Medical device firmware refactor

About the project

With over 100 years of engineering heritage, our client is a leading European manufacturer of medical devices and healthcare equipment. Their solutions are used across a variety of clinical and healthcare environments.

Projects such as medical device firmware modernisation are often necessary to ensure that long-standing products continue to meet regulatory and technical expectations.

What did our client need?

One of the company’s key medical devices used in clinical environments had originally been certified under the Medical Device Directive (MDD). Following regulatory changes in the European regulatory landscape and improvements to the device hardware, the firmware required refactoring to ensure continued compliance and maintain system stability.

Our goal was to adapt the device software to current regulatory requirements (IEC 62304, MDR), fix existing issues, and demonstrate modern project and code management practices typical for embedded medical device firmware development.

How did we approach it? 

The firmware running the device had been developed over fifteen years ago, which required a comprehensive refactor to modernise and stabilise the system as part of a broader legacy firmware modernisation effort.

The project can be divided into three key stages:

• Updating the Graphical User Interface (GUI) and upgrading the Bootloader Programmer responsible for hardware initialisation

• Adapting the Control (CO) and Supervisory (PR) systems to align with the updated GUI

• Investigating and verifying a recurring error affecting system reliability

During this project, the client handled hardware upgrades, our project partner DAC.digital managed code modernisation, and we oversaw the project, ensuring regulatory compliance and seamless integration across all components.

Technical approach – firmware refactor

Our main goal was to support the client in performing a medical device firmware refactor to ensure reliability, maintainability, and user safety. We achieved this by developing custom firmware deployed on the device’s printed circuit boards (PCBs).

This work was part of a broader embedded medical device firmware architecture update.

Agile 62304 project management

In medical software projects, we rely on our dedicated project management framework – Agile 62304 – which combines the flexibility of Agile practices with the strict requirements of IEC 62304. This approach ensures IEC 62304 firmware compliance while maintaining efficient development workflows.

Graphical User Interface refactor

To improve usability, we started by refactoring the graphical user interface. The display was upgraded to support a more modern and responsive interface, while audio feedback was improved through greater tonal variation.

Bootloader / Programmer enhancement

Following the GUI refactor, we updated the Bootloader / Programmer responsible for communication between the system modules (GUI, CO, and PR). This ensured correct system initialisation and reliable communication between device components.

Control System and Supervisory System adaptation

We refactored and updated the Control System (CO) and Supervisory System (PR) to align with the redesigned GUI. These updates ensured that the device’s core control and monitoring functions remained synchronised with the updated interface.

Ensuring reliability through unit testing

The project required extensive unit testing to validate the migration and ensure overall system stability. CppUTest was used to automatically verify every code change and confirm that individual components behaved as expected.

This approach introduced an additional quality control layer that helped detect issues early in the development process and supported the overall legacy firmware modernisation process.

Common error investigation

The client reported an intermittent error that caused the device to freeze. While refactoring the GUI and updating the control systems, we analysed the potential causes of this issue and identified possible improvements to increase system reliability.

GCC ARM Toolchain update

To ensure long-term maintainability, we updated the codebase using the GCC ARM Toolchain. This created a more robust foundation for future development, testing, and deployment of the firmware.

Moving codebase to GitHub

The codebase was migrated to GitHub to support modern and secure code management practices. Our partners from DAC.digital set up a structured repository with issue tracking and implemented a CI pipeline to automate builds, unit tests, and deployments.

Regulatory approach – ensuring compliance with EU requirements

Our goal was to ensure that the device software followed best practices and aligned with European medical device standards, including IEC 62304 firmware compliance requirements.

Requirements and standards followed

During the project, we complied with all relevant regulations and standards, including:

• Medical Device Regulation (MDR)

• IEC 62304

• ISO 13485

• ISO 14971.

Recertification preparation

The device is a medical device originally certified under the MDD as a Class IIb product. Our work focused on ensuring compliance with IEC 62304 (Class B software), providing traceability that supports the client in preparing documentation for MDR certification.

Traceability

To ensure traceability, every activity was carefully documented using Confluence and Jira, while code changes were versioned in GitHub.

Documentation included:

• system and hardware requirements

• SOUP components

• testing strategy

• tools used

• reports and development artefacts

All elements were clearly linked to tasks, requirements, test cases, and code changes.

Risk management

Risks had already been defined during the development of the earlier firmware version. Our task was to adapt and verify them in light of regulatory updates introduced over the past years.

We relied on a risk analysis process aligned with ISO 14971.

Cybersecurity in hardware

Although the device operates as an embedded system, cybersecurity remained an important consideration. We addressed challenges beyond those typical of standard medical software projects, including secure firmware deployment and verification of installed software.

To address these challenges, we followed the guidance provided in MDCG 2019-16, which highlights the importance of cybersecurity even in embedded medical devices.

Quality Assurance

To ensure the highest quality of the refactored firmware, together with our partner DAC.digital, we conducted code reviews and all required tests. These were later repeated by the client to confirm reliability and detect any potential issues.

Training courses for the parties involved

At Revolve, we value knowledge sharing and aim to support our partners in building internal capabilities for long-term collaboration.

Aligning teams on compliance

Working with an ISO 13485-certified external hardware and firmware partner, we ensured the correct application of IEC 62304 practices.

While the partner had extensive experience in hardware and firmware development, our guidance helped integrate medical software development processes, including the use of Jira and Confluence to maintain traceability and regulatory alignment.

Introducing modern coding practices

The original firmware had been developed primarily by hardware engineers using a different development approach.

We introduced GitHub-based workflows, trained the team on modern code management practices, and prepared clear documentation with recommended development guidelines. This helped establish a development culture aligned with current software engineering standards.

Revolve formed a dedicated regulatory and quality assurance team and partnered with DAC.digital to deliver high-quality firmware refactoring. Communication and documentation were managed through Jira, Slack, Google Meet, and Confluence, with ongoing collaboration with the client via email, Teams, and SharePoint.

What we delivered?

• Tested and verified software source code

• Documentation demonstrating compliance with IEC 62304

• A full set of tools used for development, refactoring, and testing to support future in-house maintenance and firmware development