Fog Creek Software
Discussion Board




Flexible Software Lifecycle Models

I work for a medical products manufacturer, which means that any software that affects quality, design, or operation of the end device must be validated per FDA guidelines.  The FDA validation guidelines do not specify that a certain lifecycle model must be used, so companies are free to implement any lifecycle model that best fits their needs.

My question is, what lifecycle model would people recommended that is flexible for all ranges of software?  By that I mean, we would prefer to define only one (ISO-controlled) software validation procedure, but the types of software we develop fall all over the map.  For example, the software we develop might use simple PLC ladder logic, Excel VBA scripts, VB, Labview, Matlab, C++, MS Access, MS SQL Server, et al.  Some may be used for test, others for machine control, and others for quality data tracking, so there are varying levels of risk that will warrant varying levels of validation.

Most “cutting-edge’ models are really OOP centric, so they don’t apply to the majority of what we do.  On the other hand, a classic waterfall seems the most flexible, but I would prefer a non-linear model.

Any advice?

Anyone have FDA software audit experience?

Nick Hebb
Friday, April 26, 2002

Nick, I have absolutely no idea what you're talking about. I get some of the high level stuff, but would love a brief summary of the various models you're discussing, and the pros and cons as you seem them for your situation.

I think you're not getting much response because most people here are like me - not well schooled in management philsophy.

Also I think you might not be stating your problem in enough detail. Your question is sort of like "I'm dating a girl and I'm not sure if we should get more serious. She lives about 6 miles from my house, and we've been dating for 2 years. Can you help?"

MarkTAW
Saturday, April 27, 2002

If I recall correctly, the book _Rapid Development_ ( http://www.amazon.com/exec/obidos/ASIN/1556159005 ) published 1996 included a chapter on lifecycles; including waterfall, and some variants such as "iterative" or "spiral".

Christopher Wells
Saturday, April 27, 2002

I recently did some software development for aircraft engines. In the aircrafts field software development is reglemented heavily, probably just like in medical instruments.
Are you using the same crappy RTCA DO178 document as a base for the software process definition?
Anyway, we needed to define our process for some development activities and this is what I think might be helpful:
When defining a process for audited software development you want to minimize the points of outside control (by the FDA) during the process.
We came up with a process that allows us to divide the effort into stages and [requirements definition / architecture / coding / testing] activities mixed freely (iteratively, waterfall, whatever) inside of the stages.
This means we can have a multi-stage effort with lots of control and many documents created at each stage. But we can also have a one-stage project with only one requirements and testing plan document as input and code plus one testing results and one review document coming out on the other side while giving our developers total freedom to test and change their design as often as they want while inside this stage.

Claus Christensen
Saturday, April 27, 2002

> "I'm dating a girl and I'm not sure if we should get more serious. She lives about 6 miles from my house, and we've been dating for 2 years. Can you help?"

Think of it this way - the girl = software lifecycle management and her father = FDA.  The question isn't whether I should get more serious, since this is an arranged marriage and custom dictates that we must get married.  The question is, since I'm already committed to this relationship, how to I establish a flexible relationshaip with the girl and deal with it as painlessly as possible.

> "When defining a process for audited software development you want to minimize the points of outside control (by the FDA) during the process.

We came up with a process that allows us to divide the effort into stages and [requirements definition / architecture / coding / testing] activities mixed freely (iteratively, waterfall, whatever) inside of the stages. "

This seems to be up my alley.  Did you define the lifecycle model yourself or did you borrow from one of the mainstream models?  I'm really looking for something that I can say "hey that looks good!" and adopt it for my project plans.

In the meantime I'll check out _Rapid Development_.

Thanks

Nick Hebb
Sunday, April 28, 2002

An outside consultant helped with the process and had this idea. They borrowed from the "Unified Process" (Jacobson/Booch/Rumbaugh: "The Unified Software Development Process") but I am not sure the original process allows for the free mixing of activities (requirements/analysis/design/implementation/test) inside an iteration.
Anyway - that's the beauty, a *modified* Unified Process still has this ring of authority to the authorities :-) while giving the developers enough freedom.

Claus Christensen
Monday, April 29, 2002

I don't know much about this are but it's definitely worth while:
a) getting a consultant in on this. This is one of those rare circumstances I would recommend this, Security audits and formal software proofs for safety critical code (as a validation of the proofs used and that code matches the proof) are the two others I can think of. Perhaps someone who was on the original comittee who specced this stuff?
b) Making sure whatever ends up in the final document can be changed without requiring a complete rewrite. So for example don't let the spec say that "Visual Sourcesafe will be used for the version control" but a generic statement like "All software released to a customer will be checked into a version control system, from where earlier released versions can be retrieved" will be better. I have had to write code specifically to match various ISO9000 documents as it's easier than changing the documents.

Peter Ibbotson
Monday, April 29, 2002

*  Recent Topics

*  Fog Creek Home