Oct 05, 2023
11 min read
medtech series | author
Weronika Michaluk
Navigating the complexities of Software as a Medical Device (SaMD) demands a deep understanding of compliance and safety, specifically as they relate to IEC 62304.
This article offers an essential IEC 62304 explanation, laying out the framework for medical device software development. Whether you’re a developer, a quality manager, or a key decision-maker, knowing the ins and outs of this standard is crucial. The standard is not just an industry guideline; it’s a roadmap for ensuring Software as Medical Device meets rigorous quality and safety standards.
Get the latest news about MedTech and SaMD from our experts.
Overview of IEC 62304
IEC 62304 is a global standard that sets the bar for the development and maintenance of medical software, also known as Software as a Medical Device (SaMD). It outlines a structured approach for the entire lifecycle of medical software, from design and development to deployment and maintenance.
The standard acts as a guide to ensure that medical software is reliable, effective, and most importantly, safe for patient use. It focuses on risk management, detailing steps to identify, evaluate, and control risks that could affect software performance or safety. IEC 62304 is a critical framework that helps medical device companies create software that both meets market needs and protects patients. So, if you’re involved in medical software development, understanding and following this standard is a must.
Latest version of IEC 62304 2006 amd1 2015
The latest version of IEC 62304, known as IEC 62304 2006 amd1 2015, is a comprehensive framework that outlines the medical device software life cycle processes. This updated standard delves deep into software development, maintenance, and risk management. It sets the bar high for quality and safety, and its globally recognized guidelines are fundamental for organizations planning to market their products internationally.
Structure and requirements of IEC 62304
The IEC 62304 standard is organized into the following key sections:
- Scope of IEC 62304
- Normative References
- Terms and Definitions
- General Requirements
- Software Development Process
- Software Maintenance Process
- Software Risk Management Process
- Software Configuration Management Process
- Software Problem Resolution Process
The graphic below visualizes the scope of the IEC 62304 standard. In gray you can see items that are out of scope for IEC 62304, but which do have an impact on the overall device.
In the IEC 62304 standard, businesses developing software must classify each software-based system by the severity and possible harm that it can cause for patients.
The IEC 62304 has its own safety classification:
- Class A: No injury or damage to health is possible
- Class B: Non-serious injury is possible
- Class C: Death or serious injury is possible
You can learn more about Software as Medical Device (SaMD) safety classification in our previous article, which covers a high-level definition of SaMD and its classification.
Explanation of IEC 62304: What is Clause 5 about?
As you have seen, there are different clauses in IEC 62304, but in this article we will focus on Clause 5, which is primarily concerned with the software development process, detailing requirements from the planning stage to the final verification and validation steps. This ensures that all software is designed and tested to meet the highest quality standards.
Below you can see Clause 5 of IEC 62304 detailing the different requirements that Software as Medical Device manufacturers should follow when developing SaMD.
Clause 5.1: Software development planning
This clause from IEC 62304 covers how the manufacturer should establish and maintain plans for software development. The plan should detail the activities, tasks, and responsibilities within the software development process, along with the sequence and interrelation of these activities. It should also define how the manufacturer will manage the configuration, and how software problem resolution will be handled.
Clause 5.2: Software requirements analysis
This section outlines the need for manufacturers to establish and maintain documented software requirements. They should also analyze these requirements to ensure they are valid and suitably detailed.
Clause 5.3: Software architectural design
This clause discusses the need to transform software requirements into a software architecture. This design must be evaluated for its ability to meet the needs of the required system, considering the risk management and safety strategy.
Clause 5.4: Software detailed design
This section highlights the need for creating a detailed design from the software architecture. This design should have sufficient details necessary to implement the code. Here, we add functional and safety information, any assumptions or limitations, etc.
Clause 5.5: Software unit implementation and verification
This clause requires that software units are implemented and verified against their design. The manufacturer should show that each software unit fulfills its requirements, and correctly implements the specified detailed design.
Clause 5.6: Software integration and integration testing
This clause outlines the need to integrate software units and perform integration testing. The testing should verify that the interactions between software units are correct, and that the integrated software satisfies the software requirements.
Clause 5.7: Software system testing
This section covers the system-level testing of the software. Manufacturers should test the whole software system in its operational environment to verify that it meets the software requirements.
Clause 5.8: Software release
This clause details the final step of the software development process. The manufacturer should objectively prove that the software has fulfilled the requirements and is ready for its intended use.
The table below shows which of the requirements from Clause 5 of the IEC 62304 apply to the various safety classes.
The IEC 62304 standard is more comprehensive and includes many other details that are important for understanding the context and specifics of these sub-clauses, but for the purposes of this article we are focusing on Clause 5.
Differences between ISO 13485 and IEC 62304 explained
What is ISO 13485?
ISO 13485 is another critical standard in the medical device sector, but its focus is broader. While IEC 62304 concentrates exclusively on the software component, ISO 13485 focuses on the overall quality management system for all types of medical devices.
Relationship between ISO 13485 and IEC 62304
While ISO 13485 governs quality management systems for medical devices in general, IEC 62304 has a more targeted approach focusing solely on the software component. Both are complementary and often used together for comprehensive quality management. You should use IEC 62304 along with ISO 13485 to handle everything from secure software design and risk evaluation to version control and long-term maintenance.
Although IEC 62304 provides the core principles for software development within a Quality Management System like that of ISO 13485, it doesn’t require that an organization holds an ISO 13485 certificate.
Get the latest news about MedTech and SaMD from our experts.
Relationship of IEC 62304 to other standards
IEC 62304 is often used in conjunction with ISO 13485, which serves as a broader quality management system standard for medical devices, covering areas beyond just software.
The IEC 62304 standard also interfaces closely with ISO 14971, the risk management standard for medical devices, to ensure that software-related risks are systematically identified and mitigated. Additionally, IEC 62304 can be integrated with other product-specific medical device standards to create a comprehensive quality and safety management framework tailored for specialized medical technologies. Adherence to the applicable standards results in a presumption of conformity with the Medical Device Directive.
Below you can see the relationship between IEC 62304 and other medical device standards.
Is there IEC 62304 certification?
It is important to make clear that there’s no standalone certification just for adhering to IEC 62304. The recommended route is to align with ISO 13485’s guidelines by developing a compliant Quality Management System (QMS). Once that QMS is in place and meets ISO 13485 standards, you then also apply the specific rules and recommendations that come with IEC 62304.
FDA recognition of IEC 62304
The U.S. Food and Drug Administration (FDA) not only recognizes but also endorses IEC 62304, making it a key standard for anyone looking to market their SaMD in the United States. Following the guidelines set in IEC 62304 can significantly streamline the process of gaining regulatory approval. In fact, many experts consider FDA’s recognition of IEC 62304 as a testament to the standard’s global applicability.
Benefits and advantages of IEC 62304
Adopting the guidelines set out in IEC 62304 offers numerous advantages, including a standardized framework for the medical device software life cycle and its focus on safety which minimizes risks, maximizes reliability and fosters trust among patients and healthcare providers alike. In essence, aligning with the IEC 62304 standard can significantly enhance your market reputation, helping you achieve FDA clearance and product market fit.
Is IEC 62304 mandatory?
While IEC 62304 is not legally obligated, its adoption is highly recommended for ensuring software quality and facilitating regulatory compliance, both of which are crucial in the medical device sector. Complying with IEC 62304 provides a clear pathway to quality and safety – critical components in the medical device sector.
Meeting IEC 62304 standards and ensuring your business’ success
IEC 62304 is a well-known standard in the field of Software As Medical Device. By following it, you’re taking a significant step to making sure your product is both safe and high-quality. This is not only important for patient safety but also for building trust in the medical community. While it’s not a legal must, using this standard is highly recommended for long-lasting business success.
Schedule a consultation with our SaMD expert
If you’re aiming to meet these high standards, make sure to contact HTD Health – we are your trusted partner who can guide you in developing safe and effective Software as a Medical Device. Contact us to discuss your next SaMD project!