Agile Development in Regulated Environments Example: Medical Devices – Waterfall Lifecyle Model

In an earlier post, I noted that I would be using the FDA CFR 21 820.30 regulations as our example “stalking horse” to try to develop a reasonable and  logical way of conforming agile development to these, and similar regulatory standards that are prevalent in high assurance software development industries. By way of context and example, here’s the regulatory tree that drives the medical device industry in the US.

FDA CFR21 820.30 Regulatory Tree

The heart of the matter here is CFR21, Part 820.30 Subpart C, Design Controls, and expectations for meeting these regulations are elaborated in the much larger documents on the right. But since the document highlighted on the left is really the legal document, (and it is remarkably short), we’ll first analyze that to understand what we are legally obligated to achieve in this regulated software process.  This regulatory document can be found online here.

It’s objective is:

“a)General. (1) Each manufacturer of any ……(device), shall establish and maintain procedures to control the design of the device in order to ensure that specified design requirements are met.”

It goes on to describe the various lifecycle activities, and the work that has to be done in each . I’ve captured the highlights in the table below.

Summary Table of CFR21 820.30 Design Controls

If we look at this pictorially, and perhaps with the implied waterfall that one tends to naturally infer, you get the following picture.

Graphical View of CFR 21 820.30

If we use the shorthand we provided in the table above for the development activities, then you get the following picture:

Software development lifecycle view as implied by CFR21 820.30

Wow, that sure looks familiar, and somehow, not very agile, does it? Does it have to be that way. NO. That’s the subject of the next post.


4 thoughts on “Agile Development in Regulated Environments Example: Medical Devices – Waterfall Lifecyle Model

  1. I am definately interested in seeing how the “Agile” development lifecycle can translate to meet the lifecycle activites defined in your last diagram here. Please subscribe me to the blog.

    I am also very interested in any case studies where what you do propose to meet the FDA compliance issues has actually been reviewed in an audit by an FDA equivalent governing body.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s