Our team is working on the early stages of development of a class 2 medical device using a low-end ARM7 controller. Our plan is to do much of the preliminary development using FreeRTOS and then migrate to SafeRTOS after we have proved feasibility, on the theory that SafeRTOS will be easier to get past the FDA. Today, I got a brief look at what SafeRTOS costs ... something on the order of $60,000 (!!!!) including the documentation and test suites to support FDA approval (I think they call it their "Design Assurance Pack" or something close to that). I've done plenty of work on medical devices in the past and we didn't pay that kind of money for VxWorks or LynxOS... unfortunately those OSs aren't available for low end microcontrollers like the ARM7. This is my first time with FreeRTOS or SafeRTOS. The whole FreeRTOS / SafeRTOS migration path seemed eminently reasonable to me... do most of the development with minimal risk and then when you've proven feasibility, migrate to something that will be easier to get approved. But, I had no idea that the "certifiable" version was so wildly expensive, and we are definitely going to need to come up with some alternatives. Fact of the matter is that the operating system code is a small percentage of the overall code, and we're going to have to validate the overall software product, so since we have the source code for the operating system, it seems like it'd be a relatively minor amount of extra work to validate that, too. Have any of you been this route with FreeRTOS / SafeRTOS? How did you handle it? And what alternatives do we have?
FreeRTOS / SafeRTOS in a Medical Device
Started by ●November 21, 2008
Reply by ●November 22, 20082008-11-22
C. J. Clegg wrote:> > Our team is working on the early stages of development of a class 2 > medical device using a low-end ARM7 controller. > > Our plan is to do much of the preliminary development using FreeRTOS > and then migrate to SafeRTOS after we have proved feasibility, on the > theory that SafeRTOS will be easier to get past the FDA. > > Today, I got a brief look at what SafeRTOS costs ... something on the > order of $60,000 (!!!!) including the documentation and test suites to > support FDA approval (I think they call it their "Design Assurance > Pack" or something close to that). > > I've done plenty of work on medical devices in the past and we didn't > pay that kind of money for VxWorks or LynxOS... unfortunately those > OSs aren't available for low end microcontrollers like the ARM7. > > This is my first time with FreeRTOS or SafeRTOS. The whole FreeRTOS / > SafeRTOS migration path seemed eminently reasonable to me... do most > of the development with minimal risk and then when you've proven > feasibility, migrate to something that will be easier to get approved. > > But, I had no idea that the "certifiable" version was so wildly > expensive, and we are definitely going to need to come up with some > alternatives. > > Fact of the matter is that the operating system code is a small > percentage of the overall code, and we're going to have to validate > the overall software product, so since we have the source code for the > operating system, it seems like it'd be a relatively minor amount of > extra work to validate that, too. > > Have any of you been this route with FreeRTOS / SafeRTOS? How did you > handle it? And what alternatives do we have?First question:- Do you really need an OS for the project? I have worked with some devices that had to have CE (Medical Devices) and FDA approval and we did the whole thing in Forth. However, I think that if you are doing the bare metal as well as the software from there up you should have no problems no matter what language you use if you approach the task the right way. Of course, if you need an RTOS then you should have one team that concentrates on proving that it is good. For that you need to understand everything about the OS and why certain methods are used. It needs to undergo static analysis and dynamic testing. Second question:- Do you have a really sound development process that gives you the evidence for what was done at each stage of the development? The companies that look over the work you do for certification need to see a full evidence stream for the quality and soundness of the system development and thus the system itself. I would go with simpler processes that let such evidence fall out of the operation of the process naturally. You need to ensure you create the right documentation at each stage and in the right order. You need to do risk assessments for the system and prove the dependability of the resultant design through adequate review and testing. Make sure your process gets the bugs out early (before you start in on the detail design preferably). -- ******************************************************************** Paul E. Bennett...............<email://Paul_E.Bennett@topmail.co.uk> Forth based HIDECS Consultancy Mob: +44 (0)7811-639972 Tel: +44 (0)1235-811095 Going Forth Safely ..... EBA. www.electric-boat-association.org.uk.. ********************************************************************
Reply by ●November 22, 20082008-11-22
First off full disclosure - I am connected with the SafeRTOS support team (and obviously FreeRTOS).> This is my first time with FreeRTOS or SafeRTOS. The whole FreeRTOS / > SafeRTOS migration path seemed eminently reasonable to me... do most > of the development with minimal risk and then when you've proven > feasibility, migrate to something that will be easier to get approved.There is a technical note on upgrading Free->Safe which can be obtained from WITTENSTEIN high integrity systems.> But, I had no idea that the "certifiable" version was so wildly > expensive, and we are definitely going to need to come up with some > alternatives.The cost comes from the design assurance package, in which there are many hours of work invested, I will ellaborate more in a reply to Paul E Bennetts post (the first reply to your post). Compared to doing the work yourself, its a bargain ;o) You not only get the paperwork, but all the test suites that can be run on your own hardware, in your own environment, making them valid for your system. The tests are also designed to provide some compiler validation (for the application, not the compiler itself) to remove another obsticle for safety related developments. See http://www.nxtbook.com/nxtbooks/cmp/esd-europe0607/index.php?startpage=32 . I think also included is some on site engineering time, but you would have to check that with the vendors.> Fact of the matter is that the operating system code is a small > percentage of the overall code, and we're going to have to validate > the overall software product, so since we have the source code for the > operating system, it seems like it'd be a relatively minor amount of > extra work to validate that, too.The design assurance package can be used as a template for validating the rest of the code. Also, the use of a kernel means that the rest of your code can be smaller, simpler and more modular (the timing information is abstracted away by the kernel). This is not intended to sound like an advert for SafeRTOS - the same would be true with any kernel. -- Regards, Richard. + http://www.FreeRTOS.org & http://www.FreeRTOS.org/shop 17 official architecture ports, more than 6000 downloads per month. + http://www.SafeRTOS.com Certified by T�V as meeting the requirements for safety related systems.
Reply by ●November 22, 20082008-11-22
Full disclosure up front as before.... "Paul E. Bennett" <Paul_E.Bennett@topmail.co.uk> wrote in message news:6optc3F4p43vU1@mid.individual.net...> Of course, if you need an RTOS then you should have one team that > concentrates on proving that it is good. For that you need to understand > everything about the OS and why certain methods are used. It needs to > undergo static analysis and dynamic testing.And this is the point of the design assurance packaged. All this has been done for you, and certified by a very credible and completely independent third party as fulfilling the requirements for safety related systems. This means you can integrate the design assurance package into your application evidence with a high level of confidence that it is also 'certifiable' in your context.> Second question:- Do you have a really sound development process that > gives you the evidence for what was done at each stage of the > development?Again, the design assurance package (DAP) was developed using such a process and contains all the required evidence.> The companies that look over the work you do for certification need to > see a full evidence stream for the quality and soundness of the system > development and thus the system itself. I would go with simpler > processes that let such evidence fall out of the operation of the > process naturally. You need to ensure you create the right documentation > at each stage and in the right order.Not sure as to what the reference pont for the 'simpler' is, but agree in principal.> You need to do risk assessmentsDone and included in the DAP in such a way that it should assist with the application level assessments.> for the system and prove the dependability of the resultant designDone and included in the DAP.> through adequate reviewDone and included in the DAP. [this is where a lot of the cost is, reviews take engineering hours]> and testing.Done and included in the DAP.> Make sure your process gets the > bugs out early (before you start in on the detail design preferably).Getting all the bugs out before starting the detailed design, now that would be nice. I'm assuming your talking about the system engineering bugs ;o) -- Regards, Richard. + http://www.FreeRTOS.org & http://www.FreeRTOS.org/shop 17 official architecture ports, more than 6000 downloads per month. + http://www.SafeRTOS.com Certified by T�V as meeting the requirements for safety related systems.
Reply by ●November 22, 20082008-11-22
In message <0spei4h1temebvj2d9p9gsitsb52ct2i8m@4ax.com>, C. J. Clegg <answer.in.newsgroup@no.spam> writes> >Our team is working on the early stages of development of a class 2 >medical device using a low-end ARM7 controller. > >Our plan is to do much of the preliminary development using FreeRTOS >and then migrate to SafeRTOS after we have proved feasibility, on the >theory that SafeRTOS will be easier to get past the FDA. > >Today, I got a brief look at what SafeRTOS costs ... something on the >order of $60,000 (!!!!) including the documentation and test suites to >support FDA approval (I think they call it their "Design Assurance >Pack" or something close to that).Scandalous.... I can sell you the Sciopta RTOS that is also tested for Safety critical use (SIL3 ) at a bargain price of about 59,000 Euro :-) see http://www.sciopta.com Both SafeRTOS and Sciopta are less expensive AFAIK than the Green Hills Integrity and other certified RTOS As Richard has pointed out elsewhere there is a LOT of labour intensive work involved in validating something fro safety critical use. More to the point this work has to be carried out by suitably qualified and experienced people. Lives depend on it. The cost of SafeRTOS is about right and not over priced.>I've done plenty of work on medical devices in the past and we didn't >pay that kind of money for VxWorks or LynxOS... unfortunately those >OSs aren't available for low end microcontrollers like the ARM7.That's life. BTW what were VxWorks and LynxOS certified for?>This is my first time with FreeRTOS or SafeRTOS. The whole FreeRTOS / >SafeRTOS migration path seemed eminently reasonable to me... do most >of the development with minimal risk and then when you've proven >feasibility, migrate to something that will be easier to get approved.This is how Sciopta works They have a less expensive ( about 2K5 USD) not critical version with the same API and a more expensive certified version. BTW if you saw all the costs involved with certification you would see you are getting a good deal at 60K USD>But, I had no idea that the "certifiable" version was so wildly >expensive, and we are definitely going to need to come up with some >alternatives.Don't do the project. You can't do safety critical on the cheap. The SafeRTOS is not exorbitantly priced. As a competitor I can telly you it is quite reasonable. -- \/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\ \/\/\/\/\ Chris Hills Staffs England /\/\/\/\/ \/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/
Reply by ●November 22, 20082008-11-22
"Paul E. Bennett" <Paul_E.Bennett@topmail.co.uk> wrote in message news:6optc3F4p43vU1@mid.individual.net...> C. J. Clegg wrote: > >> >> Our team is working on the early stages of development of a class 2 >> medical device using a low-end ARM7 controller. >> >> Our plan is to do much of the preliminary development using FreeRTOS >> and then migrate to SafeRTOS after we have proved feasibility, on the >> theory that SafeRTOS will be easier to get past the FDA. >> >> Today, I got a brief look at what SafeRTOS costs ... something on the >> order of $60,000 (!!!!) including the documentation and test suites to >> support FDA approval (I think they call it their "Design Assurance >> Pack" or something close to that). >> >> I've done plenty of work on medical devices in the past and we didn't >> pay that kind of money for VxWorks or LynxOS... unfortunately those >> OSs aren't available for low end microcontrollers like the ARM7. >> >> This is my first time with FreeRTOS or SafeRTOS. The whole FreeRTOS / >> SafeRTOS migration path seemed eminently reasonable to me... do most >> of the development with minimal risk and then when you've proven >> feasibility, migrate to something that will be easier to get approved. >> >> But, I had no idea that the "certifiable" version was so wildly >> expensive, and we are definitely going to need to come up with some >> alternatives. >> >> Fact of the matter is that the operating system code is a small >> percentage of the overall code, and we're going to have to validate >> the overall software product, so since we have the source code for the >> operating system, it seems like it'd be a relatively minor amount of >> extra work to validate that, too. >> >> Have any of you been this route with FreeRTOS / SafeRTOS? How did you >> handle it? And what alternatives do we have? > > First question:- Do you really need an OS for the project? > > I have worked with some devices that had to have CE (Medical Devices) and > FDA approval and we did the whole thing in Forth. However, I think that > if you are doing the bare metal as well as the software from there up > you should have no problems no matter what language you use if you > approach the task the right way. > Of course, if you need an RTOS then you should have one team that > concentrates on proving that it is good. For that you need to understand > everything about the OS and why certain methods are used. It needs to > undergo static analysis and dynamic testing. > > Second question:- Do you have a really sound development process that > gives you the evidence for what was done at each stage of the > development? > The companies that look over the work you do for certification need to > see a full evidence stream for the quality and soundness of the system > development and thus the system itself. I would go with simpler > processes that let such evidence fall out of the operation of the > process naturally. You need to ensure you create the right documentation > at each stage and in the right order. You need to do risk assessments > for the system and prove the dependability of the resultant design > through adequate review and testing. Make sure your process gets the > bugs out early (before you start in on the detail design preferably). >I guess you have to ask yourself: how much would it cost me to do al this certification myself, and I bet you'll end up with a figure that's much higher than $60k.
Reply by ●November 22, 20082008-11-22
> > I guess you have to ask yourself: how much would it cost me to do al this > certification myself, and I bet you'll end up with a figure that's much > higher than $60k.Exactly (BTW: I think the single project license is actually $45k). -- Regards, Richard. + http://www.FreeRTOS.org & http://www.FreeRTOS.org/shop 17 official architecture ports, more than 6000 downloads per month. + http://www.SafeRTOS.com Certified by T�V as meeting the requirements for safety related systems.
Reply by ●November 22, 20082008-11-22
"C. J. Clegg" <answer.in.newsgroup@no.spam> wrote in message news:0spei4h1temebvj2d9p9gsitsb52ct2i8m@4ax.com...> > Our team is working on the early stages of development of a class 2 > medical device using a low-end ARM7 controller. > > Our plan is to do much of the preliminary development using FreeRTOS > and then migrate to SafeRTOS after we have proved feasibility, on the > theory that SafeRTOS will be easier to get past the FDA. > > Today, I got a brief look at what SafeRTOS costs ... something on the > order of $60,000 (!!!!) including the documentation and test suites to > support FDA approval (I think they call it their "Design Assurance > Pack" or something close to that). > > I've done plenty of work on medical devices in the past and we didn't > pay that kind of money for VxWorks or LynxOS... unfortunately those > OSs aren't available for low end microcontrollers like the ARM7. > > This is my first time with FreeRTOS or SafeRTOS. The whole FreeRTOS / > SafeRTOS migration path seemed eminently reasonable to me... do most > of the development with minimal risk and then when you've proven > feasibility, migrate to something that will be easier to get approved. > > But, I had no idea that the "certifiable" version was so wildly > expensive, and we are definitely going to need to come up with some > alternatives. > > Fact of the matter is that the operating system code is a small > percentage of the overall code, and we're going to have to validate > the overall software product, so since we have the source code for the > operating system, it seems like it'd be a relatively minor amount of > extra work to validate that, too. > > Have any of you been this route with FreeRTOS / SafeRTOS? How did you > handle it? And what alternatives do we have? >Can you tell us what a FDA approved version of VxWorks or LynxOS costs then? I bet it's very similar in pricepoint to FreeRTOS. I've used another RTOS years ago and its price was also in the $40k range back then, probably more now You can also try using Linux with the RT patch, which will give you response times (latencey) in the 100uS range. That should be anough for most applications and it's totally free. Although it won't be FDA certifiied.. And then there's eCos, the open-source RTOS which also runs on ARM7, again not FDA approved, but I bet ya that someone has made a medical appliance with eCos already.
Reply by ●November 22, 20082008-11-22
In message <gg90qp$ci4$1@aioe.org>, Bresco <bresco@mixmaster.org> writes> >"C. J. Clegg" <answer.in.newsgroup@no.spam> wrote in message >news:0spei4h1temebvj2d9p9gsitsb52ct2i8m@4ax.com... > >Can you tell us what a FDA approved version of VxWorks or LynxOS costs then? >I bet it's very similar in pricepoint to FreeRTOS. I've used another RTOS >years ago and its price was also in the $40k range back then, probably more >now > >You can also try using Linux with the RT patch, which will give you response >times (latencey) in the 100uS range. That should be anough for most >applications and it's totally free. Although it won't be FDA certifiied..There is the problem... what will it cost to get Linux certified? :-)>And then there's eCos, the open-source RTOS which also runs on ARM7, again >not FDA approved, but I bet ya that someone has made a medical appliance >with eCos already.What cost for certifying that? What I can tell you is that Sciopta and I would think SafeRTOS have priced their certified RTOS assuming multiple sales and have spread the cost. As the non certified freeRTOS and Sciopta RTOS are zero and less than 3K USD I think you can work out that it is likely to cost you a LOT more than 60K USD to certify an RTOS. Remember not only is there the cost of certification you need to have ALL the documentation, specification, history etc not to mention testing and show the development procedure was up to spec.... That takes time and effort. More so for Linux (showing development procedures and testing) I think you may find that it will be more expensive to try and do a certified Linux system. -- \/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\ \/\/\/\/\ Chris Hills Staffs England /\/\/\/\/ \/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/
Reply by ●November 22, 20082008-11-22
"Chris H" <chris@phaedsys.org> wrote in message news:azcwaiANTBKJFAOd@phaedsys.demon.co.uk...> In message <gg90qp$ci4$1@aioe.org>, Bresco <bresco@mixmaster.org> writes >> >>"C. J. Clegg" <answer.in.newsgroup@no.spam> wrote in message >>news:0spei4h1temebvj2d9p9gsitsb52ct2i8m@4ax.com... >> >>Can you tell us what a FDA approved version of VxWorks or LynxOS costs >>then? >>I bet it's very similar in pricepoint to FreeRTOS. I've used another RTOS >>years ago and its price was also in the $40k range back then, probably >>more >>now >> >>You can also try using Linux with the RT patch, which will give you >>response >>times (latencey) in the 100uS range. That should be anough for most >>applications and it's totally free. Although it won't be FDA certifiied.. > > There is the problem... what will it cost to get Linux certified? :-) > >>And then there's eCos, the open-source RTOS which also runs on ARM7, again >>not FDA approved, but I bet ya that someone has made a medical appliance >>with eCos already. > > What cost for certifying that? > > > What I can tell you is that Sciopta and I would think SafeRTOS have priced > their certified RTOS assuming multiple sales and have spread the cost. > As the non certified freeRTOS and Sciopta RTOS are zero and less than 3K > USD I think you can work out that it is likely to cost you a LOT more than > 60K USD to certify an RTOS. > > Remember not only is there the cost of certification you need to have ALL > the documentation, specification, history etc not to mention testing > and show the development procedure was up to spec.... That takes time and > effort. More so for Linux (showing development procedures and testing) > > I think you may find that it will be more expensive to try and do a > certified Linux system. >I'm not advocating neither Linux w/ RT patch nor eCos, just summing up the possibilities. For non-medical applications these two will suffice in 99% of all cases.