
+ | Classes | IEC 62304:2006 Section | Document Section |
45
+ | ------- | -------------------------------------------------------------------------- | ---------------- |
46
+ | A, B, C | 4.4.2 Risk Management Activities | 1 |
47
+ | A, B, C | 5.1.1 a) (Processes) | 1 |
48
+ | A, B, C | 5.1.1 b) (Deliverables) | 1 |
49
+ | A, B, C | 5.1.1 c) (Traceability) | 1 |
50
+ | A, B, C | 5.1.1 d) (Configuration and Change Management) | 1, 5 |
51
+ | A, B, C | 5.1.1 e) (Problem Resolution) | 1 |
52
+ | A, B, C | 5.1.2 Keep Software Development Plan Updated | 1 |
53
+ | A, B, C | 5.1.3 Software Development Plan Reference to System Design and Development | 2 |
54
+ | C | 5.1.4 Software Development Standards, Methods and Tools Planning | |
55
+ | B, C | 5.1.5 Software Integration and Integration Test Planning | 3, 8 |
56
+ | A, B, C | 5.1.6 Software Verification Planning | 7 |
57
+ | A, B, C | 5.1.7 Software Risk Management Planning | 1 |
58
+ | A, B, C | 5.1.8 Documentation Planning | 6 |
59
+ | A, B, C | 5.1.9 Software Configuration Management Planning | 5 |
60
+ | B, C | 5.1.10 Supporting Items to be Controlled | 5 |
61
+ | B, C | 5.1.11 Software Configuration Item Control Before Verification | 5 |
62
+ | B, C | 5.1.12 Identification and Avoidance of Common Software Defects | 4 |
63
+ | A, B, C | 6.1 Software Maintenance Plan. | 10 |
64
+
65
+ ## 1 Relevant Processes and Documents
66
+
67
+ Please see the relevant processes for the following activities:
68
+
69
+ * Risk management activities incl. SOUP risks: SOP Integrated Software Development
70
+ * Problem resolution: SOP Problem Resolution
71
+ * Software development incl. deliverables, traceability, regular update of software development plan: SOP
72
+ Integrated Software Development
73
+ * Change management: SOP Change Management
74
+ * SOUP List
75
+ * Usability engineering activities: SOP Integrated Software Development
76
+
77
+ ## 2. Required Resources
78
+
79
+ ### 2.1 Team
80
+
81
+ | Role | Count | Responsibilities |
82
+ | ------------------- | ----- | ------------------------------------------- |
83
+ | Head of Development | 1 | Prioritizing tasks and technical oversight |
84
+ | Frontend Developer | 2 | Implementing Frontend Software Requirements |
85
+ | Backend Developer | 1 | Implementing Backend Software Requirements |
86
+
87
+ ### 2.2 Software
88
+
89
+ #### IEC 62304 Software Safety Classification
90
+
91
+ The software safety classification for \[enter device name\] has been established as class \[XXXX\] per IEC 62304:2006/AMD1:2015 based on the decision-making process outlined in table 3 and in paragraph 4.3 of the norm. A malfunction of, or latent design flaw in the software device may lead to situations with unacceptable risks \[for example: false-positive and false-negative diagnosis, resulting in unnecessary interventions or missed necessary interventions\]. This excludes software safety class A. Serious injuries or death, however, can be ruled out because \[XXXX\]. Considering these risk control measures external to the software system, safety class C can be ruled out, resulting in class B.
92
+
93
+ #### Measuring Function
94
+
95
+ The \[enter device name\] does not include a measuring function, as described in EU Regulation 2017/45 and relevant regulatory guidance documents. The definition of MEDDEV 2.1-5 for measuring functions does not apply because \[XXX\].
96
+
97
+ #### Combination With Other Products
98
+
99
+ To achieve its intended purpose, the \[enter device name\] is intended to be used in combination with \[for example: MRI/CT scanners that produce imaging data\]. Specifications for compatible equipment are described in the List of Software Requirements as well as in the Instructions for Use. Relevant verification and validation tests will be added to the documentation.
100
+
101
+ #### Product Lifetime
102
+
103
+ The software's lifetime is established to be \[for example: three years\]. This is what is expected to be the maximum time until the implementation of a significant change, by which the manufacturer is able to react to the relevant changes to the software device environment, such as SOUP changes, cybersecurity innovations, or the evolving technological or medical state of the art.
104
+
105
+ #### Programming Languages
106
+
107
+ > List the languages you’ll be using, including compiler and language versions.
108
+
109
+ | Name | Version |
110
+ | ------ | ------- |
111
+ | Python | 3.8 |
112
+
113
+ #### Development Software
114
+
115
+ > List software used to support development, e.g., IDEs.
116
+
117
+ | Name | Version |
118
+ | ------- | -------- |
119
+ | PyCharm | 2020.1.4 |
120
+
121
+ ### 2.3 System Requirement / Target Runtime
122
+
123
+ > List your target runtime(s).
124
+
125
+ | Name | Version |
126
+ | ------- | ------- |
127
+ | CPython | 3.8 |
128
+
129
+ > Specify system requirements, e.g., the minimum specifications of the server / compute instance you'll be
130
+ > running your software on
131
+
132
+ *Minimum system requirements:*
133
+
134
+ * *Server-grade dual-core CPU, e.g., Intel Xeon E3-1230 v5 or higher*
135
+ * *4 GB of RAM*
136
+ * *1 GBit/s up- and downlink*
137
+ * *20GB SSD storage*
138
+
139
+ ## 3 Design Phases
140
+
141
+ > The 13485 requires you to specify "Design Phases". Here are some suggestions which you could use.
142
+
143
+ | Title | Estimated Completion Date | Description | Review method |
144
+ | -------------- | ------------------------- | ----------- | ------------------------------- |
145
+ | Specification | | | Software Requirements Checklist |
146
+ | Implementation | | | Code Reviews |
147
+ | Testing | | | System Test |
148
+ | Validation | | | Usability Evaluation |
149
+ | Release | | | Release Checklist |
150
+
151
+ ## 4 Avoiding Common Software Defects Based on Selected Programming Technology
152
+
153
+ > Discuss how your selected programming technology may introduce risks and how you plan to avoid them. With
154
+ > modern, dynamically-typed languages, an obvious risk is that you encounter runtime exceptions. So you could
155
+ > argue that your test coverage is great and compensates for that. You could also link to your risk analysis
156
+ > here if you analyse those risks further.
157
+
158
+ ## 5 Configuration Management and Version Control
159
+
160
+ > Describe which version control software you're using (probably git, like all human beings on this planet
161
+ > right now, except enterprise developers). Also describe your branching model, i.e., how your developers
162
+ > create branches during development, how you name them and how you merge them (pull requests? merge commits?
163
+ > squash before?). Your code review will be described in the next section.
164
+ >
165
+ > Importantly, describe which things (code, build files, etc.) are put in version control. Describe how you
166
+ > name versions and how you tag them. Your goal should be that you can retrieve an old version and build
167
+ > it. Why? Something with a newer version may go wrong (harm patients) and you may need to roll back.
168
+
169
+ *git is used as version control software. All source code and build files are committed to version control.*
170
+
171
+ *When implementing software requirements, developers create a new branch starting at master. During
172
+ development, developers may create intermediate commits on this development branch.*
173
+
174
+ *When implementation is completed, a new merge commit to master is created.*
175
+
176
+ ***This is also the activity which constitutes integration of software units.***
177
+
178
+ *For each release, the goal is to be able to uniquely identify it and retrieve all relevant files (code,
179
+ configuration files like build scripts, SOUPs, etc.) at any time in the future.*
180
+
181
+ *When a new software version is released, its commit is tagged in git. The tag is constructed by adhering to
182
+ semver ([semver.org](https://semver.org)) 2.0.0 which results in a version of format MAJOR.MINOR.PATCH,
183
+ e.g., 1.0.0.*
184
+
185
+ ## 6 Documentation Activities
186
+
187
+ > Describe your policy on what should be documented while you develop software. Maybe you want to require
188
+ > your developers to document all methods which are private. Maybe you want to keep an up-to-date software
189
+ > architecture diagram in the repository, etc. Make sure to mention how traceability between Software Requirements and Tests is maintained.
190
+
191
+ ## 7 Implementation Verification Activities
192
+
193
+ > Describe verification activities, e.g. code review.
194
+
195
+ *For each pull request, a code review is performed by a team member who was not the main author of the code
196
+ under review. The code review is only marked as "approved" if the code complies with the code review
197
+ criteria. This is:*
198
+
199
+ * *Code fulfils the software requirements*
200
+ * *Adherence to [PEP8 Style Guide](https://www.python.org/dev/peps/pep-0008/)*
201
+
202
+ ## 8 Software System Test Activities
203
+
204
+ > Describe software system test activities. This could be continuous integration which is triggered by opening
205
+ > a pull request (e.g. Travis CI, Circle CI). Describe what is tested and how that automated system works.
206
+
207
+ *Integration tests are included in software system tests.*
208
+
209
+ ## 9 Validation Activities
210
+
211
+ Validation is carried out as formative and summative usability evaluation as described in the software development process. A usability evaluation file (plan, protocol and report) will be prepared.
212
+
213
+ ## 10 Maintenance Activities
214
+
215
+ > Describe how often you check SOUP issue trackers and how you document them.
216
+
217
+ *SOUP issue trackers are checked at least once every 6 months. The verification date is updated in the SOUP
218
+ list accordingly.*
219
+
220
+ ---
221
+
222
+ Template Copyright [openregulatory.com](https://openregulatory.com). See [template
223
+ license](https://openregulatory.com/template-license).
224
+
225
+ Please don't remove this notice even if you've modified contents of this template.