Can't find what you need?

What You Should Know about Testing Software for Medical Devices

Software Testing Director, ScienceSoft

6 min read

Editor’s note: Andrei describes the factors you should consider when designing a QA process for software accompanying medical devices and lists QA activities to perform and best practices to follow in order to ensure well-rounded medical device software testing. Read on for some useful tips and consider our offer in software testing if you need a deeper engagement of testing specialists.

I bet no medical device provider or market operator would want to deliver a faulty product. My experience shows that such a provider faces significant risks. A device accompanied by faulty software may fail to get market approval. If software issues arise after a release, say, due to an update or during more intensive device use, it may be recalled from the market, and an organization that presented a faulty product to the market may be fined.

Low-quality software can also affect users’ wellbeing, for instance, when a therapeutic decision is made based on incorrect diagnostics data. And if software security is insufficient, a medical software provider risks disclosing patients’ health information and breaching HIPAA regulations.

Consequently, the medical device provider’s reputation is damaged, which can result in high customer attrition, lost deals, and decreasing revenue.

A bleak situation, indeed. Luckily, it can be avoided. Below, I share QA and testing activities you should take in order to guarantee the high quality of software for medical devices.

Medical device software testing

A proven approach to medical device software testing

I recommend starting the testing process by checking the formulation of the software’s intended use – the description of what for and how the software will be employed. The intended use will lay the basis for further software validation.

As the next step, I advise identifying software’s compliance needs. In the US, a medical device manufacturer must get a premarket approval from the US Food and Drug Administration (FDA) and meet the requirements to the software quality management process imposed by FDA and CGMP Regulations (21 CFR part 820).

Note: In case the development of software for medical devices is outsourced rather than carried out by a device manufacturer, the software vendor is not directly responsible for ensuring compliance with FDA regulations. In such a case, before starting the cooperation with the software vendor, the device manufacturer or the market operator needs to assess the adequacy of the software vendor’s quality assurance activities and determine whether additional efforts are required to meet the compliance standards.

Next, identify which level of concern (major, moderate or minor) software accompanying a medical device falls into and determine the scope of medical device software verification activities. A testing process for software for medical devices of all levels of concern should comprise the following activities:

1. Software validation

Start with validating the requirements to software and making sure that the software built upon these requirements will align with and be beneficial in its intended use.

2. Software requirements verification

In order to detect potential software defects at the earliest software life cycle stages, as the next step, I advise verifying the quality of requirements. Review functional, performance, security, and other requirements to software for clarity, consistency, and traceability.

3. Software design verification

Involve a software architect to check whether the software architecture adequately reflects the requirements, complies with relevant security standards, and is designed in a way that minimizes quality risks. The QA team, in turn, should check the software design specification for clarity and unambiguity. Though FDA requires at least one formal design review conducted at the software design stage, I recommend adding design verification at the end of each software life cycle stage.

4. Code reviews and unit testing

I advise to set up practices that allow detecting defects earlier in the software development life cycle. Adopt code quality guidelines to determine the requirements to its clarity, complexity, maintainability, and other relevant aspects. Perform a source code analysis to check its compliance with the accepted guidelines, and set up regular code reviews as a part of software coding practice.

Also, it’s useful to increase the share of testing performed by the development team at the unit level since it helps identify defects at the point when they are considerably easier and less expensive to fix.

5. Software verification

Medical device and software vendors are often pressed to deliver quality software quickly, but medical device software testing cannot be cut down to bare minimum. Thus, to streamline the test process without affecting software quality, I recommend combining testing at the API level with testing at the system level, followed by thorough regression testing. Also, consider applying such proven practices as test automation and continuous testing implemented within a CI/CD pipeline.

The non-functional aspects for medical device software need to be thoroughly validated as well. Thus, I recommend accompanying functional testing with performance, usability, security, and compatibility testing.

6. Compliance verification

If a medical device is subject to a compliance check, for instance, it is to be validated for meeting the regulations requested by ISO 13485, IEC 62304 or IEC 82304-1, add compliance verification to the scope of verification activities as well.

Not Sure about the Scope of Testing?

ScienceSoft’s QA team will help you determine the scope of testing activities to perform for software accompanying a medical device and carry out relevant types of testing.

Best practices to follow to successfully present a medical device to the market

In order to successfully present a medical device to the market and pass an FDA review, a medical device software or medical software provider needs to make sure their quality assurance process meets the following criteria:

1. Thorough and complete test documentation

You have to provide tangible proof of the performed validation and verification activities. Depending on software’s level of concern, the list of minimally required deliverables would include the following documents:

  A minor level of concern A moderate level of concern A major level of concern
Required verification and validation documentation

A test plan with clearly identified pass/fail criteria

A test results report

The description of verification and validation activities performed at the unit, API, and system levels.

A system-level test protocol

A test results report

The description of verification and validation activities performed at the unit, API, and system levels.

Unit-, API- and system-level test protocols with pass/fail criteria

A test results report

2. End-to-end requirements traceability and their complete coverage

Business, compliance, and risk treatment requirements should be mapped with technical requirements and test design documents, and this mapping should be reflected in a requirements traceability matrix. This would not only help you ensure that all technical requirements are covered with test cases but also speed up the testing process and facilitate debugging.

3. Prioritization of testing activities based on the software’s intended use and risks.

Testing activities should be prioritized based on the risk level of software components, and the components with the highest risk should be validated earlier in the software delivery life cycle.

Make sure your medical device utilizes quality software

As software for medical devices has high requirements for its quality and needs to comply with the number of regulations, the QA and testing process for such software should be carefully planned and executed. If you’re considering turning for QA assistance for performing relevant QA-related tasks, you’re welcome to leave us a request.

Medical Device Software Testing by ScienceSoft

ISO 13485, ISO 27001, ISO 9001 certificated, ScienceSoft tests medical device software and verifies its compliance with FDA and CGMP regulations.