In the past few years, medical devices have become increasingly dependent on software. More than 50 percent of medical devices now rely on software for some functionality. The software either is embedded in the device or plays an integral role in its production. For example, modern infusion pumps contain more than 100,000 lines of code, while proton bean therapy machines can contain more than 1 million.
Software integrity is not a "nice-to-have" quality in medical devices. Defects or bugs in the software can lead to device malfunctions that could result in injury or even death. With the serious nature of medical devices, the Food and Drug Administration has strict regulations that original device manufacturers (OEMs) must follow for their products to reach the market. However, with the dramatic increase in software and the expanding global supply chain, the risk of defects and bugs in the software also increases.
To mitigate this risk, OEMs should employ a set of policies in the software development phase to ensure the code meets the federal guidelines every step of the way. To that end, implementing a governance solution in development helps manufacturers ensure compliance to these policies in several ways:
- Defining policies based on FDA guidance. OEMs must establish clear and specific policies that align with regulatory requirements. For example, a policy based on FDA guidelines would require all runtime errors to be identified and fixed before software can move on to the next stage in the development process. A governance solution provides a centralized location to define these policies and set thresholds to test against to validate ongoing compliance.
- Testing often and early. Once an OEM defines its policies, those policies must be tested against. Implementing a governance solution in development enables teams to test software, whether developed in-house or from a third party, against the established policies and then fix any defects that arise while the code is still in development, where issues are least expensive and time-consuming to fix.
- Controlling risk and compliance. Beyond setting policies and testing for defects, a governance solution allows managers to gain visibility into the quality and risk of software in the device supply chain. This visibility can ensure that progress made in development does not compromise regulatory guidelines or compliance metrics.
A governance solution is one way that medical device OEMs can overcome the challenge of managing the risk of failure inherent in software.