@neobiotechlabs/neobiotech-dev-agent 0.1.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (155) hide show
  1. package/.claude-plugin/marketplace.json +22 -0
  2. package/.claude-plugin/plugin.json +58 -0
  3. package/.mcp.json +14 -0
  4. package/README.md +442 -0
  5. package/dist/__tests__/adf.test.d.ts +1 -0
  6. package/dist/__tests__/adf.test.js +68 -0
  7. package/dist/__tests__/adf.test.js.map +1 -0
  8. package/dist/__tests__/annex-ii-template.test.d.ts +1 -0
  9. package/dist/__tests__/annex-ii-template.test.js +39 -0
  10. package/dist/__tests__/annex-ii-template.test.js.map +1 -0
  11. package/dist/__tests__/doc-render.test.d.ts +1 -0
  12. package/dist/__tests__/doc-render.test.js +93 -0
  13. package/dist/__tests__/doc-render.test.js.map +1 -0
  14. package/dist/__tests__/help.test.d.ts +1 -0
  15. package/dist/__tests__/help.test.js +31 -0
  16. package/dist/__tests__/help.test.js.map +1 -0
  17. package/dist/__tests__/jira-fields.test.d.ts +1 -0
  18. package/dist/__tests__/jira-fields.test.js +81 -0
  19. package/dist/__tests__/jira-fields.test.js.map +1 -0
  20. package/dist/__tests__/plugin-manifest.test.d.ts +1 -0
  21. package/dist/__tests__/plugin-manifest.test.js +91 -0
  22. package/dist/__tests__/plugin-manifest.test.js.map +1 -0
  23. package/dist/__tests__/setup.test.d.ts +1 -0
  24. package/dist/__tests__/setup.test.js +7 -0
  25. package/dist/__tests__/setup.test.js.map +1 -0
  26. package/dist/__tests__/sync-version.test.d.ts +1 -0
  27. package/dist/__tests__/sync-version.test.js +37 -0
  28. package/dist/__tests__/sync-version.test.js.map +1 -0
  29. package/dist/clients/risk-client.d.ts +17 -0
  30. package/dist/clients/risk-client.js +54 -0
  31. package/dist/clients/risk-client.js.map +1 -0
  32. package/dist/clients/xray-client.d.ts +34 -0
  33. package/dist/clients/xray-client.js +127 -0
  34. package/dist/clients/xray-client.js.map +1 -0
  35. package/dist/config/project-config.d.ts +14 -0
  36. package/dist/config/project-config.js +45 -0
  37. package/dist/config/project-config.js.map +1 -0
  38. package/dist/confluence-client.d.ts +16 -0
  39. package/dist/confluence-client.js +97 -0
  40. package/dist/confluence-client.js.map +1 -0
  41. package/dist/index.d.ts +2 -0
  42. package/dist/index.js +60 -0
  43. package/dist/index.js.map +1 -0
  44. package/dist/jira-client.d.ts +35 -0
  45. package/dist/jira-client.js +119 -0
  46. package/dist/jira-client.js.map +1 -0
  47. package/dist/tools/annex-ii-template.d.ts +30 -0
  48. package/dist/tools/annex-ii-template.js +129 -0
  49. package/dist/tools/annex-ii-template.js.map +1 -0
  50. package/dist/tools/confluence.d.ts +2 -0
  51. package/dist/tools/confluence.js +54 -0
  52. package/dist/tools/confluence.js.map +1 -0
  53. package/dist/tools/cvss.d.ts +2 -0
  54. package/dist/tools/cvss.js +59 -0
  55. package/dist/tools/cvss.js.map +1 -0
  56. package/dist/tools/doc-render.d.ts +2 -0
  57. package/dist/tools/doc-render.js +96 -0
  58. package/dist/tools/doc-render.js.map +1 -0
  59. package/dist/tools/doc-validation.d.ts +2 -0
  60. package/dist/tools/doc-validation.js +221 -0
  61. package/dist/tools/doc-validation.js.map +1 -0
  62. package/dist/tools/help-data.d.ts +7 -0
  63. package/dist/tools/help-data.js +144 -0
  64. package/dist/tools/help-data.js.map +1 -0
  65. package/dist/tools/help.d.ts +2 -0
  66. package/dist/tools/help.js +39 -0
  67. package/dist/tools/help.js.map +1 -0
  68. package/dist/tools/iec.d.ts +2 -0
  69. package/dist/tools/iec.js +203 -0
  70. package/dist/tools/iec.js.map +1 -0
  71. package/dist/tools/init.d.ts +2 -0
  72. package/dist/tools/init.js +38 -0
  73. package/dist/tools/init.js.map +1 -0
  74. package/dist/tools/jira-crud.d.ts +2 -0
  75. package/dist/tools/jira-crud.js +142 -0
  76. package/dist/tools/jira-crud.js.map +1 -0
  77. package/dist/tools/risk.d.ts +2 -0
  78. package/dist/tools/risk.js +172 -0
  79. package/dist/tools/risk.js.map +1 -0
  80. package/dist/tools/traceability.d.ts +2 -0
  81. package/dist/tools/traceability.js +85 -0
  82. package/dist/tools/traceability.js.map +1 -0
  83. package/dist/tools/types.d.ts +13 -0
  84. package/dist/tools/types.js +2 -0
  85. package/dist/tools/types.js.map +1 -0
  86. package/dist/tools/usability.d.ts +2 -0
  87. package/dist/tools/usability.js +149 -0
  88. package/dist/tools/usability.js.map +1 -0
  89. package/dist/tools/xray.d.ts +2 -0
  90. package/dist/tools/xray.js +35 -0
  91. package/dist/tools/xray.js.map +1 -0
  92. package/dist/utils/adf.d.ts +27 -0
  93. package/dist/utils/adf.js +104 -0
  94. package/dist/utils/adf.js.map +1 -0
  95. package/dist/utils/cvss.d.ts +15 -0
  96. package/dist/utils/cvss.js +86 -0
  97. package/dist/utils/cvss.js.map +1 -0
  98. package/dist/utils/doc-render.d.ts +28 -0
  99. package/dist/utils/doc-render.js +50 -0
  100. package/dist/utils/doc-render.js.map +1 -0
  101. package/dist/utils/jira-fields.d.ts +38 -0
  102. package/dist/utils/jira-fields.js +53 -0
  103. package/dist/utils/jira-fields.js.map +1 -0
  104. package/dist/utils/sync-version.d.ts +2 -0
  105. package/dist/utils/sync-version.js +20 -0
  106. package/dist/utils/sync-version.js.map +1 -0
  107. package/package.json +49 -0
  108. package/skills/doc-render/SKILL.md +79 -0
  109. package/vendor/dev-docs-templates/templates/dev_docs/plan_template.md +104 -0
  110. package/vendor/dev-docs-templates/templates/dev_docs/prd_template.md +110 -0
  111. package/vendor/dev-docs-templates/templates/dev_docs/spec_template.md +81 -0
  112. package/vendor/dev-docs-templates/templates/dev_docs/tasks_template.md +122 -0
  113. package/vendor/dev-docs-templates/templates/mdr_docs/CA/checklist-clinical-evaluation.md +81 -0
  114. package/vendor/dev-docs-templates/templates/mdr_docs/CA/checklist-gspr-mdr.md +403 -0
  115. package/vendor/dev-docs-templates/templates/mdr_docs/CA/clinical-evaluation-report.md +492 -0
  116. package/vendor/dev-docs-templates/templates/mdr_docs/CA/instructions-for-use.md +132 -0
  117. package/vendor/dev-docs-templates/templates/mdr_docs/CA/literature-evaluation-table.md +15 -0
  118. package/vendor/dev-docs-templates/templates/mdr_docs/CA/mdr-declaration-of-conformity.md +75 -0
  119. package/vendor/dev-docs-templates/templates/mdr_docs/CA/post-market-clinical-follow-up-plan.md +162 -0
  120. package/vendor/dev-docs-templates/templates/mdr_docs/CA/post-market-surveillance-plan.md +175 -0
  121. package/vendor/dev-docs-templates/templates/mdr_docs/CA/risk-management-cybersecurity-checklist.md +67 -0
  122. package/vendor/dev-docs-templates/templates/mdr_docs/CA/risk-management-report.md +111 -0
  123. package/vendor/dev-docs-templates/templates/mdr_docs/CA/usability-evaluation-report.md +70 -0
  124. package/vendor/dev-docs-templates/templates/mdr_docs/EA/clinical-evaluation-plan.md +154 -0
  125. package/vendor/dev-docs-templates/templates/mdr_docs/EA/list-of-hazard-related-use-scenarios.md +34 -0
  126. package/vendor/dev-docs-templates/templates/mdr_docs/EA/risk-table-fmea.md +155 -0
  127. package/vendor/dev-docs-templates/templates/mdr_docs/EA/software-architecture-description.md +307 -0
  128. package/vendor/dev-docs-templates/templates/mdr_docs/EA/software-requirements-list.md +156 -0
  129. package/vendor/dev-docs-templates/templates/mdr_docs/EA/soup-list.md +82 -0
  130. package/vendor/dev-docs-templates/templates/mdr_docs/EA/usability-evaluation-plan.md +103 -0
  131. package/vendor/dev-docs-templates/templates/mdr_docs/ER/global/bug-fixes-documentation-list.md +35 -0
  132. package/vendor/dev-docs-templates/templates/mdr_docs/ER/global/change-evaluation-list.md +100 -0
  133. package/vendor/dev-docs-templates/templates/mdr_docs/ER/global/list-of-known-anomalies.md +29 -0
  134. package/vendor/dev-docs-templates/templates/mdr_docs/ER/sprint/algorithm-validation-report.md +170 -0
  135. package/vendor/dev-docs-templates/templates/mdr_docs/ER/sprint/checklist-software-release.md +52 -0
  136. package/vendor/dev-docs-templates/templates/mdr_docs/ER/sprint/checklist-software-requirements-review.md +50 -0
  137. package/vendor/dev-docs-templates/templates/mdr_docs/ER/sprint/software-architecture-checklist.md +41 -0
  138. package/vendor/dev-docs-templates/templates/mdr_docs/ER/sprint/software-detailed-design.md +321 -0
  139. package/vendor/dev-docs-templates/templates/mdr_docs/ER/sprint/software-system-test-plan.md +155 -0
  140. package/vendor/dev-docs-templates/templates/mdr_docs/ER/sprint/usability-evaluation-protocol.md +63 -0
  141. package/vendor/dev-docs-templates/templates/mdr_docs/PA/intended-use.md +116 -0
  142. package/vendor/dev-docs-templates/templates/mdr_docs/PA/mdr-classification-document.md +114 -0
  143. package/vendor/dev-docs-templates/templates/mdr_docs/PA/risk-management-plan.md +198 -0
  144. package/vendor/dev-docs-templates/templates/mdr_docs/PA/software-development-maintenance-plan.md +225 -0
  145. package/vendor/dev-docs-templates/templates/mdr_docs/PA/system-requirements-spec.md +182 -0
  146. package/vendor/dev-docs-templates/templates/mdr_docs/global/information_security/information-security-controls.md +966 -0
  147. package/vendor/dev-docs-templates/templates/mdr_docs/global/information_security/information-security-policy-and-scope.md +99 -0
  148. package/vendor/dev-docs-templates/templates/mdr_docs/global/qms/quality-manual-policy-objectives.md +187 -0
  149. package/vendor/dev-docs-templates/templates/mdr_docs/global/qms/sop-capa.md +112 -0
  150. package/vendor/dev-docs-templates/templates/mdr_docs/global/qms/sop-change-management.md +128 -0
  151. package/vendor/dev-docs-templates/templates/mdr_docs/global/qms/sop-clinical-evaluation.md +102 -0
  152. package/vendor/dev-docs-templates/templates/mdr_docs/global/qms/sop-feedback-management.md +140 -0
  153. package/vendor/dev-docs-templates/templates/mdr_docs/global/qms/sop-integrated-software-development.md +361 -0
  154. package/vendor/dev-docs-templates/templates/mdr_docs/global/qms/sop-post-market-surveillance.md +159 -0
  155. package/vendor/dev-docs-templates/templates/mdr_docs/global/qms/sop-software-problem-resolution.md +99 -0
@@ -0,0 +1,140 @@
1
+ # SOP Feedback Management and Customer Complaints
2
+
3
+ ## Summary
4
+
5
+ This SOP describes how to respond to feedback and complaints.
6
+
7
+ | | |
8
+ |--------------------------------|----------------------------------------------------------|
9
+ | **Process Owner** | *\<enter role of process owner\>* |
10
+ | **Key Performance Indicators** | *\<enter KPIs to be tracked for the Management Review\>* |
11
+
12
+
13
+ **Regulatory requirements:**
14
+
15
+ | | |
16
+ |---------------------------|---------------------------------------------------------------------|
17
+ | Regulation 2017/745 (MDR) | Art. 83-88 (Post-market surveillance, trend analysis and vigilance) |
18
+ | ISO 13485:2016 | 8.2.1 / 8.2.2 |
19
+ | IEC 62304:2006 | 6.2.1 |
20
+
21
+ ## General Considerations
22
+
23
+ > In this section, provide general information about how you intend to set up your company's feedback
24
+ > management system.
25
+ >
26
+ > Consider sub-sections that describe more specifically:
27
+ >
28
+ > * Customer support availability (typically e.g. 9am - 5pm CET Mon - Fri)
29
+ > * Customer support ticket system (if applicable, consider GDPR requirements for sensitive data)
30
+ > * Contact channels: describe the primary way to contact your customer support (e.g. support email address).
31
+ > * Think about the most commonly used contact channels for your product and organization. Also consider
32
+ > channels independent from internet connection. Ideally, inquiries should be responded to in the same way of
33
+ > communication as they were received by.
34
+ > * Feedback prioritization (*optional*, e.g. high - medium - low)
35
+
36
+ ### Feedback Classification
37
+
38
+ All feedback is classified into one of the following categories. If the Operations team is not sure how to
39
+ classify a ticket, it consults the QMO.
40
+
41
+ | Feedback Category | Feedback Description |
42
+ |----------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
43
+ | Support Inquiry | Any request for help that can be resolved by providing the user with (usability) information. |
44
+ | Change Request | Any request to add, modify or remove product functionalities. |
45
+ | Customer Complaint | Any complaint that can be related to our products or organization and which is not classified as an "issue with potential negative influence on patient health". |
46
+ | Issue with potential negative influence on the state of health | Any customer complaint related to:<br>problem with the medical device that could cause or may have caused or did in fact cause a death or serious deterioration in the state of health.<br>problem with the medical device that significantly impaired the performance criteria of the device (based e.g. on the information given in the intended use, user manual or marketing material). |
47
+
48
+ > Add more categories as required by your organization. For example: positive feedback (praise), data privacy inquiries, differentiate product complaints <> customer complaints (not product related), etc.
49
+
50
+ | Serious Deterioration of the State of Health |
51
+ |-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
52
+ | A serious deterioration of the state of health includes at least one of the following:<br>life-threatening illness,<br>permanent impairment of a body function or permanent damage to a body structure,<br>a condition which requires medical or surgical intervention to prevent one of the above,<br>any indirect harm as a consequence of an incorrect diagnostic result when used within manufacturer's instructions for use. |
53
+
54
+ ## Process Steps
55
+
56
+ ### 1. Documentation of Feedback
57
+
58
+ The Operations team receives feedback through a contact channel, which automatically opens a respective ticket
59
+ in our system (see general considerations above). Based on the input, the Operations team then documents at
60
+ minimum the following information in the ticket:
61
+
62
+ * Date of feedback
63
+ * Description of the issue (e.g. software version, runtime environment, if available: screenshots / images)
64
+ * Affected users, contact details and customer locations
65
+ * Steps to reproduce the problem
66
+
67
+ | | |
68
+ |--------------|-------------------------------------------------------|
69
+ | Participants | Operations team |
70
+ | Input | Received feedback / complaint |
71
+ | Output | Structured documentation of feedback in ticket system |
72
+
73
+
74
+ ### 2. Evaluation of Feedback
75
+
76
+ The Operations team classifies the feedback according to the categories outlined in the general considerations
77
+ of this process. Depending on the feedback category it takes respective actions:
78
+
79
+ **Support Inquiry:**
80
+
81
+ The Operations team actively supports the customer / user in solving the issue by answering questions or
82
+ providing additional user training.
83
+
84
+ **Change Request:**
85
+
86
+ The feedback ticket is forwarded to the Product team to decide over implementation and potentially initiate the change management process.
87
+
88
+ **Customer Complaint:**
89
+
90
+ * If the customer complaint constitutes a persistent problem related to a medical device that cannot be
91
+ resolved by providing user information or training (e.g. software bugs), it is forwarded to the Product team
92
+ to initiate the problem resolution process.
93
+ * If the customer complaint is related to an organizational issue (e.g. sales and marketing efforts), the
94
+ Operations team involves other teams of the organization where necessary to provide the customer / user with
95
+ a satisfactory response.
96
+ * If the customer complaint may constitute a systematic issue, the feedback is additionally forwarded to the
97
+ Quality Management Officer (QMO) to initiate the process for corrective and preventive actions (CAPA).
98
+
99
+ **Issue with a Potential Negative Impact on the State of Health:**
100
+
101
+ All issues with a potential negative impact on the state of health must be reported immediately, but no later
102
+ than on the same day, to the Person Responsible for Regulatory Compliance (PRRC) to initiate the SOP Vigilance.
103
+
104
+ All product-related feedback shall be checked for a potential impact on:
105
+
106
+ * product requirements for the respective device;
107
+ * the post-market surveillance for the respective device, including trend analysis (see Art. 83 and 88 MDR);
108
+ * the device risk management file.
109
+
110
+ | | |
111
+ |--------------|---------------------------------------------|
112
+ | Participants | Operations team |
113
+ | Input | Documented feedback |
114
+ | Output | Classified feedback and decision on actions |
115
+
116
+ ### 3. Validation of Actions
117
+
118
+ The Operations team proactively receives updates regarding the status of actions per ticket from other teams.
119
+
120
+ Once the actions are considered completed (e.g. for change requests: decision to implement a feature or not is
121
+ made), the Operations team informs the customer / user and validates if the actions taken are satisfying. If
122
+ so, the validation is documented in the ticket and the ticket is closed. If not, this process is re-initiated.
123
+
124
+ If a customer / user does not respond, validation is tried at least a second time before the ticket is closed.
125
+
126
+ | | |
127
+ |--------------|-----------------------------------------|
128
+ | Participants | Operations team |
129
+ | Input | Implemented actions |
130
+ | Output | Validation of actions, ticket is closed |
131
+
132
+ > Optionally, depending on the features that your ticket system provides, consider adding a process step to
133
+ > assign each ticket a status (open, pending input, closed).
134
+
135
+ ---
136
+
137
+ Template Copyright [openregulatory.com](https://openregulatory.com). See [template
138
+ license](https://openregulatory.com/template-license).
139
+
140
+ Please don't remove this notice even if you've modified contents of this template.
@@ -0,0 +1,361 @@
1
+ # SOP Integrated Software Development
2
+
3
+ | Classes | IEC 62304:2006 Section | Document Section |
4
+ |---------|------------------------|------------------|
5
+ | A, B, C | 5.1.2 | 4 |
6
+ | A, B, C | 5.2.1 | 4 |
7
+ | A, B, C | 5.2.4 | 3, 7, 10 |
8
+ | A, B, C | 5.2.5 | 4 |
9
+ | A, B, C | 5.2.6 | 5 |
10
+ | B, C | 5.3.1 | 6 |
11
+ | B, C | 5.3.2 | 6 |
12
+ | C | 5.3.5 | |
13
+ | B, C | 5.3.6 | 6 |
14
+ | B, C | 5.4.1 | 6 |
15
+ | C | 5.4.2 | |
16
+ | C | 5.4.3 | |
17
+ | C | 5.4.4 | |
18
+ | A, B, C | 5.5.1 | 6 |
19
+ | B, C | 5.5.2 | 7 |
20
+ | B, C | 5.5.3 | 7 |
21
+ | C | 5.5.4 | |
22
+ | B, C | 5.5.5 | 7 |
23
+ | B, C | 5.6.1 | 7 |
24
+ | B, C | 5.6.2 | 7 |
25
+ | B, C | 5.6.3 | 8 |
26
+ | B, C | 5.6.4 | 8 |
27
+ | B, C | 5.6.5 | 8 |
28
+ | B, C | 5.6.6 | 8 |
29
+ | B, C | 5.6.7 | 8 |
30
+ | A, B, C | 5.7.3 | 8 |
31
+ | A, B, C | 5.7.4 | 8 |
32
+ | A, B, C | 5.7.5 | 8 |
33
+ | A, B, C | 5.8.1 | 7 |
34
+ | A, B, C | 5.8.2 | 11 |
35
+ | A, B, C | 5.8.4 | 11 |
36
+ | B, C | 5.8.5 | 11 |
37
+ | B, C | 5.8.6 | 11 |
38
+ | A, B, C | 5.8.7 | 11 |
39
+ | A, B, C | 5.8.8 | 11 |
40
+ | A, B, C | 6.1 | 4 |
41
+ | B, C | 7.1.1 | 2, 3, 6, 8, 10 |
42
+ | B, C | 7.1.2 | 2, 3, 6, 8, 10 |
43
+ | B, C | 7.1.3 | 6, 12 |
44
+ | B, C | 7.1.4 | 2, 3, 6, 8, 10 |
45
+ | B, C | 7.2.1 | 2, 3, 6, 8, 10 |
46
+ | B, C | 7.2.2 | 2, 3, 6, 8, 10 |
47
+ | B, C | 7.3.1 | 7 |
48
+ | B, C | 7.3.3 | 9 |
49
+ | A, B, C | 8.1.2 | 4, 6, 8 |
50
+ | A, B, C | 8.1.3 | 11 |
51
+ | A, B, C | 9.8 | 8 |
52
+
53
+ | ISO 14971:2019 Section | Document Section |
54
+ |------------------------|--------------------------|
55
+ | 4.1 | 3, 4, 5, 6, 8, 9, 10, 11 |
56
+ | 5.1 | 3, 4, 5, 6, 8, 9, 10, 11 |
57
+ | 5.3 | 3, 4 |
58
+ | 5.4 | 3, 4 |
59
+ | 5.5 | 3, 4 |
60
+ | 6 | 3, 4 |
61
+ | 7.1 | 3, 4, 5 |
62
+ | 7.2 | 6 |
63
+ | 7.3 | 6, 10 |
64
+ | 7.4 | 10 |
65
+ | 7.5 | 6 |
66
+ | 7.6 | 10 |
67
+ | 8 | 10 |
68
+ | 9 | 10 |
69
+
70
+ | IEC 62366-1:2015 Section | Title | Document Section |
71
+ |--------------------------|------------------------------------------------------------------------|------------------|
72
+ | 4.1.1 | Usability Engineering Process | (All) |
73
+ | 5.1 | Prepare Use Specification | 4 |
74
+ | 5.8 | Perform User Interface design, implementation and Formative Evaluation | 4, 5, 6, 7 |
75
+
76
+ ## Summary
77
+
78
+ This SOP describes how software as a medical device is developed. It integrates risk management and usability
79
+ engineering activities into the process.
80
+
81
+ | | |
82
+ |--------------------------------|----------------------------------------------------------|
83
+ | **Process Owner** | *\<enter role of process owner\>* |
84
+ | **Key Performance Indicators** | *\<enter KPIs to be tracked for the Management Review\>* |
85
+
86
+ ## General Notes
87
+
88
+ ### Integrated Process, Evolutionary Strategy
89
+
90
+ This process integrates risk management and usability evaluation activities into the software development
91
+ process. It, therefore, covers requirements of IEC 62304, ISO 14971 and IEC 62366. There are no separate risk
92
+ management and usability engineering processes.
93
+
94
+ The Software Development Process described in this SOP resembles an "evolutionary" strategy (IEC 62304:2006,
95
+ Annex B), acknowledging that the user need is not fully understood and not all requirements are defined up
96
+ front. Whenever requirements change, the preceding process steps and their outputs need to be re-done to
97
+ ensure consistent and complete documentation.
98
+
99
+ ## Process Steps
100
+
101
+ ### 1. Design Input
102
+
103
+ Based on business input and product ideas, the process for product certification and registration is initiated
104
+ to create an initial device description (incl. medical device classification and software safety
105
+ classification) and high-level vision for the planned product. Technical input is considered to assess whether
106
+ the idea is feasible.
107
+
108
+ Business input could be:
109
+
110
+ * Conversations with prospective customers
111
+ * Market opportunities
112
+ * Internal ideas
113
+
114
+ Changes to the product also enter the process here (i.e., as a change request as defined in SOP Change
115
+ Management).
116
+
117
+ | Participants | Management (e.g. CEO, CTO, CPO) |
118
+ | ------------ | ------------------------------------------------------------------------------------------------ |
119
+ | Input | Business input, Technical input, Product ideas, Change requests |
120
+ | Output | Intended use, Medical device classification, Device software safety classification (preliminary) |
121
+
122
+ ### 2. Risk Management Planning
123
+
124
+ The risk management activities are planned and documented.
125
+
126
+ The Risk Management Plan defines criteria for risk acceptability in the form of a risk policy and a risk
127
+ acceptance matrix. It defines risk acceptability both for individual risks and the overall residual risk. The
128
+ risk acceptance matrix is created by performing the following steps:
129
+
130
+ * Estimate product usage over its lifetime
131
+ * Define categories for the severity of harm (for example, categories may range from zero harm to death of a
132
+ patient)
133
+ * Define probability categories (for example, categories may range from "unthinkable’ over "rare’ to
134
+ "certain’).
135
+ * Start by defining the least probable category which has an absolute occurrence number of less than one. From
136
+ there on, the more frequently occurring categories are added with probability increments of 10^2.
137
+ * Create the risk acceptance matrix and define which combinations of the categories are deemed acceptable. Use
138
+ color coding: red combinations represent unacceptable risks; yellow combinations represent risks that are
139
+ acceptable.
140
+ * Note: no fields are marked as yellow as all risks must be reduced as far as possible.
141
+
142
+
143
+ | Participants | CPO, subject matter experts, e.g. physicians |
144
+ | ------------ | ----------------------------------------------- |
145
+ | Input | Device Description |
146
+ | Output | Risk Management Plan, Usability Evaluation Plan |
147
+
148
+ ### 3. First Risk Assessment and Usability Evaluation Planning
149
+
150
+ In the first risk and usability assessment, a preliminary hazard analysis is conducted and an initial risk
151
+ table is drafted.
152
+
153
+ The comprehensive risk analysis is performed by conducting a Failure Mode and Effects Analysis (FMEA). This analysis includes
154
+ the following activities:
155
+
156
+ * Identifying potential failure modes
157
+ * Identifying potential hazards, hazardous situations and harms in collaboration with subject matter experts
158
+ (e.g. physicians). When creating a first-time risk analysis for a product, Annex C of ISO 14971 should be checked for applicable examples.
159
+ * Estimating probabilities for the identified items and analyzing the severity of each harm, taking into
160
+ account international standards, scientific studies, public reports, expert opinions and usability data.
161
+ * For software devices, the probability of occurrence of a hazard is assumed as 100%. The probability of each
162
+ hazard leading to a hazardous situation and that leading to a harm must be estimated separately as part of
163
+ the risk analysis. Multiplied, they present the overall probability per risk. In combination, overall
164
+ probability of occurrence and the severity of harm are evaluated against the risk policy previously defined
165
+ for the device.
166
+
167
+ If a risk is deemed unacceptable based on our Risk Policy, it may be mitigated through Risk Control Measures
168
+ in the priority as listed below. In general, we try to reduce the severity and probability of risks as far as
169
+ possible (AFAP).
170
+
171
+ 1. Inherently safe design
172
+ 2. Protective measures in the device or development process
173
+ 3. Information for safety and/or training of users
174
+
175
+ Further, a usability evaluation plan is created which covers future formative and summative usability
176
+ evaluation activities.
177
+
178
+ User needs with a focus on those related to hazards are specified. These will serve as input to the
179
+ summative usability evaluation and are reviewed following the checklist for user needs review.
180
+
181
+ | Participants | CPO, subject matter experts, e.g. physicians |
182
+ | ------------ | ------------------------------------------------------------------- |
183
+ | Input | Device Description, Risk Management Plan |
184
+ | Output | Preliminary Hazards Analysis, Risk Table incl. Risk Acceptance Matrix (Draft), User Needs, User Needs Review Checklist, Usability Evaluation Plan |
185
+
186
+ ### 4. Software Planning
187
+
188
+ Based on the device description, the user needs and the preliminary risk analysis, the next step is to plan
189
+ software development by defining software requirements. These also include the user interface specification,
190
+ e.g. wireframes, mockups or style guides.
191
+
192
+ A software development and maintenance plan is created following our template. Software versioning is to be
193
+ specified in the plan and should typically follow semver, in a format: MAJOR.MINOR.PATCH. Significant changes
194
+ will lead to major version changes and a change of the UDI-DI, while non-significant changes lead to minor
195
+ version changes and changes of the UDI-PI only. Third-digit version changes (“patches”) result from bug fixes
196
+ (see SOP Change Management and SOP Certification and Registration).
197
+
198
+ The software system test plan is created based on the requirements. As requirements may change, the software
199
+ system test plan is continuously updated to reflect those changes.
200
+
201
+ | Participants | CTO, Software Engineer, Risk Manager, Usability Engineer |
202
+ | ------------ | ----------------------------------------------------------------------------------------------------- |
203
+ | Input | Device Description, Vision Document, Change Request, Risk Table (draft), Preliminary Hazards Analysis |
204
+ | Output | Software Development and Maintenance Plan, Software Requirements incl. User Interface Specification, Software System Test Plan, Risk Table (updated) |
205
+
206
+ ### 5. First Review: Software Planning Review
207
+
208
+ Software requirements are reviewed by following the checklist for Software Requirements Review. If the review
209
+ is successful, move forward to the next step. If it's not, the software requirements have to be reworked with
210
+ possible changes to the risk analysis and user needs. In that case, move back to the relevant step above.
211
+
212
+ | Participants | CTO, CPO, Risk Manager, Usability Engineer, Subject matter experts, e.g. physicians |
213
+ | ------------ | ----------------------------------------------------------------------------------- |
214
+ | Input | Software Requirements, Risk Table (draft), User Needs |
215
+ | Output | Checklist Software Requirements Review (filled out) |
216
+
217
+ ### 6. Software Architecture, Detailed Design and Implementation
218
+
219
+ Software architecture is created (and detailed design, if necessary). As the software development process
220
+ follows agile methodology, the software architecture may change as new knowledge is gained during
221
+ implementation. The end result should be that both the implementation and the documented software architecture
222
+ are synchronized.
223
+
224
+ At a minimum, an architecture diagram showing all software systems including databases and networks is
225
+ created. For each software system, public interfaces, are documented, e.g. REST APIs, internal methods.
226
+
227
+ SOUP is added/updated here, if necessary. For each SOUP, we specify the name, version, manufacturer, website
228
+ link (incl. release notes and issue tracker), requirements and prerequisites. SOUP must be verified before
229
+ moving to the next step. Possible SOUP verification criteria include sufficient test coverage by the author
230
+ and being commonly used; correct SOUP functioning is also verified through software verification and software
231
+ system testing in the following steps.
232
+
233
+ If new risks relating to software units and potential failure modes are discovered during this phase, they are
234
+ added to the risk table.
235
+
236
+ | Participants | CTO, Software Engineer |
237
+ | ------------ | ------------------------------------------------------------------------------------------- |
238
+ | Input | Software Development and Maintenance Plan, Software Requirements, Software System Test Plan |
239
+ | Output | Implemented Software Items, i.e. code, Software Architecture (created/updated), Software Detailed Design (created/updated), SOUP list (created/updated), Risk Table (updated) |
240
+
241
+ ### 7. Second Review, Verification, Formative Usability Evaluation, Integration
242
+
243
+ The second review covers multiple activities:
244
+
245
+ * **Verification** of the software items based on code review and automated unit and integration tests
246
+ * **Formative Usability Evaluation** through a usability engineer whether the user interface has been
247
+ implemented as specified
248
+
249
+ Code review is conducted based on the following criteria:
250
+
251
+ * Are all software requirements, software architecture and detailed design implemented correctly?
252
+ * Does the code adhere to coding guidelines which include requirements for documentation as specified in the
253
+ Software Development and Maintenance Plan?
254
+
255
+ Upon successful verification, the implemented software requirement is integrated into the current code base as
256
+ described in the Software Development and Maintenance Plan. The software units may be integrated only if all
257
+ activities above were successful.
258
+
259
+ | Participants | Software Engineer, Usability Engineer |
260
+ | ------------ | ------------------------------------------------------------------------------------------------ |
261
+ | Input | Implemented Software Unit(s) incl. User Interface |
262
+ | Output | Code review result, Unit / Integration test result(s), Formative Usability Evaluation Assessment |
263
+
264
+ ### 8. Software System Testing
265
+
266
+ Based on the Software System Test Plan, software system tests covering all software requirements are
267
+ performed.
268
+
269
+ If new risks are discovered during the system tests, they are added to the risk table.
270
+
271
+ If anomalies are encountered, they are added to the list of known anomalies and/or entered as new software
272
+ requirements to be fixed.
273
+
274
+ | Participants | Software Engineer |
275
+ | ------------ | -------------------------------------------------------------------------------------------------------------------- |
276
+ | Input | Software System Test Plan |
277
+ | Output | Software System Test Protocols, Software System Test Report, Risk Table (updated), List of known anomalies (updated) |
278
+
279
+ ### 9. Validation / Summative Usability Evaluation
280
+
281
+ Validation is done as a summative usability evaluation.
282
+
283
+ A Usability Test is conducted in the context of the actual user needs in accordance with the Usability
284
+ Evaluation Plan.
285
+
286
+ If new risks are discovered during the usability tests, they are added to the risk table.
287
+
288
+ | Participants | CPO<br>Usability Engineer<br>Users for Usability Test |
289
+ | ------------ | ---------------------------------------------------------------------------------------- |
290
+ | Input | User Needs, Labeling and Instructions for Use (if applicable), Usability Evaluation Plan |
291
+ | Output | Usability Test Protocol(s), Summative Evaluation Report, Risk Table (updated) |
292
+
293
+ ### 10. Final Risk Assessment and Risk-Benefit Analysis
294
+
295
+ The overall risk of the product is evaluated by analyzing all identified risks so far. If unacceptable risks
296
+ exist, they are weighed against the benefits of the Medical Device as part of the Clinical Evaluation SOP and
297
+ as specified by the Clinical Evaluation Report. We only continue to release the Medical Device if the benefits
298
+ outweigh the risks.
299
+
300
+ If unacceptable risks remain which are not outweighed by the benefits, we consider adding new risk control
301
+ measures and move back in to the relevant step in the process.
302
+
303
+ The finalization of the Risk Management Report is the prerequisite for finalizing the Software Safety
304
+ Classification.
305
+
306
+ | Participants | CEO, CTO, CPO |
307
+ | ------------ | ------------------------------------------------------------------------------------------- |
308
+ | Input | Preliminary Hazards Analysis, Risk Table, Clinical Evaluation, Software (Release Candidate) |
309
+ | Output | Risk Management Report, Software Safety Classification (final) |
310
+
311
+ ### 11. Product Release and Labeling
312
+
313
+ Before release, it is ensured that all required process steps (software development, usability evaluation,
314
+ risk analysis) have been completed. Release notes are created and the list of known anomalies is
315
+ finalized. The software is only released if the remaining anomalies are deemed acceptable.
316
+
317
+ Finally, the software is assigned required labeling, including at minimum:
318
+ * The (trade) name of the device and manufacturer address
319
+ * The intended purpose of the device (where it is not obvious to the user)
320
+ * An indication that the product is a medical device, following symbols and labels specified in ISO 15223-1
321
+ * CE marking
322
+ * Unique Device Identifier (see product certification and registration process)
323
+ * Software version number in accordance with the software development plan
324
+ * Warning, precautions, contraindications and residual risks that need to be brought to the user’s attention
325
+ as outlined by risk control measures in the risk file
326
+
327
+ **Regulatory Release:**
328
+
329
+ A product (version) is considered released with the release of its declaration of conformity or, in the case
330
+ of a minor version update, with the release of its updated software release checklist. The documents have to
331
+ be signed by both a member of Management and the Person Responsible for Regulatory Compliance (PRRC). The
332
+ regulatory release is completed by following all steps of SOP for product certification and registration.
333
+
334
+ **Technical Release:**
335
+
336
+ Following the regulatory release of the device, market placement and release is carried out by following the
337
+ deployment process.
338
+
339
+ | Participants |
340
+ |---------------|
341
+ | CTO |
342
+ | PRRC |
343
+
344
+ | Input | Output |
345
+ |-------------------------------------------|---------------------------------------------|
346
+ | Device Description | Released Software |
347
+ | Software Release Checklist | Software Release Checklist (filled out) |
348
+ | Risk Analysis | Release Notes incl. list of known anomalies |
349
+ | User Needs | |
350
+ | Software Requirements | |
351
+ | Software Architecture and Detailed Design | |
352
+ | Software Items incl. Verification | |
353
+ | Software System Test Report | |
354
+ | Usability Evaluation Results | |
355
+
356
+ ---
357
+
358
+ Template Copyright [openregulatory.com](https://openregulatory.com). See [template
359
+ license](https://openregulatory.com/template-license).
360
+
361
+ Please don't remove this notice even if you've modified contents of this template.