Is there a back-up system for the device? A malfunction outside the clinic would certainly be fatal.
Karch: Yes, that is a particularly important issue with a device like this. Risk management precisely takes such considerations into account: What happens if a component fails? For these reasons, redundancies are built into the system. For example, the power supply has multiple redundancies. This means that if one part fails, another takes over. The pump system is also redundant so that the blood flow is always guaranteed.
All these considerations are part of our development work for the software. We always think carefully about what could go wrong. What errors could occur? To build in functions in advance that prevent damage.
How do you ensure that the software is protected?
Karch: We have just talked about security in terms of functional security, for example the failure of a device. In the meantime, IT security has also become a major issue. We must protect the software, for example, from an external attack. We see this as an integral part of the entire software development process. This means that we consider this aspect in all phases of software development, right through to verification.
It is crucial that we create a so-called threat model. From this, we derive the necessary protection functions for the software.
With this approach, we implement the IEC 81001-5-1 standard, which defines security in the software life cycle for medical devices. This naturally generates a lot of documentation. We use this as proof that we have protected the software well according to the current state of the art.