Follow Us:


Home ISO IEC 62304 Procedures
Quick Contact
IEC 62304

IEC 62304 - An Introduction

IEC 62304 is an international standard that specifies requirements for the life cycle processes of medical device software. It guides the development, maintenance, and risk management of software used in medical devices.


The standard applies to the entire software life cycle, including software development, verification, validation, and maintenance processes. It covers software used in medical devices, including embedded software, firmware, and software that is part of a medical device / standalone software (SAMd).


The IEC 62304 standard establishes a cohesive framework for designing and testing software for medical devices through defined processes, activities, and tasks, ensuring safe usage in patients. The standard categorizes software into three safety classes according to the risk to the patient from a possible software failure


  • Class A: No injury or damage to health is possible
  • Class B: Non-serious injury is possible
  • Class C: Death or serious injury is possible

IEC 62304 Implementation

The subsequent 5 chapters of IEC 62304 detail specific requirements and guidelines for the development and proper implementation of medical device software


  • Chapter 5: Software development and planning process including requirements analysis, design, testing, and release processes
  • Chapter 6: Software maintenance plan, including the implementation of a maintenance plan and issue analysis procedures
  • Chapter 7: Software risk management and Identification of hazardous situations, risk control, verification, and risk management procedures following the ISO 14971 standard
  • Chapter 8: Software configuration management including change control and configuration status tracking
  • Chapter 9: Software problem resolution investigating and reporting on problems, change control processes, trend analysis, and resolution testing and verification


The FDA encourages the use of recognized consensus standards to show compliance. IEC 62304 is a standard acknowledged by the FDA for this purpose. Employing IEC 62304 can facilitate the 510(k) submission process as it offers a comprehensive framework for software development, risk management, and documentation.

IEC 62304 Consultants

IEC 62304 consultants play a vital role in guiding organizations through the process of complying with the standard’s requirements and implementing best practices for medical device standard compliance. Here’s a breakdown of their key roles:


  • Consultants bring in-depth knowledge of the IEC 62304 standard and its application to medical device software. They provide expert guidance on interpreting the requirements, identifying relevant processes, drafting mandatory procedures based on software risk class and drafting record templates to achieve compliance.
  • Integration of the IEC 62304 process to your medical device quality management system (ISO 13485) and or 21 CFR 820 or FDA QMSR.
  • Internal Audit support
  • Onsite Audit support


In general, IEC 62304 consultants play a crucial role in helping organizations navigate the complexities of medical device software regulatory compliance

IEC 62304 Benefits

Implementing the IEC 62304 standard offers several benefits for software medical device manufacturers (SAMD & SIMD). A few are listed below:


  • Compliance with IEC 62304 helps ensure that medical device software is developed with patient safety as a primary consideration. By identifying and mitigating risks throughout the software lifecycle, organizations can minimize the likelihood of software-related errors or malfunctions that could harm patients


  • Adhering to IEC 62304 facilitates compliance with regulatory requirements in the European Union, the United States, and other regions where the standard is recognized. This can streamline the regulatory approval process and expedite certifications and approvals faster


  • The standard emphasizes the importance of risk management in medical software. By systematically identifying, assessing, and mitigating risks, organizations can proactively address potential hazards and ensure the safety and effectiveness of their final released software
IEC 62304 Certification

IEC 62304 is a standard that outlines requirements and guidelines for the development of medical device software; however, it does not ask for a certification or no certification body issues certificates. Organizations can demonstrate compliance with IEC 62304 by implementing the standard’s requirements and following its guidelines throughout their software development processes


While there is no formal certification for IEC 62304 compliance, organizations can still provide evidence of their adherence to the standard through documentation and audit reports. This can help build confidence in customers, regulatory authorities, and other stakeholders

With the help of consultants such as I3CGlobal, the developers can identify, prepare, modify, implement, and conduct regular reviews and updates to these procedures to ensure ongoing compliance and effectiveness in managing software development activities.
IEC 62304 Procedures

Compliance with IEC 62304 is a mandatory requirement for US FDA during 510k submission and the European Union’s Notified Bodies, as part of EU MDR CE Marking and IVDR technical documentation file submission.


Developing procedures compliant with IEC 62304 requires a systematic approach to software development, verification, validation, and maintenance.  These procedures should be prepared to the specific needs and context of your organization and should be documented, implemented, and maintained based on a medical device quality management system platform such as ISO 13485 OR 21 CFR 820 or FDA QMSR.


Here’s a general outline of procedures you might consider implementing:

List of IEC 62304 Procedures



Procedure Name





Software Development Planning

The MANUFACTURER shall establish a software development plan (or plans) for conducting the ACTIVITIES of the software development PROCESS appropriate to the scope, magnitude, and software safety classifications of the SOFTWARE SYSTEM to be developed.




Software Requirements Analysis

For each SOFTWARE SYSTEM of the MEDICAL DEVICE, the MANUFACTURER shall define and document SOFTWARE SYSTEM requirements from the SYSTEM level requirements.




Software Architectural Design

Transform software requirements into an ARCHITECTURE
Develop an ARCHITECTURE for the interfaces of SOFTWARE ITEMS
Specify functional and performance requirements of SOUP item
Specify SYSTEM hardware and software required by SOUP item
Identify segregation necessary for RISK CONTROL
Verify software ARCHITECTURE




Software Detailed Design

The MANUFACTURER shall refine the software ARCHITECTURE
The MANUFACTURER shall develop and document a detailed design
Develop detailed design for interfaces
Verify detailed design





Verification of Software Unit

The MANUFACTURER shall establish strategies, methods and procedures for verifying each SOFTWARE UNIT.





Verification & Testin of Integrated Software

The MANUFACTURER shall verify and record the following aspects of the software integration
The MANUFACTURER shall test the integrated SOFTWARE ITEMS in accordance with the integration plan



Establishing  tests for software System Testing

The MANUFACTURER shall establish and perform a set of tests, expressed as input stimuli, expected outcomes, pass/fail criteria and procedures, for conducting SOFTWARE SYSTEM testing, such that all software requirements are covered.


Retest after changes

When changes are made during SOFTWARE SYSTEM testing, the MANUFACTURER


Software Release

The MANUFACTURER shall ensure that all ACTIVITIES and TASKS are complete along with all the associated documentation.





Establishing Software Maintenance Plan

The MANUFACTURER shall establish a software maintenance plan (or plans) for conducting the ACTIVITIES and TASKS of the maintenance PROCESS


Feed Back

The MANUFACTURER shall monitor feedback on released SOFTWARE PRODUCT from both inside its own organization and from users.


Analysis, Approval of Change Requests & Communication of Changes

Communicate to users and regulators





Implementation of Approved Modifications

The MANUFACTURER shall use the software development PROCESS (see Clause ___H5) or an established maintenance PROCESS to implement the modifications.


Risk Management Process

(All Clauses). The same will be done as a part of ISO 13485





Configuration Management

The MANUFACTURER shall establish a scheme for the unique identification of CONFIGURATION ITEMS and their VERSIONS to be controlled for the project.


Software Problem Resolution

Investigate the problem
Advise relevant parties
Use change control process
Maintain records
Analyse problems for trends
Verify software problem resolution
Test documentation contents


Note :-

* Clause 5.1.4 is applicable only for Class C and 5.1.5, 5.1.10 & 5.1.11 applicable only for Class B & C

** Clause 5.3.5 is applicable only for Class C

*** Clause 5.4.2, 5.4.3 & 5.4.4 are applicable only for Class C

**** Clause 5.5.2, 5.5.3 & 5.5.5 applicable only for Class B & C and 5.5.4 applicable only for Class C

***** Clause 5.8.1, 5.8.2, 5.8.3, 5.8.5, 5.8.6, 5.8.7 & 5.8.8 are applicable only for Class B & C

****** Clause 6.2.3 is applicable only for Class B & C

******* Clause applicable for Class A in Sec 7 is 7.4.1

Frequently Asked Questions

What is the timeline for IEC 62304 Implementation??

Generally it takes 3-4 months

Is IEC 62304 mandatory for an FDA 510(k) submission?

While IEC 62304 is not mandatory for FDA 510(k) submission, it is a recognized consensus standard that must be followed in fulfilling FDA requirements for software as a medical device (SAMD).