When a product is introduced to the Danish (and European) market with the intention of being used for some medical purpose, special EU regulations, the Medical Devices Directive (Council Directive 93/42/EEC), will apply to this product, and it must bear the famous CE mark.
This directive also applies to pure software products (such as e.g. a smart-phone app) intended for use in the treatment of patients!
The directive mandates the adherence to a number of international standards from ISO and IEC, which have been adopted by CEN/CENELEC as harmonized European standards. The following list is just a small excerpt with the most important standards related to software used for medical treatment of patients:
It is the ambition of 4S to set up the ecosystem in a way to make it easier for all those who integrate 4S software modules in their own solutions to comply with all these standards.
As a start, to ensure excellent quality of the software, 4S will primarily focus on establishing a quality management system inspired by ISO 13485 and define software life cycle processes according to IEC 62304 as well as some kind of risk management inspired by ISO 14971. As part of the quality management, 4S intend to facilitate the sharing of information on software issues/errors, bad/wrong use, and other problems among the community. Furthermore, we also plan to host and encourage the sharing of knowledge and best-practice in relation to software usability as well as the sharing of related clinical studies among community members.
This is currently work-in-progress, and more information will appear on this page as these processes are developed
A “stand-alone” software product intended to run on a generic computing platform (PC, smart-phone, tablet etc.) will in most (if not all) cases depend on several software components of which the provider of this software product has no control – e.g. the operating system and 3rd-party libraries, hardware drivers, file system drivers, network communication stacks and so forth.
The IEC 62304 standard uses the term “Software Of Unknown Provenance” or SOUP to describe such 3rd-party software components, and using SOUP components in a software product is intentionally made cumbersome, typically requiring more testing and risk mitigations – not to mention a lot of paper work.
What 4S will strive to achieve with the quality management system and explicit IEC 62304 compliant process descriptions is to ease these challenges for companies who build software products integrating software modules from 4S. Since all the risk analysis documents, test reports, design documents etc. of the 4S modules are made available together with the software itself, the integrating company can fetch all these documents along with the source code, perhaps making some random checks that the document set is comprehensive, and integrate these documents in their own files – avoiding having to repeat all the tedious work of creating these documents.
Medical Devices Directive and software:
ISO 13485 “Medical devices – Quality management systems – Requirements for regulatory purposes”:
IEC 62304 “Medical device software – Software life cycle processes”:
ISO 14971 “Medical devices – Application of risk management to medical devices”: