The risk level of medical device software is graded by the software security level (YY T 0664-2020 "Medical Device Software - Software Life Cycle Process"), and the software security level is divided according to the severity of software damage
Class A:There can be no harm and damage to health;
Class B:There may be minor injuries;
Class C:Death or serious injury is possible.
The level of security of the software should be combined with that of the softwareIntended use, usage environment, and core functionality(the functions necessary for the software to accomplish its intended use in the intended use environment).
among othersIntended UseThe main consideration is the softwareClinical use(e.g., diagnosis, monitoring, screening, etc.) andImportant processdegrees(such as important role, auxiliary role, complementary role, etc.).Use environmentThe main consideration is the softwarePlace of use(e.g. hospitals, homes, etc.),Type of disease(e.g., severity, urgency, contagiousness, etc.).Patient population(e.g., **, children, elderly, female, etc.) andUser type(e.g. professional users, ordinary users, patients, etc.).Core featuresThe main consideration is the softwareType of feature(e.g., control drive, processing analysis, etc.).How to do it(For example, CT image reconstruction uses filtering and anti-projection algorithms or iterative algorithms, and anomaly recognition uses conventional image processing algorithms or artificial intelligence algorithms, etc.)Level of complexity(such as algorithm size, number of parameters, operation speed, etc.).
The level of software security can also be based onThe level of risk determined by risk managementThe level of software security and the level of risk can be different, but there is a correspondence between the two, so the level of software security can be determined according to the level of risk.
Manufacturers should determine the level of software security before taking risk mitigation measures, in conjunction with the requirements of the quality management systemEstablish a software lifecycle process that matches the level of software security, including software development, software maintenance, configuration management, risk management, and problem resolution. At the same time, manufacturers can adopt good software engineering practices to improve the requirements of the quality management system and ensure the quality of the software. In addition, manufacturers should ensure the information security of the software itself and ensure the confidentiality, integrity, and availability of health data.
Manufacturers should submit the appropriate registration dossiers based on the security level of the software. The registration application materials are derived from the documents formed in the process of the software life cycleThe level of detail depends on the level of security and complexity of the software.