A quick introduction to medical devices standards
What is the IEC 62304 standard?
IEC 62304, titled “Medical device software – Software life-cycle processes”, is an international standard that specifies the requirements for the life-cycle of medical device software, including development and maintenance. The processes, activities, and tasks outlined in this standard establish a common framework that extends from initial planning, through requirements analysis and software testing, to device development and maintenance.
Software classification determines the required activities
The activities required by IEC 62304 vary depending on the risk that the software poses to patients and users. Both the probability of a software error causing injury and the potential severity of that injury are taken into account.
|Software documentation||Class A||Class B||Class C|
|Software development planning||✅||✅||✅|
|Software requirement analysis||✅||✅||✅|
|Software architectural design||-||✅||✅|
|Software detailed design||-||-||✅|
|Software unit implementation||✅||✅||✅|
|Software unit verification||-||✅||✅|
|Software integration & testing||-||✅||✅|
|Software system testing||✅||✅||✅|
IEC 62304 activities are tied to the Quality Management System (QMS)
IEC 62304 standard is not isolated; it aligns with other industry requirements and standards. For instance, ISO 13485 standard, titled “Medical devices – Quality management systems”, describes the requirements for quality management systems applicable to medical devices development, but is not limited to any specific discipline (mechanical, electronic, software, etc.). IEC 62304 complements ISO 13485 with specific requirements for software development.
In simple terms, a Quality Management System (QMS) is a structured framework serving as a guide. Organizations implement it to ensure consistent product quality and compliance with regulations. It encompasses a set of policies, processes, procedures, and resources necessary to plan, execute, and control the development of an organization’s products and services.
The standard does not specify how the activities should be performed
The Software Development Plan: a crucial document
The standard must be supplemented with FDA recommendations
Following the recommendations of IEC 62304 standard simplifies compliance with FDA requirements, which also mandate documentation for each activity.
However, IEC 62304 doesn’t cover everything the FDA requires. For example, IEC 62304 lacks any consideration for cybersecurity, while the FDA now requires cybersecurity risk analysis and control activities, including documented deliverables.
Furthermore, IEC 62304 may employ different terminology than the FDA. Therefore, aligning certain terms between the two is necessary, such as customer needs, design inputs, software requirements, and software design specifications, or software item, software unit, function, module, and components. A guide from the organization facilitates this correspondence.