Alsaadi, Mahmood
(2022)
Enhancing the Auditability of the Agile XP Software
Development Process in the Context of EU Medical
Device Regulations.
PhD thesis, University of Liverpool.
|
Text
201222661_Oct2021.pdf - Unspecified Download (1MB) | Preview |
Abstract
Nowadays, there is increasing reliance on software in the healthcare industry, such as software used for diagnostic or therapeutic purposes and software embedded in a medical device, often known as medical device software. Regulatory compliance has become increasingly visible in healthcare industries. Software development companies that develop medical devices software in Europe must comply with EU Medical Device Regulation (EU MDR) regulations in order to get the CE marking. Agile development practices are increasingly adopted by generic software development companies. For example, agile extreme programming (XP) is now considered a common model of choice for many business-critical projects. The reason behind that is that Agile XP has several benefits, such as developing high-quality software with a low cost and in a short period of time, with the capability to embrace any changing requirements during the development process. However, healthcare industries still have a low rate of agile adoption. This is due to the challenges that software developers face when using Agile XP within the stringent requirements of healthcare regulations. These challenges are the lack of fixed up-front planning, lack of documentation, traceability issues, and formality issues. Agile software companies must provide evidence of EU MDR conformity, and they need to develop their own procedures, tools, and methodologies to do so. As yet, there is no consensus on how to audit the Agile XP software companies to ensure that their software processes have been designed and implemented in conformity with EU MDR requirements. The motivation of this research is to assist the companies developing medical device software that wish to adopt Agile XP practices in their effort to meet the EU MDR certification requirements (CE marking). In addition, this research aims to help the information system auditors to extract auditing evidence that demonstrates conformity to the EU MDR requirements that must be met by Agile XP software organisations. This research will try to answer three main questions: Do Agile XP practices support the EU MDR requirements? Is it possible to adopt Agile XP practices when developing medical devices software? Is it possible to submit conformity evidence to EU MDR auditors? The main aim of this research is to enhance the auditability of the Agile XP software development process in the context of EU MDRs. This aim can be achieved by two main objectives: first, proposing an extension to the Agile XP user story to enhance the early planning activities of Agile XP according to EU MDR requirements. Second, designing an auditing model that covers the requirements of EU MDR. This auditing model should provide the EU MDR auditors with auditing evidence that the medical device software developed with an Agile XP process has fulfilled the requirements of EU MDR. The main contribution of this research study is the auditing model for EU MDR requirements that is aligned with the principles of Agile XP. The proposed auditing model would help auditors to audit the Agile XP development process of the medical device with regard to the EU MDR requirements in way of obtaining evidence in conformity to EU MDR requirements. And also, this auditing model can be considered as a guideline that would guide the Agile XP developers to follow the EU MDR requirements. The proposed auditing model has been assessed based on relevant case studies. As result, the evidence gathered shows at least partial support for the requirements in each case study. However, no case study has been demonstrated as supporting fully the auditing yardsticks of the proposed auditing model.
| Item Type: | Thesis (PhD) |
|---|---|
| Divisions: | Faculty of Science and Engineering > School of Electrical Engineering, Electronics and Computer Science |
| Depositing User: | Symplectic Admin |
| Date Deposited: | 05 Apr 2022 15:00 |
| Last Modified: | 18 Jan 2023 21:06 |
| DOI: | 10.17638/03151901 |
| Supervisors: |
|
| URI: | https://livrepository.liverpool.ac.uk/id/eprint/3151901 |
Dimensions
Dimensions
