Assurance Cases: Medical Device Summit West, San Francisco, CA. June 13, 2013
-
Upload
sterling-medical-devices -
Category
Devices & Hardware
-
view
162 -
download
0
Transcript of Assurance Cases: Medical Device Summit West, San Francisco, CA. June 13, 2013
Assurance Cases
Medical Device Summit West, San Francisco, CA. June 13, 2013
Erik Hilliard, Director of Business Development
What we do:o System development and test
Software and Electronics Experts Any Phase
o Risk planning and hazard identificationo DHF Remediationo Project Rescueo Quality System Consulting
300+ Projects, 100+ Clients
Who is Sterling?
ISO 13485FM 543438
Registered
IEC 62304 Compliant
Your Partner in Medical Device Development
There when you need us!
Assurance Cases Background • Based on the new draft guidance for Infusion Pumps
from the FDA, manufacturers recommended to use assurance cases (report) to demonstrate substantial equivalence.
• FDA expects technology changes… Under 513(i)(1)(A) of the Act, demonstrate new or changed device is as safe and effective as predicate
• Use of assurance cases is used to organize and dictate the content of 510(k) premarket submissions for infusion pumps to satisfy this requirement
Assurance Case• Formal method demonstrating validity of a
claim by providing a convincing argument supported by evidence
• It is risk based and uses the scientific method to help discuss and draw conclusions based on statistical measurements of the reliability of the system.
• Assurance case addressing safety is a safety case
Elements of an Assurance Case• Claim
– Statement about property of system (a requirement…)• Evidence
– Information demonstrating validity of claim• Argument
– Links the evidence to the claim… Arguments may introduce sub-claims
• Presentation of Information Already Gathered?– System Architecture (Hardware and Software + Integration)– Do your Design Outputs Meet the Design Inputs? – Change Tracking and the Effect of those Changes on Design?
Hazard AnalysisThe assurance cases starts with the analysis of hazards or hazardous situations.• Mitigated hazard or situation = Claim• What makes the system safe?• Extrapolate those properties into safety requirements
• Supported in Different Formats– Narrative– Graphical– Tabular
Evidence• Types
– Requirements Validation– Requirements Satisfaction– Requirements Traceability
• Is– Test Data– Results of experiment– Analysis– Compliance with Standards
Arguments
• Linkage– Links the Evidence to the Claim
• Description of what is being proved (the claim)• Identify Items of Evidence along with the
Reasoning (Conclusion)• May introduce sub-claims (which will require
more evidence and arguments)• State the Assumptions!
Logical Schema Approach• As detailed by Richard Chapman, FDA
• Each claim;– must have at least 1 child argument– can have zero or more subsidiary child claims – must have no child evidence
• Each argument– Must have one or more parent claims– Must have one or more child evidence– Can have zero or more child claims
• Each bit of evidence– must have one or more parent arguments– must have no child evidence, child claims or child arguments
Example• Battery Power Nearing Exhaustion
– Claim : Multi-Level Warnings Based on Time Remaining• First Warning with x minutes to go• Second Warning with y minutes to go• Final Alarm at exhaustion; possible switchover to reserve battery
– Evidence • System Verification Test• User Impact Test
– Arguments – Ensuring the Evidence covers the Claim for Multiple Potential Causes
• Battery Profile Change – Level of Charge/Discharge Changes over Time• Different Use Scenarios
Battery Safety Assurance
ARGUMENT
First level notification/warning allows user ample time to
charge batteries/connect to line power.
CLAIM
Warning Shall Occur When Battery
Remaining is < X but > Y
EVIDENCE
User Impact Testing showed user reacted to warning to rectify issue
ARGUMENT
Multiple Batteries Used With Differerent Ages Will Show Battery Usage Does Not Affect the Trigger
of the Alarm
EVIDENCE
System Verification Test IDs xyz123, xyz124,
xyz125
CLAIM
Higher Priority Warning Shall Occur
When Battery Remaining is < Y but > Z
ARGUMENT
Different Load Usage Will Show Battery Usage Does Not Affect the
Trigger of the Alarm
EVIDENCE
System Verification Test IDs abc123, abc124,
abc125
Risk Management and Assurance Case
• Assurance Case is a methodology that has a set of disciplines to structurally demonstrate that a safety claim is fulfilled.
• Risk Management is a systematic life cycle process to identify, control, and evaluate safety risks (as defined by your QMS).
Tools to Help: GessNetGessNet provides a powerful all-in-one environment to develop and maintain risk management file through the product life cycle, and integrate safety assurance case into the risk management process.
Erik HilliardDirector of Business DevelopmentSterling Medical Devices201-227-7569 x155ehilliard@sterlingmedicaldevices.comwww.sterlingmedicaldevices.com
Assurance Cases