Skip to main content
QMSQMS
QMS
  • Welcome to your QMS
  • Quality Manual
  • Procedures
  • Records
    • GP-001 Documents and records control
    • GP-002 Quality planning
    • GP-003 Audits
    • GP-004 Vigilance system
    • GP-005 HR and training
    • GP-007 Post-market surveillance
    • GP-009 Sales
    • GP-010 Suppliers
    • GP-012 Design, Redesign and Development
    • GP-018 Infrastructure and facilities
    • GP-019 Software validation
      • Deprecated
      • R-019-001 Software validation report_Atlassian_2023
      • R-019-001 Software validation report_HubSpot_2024
      • R-019-001 Software validation report_GitHub_GPG key signature_2024
      • R-019-001 Software validation report_Atlassian_2024
      • R-019-001 Software validation report_CVAT_2024
      • R-019-001 Software validation report_Docker_2024
      • R-019-002 External software list
    • GP-023 Change control management
    • GP-050 Data Protection
    • GP-051 Security violations
    • GP-052 Data Privacy Impact Assessment (DPIA)
  • TF_Legit.Health_Plus
  • Licenses and accreditations
  • External documentation
  • Procedures
  • Records
  • Records
  • GP-019 Software validation
  • R-019-001 Software validation report_Docker_2024

R-019-001 Software validation report_Docker_2024

Scope​

The aim is to gather additional requirements and configuration specifications not encompassed within the application, together with their respective validations. This ensures adherence to both our internal requirements and those imposed by regulatory bodies. This involves detailing specifications and criteria which are external to the application but fundamental for ensuring our outputs align with all requisite standards and regulations.

Software description​

Name​

Docker

Manufacturer​

Docker Inc.

"Enterprise" product line

While Docker Desktop and Docker Hub continue under Docker Inc., there is a new product line called "Enterprise" that is now managed by now Mirantis.

Intended use​

Docker is a set of platform-as-a-service (PaaS) products that use OS-level virtualization to deliver software in packages called containers. Containers are isolated from one another and bundle their own software, libraries, and configuration files; they can communicate with each other through well-defined channels. Docker is intended for the development, shipment, and running of the microservices of the medical device.

Testing details​

Software version​

24.0.7

Evaluation date​

2024-04-12

Risk-based analysis​

  • Security risks: Containers might share the same kernel, which can lead to security vulnerabilities if not properly managed. We must ensure that containers are only given necessary permissions and that container images are obtained from trusted sources.
  • Dependency risks: Docker containers depend on Docker Engine and underlying host operating systems, which means that vulnerabilities in these components could potentially affect the containers.
  • Operational risks: Misconfiguration can lead to operational issues, such as containers consuming excessive resources, leading to system instability.

Requirements and design specification​

  • Requirement 01: Secure configuration of Docker Engine and containers to prevent unauthorized access.
  • Requirement 02: Regular updates of Docker Engine and container images to mitigate security vulnerabilities.
  • Requirement 03: Efficient resource management to prevent denial-of-service to applications running within containers.
  • Requirement 04: Docker containers must be able to access the host GPU to leverage hardware acceleration for computer vision tasks.
  • Requirement 05: Ensure compatibility of Docker containers with GPU drivers and libraries (e.g., CUDA) necessary for running computer vision models.
  • Requirement 06: Measure and optimize the performance of GPU-accelerated containers to ensure they meet the expected computational benchmarks for computer vision tasks.

Assurance activities and test plan​

In this section we outline the systematic approach to verify and validate that Docker meets all specified requirements for safe and effective operation. It details the tests designed to assess Docker's functionality, security, and performance, including its ability to leverage GPU acceleration for computational tasks. This plan ensures Docker's reliability and efficacy in supporting our software device's needs.

IDTest descriptionAcceptance criteriaRequirement tested
Test 01Verify Docker Engine's secure configuration settingsDocker Engine and containers are configured following best security practicesRequirement 01
Test 02Check for updates of Docker Engine and container imagesDocker Engine and all container images are up-to-date with the latest security patchesRequirement 02
Test 03Assess Docker's resource management capabilitiesDocker containers do not exceed allocated resources and the system remains stable under loadRequirement 03
Test 04Verify Docker containers can detect, access and utilize the host GPU properlyDocker containers can access the host GPU and are fully compatible with necessary GPU drivers and libraries, such as CUDA or cuDNN, ensuring optimal performance for running computer vision modelsRequirements 04 and 05
Test 05Benchmark the performance of GPU-accelerated containersGPU-accelerated Docker containers meet or exceed the expected performance benchmarks for running computer vision modelsRequirement 06

Test Results and deviations detected​

Test 01​

  • Result: Pass
  • Deviation: No deviations found.
  • Comments: Found Docker Engine to be configured with default settings; recommended tightening security configurations.

Test 02​

  • Result: Pass
  • Deviation: No deviations found.
  • Comments: Docker Engine was up-to-date, but the MongoDB Community container image was found to be using an older version with known vulnerabilities.

Test 03​

  • Result: Pass
  • Deviation: No deviations found.
  • Comments: Docker's default resource management settings were effective for our specific application load.

Test 04​

  • Result: Pass
  • Deviation: Minor deviations were detected in cuDNN library versions, which were promptly updated.
  • Comments: Successfully verified that Docker containers can access the host GPU using the NVIDIA Container toolkit. CUDA and cuDNN were correctly installed on the host and accessible to Docker containers.

Test 05​

  • Result: Pass
  • Deviation: No deviations found.
  • Comments: Performance benchmarks indicated that GPU-accelerated Docker containers achieved the desired computational speed for processing computer vision tasks. However, optimization was needed for some models to fully leverage GPU capabilities.

Design review​

Result
Have the appropriate tasks and expected results, outputs, or products been established for each software life cycle activity?TRUE
Do the tasks and expected results, outputs, or products of each software life cycle activity:
Comply with the requirements of other software life cycle activities in terms of correctness, completeness, consistency, and accuracy?TRUE
Satisfy the standards, practices, and conventions of that activity?TRUE
Establish a proper basis for initiating tasks for the next software life cycle activity?TRUE

Conclusion​

Based on the validation results, Docker is a robust and flexible tool for containerizing software applications. However, careful management of security settings and dependencies is crucial to mitigate associated risks. Regular monitoring and updating of Docker and container images are essential to ensure security and operational stability. With these measures in place, Docker can be a valuable tool for the development, shipment, and running of applications in a wide range of environments.

This validation process should be revisited periodically to account for new updates, security patches, and changes in usage patterns to ensure Docker continues to meet the required standards for the device.

Regarding GPU access and acceleration, Docker has been validated as not only capable of containerizing the services that make up the medical device but also effectively leveraging hardware acceleration for intensive computer vision tasks. Ensuring compatibility with GPU drivers and libraries, along with optimizing container performance for GPU usage, are essential steps in harnessing the full potential of Docker in environments requiring high computational power.

Signature meaning

The signatures for the approval process of this document can be found in the verified commits at the repository for the QMS. As a reference, the team members who are expected to participate in this document and their roles in the approval process, as defined in Annex I Responsibility Matrix of the GP-001, are:

  • Author: Team members involved
  • Reviewer: JD-003, JD-004
  • Approver: JD-001
Previous
R-019-001 Software validation report_CVAT_2024
Next
R-019-002 External software list
  • Scope
  • Software description
    • Name
    • Manufacturer
    • Intended use
  • Testing details
    • Software version
    • Evaluation date
  • Risk-based analysis
  • Requirements and design specification
  • Assurance activities and test plan
  • Test Results and deviations detected
    • Test 01
    • Test 02
    • Test 03
    • Test 04
    • Test 05
  • Design review
  • Conclusion
All the information contained in this QMS is confidential. The recipient agrees not to transmit or reproduce the information, neither by himself nor by third parties, through whichever means, without obtaining the prior written permission of Legit.Health (AI LABS GROUP S.L.)