Slides from April 2014 Meeting

Software Quality

Evolving Trends and Challenges in the Automotive Industry as Informed by the Medical Device Industry

April 17, 2014

Prepared by:
Freda Behm, Martin Palczynski

Agenda

• Introductions

• Pre-Dinner Presentation: HERE Overview and Automotive Future

• Post-Dinner Presentation: Automotive – Medical Device QMS Comparison

2

Freda Behm, ASQ CQA

  • AB in Zoology-UNC-CH
  • MBA in Finance- DePaul
  • Graduate Certificate in Regulatory and Quality Compliance- Purdue
  • 30+ years in FDA Regulated Industry:
    -14 years as parapathologist, inventory controller, scheduler, production planner, international sourcing program manager, and…
    -18 years in FDA Regulated Industry Software Quality– tech writer, auditor, validation consultant, validation manager/team lead, compliance representative, regulatory representative.
    Established Cobb Associates Inc, in 2004.
  • EmployeeorConsultant
  • Companies served include Abbott, Takeda, Lilly, GE Healthcare Surgery, GE Healthcare, Gilead,

    Taratec/Patni/iGate, Pharmtec, and RVC Consultants

  • Environments include IND, GLP, GMP, GCP, 21 CFR Part 820 (QSR), 21 CFR Part 11 (ER/ES), ICH, Eudralex, and an industry standard, GAMP

3

Marty Palczynski

  • Lead Quality Specialist @ HERE, a Nokia Company
  • 24 years of software industry experience
  • 14 years of software quality experience
  • ASQ CSQE, CQE, CQA, CSSGB and previously held a PMI PMP
  • Companies
    • Motorola(Automotive,CellularInfrastructure,CellularHandsets) • RockwellAutomation(IndustrialControls)

• HERE (Map Data and Navigation Services)

4

Pre-Meeting Clinic

6

http:\\www.here.com

Do You Use Any of These?

7

Personal Navigation Device (PND)

Phones Tablet Computer In-car dashboard

HERE Background

HERE, a Nokia business, builds and delivers location experiences for:

• mobile products
• personal navigation industry • automotive market

Focusing on content and services to complement hardware and software with “smart” location data

8

The Leading Location Content Company in the Industry

EVERY

COUNTRY ON THE PLANET

77%

OF THE WORLD POPULATION AUTO GRADE

113X

THE DISTANCE BETWEEN EARTH AND THE MOON

41

COUNTRIES REAL TIME TRAFFIC

800

CITIES PUBLIC TRANSIT

461

CITIES NATURAL GUIDANCE

~75K

BUILDINGS IN 69 COUNTRIES

70M 195K 291M 28.9K

PLACES OFF-STREET POINT 3D PARKING ADDRESSES LANDMARKS

FACILITIES IN 122 COUNTRIES

80K

LOCAL SOURCES

2.7M

MAP CHANGES PER DAY

30B

PROBES PER MONTH

9

Source: Q1’14

HERE True 2.0

  • High-quality, Accurate Imaging, 3D and positioning data to support product creation and automation processes
  • Modular system provides for simplified deployment and operation world-wide
  • Extensible design facilitates future reality capture needs

Courtesy: Dustin Switters, NW Region Field Collection

0

Top ranked US in-dash navigation systems by J.D. Power

Rank

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

Vehicle Model

Dodge Charger

Porsche Cayenne

Chrysler 300 Series

Ford Taurus

Ford Mustang

Infiniti M37

Chrysler 200 Sedan

Ford Fusion

Ford F-150 LD

Jeep Grand Cherokee – Garmin

Hyundai Sonata

Acura TL

Acura TSX

Infiniti FX-Series

Lexus IS 250/IS 350/IS-F

Infiniti G-Series

Jeep Wrangler – Garmin

Lexus RX 350

Acura MDX

Lexus GX 460

Map

Rank Vehicle Model Map

2 Chrysler 300 Series

4 Porsche Cayenne

6 Infiniti G

8 Acura TL

10 Lexus GS

12 Ford Fusion

14 Nissan Sentra

16 Jeep Grand Cherokee – Garmin

18 Nissan Altima Sedan

1

Dodge Charger

3

Dodge Dart

5

Dodge Durango – Garmin

7

Chevrolet Camaro

9

Chevrolet Malibu

11

Nissan Pathfinder

13

Nissan Murano

15

Lincoln MKZ

17

Lexus RX

19

Chrysler 200 – Harman

11

20 BMW 5-Series

Source: J.D. Power │ 2012 & 2013 Navigation Usage and Satisfaction Study

The Largest, Most Highly Trained Cartography Team on the Planet

12

Source: HERE Q1’14

1,100+ Geographic Analysts, 203 Offices in 54 countries, >300 vehicles

Why is Quality Critical to HERE?

http://www.topclassactions.com/lawsuit- settlements/lawsuit-news/4808-class- action-lawsuit-targets-faulty-bmw- navigation-system/

13

What does the future hold?

Highly Automated Driving – Autonomous Driving

• Navigatingwithouthumanintervention
• Capable of sensing its environment with techniques such as:

  • Radar
  • Lidar
  • GPS
  • Computer Vision

    • Navigationperformedwith:

  • On-board sensors
  • On-board data
  • Cloud data
  • Electronic Control systems

    * per Wikipedia (https://en.wikipedia.org/wiki/Autonomous_car) 15

Who is investing in HAD?

  • Mercedes-Benz
  • General Motors
  • Continental Automotive Systems
  • Autoliv Inc.
  • Bosch
  • Nissan
  • Toyota
  • Audi
  • Vislab from University of

    Parma

  • Oxford University
  • Google

16

* Per Wikipedia (https://en.wikipedia.org/wiki/Autonomous_car)

Autonomous Driving Classification

In the United States, the National Highway Traffic Safety Administration (NHTSA) has established an official classification system:

Level 0: The driver completely controls the vehicle at all times.
Level 1: Individual vehicle controls are automated, such as electronic stability control or automatic

braking.

Level 2: At least two controls can be automated in unison, such as adaptive cruise control in combination with lane keeping.

Level 3: The driver can fully cede control of all safety-critical functions in certain conditions. The car senses when conditions require the driver to retake control and provides a “sufficiently comfortable transition time” for the driver to do so.

Level 4: The vehicle performs all safety-critical functions for the entire trip, with the driver not expected to control the vehicle at any time. As this vehicle would control all functions from start to stop, including all parking functions, it could include unoccupied cars.

* “U.S. Department of Transportation Releases Policy on Automated Vehicle Development”. National Highway Traffic Safety Administration. 30 May 2013. Retrieved 18 December 2013.

17

Volvo Video

18

Demolition Man Video

19

Thank you

Main Presentation – Comparison

Topic Recap

The automotive industry is moving into autonomous driving

Autonomous driving is where the car can navigate without human intervention and has dependencies on:

  • Sensor systems
  • Cloud Services
  • Map Data
  • Navigation algorithms
  • Control Systems

22

Automotive Liability

GM Ignition Switch Recall

  • 13 deaths
  • several hundred complaints of keys coming out of ignitions

    The Effects or possible outcomes

  • 2.6 Million Cars recalled
  • $1.6 Billion Impact
  • Congressional Investigation
  • Civil Liability
  • Criminal Charges
  • Employee Suspensions

    * From Articles on http://www.mlive.com

23

Accident Responsibility

Who will have responsibility for Accidents? • Automotive OEMs?
• Suppliers?

• •

Component Provides Map Data Providers

Automotive Dealers?

24

Applicable Standards

Medical Device

• ISO 13485

  • 21 CFR Part 11
  • 21 CFR Part 820

    -Since 1938, principal statutorily authorized sanctions: criminal prosecution of individuals and firms guilty of prohibited acts, injunction against acts, seizure of adulterated/misbranded goods.

    – Informal first: publicity, recalls, regulatory letters.

Automotive

• ISO 9001:2008 • TS 16949:2009 • A-SPICE
• CMMI

• ISO 12207 • ISO 15497

25

Management Responsibility – Key Requirements

• Managementwithexecutiveresponsibilityshall:

  • establish Quality Policy, objectives for and commitment to Policy,
  • ensure Policy is understood, implemented and maintained at all levels,
  • appoint a Management Representative.

• ManagementRepresentativeshall:

• •

• •

be a member of management,

have established authority over and responsibility for: – QMS, its establishment and maintenance
– reporting performance of the QMS to executive

Management (including Management Review)

-Quality planning -Quality system procedures.

Organization shall be constructed to provide:

adequate organizational structure to assure design and production according to Part 820,

responsibility, authority and interrelationship in order to provide independence for those who manage, perform, assess quality,

adequate resources including trained personnel.

26

Management Responsibility – Key Requirements

• •

• • •

• • •

Managementreviews

At defined intervals
Review the suitability & effectiveness of QMS Dates & results to be recorded

Quality planning: How QRS will be met

Quality system procedures: All Quality processes and procedures (SOPs)

Quality audits: audits of all or any parts of the Quality System

Documented training to perform assigned responsibilities

Personnel with necessary education, background, training, and experience

27

Management Responsibility

21 CFR Part 820

TS 16949

TS Rating

Quality System

820.5

Section 4

+

Management Responsibility

820.20

Section 5

Quality Policy

820.20(a)

Section 5.3

=

Organizational Structure

820.20(b)

Responsibility and Authority

820.20(b)-1

Section 5.5

=

Resources

820.20(b)-2

Section 6

=

Management Representative

820.20(b)-3

Section 5.5.2

+

Management Review

820.20(c)

Section 5.6

+

Quality Planning

820.20(d)

Section 5.4

=

Quality System Procedures

820.20(e)

Section 4.0

+

Quality Audits

820.22

Section 8.2.2

=

Trained and Experienced Personnel

820.25

Section 6.2.2.2

=

28

Management Responsibility Difference

Medical Device

• Organizational Structure: Requires that sufficient organization structure is in place for the creation of the product.

HERE – Automotive

Management Reviews Inputs are specified:

  • Changes to the QMS
  • Audit Results
  • Process Performance
  • Product Conformity
  • Cost of Quality
  • Potential and actual field failures

    Process Approach: Requires that a process approach is taken and that the system can be described as the interaction of a set of processes.

29

Quality System Requirements

21 CFR Part 820

TS 16949

Overall TS Rating

Management Responsibility

820.5, 820.20, 820.25

Sections 4, 5, 6

+

30

Document Control – Key Requirements

  • Manufacturer shall designate an individual(s) to approve, prior to issuance, all documents required by Part 820.
  • Documentsmustbesignedanddatedbytheapproverbeforebeing issued.
  • Documents must be available at all locations where designated, used, or otherwise necessary.
  • Obsolete documents must be removed from all points of use or otherwise prevented from unintended use.

31

Document Control – Key Requirements

  • Document changes will be approved by the functions that approved the original document.
  • Approved changes will be communicated in a timely manner… to allow training and meet the effective date.
  • A Document History is maintained and contains: – date of change
    – location of the change (section, not page)
    – description of change

    – signature of person making the change.

32

Document Control

21 CFR Part 820

TS 16949

TS Rating

Documented procedure

820.40

Section 4.2.3

=

Designate approvers

820.40

Section 4.2.3

=

Approval required before issuance

820.40

Section 4.2.3

=

Availability at point of use

820.40

Section 4.2.3

=

Obsolete documents removed

820.40

Section 4.2.3

=

Changes approved

820.40

Section 4.2.3

=

Changes Communicated

820.40

Document History

820.40

Section 4.2.3

=

33

Document Control Differences

Medical Device

• Changes Communicated
• Required to communicate changes to

personnel that are affected by the change.

• 33 procedures required by Part 820 are required to be documented.

HERE – Automotive

TS requires 7 documented procedures

34

Quality System Requirements

21 CFR Part 820

TS 16949

Overall TS Rating

Management Responsibility

820.5, 820.20, 820.25

Sections 4, 5, 6

+

Document Control

820.40

Section 4.2.3

35

Design Controls – Key Requirements

Design and Development Planning

  • Must have a plan that describes the activities to be engaged and, for software, must have stated acceptance criteria.
  • Design and Development for software must include interfaces: -other software

    -networks -servers
    -backup systems

  • Design and Development plan is a Quality System Record and must meet record requirements – review, approvals, retention, etc.
  • Can be updated, with proper document change control, as design & development progresses.

36

Design Controls – Key Requirements

Design Input

  • Stated requirements are key to the project.
  • What must the user have in the system or data for its intended use? (Remember to include regulatory requirements.)
  • Requirements are Quality Records. Design Output/Design Review
  • Not as clear a correlation re: software. One output would be the functional/UAT test scripts which contain acceptance criteria. These test scripts are Quality Records.
  • Clearer correlation is with hardware, interfaces and overall system design which together have a formal Design Review that is a Quality Record.

37

Design Controls – Key Requirements

Design Verification

  • Testing of functional and user requirements to demonstrate that the system functions in accordance with its intended use as specified.
  • Formal testing that requires objective evidence and a summary report.
  • Formal testing creates Quality Records including Executed Test Scripts and a Testing Summary.

    Design Validation

  • Confirmation by examination and provision of objective evidence that the particular requirements for a specific intended use can be consistently fulfilled.
  • For device production, this means that initial lots or batches conform to defined user needs and intended uses when tested.
  • For software, this means that the validation summary of all validation activities is approved for GO LIVE! by all but QA.

38

Design Controls – Key Requirements

Design transfer

  • Manufacturer’s process for correctly translating a device design into production specifications.
  • Closest is the Software GO LIVE! Plan and maintenance plan along with the actual GO LIVE! Acceptance testing, user scenarios run immediately after GO LIVE!, confirm the usability for intended use.

    Design changes

• Both device production and software must have change control procedures which produce Quality Records.

39

Design Controls – Key Requirements

Device History File (DHF)

  • Required of manufacturers for each type of device.
  • Contains or references the records necessary to demonstrate that the design was developed in accordance with the approved design plan and Part 820 requirements.
  • Similar in concept to the software Validation Summary Report.

40

Design Controls

21 CFR Part 820

TS 16949

TS Rating

Design and Development Planning

820.30(b)

Section 7.3.1

=

Design Input

820.30(c)

Section 7.3.2

=

Design Output

820.30(d)

Section 7.3.3

=

Design Review

820.30(e)

Section 7.3.4

=

Design Verification

820.30(f)

Section 7.3.5

=

Design Validation

820.30(g)

Section 7.3.6

=

Design Transfer

820.30(h)

Design Changes

820.30(i)

Section 7.3.7

=

Design History File

820.30(j), 820.184

41

Design Controls Differences

Medical Device

Design Transfer

• Requires a procedure for transferring the design to manufacturing to ensure correctness.

Design History File

• Specifically calls out a DHF for each device to demonstrate that the design was developed in accordance to the design plan and requirements.

HERE – Automotive

TS standard covers Design and Development, not just Design

Many companies in the technology sector are moving to Agile development methods which has an impact on the approach taken by companies for addressing standards.

Agile is a collaborative methodology that breaks the work into smaller deliverables that are delivered more frequently.

42

Quality System Requirements

21 CFR Part 820

TS 16949

Overall TS Rating

Management Responsibility

820.5, 820.20, 820.25

Sections 4, 5, 6

+

Document Control

820.40

Section 4.2.3

Design Controls

820.30

Section 7

43

Production and Process Controls

For the manufacturing of products, proper controls and systems will be put in place to ensure that the product conforms to the specification. These controls and systems need to be in place for any instance where manufacturing can yield a deviation. These need to include:

  • Documented instructions and SOPs
  • Monitoring and control of process parameters
  • Compliance with standards or codes
  • Processes and Equipment approval
  • Criteria for workmanship

44

Production and Process Controls





Production and process changes

A procedure shall be established and maintained to control changes to the process or production process. Changes will be verified before implementation and these actions will be documented and approved.

Environmental control

A Procedure shall be established to control environmental conditions the may negatively impact the creation of the product. These control systems will be periodically inspected for proper operation. These results will be documented.

Personnel Control

Requirements for the health, cleanliness, personal practices and clothing of personnel that may have contact with the product such that this contact could negatively impact the product.

Containment Control

A procedure shall be established and maintained to prevent contamination by items that could negatively impact the product.

45

Production and Process Controls

• Building
• Building space and condition needs to be sufficient for design activities and perform necessary operations.

• Equipment
• The manufacturer shall ensure that the equipment used for production is properly design, built, installed,

• •

and maintained in order to prevent issues during the manufacturing process. This needs to include: • Maintenance schedule

• Inspection • Adjustment

Manufacturing Material

• A procedure shall be established to ensure that material that may negatively impact the product is removed or quantity controlled. The removal or reduction shall be documented.,

Automated Processes

• Automated processes will be validated before implementation according to established protocols and changes will be re-validated before approval and implementation. These validation will be documented.

46

Production and Process Controls

21 CFR Part 820

TS 16949

TS Rating

Production and Process changes

820.70(b)

Section 7.5.1

=

Environmental control

820.70(c)

Section 6.3

Containment control

820.70(e)

Buildings

820.70(f)

Section 6.4

Equipment

820.70(g)

Section 6.3.1

Manufacturing Materials

820.70(h)

Automated processes

820.70(i)

Section 7.5.2

=

47

Production and Process Controls Difference

Medical Device

This stand have a stronger focus on the control of the factors that may impact the product besides design and general production.

Controls are expected to cover the building, general environment, and materials.

This also includes avoiding contamination of the materials used in manufacturing and the product.

HERE – Automotive

The automotive industry does not provide products that are use in sterile or medical environments. Generally these products are used in harsh and extreme conditions.

48

Quality System Requirements

21 CFR Part 820

TS 16949

Overall TS Rating

Management Responsibility

820.5, 820.20, 820.25

Sections 4, 5, 6

+

Document Control

820.40

Section 4.2.3

Design Controls

820.30

Section 7

Production and Process Controls

820.70

Various

49

Non-Conforming Product

Control of nonconforming product

  • Requires a procedure
  • Control material that is non-conforming
  • Must Identify, document, evaluate, segregate, and dispose of the material
  • Must include the determination of the need for investigation and notification

    Nonconformity review and disposition

  • Procedure to define the review and disposition activities
  • Identify responsibility
  • Document justification for use of Non-conforming product.

50

Non-Conforming Product

21 CFR Part 820

TS 16949

Overall TS Rating

Control of Non-conforming Product

820.90(a)

Section 8.3

=

Nonconformity Review and Disposition

820.90(b)

Section 8.3

=

51

Non-Conforming Product Differences

Medical Device

Segregate the functionality is by disabling the functional though code intervention.

If this can not be accomplished, update the procedure and training and re-conducting training

HERE – Automotive

TS requires the same type of activities and investigation into Non-conforming product.

In the software space, this becomes to some degree easier and more difficult.

Control of software components is managed through configuration management which determines which components are included in a build.

If one software component is bad, an entirely new software package many need to be built.

52

Quality System Requirements

21 CFR Part 820

TS 16949

Overall TS Rating

Management Responsibility

820.5, 820.20, 820.25

Sections 4, 5, 6

+

Document Control

820.40

Section 4.2.3

Design Controls

820.30

Section 7

Production and Process Controls

820.70

Non-Conforming Product

820.90

Section 8.3

=

53

Corrective Action/Preventative Action

  • Establish and maintain procedure
  • Analyze data, records, process assets and apply appropriate statistical methods
  • Investigate Cause
  • Identify Actions
  • Verify/Validate actions (Corrective/Preventative)
  • Implement and record changes
  • Communicate related information
  • Submit relevant information for Management review
  • Document results

54

Corrective Action/Preventative Action

21 CFR Part 820

TS 16949

TS Rating

Corrective Action

820.100

Sections 8.5.2

=

Preventative Action

820.100

Sections 8.5.3

=

Establish and maintain a procedure

820.100(a)

Sections 8.5.2, 8.5.3

=

Records maintained

820.100(b)

Sections 8.5.2, 8.5.3

=

55

Corrective Action/Preventative Action Differences

Medical Device

Notify FDA of reported issues

Conduct post market surveillance; Plan is required to be approved by the FDA.

Potential Recall Negative press

HERE – Automotive

• Automotive OEM expect a formal 8-D analysis that is then reviewed with them

• Supplier may be place on Special Status
• Supplier may be restricted from bidding new

business
• Supplier may have to pay penalties

56

Quality System Requirements

21 CFR Part 820

TS 16949

Overall TS Rating

Management Responsibility

820.5, 820.20, 820.25

Sections 4, 5, 6

+

Document Control

820.40

Section 4.2.2

Design Controls

820.30

Section 7

Production and Process Controls

820.70

Section 7.5

Non-Conforming Product

820.90

Section 8.2

=

Corrective Action/Preventative Action

820.100

Sections 8.5.2, 8.5.3

=

57

Records – Key Requirements

Quality Records

• Extraction from 21 CFR Part 11.1: Records created, modified, maintained, archived, or transmitted under any record requirement set forth in FDA regulations.

General Record Requirements

  • Generally accessible for FDA inspection.
  • Exceptions- Management Review reports, QS audit reports, Vendor/Supplier audit reports.
  • Must be able to be reviewed and copied.
  • Confidential records should be marked.
  • Record retention should be a time period equivalent to the design and expected life of the product, but no less than two years from the date of release for distribution.

58

Records – Key Requirements

Best Practice– Establish a company-wide indisputable date format for Quality Records.

Consider the third day of May:
US would write 5/3/2014
Europe would write 3/5/2014
My personal computer file names or entries: 20140503

Indisputable date 03May2014*

*2-digit day, 3-letter month, 4-digit year

59

Records – Key Requirements

Device Master Record (DMR)

• What is needed to produce, approve, package, install and maintain a device • Contains:

  • Device specifications, drawings, components, component specifications, software specifications
  • Production process specs, equipment specs, production methods, production procedures, production environment specs
  • QA procedures, specs including acceptance criteria and QA equipment to be used
  • Packaging and Labeling specifications including methods and processes used
  • Installation, Maintenance, and Servicing procedures

60

Records

21 CFR Part 820

TS 16949

Device Master Record

820.181

Accessibility

820.180

=

Ability to be reviewed and copied

820.180

= (Implied)

Confidentiality

820.180(a)

=

Retention

820.180(b)

=

[Company wide date format]

Identified Records

Quality System Record

820.186

=

61

Records Differences

Medical Device

Records have strong controls to understand what changes were made, when they were made, and who made them.

HERE – Automotive

While the standards don’t require the same rigor as the medical device space, the OEMs do expect that you have sufficient history within your record to properly analyze failures.

62

Quality System Requirements

21 CFR Part 820

TS 16949

Overall TS Rating

Management Responsibility

820.5, 820.20, 820.25

Sections 4, 5, 6

+

Document Control

820.40

Section 4.2.2

Design Controls

820.30

Section 7

Production and Process Controls

820.70

Section 7.5

Non-Conforming Product

820.90

Section 8.2

=

Corrective Action/Preventative Action

820.100

Sections 8.5.2, 8.5.3

=

Records

820.180

Section 4.2.4

63

Comparison Summary

  • 21 CFR part 820 is evaluated through a government inspection vs TS which is generally obtained by a certifying body that the company contracts with.
  • Impacts of non-compliance are similar. More legal impact in the medical device industry
  • Both industries may incur fines due to product.
  • Overall, 21 CFR 820 is a more prescriptive standard. More focus on:

• Documents • Records

• •

Managing Change Control of Production

Both standards tend to be more physical product centric; leaving gaps or lack of clarity in software development activities.

64

Process Maturity

Automotive OEMs are starting to evaluate the maturity of their software supply base

They are leveraging models such as A-SPICE and CMMI

Requests for Quotes are include these models and specific maturity targets

These models are a list of practices that are considered to be essential to the creation of robust software.

65

Functional Safety

With the progress to autonomous driving, consideration will need to be made for the overall safety of the control system.

In the industrial controls industry, Safety systems are evaluated against IEC 61508

Automotive Functional Safety is defined by ISO 26262, which is a 10 part standard. Part 6 is the specification for software.

ADAS = Advanced Driver Assistance System

66

Thank You!