First, let’s say what the term ‘software quality assurance’ means.
This term can be defined as an intended and systematic pattern of activities carried out to ensure that the procedures, tools, and techniques utilized during the medical device software development and modification can provide the desired level of confidence in the final product. Its main goal is to assure that the medical device’s reliability is not reduced by the software’s quality, and it takes the form of
guiding and documenting the development process itself, including a number of checks and balances. In this regard, the software quality assurance plan (SQAP) is created during the first step of the development process, which relates to specifying the software, and it consists of the following 16 elements (sections):
- Purpose - It outlines the specific purpose and scope of the particular SQAP. It lists the names of the software items that are covered by the SQAP and the intended use of the software. Additionally, it states the part of the software’s lifecycle covered by the SQAP for each software item specified.
- Reference documents – It provides a complete list of all documents referenced elsewhere in the SQAP.
- provides information about the organization structure that has influence and control over the software’s quality;
- describes that portion of the software lifecycle covered by the quality assurance plan;
- specifies the tasks to be performed, emphasizing on SQA activities, and the relationships between these tasks and the planned major checkpoints;
- indicates the sequence of the tasks and the specific organizational elements responsible for each task.
- Documentation – this element of the SQAP identifies the documentation governing the software’s development, verification, validation, use, and maintenance. Moreover, it states how the documents shall be checked for adequacy.
- Standards, practices, conventions and metrics – it relates to identifying applicable standards, practices, conventions, and metrics, as well as ways to monitor and assure compliance with each of these items.
- Review and audits – this section of the SQAP defines:
- the technical and managerial reviews and audits to be carried out;
- states how both the reviews and audits are to be accomplished;
- defines what further actions are required and how they shall be executed and verified.
- Test – it indicates any tests that are not included in the software verification and validation plan, together with the sequence of their implementation.
- Problem reporting and corrective action – this element relates to describing any practices and procedures to be used for reporting, tracking, and resolving issues identified in software items and the software’s development and maintenance processes. Additionally, any specific organizational responsibilities should also be stated.
- Tools, techniques and methodologies – any software tools, techniques and methodologies, supporting the software quality assurance process, should be stated here, along with their purpose and use.
- Code control – this SQAP element contains information about any methods and facilities used for maintaining, storing, securing, and documenting controlled versions of the identified software throughout all phases of the software’s lifecycle.
- Media control – this section describes all methods and facilities used for identifying the media for each computer product and the documentation required to store and protect it from unauthorized access, unintentional damage or degradation throughout all phases of the software’s lifecycle.
- Supplier control – this part of the SQAP contains information regarding the provisions for assuring that the software provided by suppliers fulfils the established requirements. Furthermore, it states the methods to be used to ensure that the software supplier receives all requirements.
- Collection, maintenance and retention of records – this section:
- Identifies the software quality assurance documentation that needs to be retained and designates its retention period;
- States the methods and facilities that will be used for collecting, protecting and maintaining the SQA documentation.
- Training – any training activities that are necessary in order to meet the SQAP needs must be stated here.
- Risk management – this element contains information focused on the methods and procedures employed to identify, assess, monitor, and control risk arising during the part of the software’s lifecycle covered by the SQAP.
- Additional sections – the contents of each additional section of the SQAP should be specified either directly or by reference to another document.
- Fries, R. (2006). Reliable design of medical devices. CRC Press, 2nd