We provide various consulting services in reviewing software systems:

  • Software project management:
    • assessment of processes, team structures, strategy, product and innovation alignment (e.g. roadmapping)
    • assessment of software development process effectiveness, metrics and needs; integration of product- and application lifecycle management (PLM and ALM) using hybrid processes (agile and stage-gate combined)
    • efficiency/effectiveness review: based on metrics and initial findings improvements as well as sourcing solutions are recommended (e.g. near shoring, off shoring, partnerships)
  • Use cases & Requirements
    • Top-down workshops to align strategy, market- and technical requirements, use of QFD (quality function deployment) techniques
    • Review of user stories, use cases turned into marketing requirement
    • Review and setup of technical requirements; use of UML, ANSI/IEEE Std. 830
    • Taking into account human factory and usability, as e.g. defined by IEC 62366
  • Architecture and Software design
    • Review of architectural descriptions
    • Coaching for architects building and integrating formal documentation at various levels
    • Management feedback regarding sustainability, maintainability, future-proven architectures and technical debt of software systems
  • Code
    • Metrics
    • SOUP and 3rd-party assessments
  • Software Lifecycle Process
    • Software Lifecycle Process reviews according to IEC 62304 for class A, B, C devices (process, requirements, risk, architecture, design, verification, configuration and problem handling), relevant for approved medical devices according to European MDR and ISO 13485 (Sect. 7)
    • FDA 21 CFR part 11 traceability assessments
  • Software security
    • System security
    • Network security and software used in networked systems
    • ISMS (ISO/IEC 27001)
    • Assessing systems with the help of umbrella-standards such as ANSI/UL 2900, which is mentioned in FDA guidelines when getting regulatory approval for medical devices
    • Covering requirements for the industrial product security development life-cycle requirements (see ANSI/ISA-62443-4-1-2018 Security for industrial automation and control systems)
  • Risk in software
    • Probability and impact assessments, acceptable risk levels, FMEA for improvements, residual risk assessment
    • Software risk assessments for medical device software according to EN ISO 14971 (analysis, e.g. FMEA, detection of hazards, assessment, avoidance, mitigation, reporting, market watch)
  • Verification and Validation, software testing
    • Review of V&V process
    • Checks whether a software system is correct wrt. specifications and fulfillment of its intended purpose,
    • Application of V-model, CMMI and relevant IEEE standards
    • Technical and organizational assessment of software testing based on long-term experience across industries.
    • Testing strategy and team assessments
  • Hardware Interfaces
    • TCO (total cost of ownership)/time-to-market impact of HW/SW interface decisions
    • Power consumption impact
    • Dependency and interaction of medical electrical device regulations (IEC 60601-x) on software during the product design process

Please call to get more information.