Update of Product Lifecycle Processes: Compliance Meets Modern Toolchain

Industry / Customer

Supplier of active medical devices for diagnostic imaging

Initial situation / Challenge

Updating normative requirements in the area of product and, in particular, software lifecycle processes, as well as integrating safety and security risk management, necessitated a comprehensive modernization of the company's processes. The goal was to combine these adjustments with a modern toolchain in order to achieve a higher degree of digitalization. This was intended to reduce the workload on employees while efficiently meeting increased regulatory requirements.

Consulting objectives

While ensuring regulatory compliance—i.e., compliance with all relevant legal and normative requirements—the aim was to create a lean, efficient process framework. This was intended to support employees rather than burden them with excessive documentation requirements. When selecting and introducing new tools, the focus was on cost-effectiveness, future viability, and the reduction of media breaks.

Consulting services from SEQLY

The project began with a concept phase in which the existing product and software lifecycle processes and the tools used were analyzed. Based on this, we developed a new process and documentation concept.In the next step, we discussed the introduction of a requirements and test management tool to significantly reduce effort and sources of error in development. In addition, options for tools in the area of product security and cybersecurity were examined, including solutions for SBOM management & vulnerability intelligence, threat modeling, static application security testing, and software composition analysis.For economic reasons, the customer decided to introduce a requirements & test management tool and a tool for SBOM management & vulnerability intelligence.During the implementation phase, the processes were adapted so that the tools could be used in their standard configuration – without time-consuming customization. Parallel to the implementation, validation, and training of the tools, the product and software lifecycle processes as well as the associated safety and security risk management processes were revised. Training and support for the next recertification audit rounded off the project.

Results / Added value

The company now has up-to-date, regulatory-compliant, and efficient lifecycle processes, modern risk management, and a powerful toolchain. This enables it to reliably meet increased regulatory requirements and relieve employees of repetitive tasks.

Lessons Learned

A key topic of discussion was the compatibility of agile software development with the requirements of EN 62304 and EN IEC 81001-5-1, which stipulate a V-model. Agility is also possible in medical technology, but should primarily take place in the implementation phase – between software architecture and integration. Caution is advised in requirements engineering and system verification so as not to lose sight of the extensive regulatory requirements.

Next steps/follow-up projects

Following successful implementation, the expected synergies and cost reductions must now be demonstrated. If the results are positive, the introduction of additional tools could further advance digitalization and enable additional efficiency gains.