Quick Contact
IEC 62304 Procedures for Medical Software Compliance
Compliance with IEC 62304 is a mandatory requirement for US FDA during 510k submission and the European Union’s Notified Bodies, as part of EU MDR CE Marking and IVDR technical documentation file submission.
Developing procedures compliant with IEC 62304 requires a systematic approach to software development, verification, validation, and maintenance. These procedures should be prepared to the specific needs and context of your organization and should be documented, implemented, and maintained based on a medical device quality management system platform such as ISO 13485 OR 21 CFR 820 or FDA QMSR.
Need IEC 62304 procedures for medical device software compliance? We supports SaMD companies with documentation, SOP & risk management
IEC 62304 & ISO 13485 Relationship
IEC 62304 must be implemented alongside ISO 13485, which provides the quality management framework required for the safe design, development, risk management, configuration control, and maintenance of medical device software.
IEC 62304 establishes the software lifecycle process requirements, while ISO 13485 defines the broader Quality Management System (QMS) requirements for medical device manufacturers. Although IEC 62304 assumes that software development activities are performed within a controlled QMS environment such as ISO 13485, certification to ISO 13485 is not a mandatory requirement for implementing IEC 62304
List of IEC 62304 Procedures
IEC 62304 aims to standardize the software development lifecycle (SDLC) processes specifically tailored for medical device software (firmware and standalone software). It establishes a set of requirements that help organizations manage the complexities and risks associated with medical software development, ensuring that the final product meets necessary safety and performance criteria. The below list provides procedure requirements against each class.
| No | CL# | Procedure Name | Requirement | Class | ||
|---|---|---|---|---|---|---|
| 1 | 5.1 | Software Development Planning | Establish software development plans appropriate to scope, magnitude and safety classification. | A+B+C * | ||
| 2 | 5.2 | Software Requirements Analysis | Define and document SOFTWARE SYSTEM requirements from system-level requirements. | A+B+C | ||
| 3 | 5.3 | Software Architectural Design | Transform requirements into architecture, define interfaces, specify SOUP requirements, identify risk controls, and verify architecture. | B+C * | ||
| 4 | 5.4 | Software Detailed Design | Refine architecture, develop detailed design, define interfaces, and verify design. | B+C *** | ||
| 5 | 5.5 | Verification of Software Unit | Establish strategies, methods, and procedures for verifying each software unit. | A+B+C **** | ||
| 6 | 5.6 | Verification & Testing of Integrated Software | Verify software integration and test integrated software items as per integration plan. | B+C | ||
| 7 | 5.7.1 | Software System Testing | Establish and perform system tests covering all software requirements. | B+C | ||
| 8 | 5.7.3 | Retest After Changes | Retest the software system when changes occur during testing. | B+C | ||
| 9 | 5.8 | Software Release | Ensure all lifecycle activities and documentation are complete before release. | A+B+C ***** | ||
| 10 | 6.1 | Establishing Software Maintenance Plan | Establish software maintenance plans for lifecycle maintenance activities. | A+B+C | ||
| 11 | 6.2.1 | Feedback | Monitor feedback from internal sources and users on released software products. | A+B+C | ||
| 12 | 6.2.3 6.2.4 6.2.5 |
Analysis, Approval & Communication of Changes | Analyse and approve change requests and communicate changes to users and regulators. | A+B+C ****** | ||
| 13 | 6.5 | Implementation of Approved Modifications | Implement approved modifications using development or maintenance processes. | A+B+C | ||
| 14 | 7 | Risk Management Process | Risk management activities performed in accordance with ISO 13485. | A+B+C ******* | ||
| 15 | 8 | Configuration Management | Establish configuration identification and version control for software items. | A+B+C | ||
| 16 | 9 | Software Problem Resolution | Record, investigate, analyse, resolve, and trend software problems. | A+B+C | ||
| Note |
|---|
| * Clause 5.1.4 applies only to Class C; Clauses 5.1.5, 5.1.10 & 5.1.11 apply only to Class B & C |
| ** Clause 5.3.5 applies only to Class C |
| *** Clauses 5.4.2, 5.4.3 & 5.4.4 apply only to Class C |
| **** Clauses 5.5.2, 5.5.3 & 5.5.5 apply only to Class B & C; Clause 5.5.4 applies only to Class C |
| ***** Clauses 5.8.1 to 5.8.8 apply only to Class B & C |
| ****** Clause 6.2.3 applies only to Class B & C |
| ******* Clause applicable for Class A in Section 7 is 7.4.1 |
Frequently Asked Questions
What is the timeline for IEC 62304 Implementation??
Generally it takes 3-4 months
Is IEC 62304 mandatory for an FDA 510(k) submission?
While IEC 62304 is not mandatory for FDA 510(k) submission, it is a recognized consensus standard that must be followed in fulfilling FDA requirements for software as a medical device (SAMD).