The CSC Team develops software applications for routine clinical usage. This includes Software as a Medical Device (SaMD). The development of medical software requires extra safety considerations above normal software development, particularly around clinical and patient safety, data security, usability, and managing changes.
The CSC Team provides both software and clinical expertise across a broad range of hospital settings. We are embedded within Guy’s & St Thomas’ NHS Foundation Trust, which gives us direct access to clinical databases including PACS, CRIS and EPR.
The CSC team develops medical software within a quality management system (QMS) that is ISO 13485:2016 compliant.
The scope of our ISO 13485 certificate is as follows:
The design and manufacture of software medical devices that use machine learning to perform inference on images for the purpose of diagnosis. The design and manufacture of software medical devices that use machine learning to perform inference on non-image-based data.
All devices will only be used within the Guys & St Thomas’s NHS Foundation Trust.
The scope of this certificate is limited to the quality management system and does not make any claims about the conformity of the products generated by the quality management system to regulatory requirements.
We have gained ISO13485:2016 certification for our QMS from the UK Certification body Scarlet in 2022.
The QMS sits within the GSTT Medical Physics Department and utilises key departmental processes and resources for audits, management review, HR, and purchasing. It incorporates all aspects of the standards and regulations listed on the page below, as relevant to the scope.
The following software and packages are validated for use for projects under this QMS:
See our blog series on our journey to building a certified Quality Management System (in progress).
|Quality Management Officer||Allocate resources for software development|
|Quality Representatives||Training, document control, expertise in the QMS|
|Development Lead||CSC lead on a project, responsible for software development, document generation and project management|
|Clinical Safety Officer||Responsibility for Clinical Risk Management Activities for a project|
|>||ISO 13485:2016 compliant||Regular internal audits by certified Quality manager|
|>||GitHub Based||Developer friendly, accessible, version controlled|
|>||Automated Document generation||minimises developer workload for document generation on subsequent releases|
|>||To be made open source||SOP and record templates to be made available|
|>||Annual External Audit||Maintains compliance|
UK-MDR 2002 is the current applicable regulation for medical devices within the UK. It encodes MDR 2002 into law, with requirements for companies to have a uk-based responsible person. UK MDR 2002 is applicable to applications developed by the CSC as they will be deployed into clinical use. The software we build includes AI applications that we intend to deploy on the AIDE platform, or as stand alone medical devices.
Although the CSC does not initially intend to put the software we create onto the UK market, we still work within a quality management system that is ISO 13485:2016 compliant to ensure best practises when developing SaMD.
The main standard required for CE/UKAS marking and by UK DMR 2002
This standard provide a framework for developing medical software, which relies on working within a ISO 13485 quality management system.
Key points include:
- Maintaining good traceability of meeting customer requirements
- Enforcing clinical safety
- Classification of the software (A/B/C)
- Modularity for verification/unit testing
- Change management