We provide various consulting services in reviewing software systems:
- Software project management:
- assessment of processes, team structures, strategy, product and innovation alignment (e.g. roadmapping)
- assessment of software development process effectiveness, metrics and needs; integration of product- and application lifecycle management (PLM and ALM) using hybrid processes (agile and stage-gate combined)
- efficiency/effectiveness review: based on metrics and initial findings improvements as well as sourcing solutions are recommended (e.g. near shoring, off shoring, partnerships)
- Use cases & Requirements
- Top-down workshops to align strategy, market- and technical requirements, use of QFD (quality function deployment) techniques
- Review of user stories, use cases turned into marketing requirement
- Review and setup of technical requirements; use of UML, ANSI/IEEE Std. 830
- Taking into account human factory and usability, as e.g. defined by IEC 62366
- Architecture and Software design
- Review of architectural descriptions
- Coaching for architects building and integrating formal documentation at various levels
- Management feedback regarding sustainability, maintainability, future-proven architectures and technical debt of software systems
- Code
- Metrics
- SOUP and 3rd-party assessments
- Software Lifecycle Process
- Software Lifecycle Process reviews according to IEC 62304 for class A, B, C devices (process, requirements, risk, architecture, design, verification, configuration and problem handling), relevant for approved medical devices according to European MDR and ISO 13485 (Sect. 7)
- FDA 21 CFR part 11 traceability assessments
- Software security
- System security
- Network security and software used in networked systems
- ISMS (ISO/IEC 27001)
- Assessing systems with the help of umbrella-standards such as ANSI/UL 2900, which is mentioned in FDA guidelines when getting regulatory approval for medical devices
- Covering requirements for the industrial product security development life-cycle requirements (see ANSI/ISA-62443-4-1-2018 Security for industrial automation and control systems)
- Risk in software
- Probability and impact assessments, acceptable risk levels, FMEA for improvements, residual risk assessment
- Software risk assessments for medical device software according to EN ISO 14971 (analysis, e.g. FMEA, detection of hazards, assessment, avoidance, mitigation, reporting, market watch)
- Verification and Validation, software testing
- Review of V&V process
- Checks whether a software system is correct wrt. specifications and fulfillment of its intended purpose,
- Application of V-model, CMMI and relevant IEEE standards
- Technical and organizational assessment of software testing based on long-term experience across industries.
- Testing strategy and team assessments
- Hardware Interfaces
- TCO (total cost of ownership)/time-to-market impact of HW/SW interface decisions
- Power consumption impact
- Dependency and interaction of medical electrical device regulations (IEC 60601-x) on software during the product design process