Inomed is an international medical technology company that develops nerve protection instruments and systems for precisely targeted patient treatments. Since there is no margin for error in the software driving these innovative devices, Inomed established extensive processes to ensure software integrity. Such full-lifecycle quality processes are essential for complying with IEC 62304, a “harmonized” medical device software safety standard that has been adopted by the European Union and the United States.
In this week’s blog, we’ll discuss how Inomed was able to rapidly automate their established processes—as well as introduce full requirements traceability. This significantly reduces the work required to achieve and sustain the mandated IEC 62304 certification.
Working with doctors and users, Inomed develops new tools and methods in the fields of intraoperative neuromonitoring, neurosurgery, pain therapy and neurological diagnostics. Inomed supplies high-quality products to improve treatment outcomes and uses innovative technologies to ensure safety for both treatment providers and patients.
Jörg Wipfler, Inomed’s Head of Development, explains, “Our products are used intraoperative. If any failure occurs during an operation, the operation might have to be aborted. Moreover, since we monitor nerves and their signals, incorrect interpretations and decisions made by our software could lead to wrong decisions by the user…and could cause injuries for the patient.”
Since safety is so critical for medical devices, the IEC has recently taken an active role in regulating the software that is developed for medical devices used in Europe. The IEC 62304 standard provides a framework of software life cycle processes with activities and tasks necessary for the safe design and maintenance of medical device software. It enforces traceability and repeatability of the development and maintenance process. The US FDA accepts IEC 62304 compliance as evidence that medical device software has been designed to an acceptable standard.
After establishing a largely manual process for achieving their initial IEC certification, Inomed wanted to automate their risk management processes. Their ultimate goal was to reduce the work involved in sustaining their existing certifications as well as streamline the certification process for their emerging innovations.
Inomed determined that in order to streamline their risk management processes, they needed an integrated system to cover both application lifecycle management (ALM) and the standard’s testing requirements for their C++ and .NET language code. After surveying the market, they discovered that Parasoft was a perfect fit for their needs.
Parasoft outfitted Inomed with an integrated Medical Device Compliance solution that included Parasoft Concerto and Parasoft Test (with Parasoft C++test and Parasoft dotTEST). Wipfler explains, “The results from C++test and dotTEST could be used in Concerto…and planned activities from Concerto could be transferred directly into our development environment.”
Parasoft’s broad range of supported environments enabled easy, rapid integration of the Parasoft solution into Inomed’s heterogeneous development environment, which includes Visual Studio, Keil µVision, Bugzilla, and CVS.
Moreover, the solution was deployed to Inomed via a fully pre-configured Virtual Machine— further jumpstarting the adoption process. Immediately after delivery, Inomed could start using the system to validate their software and manage their processes,
The Parasoft Test component of the solution allows Inomed to adopt a standardized process for static analysis, code review, and unit testing across their C++, C#, and C++/CLI code. Wipfler appreciates the value of having an integrated, comprehensive solution. He explains, “We now have a solution doing automated unit tests with the same tool on different development environments and programming languages. Also, the usage of the test products [dotTEST and C++test] is very easy. The automated application of predefined sets of test rules is very useful.”
The Parasoft Concerto component of the solution is used to manage projects and document the process. It also correlates requirements with automated and manual tests, source code, and development/testing tasks. The current level of verification for each requirement or task (including task pass/fail status and coverage) can be assessed at any time by back tracing to all associated tests. This full requirements traceability is crucial for IEC compliance.
“We have done this [conform to IEC 62304] before using Parasoft tools,” Wipfler says. “But our previous approach was paper-based and much more time consuming. Using the new solution significantly increases our efficiency because many manual steps could be automated.”
After Parasoft’s solution was integrated into Inomed’s development process, the process was certified by DQS auditors against IEC 62304. “We could show our auditor that we have absolute traceability from every requirement or task to source code and that we could be certain that all work we do is verified,” remarks Wipfler. “Having automatically-generated traceability is a huge advantage.”
In summary, Wipfler cites the following reasons for choosing Parasoft:
Wipfler was also impressed with Parasoft’s commitment to delivering a solution suited to Inomed’s specific needs. Since Inomed used specialized software, Parasoft made an extra effort to fully integrate it with the solution. Moreover, Inomed and Parasoft engineers collaborated to address some unique issues that had to be resolved in order to establish a natural process for the Inomed development team.
He concludes, “[Parasoft provides] absolutely great support. The engineers are very well-qualified and every problem was solved very quickly. Also, we were impressed with their willingness to address company-specific questions and requirements. Parasoft’s support is absolutely top-level!”
Parasoft’s industry-leading automated software testing tools support the entire software development process, from when the developer writes the first line of code all the way through unit and functional testing, to performance and security testing, leveraging simulated test environments along the way.