Building Software as a Medical Device (SaMD)
We build medical software for clinical deployment at Guy's & St Thomas' NHS Foundation Trust
The CSC Team develops software applications for routine clinical usage. This includes Software as a Medical Device (SaMD). The development of medical software requires extra safety considerations above normal software development, particularly around clinical and patient safety, data security, usability, and managing changes.
The CSC Team provides both software and clinical expertise across a broad range of hospital settings. We are embedded within Guy’s & St Thomas’ NHS Foundation Trust, which gives us direct access to clinical databases including PACS, CRIS and EPR.
The Software Building Process
The CSC Quality Management System
The CSC team develops medical software within a quality management system (QMS) that is ISO 13485:2016 compliant.
The scope of our ISO 13485 certificate is as follows:
The design and manufacture of software medical devices that use machine learning to perform inference on images for the purpose of diagnosis. The design and manufacture of software medical devices that use machine learning to perform inference on non-image-based data.
All devices will only be used within the Guys & St Thomas’s NHS Foundation Trust.
The scope of this certificate is limited to the quality management system and does not make any claims about the conformity of the products generated by the quality management system to regulatory requirements.
We have gained ISO13485:2016 certification for our QMS from a notified body in 2022.
The QMS sits within the GSTT Medical Physics Department and utilises key departmental processes and resources for audits, management review, HR, and purchasing. It incorporates all aspects of the standards and regulations listed on the page below, as relevant to the scope.
The following software and packages are validated for use for projects under this QMS:
- XNAT
- MONAI
- MLOps
See our blog series on our journey to building a certified Quality Management System (in progress).
Key Roles
| Quality Management Officer | Allocate resources for software development | |
| Quality Representatives | Training, document control, expertise in the QMS | |
| Development Lead | CSC lead on a project, responsible for software development, document generation and project management | |
| Clinical Safety Officer | Responsibility for Clinical Risk Management Activities for a project |
Key Features
| > | ISO 13485:2016 compliant | Regular internal audits by certified Quality manager | ||
| > | GitHub Based | Developer friendly, accessible, version controlled | ||
| > | Automated Document generation | minimises developer workload for document generation on subsequent releases | ||
| > | To be made open source | SOP and record templates to be made available | ||
| > | Annual External Audit | Maintains compliance |
Regulations and Standards
UK MDR 2002 – UK Medical Device Regulations
Link to Document – UK MDR 2002
UK-MDR 2002 is the current applicable regulation for medical devices within the UK. It encodes MDR 2002 into law, with requirements for companies to have a uk-based responsible person. UK MDR 2002 is applicable to applications developed by the CSC as they will be deployed into clinical use. The software we build includes AI applications that we intend to deploy on the AIDE platform, or as stand alone medical devices.
Although the CSC does not initially intend to put the software we create onto the UK market, we still work within a quality management system that is ISO 13485:2016 compliant to ensure best practises when developing SaMD.
ISO 13485 : 2016 – Quality management system for medical software development
Link to Document – ISO 13485 : 2016
The main standard required for CE/UKAS marking and by UK DMR 2002
BS EN 62304 : 2006 – Medical Device Software, Software lifecycles processes
Link to Document – BS EN 62304 : 2006
This standard provide a framework for developing medical software, which relies on working within a ISO 13485 quality management system.
Key points include:
- Maintaining good traceability of meeting customer requirements
- Enforcing clinical safety
- Classification of the software (A/B/C)
- Modularity for verification/unit testing
- Change management
BS EN 62366-1 : 2015 – Application of usability engineering to medical devices
Link to Document – BS EN 62366-1 : 2015
DCB 0129 – Clinical Risk Management: its Application in the Manufacture of Health IT Systems
Link to Document – DCB 0129
DCB 0160 – Clinical Risk Management: its Application in the Deployment and Use of Health IT Systems
Link to Document – DCB 0160