certitudo – Medical Technology

Medical Technology

Applications on software basis in medical technology are generally medical devices for information technology, bio technology and health services, however, Mobile Medical Applications (Apps) are also used as medical products.

The term Medical Technology 4.0 is now established for networked medical devices which exchange their diagnostic and therapeutic characteristics and functions via programmable application interface (APIs – “Application Programming Interfaces”) and via digital services.

Software tools supporting the processes in medical technology are also used, but these can potentially influence product quality.

For products in these safety critical fields evidence must be provided that the development has been carried out meeting the standards and depending on their use. Consequently the requirements of IEC 62304 on the development are very high. The development processes focus on risk management, the fitness for purpose and traceability. Within this context the requirements of quality management from EN ISO 13485 must also be met.

Process, criticality and Part 11 compliance analyses can determine the functional scope and test sequences.


Standards Conformity

We work to the following standards:

  • ISO 13485 „Medical devices - Quality management systems - Requirements for regulatory purposes”
  • FDA 21CFR 820 Quality system regulations
  • FDA 21 CFR Part 11 Electronic Records; Electronic Signatures (ERES)
  • IEC 62304 – medical device software – software life cycle processes
  • DIN EN ISO 14971 Medical devices - Application of risk management to medical devices


Code review incl. static code analysis of software conforming to IEC62304

IEC 62304 medical device software – software life cycle processes does explicitly demand to carry out a code review. However, we do recommend providing evidence that the requirements and design stipulations are covered by the software modules due to the safety classification for safety critical parts of safety class C and for complex module reviews.

Also, the quality of the software is measurably increased by code coverage analyses, which analyse the different levels of coverage of the code through tests and reviews and enable traceability to the test cases. Further processes that can be used to increase the quality of the code and provide evidence of the same are worst case runtime analyses (WCET analysis) and floating point error analysis are. Of course we consider your internal coding standards when carrying out the code coverage analyses.


Software Development Process

As a service provider we support you during all phases of your software development process. Our employees are highly experienced in all fields relating to the software development process for your medical technology specific applications, taking into consideration IEC 62304 and aligned with the safety classification, starting with setting up of requirements (Requirement Engineering) and by defining suitable architectures and designs, source code analyses, the various test stages and also drawing up a suitable verification and validation strategy. To us it does not matter whether your development process is based the waterfall model, the V model or an agile development approach (e.g. SCRUM). We are familiar with all of them.


Verification and Validation

Especially with regard to verification and validation we are your competent partner. We have several years of experience in verification and validation of diverse medical technology specific applications and software tools supporting processes. In cooperation with you we will set up the optimum verification and validation strategy. We will practically support you in implementing this for the projects. As part of this support we will always focus on cost and regulatory requirements.


Reference Project

A medical technology manufacturer introduced a new document life cycle system. The Agile tool was used as an engineering backbone during the development and production and continually developed. Interfaces to SAP, CAD systems and MS Office were implemented, amongst others. Since it is a process supporting software potentially having an effect on the product quality, certitudo GmbH carried out quality assurance tasks in accordance with FDA 21 CFR Part 11.

The tasks carried out included

  • Drawing up requirements documentation
  • Drawing up test specifications
  • Drawing up risk analyses
  • Drawing up validation documentation and an automatic traceability matrix
  • Carrying out manual system tests
  • Developing a test robot for automatic functional tests
  • Drawing up manuals and electronic tutorials