Imagine working on a new SaMD project, perhaps an image analysis tool or a companion app for a blood glucose monitor. Software development is progressing nicely, and you will soon submit to a notified body for approval.
Are you panicking about the mountain of work required to prepare the technical file, dreading the hours you will spend chasing software developers for documentation and evidence that they have followed the software development process. Did they even follow the development process? The medical device and the company’s success depends on prompt approval, but this could be a painful 6 months.
Alternatively, you could be in a scenario where the technical file has been automatically updated with evidence after every (reviewed and approved) software change. Developers have been notified if a software process step has been missed, ensuring no deviation. It should take less than a week to finish preparing the submission for the notified body.
A Developer-First Approach to Compliance
Coauthor recognises the historical divide between compliance and software developers, often likened to oil and water. To bridge this gap, Coauthor takes a developer-first approach, fully integrating with GitHub. Through comments and Pull Request checks, it highlights policy violations to developers in real-time, ensuring immediate compliance feedback.
Early Adoption Produces Better Results
Traditionally, compliance processes have been carried out at the end of the development lifecycle, leading to increased costs, delays, and more work for the developer. But in an attempt to improve their software development, finance companies have recently taken a different approach. These developers have begun incorporating compliance into the early stages of development and it has proven to be a game-changer – resulting in faster product releases and enhanced developer productivity. Coauthor takes this lessons learned from agile practices of DevOps and Continuous Delivery in the Finance Industry and applies them to IEC 62304.
Embracing Shift-Left Compliance
The key enabler of continuous compliance within financial companies has been the ‘Shift-Left’ concept. Tasks that traditionally took place in the ‘last mile’ after software development was completed (e.g. infrastructure setup, security review, audit, software composition analysis, performance testing, and change control review), are shifted-left to inside the software development v-model and are included in the definition of done for a User Story.
From the very inception of a SaMD project, the Coauthor tool can ensure its compliance throughout the development lifecycle. This significantly reduces the time required by regulatory affairs teams to prepare submissions for notified bodies, cutting down from months to weeks or even mere days. Additionally, Coauthor aids in submission preparations by automatically gathering evidence from software development tools.
Continuous Compliance
Coauthor continually monitors your Software Development tools and technical file for compliance issues against IEC 62304 and highlights them in real-time to the software development team or QA/RA manager.
With Continuous Compliance there are no nasty surprises when preparing a submission to a notified body, your project can be compliant from day one and every change made to your software will automatically have supporting evidence or documentation added to the technical file. If the evidence or documentation isn’t available, then Coauthor will alert the person responsible and can even block the software change until the missing elements are included to avoid the build-up of regulatory debt.
Visit https://www.coauthor.app/ or book a 45-minute tour to learn how Coauthor can ease the pain of an ISO/IEC 62304 compliant software development process.