Exercise set

Medical Device Verification and Test Evidence Exercises

Worked medical-device verification exercises for traceability, measurement uncertainty, guard bands, leakage, sampling, latency, software coverage and release evidence.

These exercises focus on engineering verification evidence for a medical device: traceability, test coverage, measurement uncertainty, guard-banded acceptance, leakage current, signal bandwidth, firmware timing, software regression coverage and configuration release. Validation of intended use and risk-management decisions are handled in separate specialist exercise sets.

This is engineering practice content, not regulatory or clinical advice. Real programs must follow the applicable quality-system, safety, software, usability, cybersecurity, biocompatibility, sterilization and market requirements for the specific device.

How to use these exercises

Use the set as a verification-release review. Exercises 1 to 4 establish traceability closure, evidence gaps, uncertainty and guard-banded acceptance. Exercises 5 to 10 check electrical safety, signal chain, sampling, quantization, alarm latency and firmware timing. Exercises 11 to 17 add regression coverage, sampling rules, TUR, flow accuracy, imaging phantom contrast, calibration drift and configuration differences. Exercise 18 combines these gates into a release decision.

Before calculating, state the requirement ID, device configuration, hardware revision, firmware or software build, test method revision, calibrated equipment and acceptance criterion. A measurement can pass numerically and still fail as evidence if it belongs to the wrong configuration or lacks calibration traceability. The engineering comment below each exercise identifies the evidence boundary that must be closed before release.

Release Evidence Notes

Verification evidence should tie each result to a requirement, device configuration, test method, acceptance criterion, data record and deviation decision. A passing number is not useful evidence if the tested configuration, calibration state or requirement link is unclear.

The evidence package should separate requirement closure, measurement validity and configuration validity. Requirement closure asks whether every requirement has approved evidence. Measurement validity asks whether the test method, uncertainty, guard band and raw data support the result. Configuration validity asks whether the tested hardware, firmware, sensor lot, fixture and software build match the release candidate or have an approved bridge.

Open deviations should remain visible. A passed-with-deviation result is not the same as clean closure, especially when the deviation affects safety, performance, cybersecurity, usability or software behavior.

Engineering Boundary Notes

These exercises use simplified acceptance rules. They do not replace formal protocols, validated test methods, risk files, design reviews, software lifecycle evidence or independent release review.

The main boundary is configuration control. Evidence from hardware revision B, firmware 3.2 or one sensor lot does not automatically release hardware revision B with firmware 3.3 if behavior or risk controls changed. The second boundary is measurement decision quality: uncertainty, calibration drift, sampling plan and guard band should be part of the pass/fail rule, not post-test commentary.

Common Release Mistakes

  • closing a requirement with evidence from the wrong configuration;
  • reporting measurement error without guard-banding the limit;
  • passing leakage current without recording test voltage and insulation path;
  • validating sampling rate without the signal bandwidth claim;
  • counting software tests without mapping them to changed requirements;
  • releasing a configuration with open deviations hidden outside the trace matrix.

Another common mistake is using percentage closure as a release argument while critical requirements remain open. A matrix can be more than ninety percent closed and still be blocked by one safety, timing, alarm or measurement requirement.

Do not treat regression coverage as test-count coverage only. The relevant question is whether changed requirements, affected hazards, interfaces, data paths and failure modes are covered by tests that ran on the release build.

Scenario Map

ScenarioMain calculationRelease decision
Traceabilityclosed evidence linksClose or reopen requirement.
Metrologyuncertainty and guard bandAccept, reject or retest.
Electrical safetyinsulation and leakage screenRelease or investigate.
Signal chainsampling, SNR and latencyVerify measurement claim.
Software changeregression and configuration evidenceRelease build or block.

Validation Package Checklist

  • requirement identifier, configuration and acceptance limit;
  • calibrated equipment, method revision and raw data reference;
  • uncertainty budget and guard-band rule;
  • software/firmware build, regression scope and open anomalies;
  • electrical and signal-chain evidence tied to intended measurement range;
  • release gate with deviations, retests and sign-off state.
  • configuration bridge for any hardware, firmware, sensor-lot or fixture difference;
  • requirement-based regression coverage tied to changed behavior;
  • deviation disposition states accept as is, retest, redesign, risk-review or hold.

A complete validation package should make the release decision reproducible. Another engineer should be able to trace each requirement to the tested configuration, see how uncertainty affected acceptance, identify open deviations and understand why the final decision is accept, retest, condition, redesign or hold.

Exercise 1: Traceability Closure

A verification matrix has 96 requirements. Evidence is complete for 89 requirements. Compute closure percentage.

Solution

C=\dfrac{89}{96}=0.927=92.7\%

Engineering Comment

The open requirements must be reviewed by risk and release criticality, not hidden inside a high percentage.

Plausibility Check

Seven open items out of about one hundred gives just under 93\% closure.

Exercise 2: Evidence Gap Count

A subsystem has 42 verification tests. Three failed, four passed with unresolved deviations and two were not executed. How many tests are not cleanly closed?

Solution

n_{open}=3+4+2=9

Engineering Comment

Passed-with-deviation is not the same as clean closure.

Plausibility Check

All non-clean categories are counted.

Exercise 3: Measurement Error Budget

A flow measurement has sensor uncertainty 1.2\%, fixture uncertainty 0.8\% and repeatability 0.9\%. Combine by root-sum-square.

Solution

u=\sqrt{1.2^2+0.8^2+0.9^2}=1.70\%

Engineering Comment

The method should state whether RSS combination is justified or whether direct conservative addition is required.

Plausibility Check

The combined value is above the largest single term but below their sum.

Exercise 4: Guard-Banded Acceptance

Limit is 5.0\% error. Expanded uncertainty is 1.0\%. A measured error is 4.3\%. Use guard-band rule |e|+U\le5.0\%. Does it pass?

Solution

4.3\%+1.0\%=5.3\%

Since 5.3\%>5.0\%, it fails the guarded rule.

Engineering Comment

Guard bands prevent marginal values from being released as if uncertainty did not exist.

Plausibility Check

The unguarded result passes, but the uncertainty consumes the margin.

Exercise 5: Leakage Current from Insulation Resistance

Applied test voltage is 240\ \text{V} and insulation resistance is 80\ \text{M}\Omega. Estimate leakage current.

Solution

I=\dfrac{V}{R}=\dfrac{240}{80\times10^6}=3.0\ \mu\text{A}

Engineering Comment

The evidence should identify the insulation path, environment and test setup.

Plausibility Check

Hundreds of volts over tens of megaohms gives microamps.

Exercise 6: Signal-to-Noise Ratio

A sensor signal amplitude is 2.4\ \text{mV} RMS and noise is 0.18\ \text{mV} RMS. Compute SNR in dB.

Solution

SNR=20\log_{10}\left(\dfrac{2.4}{0.18}\right)=22.5\ \text{dB}

Engineering Comment

SNR should be verified at the minimum expected signal, not only at nominal conditions.

Plausibility Check

The signal is about thirteen times the noise, which is a little above 20\ \text{dB}.

Exercise 7: Sampling Rate Requirement

A physiological signal claim covers bandwidth to 80\ \text{Hz}. The acquisition rate is 250\ \text{samples/s}. Does it satisfy Nyquist with no extra margin rule?

Solution

Nyquist minimum:

f_s\ge 2(80)=160\ \text{samples/s}

Since 250>160, it passes the basic screen.

Engineering Comment

Anti-alias filtering and timing jitter still need evidence.

Plausibility Check

The sample rate is more than twice the claimed bandwidth.

Exercise 8: Quantization Resolution

An ADC spans 0 to 3.3\ \text{V} with 12 bits. Compute voltage step.

Solution

\Delta V=\dfrac{3.3}{2^{12}}=\dfrac{3.3}{4096}=0.806\ \text{mV}

Engineering Comment

Quantization should be compared with the smallest clinically or functionally claimed signal change.

Plausibility Check

A 12-bit converter over a few volts gives sub-millivolt steps.

Exercise 9: Alarm Latency Budget

Detection takes 120\ \text{ms}, filtering takes 80\ \text{ms}, firmware scheduling adds 35\ \text{ms} and display update takes 60\ \text{ms}. Limit is 300\ \text{ms}. Does it pass?

Solution

t=120+80+35+60=295\ \text{ms}

Since 295<300\ \text{ms}, it passes with 5\ \text{ms} margin.

Engineering Comment

The margin is narrow and should include jitter and worst-case scheduler load.

Plausibility Check

The components almost fill the budget.

Exercise 10: Firmware Deadline Margin

A firmware task has worst-case execution time 6.4\ \text{ms} and period deadline 10\ \text{ms}. Compute timing margin.

Solution

m=10-6.4=3.6\ \text{ms}

Engineering Comment

The WCET evidence should include interrupts, communication bursts and compiler settings.

Plausibility Check

The task uses about two thirds of the period.

Exercise 11: Software Regression Coverage

A software change affects 28 requirements. Regression tests cover 24 of them. Compute coverage and identify whether a 95\% gate passes.

Solution

C=\dfrac{24}{28}=85.7\%

Since 85.7\%<95\%, the gate fails.

Engineering Comment

Coverage should be requirement-based and risk-weighted, not only test-count based.

Plausibility Check

Four uncovered requirements out of twenty-eight is too many for a 95\% gate.

Exercise 12: Acceptance Sampling

A critical dimension lot sample checks 80 units and finds 1 nonconforming unit. The acceptance rule is c=0. Does the lot pass?

Solution

The observed nonconforming count is:

x=1

Since 1>0, the lot fails this acceptance rule.

Engineering Comment

Critical dimensions often use strict sampling rules because escapes can affect safety or performance.

Plausibility Check

The rule allows no failures.

Exercise 13: Test Uncertainty Ratio

Tolerance is \pm 0.40\ \text{mm} and expanded measurement uncertainty is \pm 0.08\ \text{mm}. Compute test uncertainty ratio using tolerance width over twice uncertainty.

Solution

TUR=\dfrac{0.80}{2(0.08)}=5.0

Engineering Comment

State the TUR definition used; organizations sometimes define it differently.

Plausibility Check

The tolerance band is five times the uncertainty band.

Exercise 14: Flow Accuracy Verification

Target flow is 5.00\ \text{mL/h} and measured flow is 4.86\ \text{mL/h}. Compute percent error.

Solution

e=\dfrac{4.86-5.00}{5.00}=-0.028=-2.8\%

Engineering Comment

The sign shows under-delivery; the acceptance criterion must say whether absolute or directional error matters.

Plausibility Check

The difference is 0.14 on 5.00, a few percent.

Exercise 15: Imaging Phantom Contrast

A phantom insert has mean signal 120 units and background mean 96 units. Compute contrast ratio relative to background.

Solution

C=\dfrac{120-96}{96}=0.25=25\%

Engineering Comment

Phantom evidence should include acquisition protocol and reconstruction settings.

Plausibility Check

The insert is one quarter brighter than background.

Exercise 16: Calibration Drift

A calibrated instrument drifts by 0.15\% per month. Maximum allowed drift before recalibration is 0.9\%. Estimate maximum interval.

Solution

t=\dfrac{0.9}{0.15}=6\ \text{months}

Engineering Comment

The interval should be confirmed with historical as-found data, not only nominal drift.

Plausibility Check

Six months at 0.15\% per month reaches 0.9\%.

Exercise 17: Configuration Evidence Gate

A test campaign covers hardware revision B, firmware 3.2 and sensor lot L7. Release candidate uses hardware B, firmware 3.3 and sensor lot L7. How many configuration elements differ?

Solution

Only firmware differs:

n_{diff}=1

Engineering Comment

One difference can still require regression if it changes behavior or risk controls.

Plausibility Check

Hardware and sensor lot match; firmware does not.

Exercise 18: Verification Release Gate

A release package has traceability closure 92.7\%, guarded measurement result 5.3\% against a 5.0\% limit, alarm latency 295\ \text{ms} against 300\ \text{ms}, software regression coverage 85.7\% against 95\% and one configuration difference. Decide release status.

Solution

Traceability is incomplete:

92.7\%<100\%

Guarded measurement fails:

5.3\%>5.0\%

Regression coverage fails:

85.7\%<95\%

Release should be held.

Engineering Comment

Latency passes narrowly, but multiple verification gates fail and the configuration difference needs impact review.

Plausibility Check

Three hard evidence gates fail, so the decision is negative.

REF

See also