LEGO maturity & capability model

Abstract of The LEGO maturity & capability model approach: “Maturity model (MM) (based on Crosby’s original idea) has been one of the main buzzwords over the past 20 years. A variety of MMs have been created in several application domains, from Software Engineering to Contract Management. Despite several models intending to cover the same domain, their PRMs (Process Reference Models) typically have different scopes, do not always cover the same set of processes, or have different levels of depth, or do not express the same level of granularity when describing concepts. Thus some important questions from the MM users’ viewpoint arise: how to choose the right models for our needs? After selecting those models, how to build a new, tailored MM based on several sources and customized to a specific domain? This paper motivates these important questions and proposes a way to choose, combine and adapt the contents from multiple MMs within a generic-domain approach we call ‘LEGO’ (Living EnGineering prOcess), based upon the well-known kids’ toy that stimulates creativity through combining different bricks. We present three case studies, one of them based upon the development of the Medi SPICE model, illustrating how the proposed approach may be used to develop MCM (Maturity & Capabilty Models) in this context.”

Risk management capability model

Abstract of Risk management capability model for the development of medical device software: “Failure of medical device (MD) software can have potentially catastrophic effects, leading to injury of patients or even death. Therefore, regulators penalise MD manufacturers who do not demonstrate that sufficient attention is devoted to the areas of hazard analysis and risk management (RM) throughout the software lifecycle. This paper has two main objectives. The first objective is to compare how thorough current MD regulations are with relation to the Capability Maturity Model Integration (CMMI®) in specifying what RM practices MD companies should adopt when developing software. The second objective is to present a Risk Management Capability Model (RMCM) for the MD software industry, which is geared towards improving software quality, safety and reliability. Our analysis indicates that 42 RM sub-practices would have to be performed in order to satisfy MD regulations and that only an additional 8 sub-practices would be required in order to satisfy all the CMMI® level 1 requirements. Additionally, MD companies satisfying the CMMI® goals of the RM process area by performing the CMMI® RM practices will not meet the requirements of the MD software RM regulations as an additional 20 MD-specific sub-practices have to be added to meet the objectives of RMCM.

Value-added medical-device risk management

Abstract from Value-added medical-device risk management: “The assessment of overall residual risk is the primary objective of performing risk-management activities and is required by ISO 14971:2000-Application of Risk Management to Medical Devices. Despite this requirement, much confusion remains among medical-device manufacturers and the various regulatory-approval bodies as to what is required. Today, many medical-device manufacturers do not formally address the subject. This paper will address the following questions: 1) What is overall residual risk? 2) Why is overall residual risk the most important measure of safety throughout the product life cycle? 3) How can overall residual risk be estimated? 4) What is an acceptable level of overall residual risk? 5) How can the concept of overall residual risk be used to manage safety after the product has been released? This paper will provide practical ideas that will allow medical-device manufacturers to begin assessing the overall residual risk of their products, and may also be helpful to regulatory bodies in formulating and communicating a consistent set of expectations. The concepts developed in the paper should be applicable to evaluating the safety of a wide variety of products as well.”

Themes in medical device risk management

I ran a quick search of Google Scholar for papers which have the terms ‘medical device’ and ‘risk’ in their title. The themes that emerge are shown in the figure below. I wonder if any of these are of interest to ‘A’ who is struggling to focus her research.

Notes
Human factors including practitioners’ knowledge of device safety considerations.

The clinical setting includes risk profiling and assurance supported by use of a risk assessment tool such as Medical Device Risk Assessment (MeDRa).

Models and methods include Bayesian network model, FMEA, fault tree analysis and HACCP (Hazard Analysis and Critical Control Points).