Scribd
Upload
25 views

Software Development Plan - Template

Uploaded by

angelaw900805
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
25 views

Software Development Plan - Template

Uploaded by

angelaw900805
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 15

Document No.

:
Version:

XXXX product
Software Development Plan
(SDP)

Medical Co., Ltd.

All rights reserved. No reproduction without permission!


Document No:
Revision:

Change History

Revision Change No. Description of Revision Revision Date Author

All rights reserved. No reproduction without permission!


Document No:
Revision:

Content

1 Overview...........................................................................................................................................1
1.1 Purpose....................................................................................................................................1
1.2 Definitions and Abbreviations.................................................................................................1
1.3 Reference Documents..............................................................................................................1
2 Software Security Level Classification.............................................................................................1
2.1 Software Security Level Classification Basis.........................................................................1
2.2 Software Security Level Classification List............................................................................1
2.3 Software Risk Analysis and Assessment.................................................................................2
3 Software Development Process.........................................................................................................2
3.1 Software Development Process/Software Life Cycle.............................................................2
3.2 Design and Develop Deliverables at All Stages......................................................................3
4 Software Structure Plan.....................................................................................................................4
4.1 Relationships with Systems (Hardware Devices)...................................................................4
4.2 Personnel and Responsibilities................................................................................................4
4.3 Plan and Estimation.................................................................................................................5
4.3.1 Software Development of Orthopedic Surgical Navigation System....................................5
4.3.2 Software Integration Plan.....................................................................................................7
4.3.3 Software Verification Plan....................................................................................................8
5 Software Assessment Plan.................................................................................................................9
5.1 OTSS Evaluation.....................................................................................................................9
5.2 Related Review Activities.....................................................................................................10
5.3 Software Release Review......................................................................................................10
6 Maintenance Management Plan......................................................................................................10
6.1 Document Formation, Evaluation and Feedback..................................................................10
6.2 Problem Report, Change Request Analysis and Approval....................................................11
6.3 Contact User and Administrator............................................................................................11
6.4 Software Cybersecurity Maintenance Plan..........................................................................11

All rights reserved. No reproduction without permission!


Document No:
Revision:

1 Overview

1.1 Purpose
In order to ensure that the XXXXX product software team can complete the project objectives on
time and with quality, facilitate project team members to better understand the project situation, and
make each process of the project work reasonable and orderly, therefore, in the form of
documentation, the arrangement of the software work task scope and the task breakdown of each
work in the project life cycle can guide the specific software development activity scope in the
written form.
The applicable objects of this document include:
This document is applicable to XXXX product software.
This XXXX product software includes XXXX software, XXXX software, XXXX software.
1.2 Definitions and Abbreviations
Abbreviation English interpretation Chinese interpretation

1.3 Reference Documents


[1] IEC62304:2015 Medical devive software –Software life cycle processes
[2] General Principles of SoftwareValidation (January 11, 2002);
[3] XXXXX, XXXXXX Product Requirements Specification;

2 Software Security Level Classification

2.1 Software Security Level Classification Basis

2.2 Software Security Level Classification List


According to hazard risk analysis, XXX software is defined as Level C.

All rights reserved. No reproduction without permission! Page 1 of 11


Document No:
Revision:

2.3 Software Risk Analysis and Assessment


Software risk management runs through the entire software development cycle and follows the
requirements of XXXX, Product Risk Management Control Procedures, including the proposal of
issues, analysis and evaluation and implementation of measures.
Software systems, software items, and software of unknown provenance are analyzed and evaluated
for risk during the software requirements analysis and design stages, and product requirements
specifications and failure mode and impact analysis are updated as needed.
The software system testing stage requires a review to confirm the implementation of software risk
control measures.
The risk of OTSS will be separately exported as an evaluation report of Off-the-shelf software
For risk analysis, please refer to the Hazard Analysis Report of XXXX product.

3 Software Development Process

3.1 Software Development Process/Software Life Cycle


For software development, the Waterfall V model is used and the software development process
consists of several activities. It contains:
Software development plan. The manufacturer shall develop a (multiple) software development
plan to implement activities in the software development process appropriate to the scope, scale,
and level of software safety of the system being developed;
Software requirement analysis. For each medical device software system, the manufacturer shall
determine the software system requirement from the system level requirements and form a
document;
Software structure design. The manufacturer shall translate the requirements for medical device
software into a structure that describes the software structure and documents the software items;
Detailed design of software. The manufacturer shall refine the software structure until it is
represented as software units, develop detailed design and document for each software unit of
software items, and develop detailed design for interfaces;

All rights reserved. No reproduction without permission! Page 2 of 11


Document No:
Revision:

Realization and verification of the software unit. The manufacturer shall implement each unit and
establish policies, methods, and procedures for each software unit, and establish acceptance
guidelines for the software unit and ensure that the software unit complies with the acceptance
guidelines;
Software integration and integration testing, software unit integration, test integrated software;
Software system testing. The manufacturer shall develop a set of tests for software system testing
expressed as input triggers, expected outputs, pass/fail guidelines and procedures to cover all
software requirements;
Software release ensures the completion of software validation, the known remaining exceptions are
documented, the known remaining exceptions are evaluated, and the release version is documented.

Figure 3-1 Software Development Model Diagram


3.2 Design and Develop Deliverables at All Stages
Software development planning stage: Software development planning document;
Requirement analysis stage: Software requirement specification、 Software requirement
specification report、Software traceability analysis table;
Outline design stage: Software architecture design instruction manual、Software architecture design
review report、Off-the-shelf software (OTSS) evaluation report;

All rights reserved. No reproduction without permission! Page 3 of 11


Document No:
Revision:

Detailed design stage: Detailed design specifications for software, Detailed design specifications for
software review report,software code review report, software source code,installation package;
Unit testing stage: Unit testing plan, unit testing use cases and unit testing report、;
Integrated testing stage: Integrated testing plan, integrated testing planning, and integrated testing
report;
Software testing stage: Software system testing plan, software system testing planning and software
system testing report、software installation configuration instructions 、Software configuration
status report、Software configuration status audit report;

4 Software Structure Plan

4.1 Relationships with Systems (Hardware Devices)


The software is mainly divided into three parts: XXX software, XXX software, and pXXXsoftware.
(Refer to the software system diagram below for the specific structure).

Figure 3-2 System Structure Diagram

The XXXX software is installed on the hardware platform of the XXXX workstation, the XXXX
software is installed on the hardware platform of the XXXX, and XXX software runs on the XXX.
Table 1 Software Information Table
Name Code Development Development Hardware Sup
Language Environment port

4.2 Personnel and Responsibilities


In order to complete the project development of orthopedic surgical navigation system software, the
division of labor of the project personnel is as follows:
Table 2 Personnel Work Distribution

All rights reserved. No reproduction without permission! Page 4 of 11


Document No:
Revision:

Serial
Name Department Role Job Description
No.

1.

2.

3.

4.

5.

6.

7.

8.

9.

10.
4.3 Plan and Estimation
4.3.1 Software Development of Orthopedic Surgical Navigation System

M3 milestone software development


Serial End Responsible
Stages/Activities Cycle Deliverables Purpose
No. Time Person
Software
Development
1. 1 month
Planning

Software developmen
1.1. 1 month
t plan compilation
Software
development plan
1.2. 1 month
baseline version
upload
Software
2. requirements 1 month
analysis
Software
2.1. requirements analysis 1 month
and discussion
2.2. software requirement 2 month

All rights reserved. No reproduction without permission! Page 5 of 11


Document No:
Revision:

Serial End Responsible


Stages/Activities Cycle Deliverables Purpose
No. Time Person
analysis compilation
software
2.3. requirements analysis 1 month
review
software baseline
2.4. 3 month
version upload
Software
3. ARCHITECTURAL 2 month
Design
Design and
3.1. compilation of 2 month
software architecture
software architecture
3.2. 1 month
design review
The basic version of
3.3. software architecture 1 month
design is controlled
Software detailed
4. 2 month
Design
Detailed design and
4.1. compilation of XXX 2 month
software
Detailed design
4.2. review of XXX 1 month
software
The baseline version
of detailed design of
4.3. 1 month
XXX software is
controlled
Unit implementation
5. 1 month
and testing stages
software coding for
5.1. 2 month
XXXX software
software unit testing
5.2. 2 month
plan
software unit testing
5.3. 2 month
case
software unit testing
5.4. 2 month
code
5.5. software unit testing 1 month

All rights reserved. No reproduction without permission! Page 6 of 11


Document No:
Revision:

Serial End Responsible


Stages/Activities Cycle Deliverables Purpose
No. Time Person
report

Milestone software development


Serial Responsible Deliverables Purpose
Stages/Activities Cycle End Time
No. Person
Software
Development
1
1. Planning
month
Update

Software
1
2. specification
month
update
software architecture 1
3.
design update month
Software detailed
1
4. Design
month
update
software unit testing 1
5.
update month
4.3.2 Software Integration Plan
Software integration includes software unit integration, which should be integrated according to the
software integration plan; to verify software integration, software items and software systems
integrated with the software shall be validated according to the integration plan; to test the
integrated software, the integrated software items shall be tested according to the integration plan
and document the results;
The software part of orthopedic surgical navigation system is divided into three parts: XXX
software, XXX software and XXX software. XXX software is divided into XXX software and XXX
software. The XXX software consists of XXX modules. The XXX software is mainly responsible
for XXXX.
The software model is divided into a three-layer structure, which increases the internal integration
of the modules among the layers and reduces the coupling degree of the data. The presentation layer
provides a friendly human-computer interaction interface (realized by the hardware carrier of PC
display); the business layer realizes the corresponding business operation processing (logic and

All rights reserved. No reproduction without permission! Page 7 of 11


Document No:
Revision:

computation processing); the data access layer provides the corresponding data communication
interface, realizes the data exchange (the database access and the industrial Ethernet site access).
Serial Responsible
Stages/Activities Cycle End Time Deliverables Purpose
No. Person
Software
integration
1.
and integration
testing
1.1. Integration of XXX
software
XXX software
1.2.
integrated testing
plan
XXX software
1.3.
integrated testing
case
XXX software
1.4.
integrated testing
report

Milestone Software Integration Plan


Serial Responsible
Stages/Activities Cycle End Time Deliverables Purpose
No. Person
software integrated
1
1. testing plan
month
update
software integrated 1
2.
testing case month
software integrated 1
3.
testing report month
4.3.3 Software Verification Plan
Serial Work Conte End Responsible
Cycle Deliverables Purpose
No. nt Time Person
Software
1. SYSTEM
testing
XXX software
1.1. system testing
plan
1.2. XXX software
system testing

All rights reserved. No reproduction without permission! Page 8 of 11


Document No:
Revision:

Serial Work Conte End Responsible


Cycle Deliverables Purpose
No. nt Time Person
case
XXX software
1.3. system testing
report
Release of
1.4.
XXX software

Milestone Software Verification Plan


Serial End Responsible
Stages/Activities Cycle Deliverables Purpose
No. Time Person
software verification
1
1. testing plan
month
update
software verification 1
2.
testing case month
software verification 1
3.
testing report month

5 Software Assessment Plan

5.1 OTSS Evaluation


According to FDA Guidance on Off-The-Shelf Software Use in Medical Devices (Sept. 27, 2019),
all OTS software used in the development of the XXX product should be evaluated on the basis of
hazard analysis. The Level of Concern is determined to reflect an estimate of the severity of injury
that the specific OTS software could permit or inflict, either directly or indirectly, on a patient or
operator as a result of its failures, design flaws or misuse of it. The document named as XXX
product OTS software is planned to cover evaluation report.
The document CBOM(Cybersecurity Bill of Materials) should be published for monitoring
vulnerability information of the OTS software, collecting cybersecurity signals from external
information sources, engaging in cybersecurity information sharing, routinely updating the anti-
virus software, employing a risk-based approach to characterizing vulnerabilities, and assessing the
potential impact of a cybersecurity signal on specific components within the system as well as on
patients.

All rights reserved. No reproduction without permission! Page 9 of 11


Document No:
Revision:

After implementation of hazard mitigations, residual risk is assessed for each OTS software.
For all OTS software, basic documentation are summarized. If the residual risk of an OTS Software
presents a Major Level of Concern, special documentation are provided.
5.2 Related Review Activities
 Requirements document review
 Design document review
 Code review
 Design verification scheme/report review
 Review of residual issues
 Configuration documents report reviews
5.3 Software Release Review
Before the release of the software, the requirements document, architecture design and detailed
design of the software shall be reviewed, and the remaining defects in the verification process shall
be reviewed.

6 Maintenance Management Plan

The after-sales software maintenance process of medical device shall include feedback monitoring,
problem solving, version release, software upgrade, etc. Refer to XXXX,<<software maintenance
process management system>>
6.1 Document Formation, Evaluation and Feedback
 Feedback monitoring, recording and evaluation
Monitor feedback on released software products from within the company and from users.
Internal feedback can be directly submitted by any employee of the company and recorded by
the quality department; feedback from users is collected by clinical engineers or marketing
personnel. It is the responsibility of the quality department to confirm the feedback to
determine whether there is a problem with the released software product.
 Evaluate the effects of problem report on safety

All rights reserved. No reproduction without permission! Page 10 of 11


Document No:
Revision:

For the feedback of confirmed problems, the quality department is responsible to submit the
problem report.
6.2 Problem Report, Change Request Analysis and Approval
The submission, analysis and approval of the change request shall comply with the relevant process
provisions, as set forth in XXX <<Defect Management System>> and XXX<<Change Control
Procedure>>.
6.3 Contact User and Administrator
 Approved change requests affecting the released software product shall be determined and
identified;
 If necessary, users and regulatory managers shall be informed of any problems in the
released software product and the consequences of continued use without change.
6.4 Software Cybersecurity Maintenance Plan
Cybersecurity routine updates and patches for the anti-virus software built with the Windows 10 OS
are planned. Before implementation, risk assessment shall be conducted and reveal such updates
and patches for the XXX product introduce no exposure to other risks.
In addition, vulnerability information including other OTS software in the CBOM is monitored and
collected to future analyze if cybersecurity updates or patches is needed to maintain cybersecurity
of the XXX product.

Necessary actions will be need to timely implement to reduce potential adverse impact to patients,
and ensure that risks inherent in remediation are properly mitigated and that the remediation is
adequate and validated. Appropriate software validation shall be conducted under 21 CFR 820.30(g)
& MDCG 2019-16 to assure that any implemented remediation effectively mitigates the target
vulnerability without unintentionally creating exposure to other risks.
Along with regular cybersecurity risk reassessment, opportunities need to be proactively sought to
reduce cybersecurity risks even when residual risk is acceptable. Changes made for vulnerabilities
of controlled risk are generally considered device enhancements, not recalls. Cybersecurity routine
updates and patches are generally considered a type of device enhancement.

All rights reserved. No reproduction without permission! Page 11 of 11


Document No:
Revision:

The document named as XXX product Cybersecurity Risk Management is planned to cover above
issues.

All rights reserved. No reproduction without permission! Page 12 of 11

You might also like