PTW: Linux platform for medical devices according to IEC 62304PTW-Freiburg GmbH
With UNIDOS Tango and Romeo, PTW-Freiburg GmbH recently launched a new UNIDOS generation with network integration and HMI (human machine interface) for clinical dosimetry - and UNIDOS Tango promptly won the iF Design Award 2021.
The award-winning device is a high-precision reference-class electrometer used for clinical dosimetry and quality assurance in radiotherapy. Radiation sources for radiotherapy, for example for tumour treatment, can be calibrated with it daily.
Intelligent reference dosimeter
One of the challenges in developing the new generation of measuring equipment was the growing demands on medical device software according to IEC norm 62304 and MDR (medical device regulation), which has been compulsory in the EU since 2021, as well as the requirements of the American Food and Drug Administration (FDA). At the same time, the demands on security compliance in hospitals have increased.
To ensure norm-compliant development of the underlying embedded Linux system and a high level of security throughout the entire life cycle, PTW has relied on the expertise, tools and processes of emlix GmbH for many years.
The UNIDOS embedded Linux platform is the result of intensive development cooperation between PTW and emlix. In order to fulfil the extensive requirements of the norms over the entire product life cycle, e2factory is used as the software management and build automation tool. Automation and reproducibility of tests are ensured using the emlix TAF test application framework.
In the operating and maintenance phase, emlix is responsible for the maintenance and security monitoring. As a result, relevant security issues, new software versions and improvements to relevant components can be identified promptly.
The system architecture of the UNIDOS embedded Linux platform was specified by emlix in close coordination with PTW. The main design target was a norm-compliant, centrally maintainable embedded Linux platform.
In addition to a graphical user interface (GUI) for the fully integrated display with capacitive touch functionality, audio output is supported. The system family is networked via LAN and WLAN, so that easy operation is possible via PC, laptop or smartphone.
Using a camera, UNIDOS Tango can read QR codes on PTW measurement detectors. Detector-specific information (including calibration factor and date) can be read into the detector database in the dosimeter automatically using a 2D code scanner.
The system platform for PTW UNIDOS also has an intrusion detection system (IDS). The IDS constantly monitors the system integrity and the network traffic in order to identify possible attacks.
Tools for norm-conforming development
Both in the development phase and when performing maintenance, regulatory stipulations and process requirements must be complied with. For automated creation of software builds (build automation), e2factory is therefore utilized. e2factory was developed to meet the demands of medical technology and allows the reproducibility of all the software versions of the UNIDOS platform over the entire life cycle independently of individual people and the computers used for development.
Traceability of requirements, build results and the accompanying documentation throughout the product life cycle are also provided by e2factory. Every build result is given a unique build-ID, which is derived from the hash tree of all the input parameters (sources, build scripts, dependencies, build environment etc.). Through the integration of requirements into the metadata of build results and the build-ID (images and documentation), bidirectional traceability can be ensured.
Furthermore, (technical) documentation required by the norms can be generated automatically:
- Detailed Design documentation
- SOUP lists (Sources of Unknown Provenance)
- Open source components used
- Test logs from verification
The verification of the UNIDOS platform takes place with the help of the emlix test application framework (TAF). The TAF was developed to meet the requirements of products with mandatory certification. It enables automated, person-independent testing of the UNIDOS software. Unique versioning provides the basis for the reproducibility of every individual test and complete test runs. Tests and test plans are archived in a test database. Comprehensive documentation (test reports) is generated automatically.
After the market introduction, emlix supports the developers in Freiburg through continual maintenance monitoring as well as CVE-based (common vulnerabilities and exposures) security monitoring. This proactive and systematic monitoring of weak points that become known and improvements in the open source software components used (post-market surveillance) enables immediate corrective and preventative action (CAPA) to be taken.
Every month, emlix provides a product-specific security and maintenance report with a clear summary and presentation of all the relevant information on potential security themes and improvements originating from the open source community. Valid information can thus be provided for supplier or security compliance declarations and audits.
The findings are evaluated against the background of the operating and usage context of the reference-class electrometer. Security updates and upgrades to the operating system platform are realized in close cooperation and agreement with PTW. Updates and security patches for the embedded Linux platform are made available and integrated (patch management).
With e2factory, updates to the system after the market introduction are possible in compliance with the norms. The build system provides the basis for the technical realization as well as the transparent management of versions and variants of the UNIDOS equipment family throughout the entire life cycle. The power fail-safe principle and signature checking are also components of the secure update concept.