Quick Contact
IEC 62304 - An Introduction
IEC 62304 is an international standard that specifies requirements for the life cycle processes of medical device software. It guides the development, maintenance, and risk management of software used in medical devices.
The standard applies to the entire software life cycle, including software development, verification, validation, and maintenance processes. It covers software used in medical devices, including embedded software, firmware, and software that is part of a medical device / standalone software (SAMd).
The IEC 62304 standard establishes a cohesive framework for designing and testing software for medical devices through defined processes, activities, and tasks, ensuring safe usage in patients. The standard categorizes software into three safety classes according to the risk to the patient from a possible software failure
- Class A: No injury or damage to health is possible
- Class B: Non-serious injury is possible
- Class C: Death or serious injury is possible
IEC 62304 Implementation
The subsequent 5 chapters of IEC 62304 detail specific requirements and guidelines for the development and proper implementation of medical device software
- Chapter 5: Software development and planning process including requirements analysis, design, testing, and release processes
- Chapter 6: Software maintenance plan, including the implementation of a maintenance plan and issue analysis procedures
- Chapter 7: Software risk management and Identification of hazardous situations, risk control, verification, and risk management procedures following the ISO 14971 standard
- Chapter 8: Software configuration management including change control and configuration status tracking
- Chapter 9: Software problem resolution investigating and reporting on problems, change control processes, trend analysis, and resolution testing and verification
The FDA encourages the use of recognized consensus standards to show compliance. IEC 62304 is a standard acknowledged by the FDA for this purpose. Employing IEC 62304 can facilitate the 510(k) submission process as it offers a comprehensive framework for software development, risk management, and documentation.
IEC 62304 Consultants
IEC 62304 consultants play a vital role in guiding organizations through the process of complying with the standard’s requirements and implementing best practices for medical device standard compliance. Here’s a breakdown of their key roles:
- Consultants bring in-depth knowledge of the IEC 62304 standard and its application to medical device software. They provide expert guidance on interpreting the requirements, identifying relevant processes, drafting mandatory procedures based on software risk class and drafting record templates to achieve compliance.
- Integration of the IEC 62304 process to your medical device quality management system (ISO 13485) and or 21 CFR 820 or FDA QMSR.
- Internal Audit support
- Onsite Audit support
In general, IEC 62304 consultants play a crucial role in helping organizations navigate the complexities of medical device software regulatory compliance
IEC 62304 Benefits
Implementing the IEC 62304 standard offers several benefits for software medical device manufacturers (SAMD & SIMD). A few are listed below:
- Compliance with IEC 62304 helps ensure that medical device software is developed with patient safety as a primary consideration. By identifying and mitigating risks throughout the software lifecycle, organizations can minimize the likelihood of software-related errors or malfunctions that could harm patients
- Adhering to IEC 62304 facilitates compliance with regulatory requirements in the European Union, the United States, and other regions where the standard is recognized. This can streamline the regulatory approval process and expedite certifications and approvals faster
- The standard emphasizes the importance of risk management in medical software. By systematically identifying, assessing, and mitigating risks, organizations can proactively address potential hazards and ensure the safety and effectiveness of their final released software
IEC 62304 Certification
IEC 62304 is a standard that outlines requirements and guidelines for the development of medical device software; however, it does not ask for a certification or no certification body issues certificates. Organizations can demonstrate compliance with IEC 62304 by implementing the standard’s requirements and following its guidelines throughout their software development processes
While there is no formal certification for IEC 62304 compliance, organizations can still provide evidence of their adherence to the standard through documentation and audit reports. This can help build confidence in customers, regulatory authorities, and other stakeholders
With the help of consultants such as I3CGlobal, the developers can identify, prepare, modify, implement, and conduct regular reviews and updates to these procedures to ensure ongoing compliance and effectiveness in managing software development activities.
IEC 62304 Procedures
Compliance with IEC 62304 is a mandatory requirement for US FDA during 510k submission and the European Union’s Notified Bodies, as part of EU MDR CE Marking and IVDR technical documentation file submission.
Developing procedures compliant with IEC 62304 requires a systematic approach to software development, verification, validation, and maintenance. These procedures should be prepared to the specific needs and context of your organization and should be documented, implemented, and maintained based on a medical device quality management system platform such as ISO 13485 OR 21 CFR 820 or FDA QMSR.
Here’s a general outline of procedures you might consider implementing:
List of IEC 62304 Procedures
|
No |
CL# |
Procedure Name |
Requirement |
Class |
||
|---|---|---|---|---|---|---|
| 1 |
5.1 |
Software Development Planning |
The MANUFACTURER shall establish a software development plan (or plans) for conducting the ACTIVITIES of the software development PROCESS appropriate to the scope, magnitude, and software safety classifications of the SOFTWARE SYSTEM to be developed. |
A+B+C *
|
||
| 2 |
5.2 |
Software Requirements Analysis |
For each SOFTWARE SYSTEM of the MEDICAL DEVICE, the MANUFACTURER shall define and document SOFTWARE SYSTEM requirements from the SYSTEM level requirements. |
A+B+C |
||
| 3 |
5.3 |
Software Architectural Design |
Transform software requirements into an ARCHITECTURE Develop an ARCHITECTURE for the interfaces of SOFTWARE ITEMS Specify functional and performance requirements of SOUP item Specify SYSTEM hardware and software required by SOUP item Identify segregation necessary for RISK CONTROL Verify software ARCHITECTURE |
B+C *
|
||
| 4 |
5.4 |
Software Detailed Design |
The MANUFACTURER shall refine the software ARCHITECTURE The MANUFACTURER shall develop and document a detailed design Develop detailed design for interfaces Verify detailed design |
B+C *** |
||
| 5 |
5.5 |
Verification of Software Unit |
The MANUFACTURER shall establish strategies, methods and procedures for verifying each SOFTWARE UNIT. |
A+B+C **** |
||
| 6 |
5.6 |
Verification & Testin of Integrated Software |
The MANUFACTURER shall verify and record the following aspects of the software integration The MANUFACTURER shall test the integrated SOFTWARE ITEMS in accordance with the integration plan |
B+C
|
||
| 7 |
5.7.1 |
Establishing tests for software System Testing |
The MANUFACTURER shall establish and perform a set of tests, expressed as input stimuli, expected outcomes, pass/fail criteria and procedures, for conducting SOFTWARE SYSTEM testing, such that all software requirements are covered. |
B+C
|
||
| 8 |
5.7.3 |
Retest after changes |
When changes are made during SOFTWARE SYSTEM testing, the MANUFACTURER |
B+C
|
||
| 9 |
5.8 |
Software Release |
The MANUFACTURER shall ensure that all ACTIVITIES and TASKS are complete along with all the associated documentation. |
A+B+C ***** |
||
| 10 |
6.1 |
Establishing Software Maintenance Plan |
The MANUFACTURER shall establish a software maintenance plan (or plans) for conducting the ACTIVITIES and TASKS of the maintenance PROCESS |
A+B+C
|
||
| 11 |
6.2.1 |
Feed Back |
The MANUFACTURER shall monitor feedback on released SOFTWARE PRODUCT from both inside its own organization and from users. |
A+B+C
|
||
| 12 |
6.2.3 |
Analysis, Approval of Change Requests & Communication of Changes |
Analyse CHANGE REQUESTS CHANGE REQUEST approval Communicate to users and regulators |
A+B+C ****** |
||
| 13 |
6.5 |
Implementation of Approved Modifications |
The MANUFACTURER shall use the software development PROCESS (see Clause ___H5) or an established maintenance PROCESS to implement the modifications. |
A+B+C
|
||
| 14 |
7 |
Risk Management Process |
(All Clauses). The same will be done as a part of ISO 13485 |
A+B+C ******* |
||
| 15 |
8 |
Configuration Management |
The MANUFACTURER shall establish a scheme for the unique identification of CONFIGURATION ITEMS and their VERSIONS to be controlled for the project. |
A+B+C
|
||
| 16 |
9 |
Software Problem Resolution |
Prepare PROBLEM REPORTS Investigate the problem Advise relevant parties Use change control process Maintain records Analyse problems for trends Verify software problem resolution Test documentation contents |
A+B+C
|
||
Note :-
* Clause 5.1.4 is applicable only for Class C and 5.1.5, 5.1.10 & 5.1.11 applicable only for Class B & C
** Clause 5.3.5 is applicable only for Class C
*** Clause 5.4.2, 5.4.3 & 5.4.4 are applicable only for Class C
**** Clause 5.5.2, 5.5.3 & 5.5.5 applicable only for Class B & C and 5.5.4 applicable only for Class C
***** Clause 5.8.1, 5.8.2, 5.8.3, 5.8.5, 5.8.6, 5.8.7 & 5.8.8 are applicable only for Class B & C
****** Clause 6.2.3 is applicable only for Class B & C
******* Clause applicable for Class A in Sec 7 is 7.4.1
Frequently Asked Questions
What is the timeline for IEC 62304 Implementation??
Generally it takes 3-4 months
Is IEC 62304 mandatory for an FDA 510(k) submission?
While IEC 62304 is not mandatory for FDA 510(k) submission, it is a recognized consensus standard that must be followed in fulfilling FDA requirements for software as a medical device (SAMD).