Template: Software Development and Maintenance Plan

Template Download

This is a free template, provided by OpenRegulatory.

If you are a user of Formwork, our eQMS software, choose “QMS” on the top menu and “OpenRegulatory Templates” on the left menu, and then open the relevant folder to find this template ready to load into Formwork.

If, for some mysterious reason, you’re using a different QMS Software, you can also simply download this template – specifically, as Word (.docx), PDF, Google Docs or Markdown file. Scroll down for a preview!

The template license applies (don’t remove the copyright at the bottom).

Tired of copy-pasting? If you want to save time and edit these templates directly, you can use Formwork, our eQMS software. And if you’re looking for step-by-step instructions for filling them out, check out our Wizard 🙂

Don't Miss Updates to This Template
Subscribe to our newsletter and we'll keep you posted on which templates we've changed.

Questions? Still Lost in Regulation?

Good news! Our goal is to provide lots of stuff for free, but we also offer consulting if you need a more hands-on approach. We get stuff done really fast. Have a look!

Template preview

This document is related to your product. You somehow need to associate it with it. The easiest way would be to just put all product-related documents into a folder in your QMS so that the association is clear. Alternatively, you could mention the related product and version here, but then you’d have to update the version here any time you do a new release. Painful!

This document summarizes development and maintenance activities.

Mapping of Standard Requirements to Document Sections

ISO 13485:2016 SectionDocument Section
7.3.2 Design and Development Planning1, 2, 3, 7
ClassesIEC 62304:2006 SectionDocument Section
A, B, C4.4.2 Risk Management Activities1
A, B, C5.1.1 a) (Processes)1
A, B, C5.1.1 b) (Deliverables)1
A, B, C5.1.1 c) (Traceability)1
A, B, C5.1.1 d) (Configuration and Change Management)1, 5
A, B, C5.1.1 e) (Problem Resolution)1
A, B, C5.1.2 Keep Software Development Plan Updated1
A, B, C5.1.3 Software Development Plan Reference to System Design and Development2
C5.1.4 Software Development Standards, Methods and Tools Planning
B, C5.1.5 Software Integration and Integration Test Planning3, 8
A, B, C5.1.6 Software Verification Planning7
A, B, C5.1.7 Software Risk Management Planning1
A, B, C5.1.8 Documentation Planning6
A, B, C5.1.9 Software Configuration Management Planning5
B, C5.1.10 Supporting Items to be Controlled5
B, C5.1.11 Software Configuration Item Control Before Verification5
B, C5.1.12 Identification and Avoidance of Common Software Defects4
A, B, C6.1 Software Maintenance Plan.10

1 Relevant Processes and Documents

Please see the relevant processes for the following activities:

  • Risk management activities incl. SOUP risks: SOP Integrated Software Development
  • Problem resolution: SOP Problem Resolution
  • Software development incl. deliverables, traceability, regular update of software development plan: SOP Integrated Software Development
  • Change management: SOP Change Management
  • SOUP List
  • Usability engineering activities: SOP Integrated Software Development

2. Required Resources

2.1 Team

Head of Development1Prioritizing tasks and technical oversight
Frontend Developer2Implementing Frontend Software Requirements
Backend Developer1Implementing Backend Software Requirements

2.2 Software

Describe your device’s software safety class according to IEC 62304 and your reasoning behind the classification.

Programming Languages

List the languages you’ll be using, including compiler and language versions.


Development Software

List software used to support development, e.g., IDEs.


2.3 System Requirement / Target Runtime

List your target runtime(s).


Specify system requirements, e.g., the minimum specifications of the server / compute instance you’ll be running your software on

Minimum system requirements:

  • Server-grade dual-core CPU, e.g., Intel Xeon E3-1230 v5 or higher
  • 4 GB of RAM
  • 1 GBit/s up- and downlink
  • 20GB SSD storage

3 Design Phases

The 13485 requires you to specify “Design Phases”. Here are some suggestions which you could use.

TitleEstimated Completion DateDescriptionReview method
SpecificationSoftware Requirements Checklist
ImplementationCode Reviews
TestingSystem Test
ValidationUsability Evaluation
ReleaseRelease Checklist

4 Avoiding Common Software Defects Based on Selected Programming Technology

Discuss how your selected programming technology may introduce risks and how you plan to avoid them. With modern, dynamically-typed languages, an obvious risk is that you encounter runtime exceptions. So you could argue that your test coverage is great and compensates for that. You could also link to your risk analysis here if you analyse those risks further.

5 Configuration Management and Version Control

Describe which version control software you’re using (probably git, like all human beings on this planet right now, except enterprise developers). Also describe your branching model, i.e., how your developers create branches during development, how you name them and how you merge them (pull requests? merge commits? squash before?). Your code review will be described in the next section.

Importantly, describe which things (code, build files, etc.) are put in version control. Describe how you name versions and how you tag them. Your goal should be that you can retrieve an old version and build it. Why? Something with a newer version may go wrong (harm patients) and you may need to roll back.

git is used as version control software. All source code and build files are committed to version control.

When implementing software requirements, developers create a new branch starting at master. During development, developers may create intermediate commits on this development branch.

When implementation is completed, a new merge commit to master is created.

This is also the activity which constitutes integration of software units.

For each release, the goal is to be able to uniquely identify it and retrieve all relevant files (code, configuration files like build scripts, SOUPs, etc.) at any time in the future.

When a new software version is released, its commit is tagged in git. The tag is constructed by adhering to semver (semver.org) 2.0.0 which results in a version of format MAJOR.MINOR.PATCH, e.g., 1.0.0.

6 Documentation Activities

Describe your policy on what should be documented while you develop software. Maybe you want to require your developers to document all methods which are private. Maybe you want to keep an up-to-date software architecture diagram in the repository, etc. Make sure to mention how traceability between Software Requirements and Tests is maintained.

7 Implementation Verification Activities

Describe verification activities, e.g. code review.

For each pull request, a code review is performed by a team member who was not the main author of the code under review. The code review is only marked as “approved” if the code complies with the code review criteria. This is:

8 Software System Test Activities

Describe software system test activities. This could be continuous integration which is triggered by opening a pull request (e.g. Travis CI, Circle CI). Describe what is tested and how that automated system works.

Integration tests are included in software system tests.

9 Validation Activities

Validation is carried out as formative and summative usability evaluation as described in the software development process. A usability evaluation file (plan, protocol and report) will be prepared.

10 Maintenance Activities

Describe how often you check SOUP issue trackers and how you document them.

SOUP issue trackers are checked at least once every 6 months. The verification date is updated in the SOUP list accordingly.

Template Copyright openregulatory.com. See template license.

Please don’t remove this notice even if you’ve modified contents of this template.

Template preview


Leave the first comment