Within a highly regulated industry such as the medical device software one, implementing a Quality Management System (QMS) is extremely important. It is actually a sine qua non condition to meet the requirements of the ISO 13485 standard, Medical Devices – Quality Management Systems – Requirements for Regulatory Purposes. But how to deal with it practically? Let’s see together how Tuleap can help you meet this challenge, hence achieving your goals in terms of QMS.
ALM tool: the guarantor of ISO 13485 standard compliance
Definition – ALM
The traditionally-called Application Lifecycle Management (or ALM) is an optimal solution to succeed in both managing complex development project of medical device software and implementing a Quality Management System (QMS). This, because an ALM tool helps optimize software development processes, encouraging organizations to bring teams together around a common, integrated workspace, while also providing them with all the necessary tools for each one of the software lifecycle phases (i.e. design, planning, production, validation and maintenance stages).
When implementing a quality policy, an ALM software tool can help you:
- Standardize your processes via flexible workspaces (thanks to customizable templates)
- Centralize and secure all data and information related to one or multiple projects under one roof, as to have one single digital referential.
- Provide each team with the most appropriate tools ensuring software project management optimization at all levels (such as for configuration management, version control, requirements management, test management etc).
- Monitor activities and track any slight change throughout the entire software lifecycle.
- Ensure 100% traceability, which is therefore crucial for audit purposes.
- Prepare and pass compliance audits faster, even remotely.
Quality Management System (QMS) for software medical devices
One of the requirements related to a specific medical device class have been outlined, it is fundamental to carry out a gap analysis. The aim is to point out both what already exists within the enterprise in terms of quality system and what needs to be done as to optimize your quality management system and ultimately meet the requirements of the ISO 13485 standard compliance.
Tuleap, the perfect ALM to ensure ISO 13485 compliance
Tuleap provides medical device manufacturers (and in this precise case, development and quality managers) with an all-in-one solution, ensuring greater reliability and security when it comes to achieving and sustaining compliance to the market’s standard requirements, notably to the ISO 13485 standard. Relying on such software solution helps minimize, or even avoid, inconvenience and major defects that are likely to jeopardize the manufacturer’s reputation or, even worse, to compromise end users’ safety – so, patient safety.
Quality Management System (QMS): all the must-have tools in a single solution
Document Generation & Management
Document Management is a key aspect for ISO 13485 compliance. This standard requires:
- organizing and keeping a record on each medical device type or class, containing all the necessary information to prove regulatory requirements compliance
- tracking even the slightest product change throughout the design and development stages
- defining from the very beginning all the (potentially) necessary methods and organizational processes related to different issues such as risk management, medical device requirement management, test and validation management, change management, traceability requirements and so on.
The module Tuleap Document Manager allows you to create as many public or private workspaces as you wish (generally 1 workspace = 1 project team) in order to efficiently centralize all data and information linked to each medical device project. Data is available at any time and also secured thanks to an authentication system to precise and attribute different access rights among users.
Tuleap document management includes not only an integrated Mediawiki to optimize collaboration on documents, allowing to link them back to other project items, but also a notification system to improve change monitoring on ongoing projects, hence making it easier to stay informed on document updates.
The tool also enables the setup of review and approbation workflows.
Moreover, automatic document generation is at its best thanks to the Tuleap DocGen™ plugin: generate in a few seconds and export overview reports and/or technical requirements specification documents to prepare and pass compliance audits faster, effortlessly.
Risk Management
As to ensure process management, the ISO 13485 compliance standard specifies the need for a risk management approach to be applied throughout the entire product lifecycle of medical devices. Risk is defined as the likelihood to have a negative impact: either on security or performance requirement or else on regulatory requirements’ compliance.
Tuleap Tracker module is to be considered as the cornerstone of Tuleap. It enables you to create and easily manage a hierarchy among artifacts (parent/child links) so that you can design and set up a more sophisticated and customized risk management and issue tracking system.
Actually, whenever a risk is indexed as “non-acceptable”, this system allows you to define a risk-mitigating measure so that in the end (after a series of tests and validations) you get an acceptable level of risk.
A new requirement is generated from the risk-mitigating measure definition, in order to ensure its conformity later on. Concerning this requirement, Tuleap enables you to go into even more details, getting to all the necessary specifications which will ultimately lead to the creation of one or more features to be developed.
Moreover, another significant advantage of relying on a flexible software tool such as Tuleap is that you modify and adapt your risk management system over time, always ensuring its compliance to both your needs and challenges. Note here that features can result not only from a user’s need but also from a requirement. Then Tuleap Trackers helps you better manage them, by linking all the appropriate items together to show that – for example – the paramount development of a specific feature (F2) is crucial to the development of another one (F1): which means that F1 can’t be built as long as F2 is under development.
Requirement Management & Baseline
Once the previous stages of risk analysis and verification have been outlined and implemented, it is time to move on to the planning and execution phase, notably using Tuleap’s integrated agile tools for requirement management. It is hence possible to define a more detailed development plan that includes a start date (and possible and end date too), the cost in terms of efforts needed, teams’ capacity, the people involved and so on.
When dealing with project management, you have the following key elements:
- Backlog planning : it gathers all the features to be developed while making a distinction – via color codes – between those generated from a user request and those created from a requirement.
- Milestones : it represents one or more steps to be set depending on your needs (i.e. according to the releases, to your different medical device products etc.) so that you can plan features development subsequently.
- Tuleap Kanban board: there is also an interactive cardwall to better visualize tasks’ progress until their accomplishment, and then move on to the validation stage.
Tuleap also makes it possible to create as many requirements baselines as you wish. A baseline is a static item once you have created it. It is like a snapshot, but it actually provides full traceability of all the items it encompasses since it is possible to go back in time and get an overall view of it.
You can also filter the information needed according to different criteria – such as trackers.
Moreover, it is easier to progressively create several baselines to compare, as to better understand what has changed: for instance if artifacts were added, modified or even deleted (see the graph on the right).
Defect and Test Management
Thanks to Tuleap Test Management you can set and manage your test strategy in a few clicks from the very beginning within a single tool.
Once the release has been planned, the tool allows defining quality assurance tests according to very precise criteria, depending on your needs. Then it’s time to create a validation campaign with both manual and automatic tests, as you want.
Tuleap Test Management makes it easier not only to monitor each and every step of your campaigns, but also to immediately detect any potential defect that will be directly linked back to the different project items as to ensure both full traceability over time (which is crucial for audit purposes) and quick bug fixing.
If this correction generated a new requirement, it would be meant repeating the same process of test plan creation – criteria definition – new campaign setting until its final validation.
In addition, Tuleap DocGen™ plugin allows (amongst others) to automatically generate a traceability matrix in a few clicks, containing the export of tests executions covering a precise requirement in order to prove the quality and the full traceability of the developed medical device products – which is nowadays essential to pass compliance audits.
Quality Assurance & Traceability
As previously mentioned, Tuleap issue tracking tool provides end-to-end traceability throughout the whole software lifecycle of the developed medical device. Tuleap Tracker makes it possible to link any item with other project’s artifacts (see an example here on the dependencies graph): user stories, requirements, releases, test campaign, bugs, bug fixing, source code, documents… definitely anything.
From the very early stages of designing till the delivery of actual medical devices, Tuleap ensures you to always find the right information, at the right time, and most importantly, at the right (and only!) place.
For instance, if during an ISO compliance audit you have to explain the origin of a given defect and the way it has been fixed, you can access all the item history showing, amongst others, who created the bug, when it was tested, in which test case and campaign and so on.
In other words, you can easily prove quality assurance and standards compliance at any time, in a few clicks.