Skip to main content
SpringerLink
Log in

Safety Critical Software Development – Extending Quality Management System Practices to Achieve Compliance with Regulatory Requirements

  • Conference paper
  • First Online:
Software Process Improvement and Capability Determination (SPICE 2016)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 609))

Abstract

Software is increasingly being used to provide functionality in safety critical domains. The complexity involved in the development of software for these domains can bring challenges concerned with safety and security. International standards are published, providing information on practices which must be implemented in order to satisfy the regulations. This paper details an investigation of the relevant standards that companies need to implement in order to satisfy the regulatory requirements. A literature review was conducted which examines the relevant Quality management system, Risk Management and Software development standards across the safety critical domains. To examine the challenges in implementing these standards, interviews were conducted with a medical device software development company having a Quality management system in place and beginning to implement the relevant Software development standards. In addition, an interview was conducted with a consultancy company who have experience in the implementation and maintenance of Quality management systems in small and medium enterprises. Future work will focus on the integration of practices which need to be implemented by companies developing safety critical software.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Gapper, J.: Software is steering auto industry - FT.com. Financ. Times (2016)

    Google Scholar 

  2. Knight, J.: Safety critical systems: challenges and directions. In: International Conference on Software Engineering (2002)

    Google Scholar 

  3. Monti, M.M., Vanhaudenhuyse, A., Coleman, M.R., Boly, M., Pickard, J.D., Tshibanda, L., Owen, A.M., Laureys, S.: Willful modulation of brain activity in disorders of consciousness. N. Engl. J. Med. 362, 579–589 (2010)

    Google Scholar 

  4. McHugh, M., McCaffery, F., MacMahon, S.T.: Improving safety in medical devices from concept to retirement. In: Furht, B., Agarwal, A. (eds.) Handbook of Medical and Healthcare Technologies, pp. 452–480. Springer, New York (2013)

    Google Scholar 

  5. Next Generation PDT, Next Generation PDT - New Generation Cancer Treatment Therapy. http://www.nextgenerationpdt.com/?loc=gbl. Accessed: 15 Feb 2016

  6. National Cancer Institute, Radiation Therapy for Cancer. http://www.cancer.gov/about-cancer/treatment/types/radiation-therapy/radiation-fact-sheet#q1. Accessed: 15 Feb 2016

  7. TrapX Labs, Anatomy of an Attack Medjack (Medical Device Hijack) (2015)

    Google Scholar 

  8. Fu, K.: ARCHIMEDES Ann Arbor Research Center for Medical Device Security. http://www.secure-medicine.org/. Accessed: 15 Feb 2016

  9. European Council, MD Directives

    Google Scholar 

  10. U.S. FDA, Inspection, Compliance, Enforcement, and Criminal Investigations

    Google Scholar 

  11. McHugh, M., McCaffery, F., Casey, V.: How amendments to the medical device directive affects the development of medical device software (2011)

    Google Scholar 

  12. McHugh, M., McCaffery, F., Casey, V.: US FDA releases final rule on Medical Device Data Systems - what does this mean for device manufacturers? (2011)

    Google Scholar 

  13. European Commission, Council Directive 93/42/EEC, vol. L 269, September 2000

    Google Scholar 

  14. U.S. FDA, Code of Federal Regulations Title 21

    Google Scholar 

  15. U.S. FDA, FDA Agents - FDA Registration and U.S. Agent Representation

    Google Scholar 

  16. ISO, ISO - International Organization for Standardization. http://www.iso.org/iso/home.htm. Accessed: 15 Feb 2016

  17. IEC, Welcome to the IEC - International Electrotechnical Commission: http://www.iec.ch/index.htm. Accessed: 15 Feb 2016

  18. ISO, ISO 9001: 2015 Quality management systems Requirements … making excellence a habit (2015)

    Google Scholar 

  19. ISO/IEC, ISO/IEC 15288:2015 Systems and software engineering — Life cycle processes (2015)

    Google Scholar 

  20. ISO/IEC, ISO/IEC 12207:2008 Systems and software engineering — Software life cycle processes (2008)

    Google Scholar 

  21. ISO, ISO 31000:2009 Risk management – principles and guidelines (2009)

    Google Scholar 

  22. U.S. FDA, Recognized Consensus Standards

    Google Scholar 

  23. European Commission, Harmonised Standards - European Commission

    Google Scholar 

  24. NSAI, Standards Supporting EU Directives. http://www.nsai.ie/Our-Services/Standardization/Standards-Supporting-EU-Directives.aspx. Accessed: 17 Feb 2016

  25. ISO, ISO publishes book + CD on integrated use of management system standards (2008-07-15) - ISO (2008). http://www.iso.org/iso/news.htm?refid=Ref1144. Accessed: 15 Jan 2016

  26. Flood, D., McCaffery, F., Casey, V., Regan, G.: A Methodology for Software Process Improvement Roadmaps for Regulated Domains - Example with IEC 62366

    Google Scholar 

  27. McHugh, M., McCaffery, F., Casey, V., Pikkarainen, M.: Integrating agile practices with a medical device software development lifecycle. In: EuroSPI 2012, pp. 1–8 (2012)

    Google Scholar 

  28. MacMahon, S.T., McCaffery, F., Eagles, S., Keenan, F., Lepmets, M., Renault, A.: Development of a Process Assessment Model for assessing Medical IT Networks against IEC 80001-1

    Google Scholar 

  29. Regan, G., McCaffery, F., McDaid, K., Flood, D.: Investigation of traceability within a medical device organization. In: Woronowicz, T., Rout, T., O’Connor, R.V., Dorling, A. (eds.) SPICE 2013. CCIS, vol. 349, pp. 211–222. Springer, Heidelberg (2013)

    Chapter  Google Scholar 

  30. McCaffery, F., Casey, V.: Med-Trace. In: O’Connor, R.V., Rout, T., McCaffery, F., Dorling, A. (eds.) SPICE 2011. CCIS, vol. 155, pp. 208–211. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  31. ISO, EN ISO 13485:2012 Medical devices — Quality management systems — Requirements for regulatory purposes, July 2012

    Google Scholar 

  32. IEC, IEC 62304:2006 Medical device software—Software life cycle processes (2006)

    Google Scholar 

  33. ISO, EN ISO 14971:2012 Medical devices — Application of risk management to medical devices (ISO 14971:2007, Corrected version 2007-10-01) (2012)

    Google Scholar 

  34. IEC, IEC/TR 80002-1:2009 Medical device software Part: Guidance on the application of ISO 14971 to medical device software (2009)

    Google Scholar 

  35. ISO, ISO/TS 16949: 2009 Quality management systems — Particular requirements for the application of ISO 9001: 2008 for automotive production and relevant service part organizations (2009)

    Google Scholar 

  36. ISO, ISO/TR 15497:2000 Road Vehicles — Development guidelines for vehicle based software (2000)

    Google Scholar 

  37. ISO, ISO 26262-6:2011 Road vehicles — Functional safety Part 6: Product development at the software level (2011)

    Google Scholar 

  38. ISO, ISO 26262-8:2011 Road vehicles — Functional safety Part 8: Supporting processes (2011)

    Google Scholar 

  39. ISO, ISO 26262-9:2011 Road vehicles — Functional safety Part 9: Automotive Safety Integrity Level (ASIL)-oriented and safety-oriented analyses (2011)

    Google Scholar 

  40. EN, EN 9100: 2009 Quality Management Systems – Requirements for Aviation, Space and Defense Organizations (2009)

    Google Scholar 

  41. EN, EN 9115: 2013 Quality Management Systems — Requirements for Aviation, Space and Defense Organizations — Deliverable Software (2013)

    Google Scholar 

  42. RTCA, RTCA DO-178C:2011 Software Consideration in Airborne Systems and Equipment Certification (2011)

    Google Scholar 

  43. EN, BS EN 16601-80:2014 Space project management. Risk management (2014)

    Google Scholar 

  44. ISO, ISO/IEC Directives, Part 1 Consolidated ISO Supplement — Procedures specific to ISO (2014)

    Google Scholar 

  45. The 9000 Store, What is the New Annex SL Platform? http://the9000store.com/iso-9001-2015-annex-sl.aspx. Accessed: 25 Feb 2016

  46. ISO, EN ISO 9001: 2008 Quality management systems Requirements (2008)

    Google Scholar 

  47. European Commission, DIRECTIVE 2007/47/EC, November 2000 (2007)

    Google Scholar 

Download references

Acknowledgments

This research is supported by the Science Foundation Ireland Principal Investigator Programme, grant number 08/IN.1/I2030 (the funding of this project was awarded by Science Foundation Ireland under a co-funding initiative by the Irish Government and European Regional Development Fund),and by Lero - the Irish Software Research Centre (http://www.lero.ie) grant 10/CE/I1855 & 13/RC/20194.

Author information

Authors and Affiliations

  1. Regulated Software Research Centre, Dundalk Institute of Technology, Dublin Road, Dundalk, Ireland

    Andrzej Beniamin Bujok, Silvana Togneri MacMahon & Fergal McCaffery

  2. Almir Business Limited, 2 Mungret Street, Limerick, Ireland

    Dick Whelan & Bernard Mulcahy

  3. Dabl Ltd., Carraig Court, Georges Avenue, Blackrock, Co., Dublin, Ireland

    William J. Rickard

Authors
  1. Andrzej Beniamin Bujok
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Silvana Togneri MacMahon
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Fergal McCaffery
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Dick Whelan
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Bernard Mulcahy
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. William J. Rickard
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Andrzej Beniamin Bujok .

Editor information

Editors and Affiliations

  1. Lero Irish Software Research Centre, Dublin City University Lero Irish Software Research Centre, Dublin, Ireland

    Paul M. Clarke

  2. Dublin City University , Dublin 9, Ireland

    Rory V. O'Connor

  3. Software Quality Institue, Griffith University Software Quality Institue, Brisbane, Queensland, Australia

    Terry Rout

  4. Impronova AB , Drabergsvagen, Lindome, Sweden

    Alec Dorling

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer International Publishing Switzerland

About this paper

Cite this paper

Bujok, A.B., MacMahon, S.T., McCaffery, F., Whelan, D., Mulcahy, B., Rickard, W.J. (2016). Safety Critical Software Development – Extending Quality Management System Practices to Achieve Compliance with Regulatory Requirements. In: Clarke, P., O'Connor, R., Rout, T., Dorling, A. (eds) Software Process Improvement and Capability Determination. SPICE 2016. Communications in Computer and Information Science, vol 609. Springer, Cham. https://doi.org/10.1007/978-3-319-38980-6_2

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-38980-6_2

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-38979-0

  • Online ISBN: 978-3-319-38980-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation