Medical Device Software: Complying with the MDR & FDA Regulations

An Introduction to Medical Device Software: Regulations & Requirements to include EU & FDA Guidance and Risk Management

20-22 Nov 2019

& 28-30 Apr 2020 , 17-19 Nov 2020

GBP 1,849
EUR 2,589
USD 2,884

Book now

Course Overview

PLEASE NOTE: Due to popular demand this event is now running as a 3-day event.

This course provides a comprehensive appraisal of the regulations and requirements that apply to medical device software worldwide. The seminar will be highly interactive, using real-life examples and state- of-the-art practices identified by Notified Bodies in Europe. There will be in-depth coverage on how to prepare compliant technical file documentation for medical device software products and a review of software specification, risk management, architectures, usability and resulting design documentation. In addition, there will be practical tips on how to streamline the development process, understand the regulatory requirements and how Notified Bodies review technical files.

There will be sessions on the practical implication of risk management and usability and an analysis of the differences between FDA guidance and MDR guidance on medical device software. Software recalls, the use of apps in medical devices, the implications of the new draft usability standard and advice on how to validate your system design will also be covered.

Why you should attend

  • Learn how to qualify and classify software in Europe and the rest of the world
  • Get in-depth understanding of the interpretations of MDR Classification Rules 10, 11, 12, 13, 15 and 22
  • Understand the implications of the MDR and US Code of Federal Regulations for software
  • Gain regulatory guidance on mobile apps, software as a service, cloud computing, artificial intelligence and continuous learning software
  • Learn how to write 510(K) and technical files
  • Get a practical understanding of quality management, design control and how it applies to agile software development
  • Hear the best practices on cyber security, risk management, usability andvalidation
  • Learn the principles of clinical evaluations for software as a medical device
  • Gain an insight into state-of-the-art standards applicable to software

Who should attend?

  • Senior management and project leaders
  • Software product managers, researchers, developers and clinical experts
  • Software development process managers
  • IT managers and integrators
  • Internal and external auditors and/or consultants
  • Regulatory affairs professionals
  • Quality system and quality assurance personnel
  • Technical and medical writers
  • GUI designers

Programme day one

Introduction to the regulations

Software qualification

  • MD and IVD definitions
  • Annex XVI products
  • In-vitro diagnostic software
  • Multi-functionality software
  • Cloud computing and software as a service • Intended purpose
  • Excluded functionality
  • Borderline with lifestyle and fitness software
  • Combination products
  • Population health and educational software
  • Resource and workflow management vs clinical decision support software
  • Clinical decision software • Quiz

Software classification

  • Implementing rules
  • Classification rules
  • IMDRF SaMD risk type determination • Case studies
  • Quiz

General principles to bring medical device software to the EU market

  • Bringing your device to the market
    • Go-to-market process – MD and IVD
    • Go-to-market process – combination products – In-house use by health institutions
    • Engage with a Notified Body
    • Implement a quality management system
    • Controlling your suppliers and subcontractors
    • UDI number
    • Declaration of Conformity
    • Person Responsible for Regulatory Compliance
  • Keeping your device on the market
    • Assuring the traceability of your product
    • Distributors, importers, authorised representatives and their liability
    • App stores and digital distribution platforms
    • Complaint handling system
    • Medical incident reporting
    • Monitoring critical components or platforms updates
    • Post-market surveillance requirements
    • Unannounced Notified Body audits
    • Service updates, upgrades and other changes
    • Quiz

Introduction to General Safety and Performance Requirements (GSPR)

  • GSPR
  • Harmonised standards • Common specifications • GSPR checklist

Programme day two

Interpretation of GSPR and their implications for software

  • Reduce risk as far as possible
  • State of the art
  • Single fault condition
  • IT environment and mobile platforms
  • Diagnostic and measuring function
  • Repeatability and reliability (e.g. of machine learning)
  • Lifetime of a device
  • Information on the manufacturer’s website • Instructions for use
  • Label

Technical file

  • Content
  • Practical construction of a technical file

General principles to bring medical device software to the US market

  • US Code of Federal Regulations and its implications for software
  • 510(k) process
  • FDA guidances specific to software

Practical construction of a 510(k)

Go-to-market strategy

  • Regulations in the rest of the world (Brazil, Canada etc.)
  • Market access and reimbursement of digital technology
  • From health app to medical device software
  • Considerations for software-hardware combinations
  • Using the modular approach to your benefit
  • Tools that allow customers to build their own devices: rules engines, programming and runtime environments,
    libraries for dataflow programming and machine learning
  • When a customer becomes a manufacturer

Software development models

  • Introduction
  • Symptoms and root causes of poor design control • Waterfall vs agile, iterative and spiral
  • Principles of good design control
  • Stage-gated model

Design activities

  • Project management
  • Development planning
  • Change management
  • Requirements management
  • Architecture and design
  • Development
  • Configuration management
  • Verification and validation
  • Defect management
  • Design reviews

Software development standards

  • EC 62304: Software life cycle management
  • EC 82304-1: General requirements for product safety

Safety and essential performance of electrical medical equipment IEC 60601 and Appendix H

Security risk management

  • Introduction: hacking an infusion pump
  • Terminology
  • Characteristics of security
  • Security risk controls (a selection)
    • Organisational risk controls
    • Audit logs
    • Server and application hardening
    • Demilitarised zone architecture
    • Public key infrastructure
    • Passwords
    • Multi-factor authentication
    • Encryption
    • Virtual private networks (VPN)
    • Cloud-based data exchange
    • Mobile and voice exchange
    • User roles and privileges
    • Network monitoring and intrusion detection
    • Web service and web application protection
    • Remote network access and maintenance
  • Information security management system
    • Assuring information integrity, security and privacy
      (ISO/IEC 27001)
    • Determining probability, threat, vulnerability and impact
    • Determining risk acceptability
    • Information sharing
    • MDS2 form
    • Security error messages
    • ISACs and ISAOs
    • Secure development life cycle (IEC 62443)
    • Example of a secure design process
    • Patching strategy
    • Preventing malware delivery and execution – Vulnerability scanning (pen testing)
  • Legal requirements
    • MDR, NIS, GDPR and Cybersecurity Act – Security standards

IEC 80001: Application of risk management to IT-networks incorporating medical devices

Programme day three

Safety risk management

  • Process and terminology
    • Terminology – Process
    • Roles
  • Risk identification methodologies
    • Checklists
    • Grey box
    • Hazard and operability analysis (HAZOP) – Failure mode and effects analysis (FMEA) – Fault tree analysis (FTE)
  • Risk control
    • Inherently safe design
    • Preventive measures
    • Corrective measures
    • Mitigations
    • Safety notices
    • Disclosures of residual risk – Risk control strategies
  • Risk assessment and evaluation
    • IMDRF terminology
    • Determining severity and probability of harm
    • Determining if a risk is acceptable
    • Benefit-risk assessment
    • Deliverables
  • Manufacturer accountability
    • Risk management throughout the product life cycle
    • Normal, abnormal and misuse
    • ESCs, SOUPs and COTS
    • Platform changes and failures
  • Risk perception and communication

Usability of medical devices

  • IEC 62366
  • Formative and summative testing • Cognitive walk-throughs
  • Heuristic evaluations
  • User evaluations

Clinical evaluations of medical device software

  • Definitions, purpose, deliverables
  • Process and key characteristics
  • Methodology
  • Data sources
  • Role of validation and usability
  • Use of real-world evidence
  • Considerations for artificial intelligence and continuous learning software

Practical construction of a clinical evaluation plan and report

Introduction to clinical investigations

  • When is a clinical investigation needed for medical device software?
  • Roles and responsibilities
  • Selecting appropriate study design
  • Regulatory and ethical considerations
  • Diagnostic clinical performance studies
  • Sustaining the quality of clinical studies
  • Handling clinical data
  • Analysis and reporting

Post-market surveillance (PMS)

  • Post-market regulatory requirements
  • Components of an effective PMS
  • Process interface with CAPA, NC, vigilance, service, periodic safety updates, trend reporting
  • Implementation of PMS
  • Post-market clinical follow-up

Process interfaces

  • Successfully bringing together risk management, clinical evaluation and post-market surveillance to streamline ways of working


Koen Cobbaert

Koen Cobbaert is Quality and Regulatory Manager at Philips Healthcare. He represents COCIR in numerous work groups at European level. COCIR is the European Trade Association representing the medical imaging, radiotherapy, health ICT and electro-medical industries. In 2009 COCIR created its software task force, which Koen has been chairing ever since. He put on paper the first draft of the qualification decision tree, which was later successfully adopted by the Member States in “MEDDEV 2.1/6 on the qualification and classification of standalone software”. Under Koen’s leadership COCIR’s software task force has contributed to the 1st and 2nd edition of this MEDDEV and has proposed the IMDRF work item on software as a medical device, which ultimately lead to IMDRF guidance on the qualification, risk stratification and clinical evaluation of software as a medical device. Currently Koen’s work focuses on drafting the European guidance for classification of medical device software, which is expected to clarify among others the use of classification rule 10 and 11 under the Medical Device Regulation (MDR).
Koen wrote several COCIR papers on a variety of software-related topics under the MDR: qualification of and responsibilities for rules engines, programming and runtime environments and libraries for dataflow programming and machine learning, economic operator requirements for app stores and digital marketplaces, significant changes of software, UDI numbers, etc.Via COCIR’s standards focus group he contributed to the development of IEC 82304 on safety requirements for health software and IEC 62304 on software lifecycle processes. Koen co-authored the FAQ on IEC 62304, which has been translated in several languages. Via COCIR’s North American sister organisation MITA he also contributed to several FDA guidance papers, including the guidance papers on patient and clinical decision support systems and on computer-assisted detection devices applied to radiology images and radiology device data.
Koen has over 15 years of hands-on experience in establishing regulatory strategies, writing technical files and 510(k)s, performing worldwide regulatory submissions and moderating risk management and clinical evaluation discussions for software applications for general radiology, oncology, neurology, cardiology and orthopaedics, computer algorithms for pattern recognition, computer aided detection, reasoning engines, decision support, clinical pathways, general systems such as HIS, LIS, IVD, PACS, EPR and mobile apps. He has a Master in Risk Management and Electrical Engineering.

Zuzanna Kwade

Zuzanna Kwade is Medical Affairs Manager, Agfa Healthcare. Zusanna holds a PhD in Biochemistry and has more than ten years of experience in clinical and medical research. She is the co-author of several white papers on regulatory aspects of clinical research.

Since 2016, she has been actively involved in Clinical Evaluations according to MEDDEV 2.7.1 (Rev.4) for multiple devices, including high risk hardware devices and medical software. She also represents COCIR in the European Union Task Force on clinical evaluation of software.

Book now

20-22 Nov 2019
20-22 Nov 2019 Rembrandt Hotel, London GBP 1,849.00
EUR 2,589.00
USD 2,884.00
+ VAT @ 20.00%
Registration for this event now closed.
28-30 Apr 2020
28-30 Apr 2020 Holiday Inn London - Kensington Forum, London GBP 1,849.00
EUR 2,589.00
USD 2,884.00
+ VAT @ 20.00%
Enrol now
17-19 Nov 2020
17-19 Nov 2020 Rembrandt Hotel, London GBP 1,849.00
EUR 2,589.00
USD 2,884.00
+ VAT @ 20.00%
Enrol now

You may also be interested in

Previous customers include...

  • Aidence B.V.
  • Ascensia Diabetes Care Holdings AG
  • Covidien Deutschland GmbH
  • DCA Design International
  • Dentsply Implants
  • DSTL
  • GlaxoSmithKline (GSK)
  • Hoffman LaRoche
  • IBA
  • McLaren
  • Medicines and Healthcare Products Regulatory Agency (MHRA)
  • Medicines and Medical Devices Agency of Serbia
  • Mundipharma Research Ltd
  • Novo Nordisk A/S
  • Omron Healthcare
  • Omron Healthcare Europe BV
  • PA Consulting Group
  • Radiometer Denmark
  • RB Healthcare UK
  • RDT Ltd
  • Reckitt Benckiser Ld
  • Roche
  • Sagentia Limited
  • Smart Process Solutions Ltd.
  • Team Consulting
  • Teva UK Limited
  • Teva UK Ltd
  • The Institute of Cancer Research
  • TomTom International B.V.
  • Toshiba Medical Visualization Systems

Good course, very interesting and complete overview with speakers that bring the insights of both an ex-auditor and an industry representative.

Antoine Nguyen, Associate Regulatory Program Manager , Roche

Both speakers were really good and brought the needed perspective to the discussion.

Sandra Beltran Rodil, Senior Manager Regulatory Affairs, Teva UK Ltd

A very worthwhile introduction to the regulatory requirements of medical device software for anyone new to this device type. The course covered a broad range of relevant subjects and was delivered by speakers who were clearly highly experienced but also passionate about the subject matter. I would definitely recommend!

Suzanne Morgan, Group Head of Regulatory Affairs, The BBI Group


Arun Mahendran, Regulatory Affairs Manager, Vision RT Limited

The course is well thought and based on the expert's experiences.

Ana Burman, Quality Engineer, Team Consulting

A good intensive course - I would recommend for my colleagues especially who need a general understanding of MDR impact on medical SW.

Camilla Inesa Cernajute, Regulatory Affairs Officer, Oticon A/S

One of the best training courses I have attended.

Ben Sadowyj, Senior Regulatory Assciate - Digital, RB Healthcare UK

This is one of the best training organised by Management Forum in term of the quality of the content and presenters. I am equipped to do my job!

Cadence Tan, Senior Regulatory Affairs Manager, GSK Consumer Healthcare

Engaging delivery of the subject by speakers who clearly had extensive knowledge and experience of medical device software in a regulatory environment.

Stephen Matthews, Validation Consultant, Smart Process Solutions Ltd.

Big thank you to Koen! He shared the latest information of the risk classification guidance.

Marika Miettinen, Head of Compliance, Tieto Finland oy

A very interesting and informative course. Excellent speakers

Laura Scatizzi, Manager, Fresenius Medical Care Deutschland GmbH

Koen brought a lot of practical industry experience which was extremely useful.

Leon Doorn, Sr. QA/RA Manager, Aidence B.V.

The speakers were knowlegdable and interesting.

Cecile Boyer, Senior Quality Project Manager, Novartis Pharma AG

Good course. A lot of information in detail.

Jose Fernandez, Certification Manager, McLaren

A well structured, well presented programme

Peter Ogrodnik, Professor of Biomedical Engineering, Keele University

Very good presentation

Massimo Panonzini, Inpeco SA

Excellent content - good choice of speakers

Malgorzata Wilinska, Research Associate, University of Cambridge

It was great that both speakers had an understanding of what devices IBA makes and they tried to give suitable answers for our case

Inez Wathion, Verification & Validation Officer, Ion Beam Applications SA

Very good

Robert Gay, Senior Regulatory Affairs Manager - External Products and Software, Cochlear Limited

Very good, I would recommend this course for beginners and advanced levels

Arnaud Biermann, Senior Manager Regulatory Affairs, Anteis SA

The presentations in the folders did not follow the order that was presented by the speakers. Always best to check beforehand with the speakers the order of information as ideally it should match of presentation. This meant we were all looking for the slides whilst the speakers had started, meaning we often missed some important points.

Priti Darjee, Associate Director Regulatory Affairs, UK, Teva UK Ltd