How to Build Safer and More Reliable FDA-Approved Software

Importance of High-Quality Software for Business Success

‍

The impact of software innovation on our world is truly remarkable! It addresses significant challenges, streamlining processes and enhancing our overall well-being.

4 COMMON SOFTWARE ISSUES

1. Connectivity issues
2. Usage of incompatible units of measurement
3. Security vulnerabilities
4. Poor change management

‍

Software has become essential in various industries, from entertainment to farming and even defense. The healthcare sector has also embraced software-based mobile and AI technologies to facilitate advancements and tackle the increasing shortage of healthcare professionals.

Yet lousy software can cause irreparable harm across the industries and infrastructure it’s transforming. McKinsey estimates that 70 percent of medical device recalls are due to a software issue.

The cost of software recalls can be significant in terms of financial losses and damage to a company’s reputation and can also cause physical harm and even death. Some recent examples include:

• On December 22, 2022, Jeep Wrangler 4ex owners with 2.0L plug-in HEV engines were notified of NHTSA Recall 22V865. This recall is associated with a software fault in the transmission control module that may result in a communication disconnect causing the engine to shut down.
• Grounded planes, crashed cars and poisoned water: How faulty software has left society on the edge of disaster.
• Smiths Medical recalls Medfusion 3500 and 4000 Syringe Infusion Pumps for eight software malfunctions that affect different serial numbers and software versions. These malfunctions may cause serious harm or death to patients from under- or over-infusion.

How can companies reduce risk and ensure their software is safe and reliable? The answers can be found in an active application lifecycle management (ALM) system that includes continuous testing and change management. But first, let’s look at some of the most common software issues.

Connectivity Issues

The exchange of information between different computer systems is essential for the modern economy, but it can be challenging when systems are developed by different teams. One of the most significant issues identified by the U.S. Food & Drug Administration is the need for connectivity or interoperability between these systems. This includes ensuring the easy exchange of information between applications, databases, and other computer systems, as well as verifying and validating the overall design.

An example of an infusion pump recall highlights the importance of proper software updates. Patients in an intensive care unit receive medication through the pump, which is regulated by a companion app used by medical professionals. However, in a recent case, the app was updated without a corresponding update to the device software, putting patients at risk of incorrect dosages. The ALM system helps organize data for both in-house and third-party software, improving product understanding and traceability. Orcanos offers a suspicious indicator feature that alerts users to possible irregularities or non-compliant behavior within the system, aiding in risk identification.

Using Incompatible Units

Using incompatible units between different software can cause a failure because the software will not be able to correctly interpret the data. For example, if one software uses meters as the unit of measurement for distance, and another software uses kilometers, the two software will not be able to communicate with each other properly. This can lead to errors in calculations, which can in turn lead to failures.

Here are some specific examples of how incompatible units can cause failures:

• A software that controls the speed of a motor might use meters per second as the unit of measurement, while the software that controls the position of the motor might use millimeters. If these two softwares are not properly synchronized, the motor could be over- or under-speeding, which could lead to damage.
• A software that simulates the behavior of a chemical reaction might use moles as the unit of measurement for the amount of reactants, while another software that calculates the heat released by the reaction might use joules. If these two software are not properly synchronized, the results of the simulation could be inaccurate, which could lead to safety hazards.

To prevent failures caused by incompatible units, it is important to ensure that all software that interacts with each other is using the same units of measurement. This can be done by carefully specifying the units of measurement in all software documentation, and by using a software tool that can automatically convert between different units.

Here are some tips for preventing failures caused by incompatible units:

• Use a consistent set of units throughout your software. ** This will help to prevent errors and inconsistencies.
• Document the units of measurement that you are using in your software.** This will help other developers to understand how your software works.
• Use a software tool that can automatically convert between different units.** This will help to ensure that your software is using the correct units.
• Test your software thoroughly to make sure that it is working correctly with different units of measurement.** This will help to catch any errors before they cause problems.

While this happened many years ago, time hasn’t resolved the issue. Different teams own different pieces of software, and when they inadvertently use different metrics, poor communications can turn a simple disconnect into a catastrophic defect. Orcanos provides a complete collaborative workspace that enhances the efficiency and transparency required for remote teams. With a comprehensive Part 11 or Annex 11 audit log, you can easily monitor and review real-time changes from a single source of truth.

Security Vulnerabilities

In recent years, there have been several reports of security vulnerabilities in insulin pumps and pacemakers. In 2011, a security researcher demonstrated that he could hack into an insulin pump and deliver a lethal dose of insulin. In 2012, a group of researchers found vulnerabilities in pacemakers that could allow hackers to remotely control the devices.

The FDA has taken some steps to address the security concerns around insulin pumps and pacemakers. In 2017, the FDA issued a guidance document on the security of medical devices. The document provides recommendations for manufacturers on how to design and secure their devices.

However, more needs to be done to address the security concerns around insulin pumps and pacemakers. Manufacturers need to continue to improve the security of their devices. Patients also need to be aware of the risks and take steps to protect themselves.

Here are some tips for patients who use insulin pumps and pacemakers to protect themselves from security threats:

Keep your devices up to date with the latest firmware. Firmware updates often include security patches that can help to protect your devices from vulnerabilities.

• Use strong passwords and change them regularly. Do not use the same password for multiple devices.
• Be careful about what information you share about your devices online. Do not share your device serial numbers or other identifying information.
• Be aware of the risks of public Wi-Fi. Do not connect your devices to public Wi-Fi networks unless you absolutely have to.
• If you have any concerns about the security of your insulin pump or pacemaker, you should contact your doctor.

The security of insulin pumps and pacemakers is causing growing concern for the FDA due to the potential for them to be exploited by hackers as a means of launching attacks on individuals, hospitals, and networks. The vulnerabilities could range from unaddressed backdoors to outdated code that remains in the system for historical purposes and creates a security gap.

Poor Change Management

Software issues often arise due to system changes, particularly with regards to coordinating access levels between various groups. This is compounded in modern software, such as web-based, mobile, and AI/ML applications, where changes are more frequent and thus increase the likelihood of errors occurring.

Manufacturers nowadays allocate more time to documenting their work than to producing high-quality products. They utilize various systems such as Jira to work, another system to record evidence, and a third-party quality system to approve their work. This approach not only proves to be inefficient, but it can also lead to issues in monitoring a product post-market. In the event of a complaint, each system must be checked to identify and isolate where the complaint originated. These processes consume valuable time that could have been dedicated to building top-notch products.

The time, effort, and resources allocated toward producing high-quality products should be redirected toward preventing issues that lead to recalls. By generating evidence directly from source systems, a unified source of truth can be created for the entire team to collaborate on and reference. This approach breaks down communication barriers and, in turn, shortens project timelines.

How to Reduce the Risk of Recalls and Defects

Developing more secure software begins by depending on improved systems, such as utilizing a strong, interconnected Application Lifecycle Management (ALM) platform, which enables you to:

WORK FROM THE SOURCE DESIGN

In the manufacturing industry, there is a significant amount of time dedicated to documenting work rather than focusing on producing high-quality products. Manufacturers often utilize multiple systems, such as Jira, a separate system for recording evidence, and a third-party quality system for approving work. This process not only lacks efficiency but also hinders the post-market surveillance of products. When a complaint arises, it becomes necessary to navigate through each system to pinpoint the origin of the complaint. These steps are time-consuming and could be better utilized in preventing issues that lead to product recalls. Integrating AI into such systems (Orcanos “Ask Paul”) allows the consolidation of both quality and design control, and by that, analyzing the root cause of a problem across the board saves time for many people gathering information in the same room for hours, resulting in unparalleled information taken from the best practice of the industry.

When you work and generate evidence from source systems, you are able to create a single source of truth for the entire team to collaborate on and reference. This approach removes silos while reducing project timelines.

For example, you can generate your Software Bill of Materials directly from your design documents that can be linked to source code and perform risk analysis based on the traceability you actually have in your applications. If someone changes the specifications, you can use ALM AI tools that can generate and assess the potential risk that needs to be re-examined.  

STREAMLINE DESIGN, TESTING, AND VALIDATION

Shift left is a development practice that involves conducting testing, quality assurance, and performance evaluation at an early stage, even before the code is developed. Another emerging concept in this field is model-based systems engineering, which involves creating computational models to test the functionality of a system before it is built and deployed.

There are several ways to improve the testing process for manufacturers using complex software solutions with multiple moving parts and components.

1. Implement automated testing: Automation can greatly speed up the testing process and ensure consistency in the tests performed. By automating repetitive tasks, manufacturers can save time and resources, allowing for more comprehensive testing.
2. Use virtual simulations: Virtual simulations can help manufacturers identify and address potential issues before putting a system into production. By simulating real-world scenarios, manufacturers can test the software solution’s performance and functionality without the need for physical components.
3. Adopt agile development practices: Agile methodologies, such as Scrum or Kanban, promote iterative development and testing. By breaking down the software solution into smaller, manageable increments, manufacturers can continuously test and improve each component before integrating them into the final product.
4. Collaborate with stakeholders: Involving stakeholders, such as end-users or subject matter experts, in the testing process can provide valuable insights and feedback. Manufacturers can gain a better understanding of user requirements and expectations, leading to a more a refined and reliable software solution.
5. Establish a comprehensive testing strategy: Manufacturers should develop a testing strategy that encompasses all stages of the software development lifecycle. This strategy should include unit testing, integration testing, system testing, and user acceptance testing, among others, to ensure thorough testing coverage.
6. Continuously monitor and optimize performance: Once a system is in production, manufacturers should monitor its performance and gather data on any issues or bottlenecks. This information can be used to further optimize the software solution and improve its overall reliability and efficiency.

By implementing these improvements, manufacturers can enhance the testing process for complex software solutions, reducing the risk of errors and ensuring a higher-quality product.

PURSUE SWIFT TRANSFORMATION AND PROGRESS

To ensure the reliability of software solutions, manufacturers must establish a testing strategy that covers every stage of the software development lifecycle. This strategy should include unit testing, integration testing, system testing, and user acceptance testing, among others, to ensure comprehensive testing coverage. Additionally, ongoing monitoring and optimization of performance is necessary for continued success.

LEVERAGE EXISTING WORK FOR SOFTWARE UPDATES

As our society grows, the complexity of the products and services we provide also increases. This puts a strain on the training of new employees in all areas of the economy. However, building safer software can help alleviate this strain by automating repetitive and even dangerous tasks. Furthermore, it can ultimately save lives. As our dependence on software grows, it is vital to ensure that it performs as expected and is safe to use. This can be achieved by regularly updating the software with security patches and other maintenance releases. However, this can be challenging when different teams are involved in developing various systems. One of the most significant challenges identified by the U.S. Food & Drug Administration (FDA) is the importance of maintenance. Therefore, it is crucial to rely on third-party software only when necessary and to prioritize the development of new products that can be maintained and updated easily.