Medical and Healthcare
In medical devices software plays a significant role and software quality and risk management are essential in order to develop safe software. Medical devices are expected to be developed with good engineering practices and all companies active in the medical device market must ensure the highest quality of software development.
The IEC/ISO 62304
standard defines a risk and quality driven software development process for the development of medical devices. IEC/ISO 62304 indicates the need for rigorous testing, acceptance criteria, and traceability. Performing this requirements without suitable tools is impossible.
Software testing tools including dynamic analysis, code coverage
, and static analysis tools
, are part of good software engineering practice and help medical device manufacturers achieve safe and reliable software.
The ability to support and enhance testing and acceptance processes and the analysis of SOUP (Software of unknown/uncertain pedigree/provenance), means better quality, safety, and security for medical software.
Section 5.5.2 of IEC 62304 requires a software unit verification process:
The MANUFACTURER shall establish strategies, methods and procedures for verifying each SOFTWARE UNIT.
Section 5.5.3 requires:
The MANUFACTURER shall establish acceptance criteria for SOFTWARE UNITS prior to integration into larger SOFTWARE ITEMS as appropriate, and ensure that SOFTWARE UNITS meet acceptance criteria ... does the software code conform to programming procedures or coding standards?
Section 5.5.4 provides additional software unit acceptance criteria including
- proper event sequence;
- data and control flow;
- planned resource allocation;
- fault handling (error definition, isolation, and recovery);
- initialisation of variables;
- memory management and memory overflows; and
- boundary conditions.
Many of these acceptance criteria are well suited to static code analysis.
is a Static Code Analysis Tool which is specifically designed for zero-tolerance defect environments.
CodeSonar can make a significant contribution to IEC 62304 activities.
Sophisticated analyses provide multiple points of leverage for verification and reverification.
With its advanced static analysis engine, CodeSonar is one of the most effective tools for eliminating the most costly and hard-to-find software defects early in the application development lifecycle.
GrammaTech CodeSonar performs whole-program, interprocedural analysis on C and C++ source code, identifying programming bugs that can result in system crashes, memory corruption, and other serious problems. CodeSonar finds bugs automatically.
In addition GrammaTech CodeSonar supports many coding standards
In fact, the case for static analysis is so strong, the FDA has used GrammaTech CodeSonar to analyze medical device software
to evaluate the quality of the source code following a series of infusion pump failures.
Companies and organisations like FDA, Philips, Toshiba, Varian and many others rely on GrammaTech CodeSonar to perform static code analysis in IEC 62304 projects
is a tool to understand, document and improve complex, third party or legacy source code in C, C++ and Java. It automates the analysis of control flow and dependencies.
With Imagix 4D you increase productivity, improve quality, and reduce risk.
analyses for the most important metrics like Lines-of-code Metrics (LOC), Halstead-Metrics, McCabe Cyclomatic Number v(G), Maintainability Index and Max ND / Maximum Nesting Depth. The tool is very easy to use, extremely fast and analyses even very large code bases.
Meet the Code Coverage Requirements for Medical Devices with Testwell CTC++ Test Coverage Analyser
Good quality of your software development can not be achieved without dynamic code analysis. When doing dynamic analysis it is important to make sure that all parts of safety and/or security critical code are tested.
Although code coverage is not mandatory according to IEC 62304 (Version 1.1), the standard recommends in the non-normative section, that you increase the code coverage.
The „Guidance Document“ of the U.S. Food and Drug Administration (FDA) states: "Measures such as […] testing coverage […] are all used to develop an acceptable level of confidence before shipping the product. […] [Decision Coverage] is considered to be a minimum level of coverage for most software products, but decision coverage alone is insufficient for high-integrity applications."
Test Coverage Analyser makes the analysis of the Code Coverage easy. The tool shows all code coverage levels required by the FDA. The outputs of Testwell CTC++ can be stored in text or XML formats and transformed in clear and easy to understand HTML or JSON reports.
Testwell CTC++ shows Statement Coverage, Decision/Condition Coverage, Modified Condition Decision Structural Coverage (MC/DC) and even Multiple Condition Coverage.
Testwell CTC++ has a very low instrumentation overhead. It can be used with all compilers
and all embedded targets
- even for very small ones.
Testwell CTC++ maked code coverage an easy activity.
The tool is widely used in safety critical projects. The Tool Qualification Kit for Testwell CTC++
makes the qualification of Testwell CTC++ within your projects easy and helps to certify your products.
Learn more about Testwell CTC++
Developers and managers of safety critical software need best knowledge in order to provide excellent software.
Verifysoft supports you with seminars and workshops
Hundreds of Companies and Organisations enhance their Software Quality with Verifysoft's Testing Solutions
Verifysoft's Testing solutions have proven success in safety and security critical software development within the medical sector. Our satisfied customers include:
Angel Med (USA)
Carl Zeiss Meditec (Germany)
Cook Medical (Australia)
General Electrics Healthcare
IRCAD Strasbourg (France)
MAQUET Cardipulmonary AG
Medela AG Switzerland
Monteris Medical (Canada)
OD-OS GmbH (Germany)
Roche Diabetes Care
Software & Systeme GmbH Erfurt
Read here what Customers say about Testwell CTC++ Test Coverage Analyser
"We chose Testwell CTC++ in order to aid us in the unit tests and verification. (...) One of the biggest challenges that we had was the limited memory in our systems. Testwell CTC++ required a very small footprint for its instrumentation and the Host target add-on makes integrations to any system easy. The important point here is that we don’t have any restrictions with compilers, IDEs or debug tools. We are able to use Testwell CTC++ without changing our development process drastically. The reports are presented in HTML. They are simple and intuitive to read and understand. It makes it easier for the management to visualize the results and to understand what has been done. It is easier to browse through each module separately and browse annotated code which makes the whole process simpler. These reports will be submitted to regulatory authorities as a part of testing and verification data.
Testwell CTC++ was easy to setup. We were able to set up everything and obtain the coverage report within a day. "
>Read full Customer Testimonial here
Harin de Silva, Managing / Technical Director
ISD Ltd, Sri Lanka
"We use Testwell CTC++ to detect the code coverage of the embedded software of our medical products on unit-testing level.
Testwell CTC++ could be integrated very well in our build-environment and delivers since then fast and reliably the desired information.
The support with possible questions was fast and always able to be of assistance.
We could recommend Testwell CTC++ without any restrictions."
Heiko Schmidt, Software Team Manager
MAQUET Cardiopulmonary AG Rastatt, Germany
"We are implementing test automation on project with fifteen-year-old legacy code which must meet US FDA software standards. Evaluation of test coverage based on functional specification ("requirements-based testing") is inadequate in this situation. Testwell CTC++ allows us to run many test suites and identify those logic paths which are not covered.
Testwell CTC++ is an excellent product."
Robert Evans, Software Development Engineer
Siemens Medical Diagnostics, USA
We are developing software for embedded systems (computer language C) and in safety critical areas (medical engineering). Especially in this environment there are high demands concerning the quality of the software (IEC 62304).
By the use of Testwell CMT++ we are able to supervise the software quality from the outset as we seek boundaries for different code-metrics (McCabe Complexity, Lines of Code, estimated Number of Bugs…). Thanks to this we have the ability to keep the complexity of the program code low, to spread the complexity purposeful and therefore reduce the programming errors previously.
Testwell CMT++ is a very useful tool which helps to support the daily software development due to his easy to use interface. The tool also offers us the possibility to analyze complex third party code within one minute. So we can make a first assessment about the complexity, software quality and critical areas within the code.
Rene Uhlig, Software developer
TETRA GmbH, Ilmenau (Germany)