What is IEC 62304 and why is it important in SaMD development?

IEC 62304 is a global standard that sets the bar for the development and maintenance of medical software, also known as Software as a Medical Device (SaMD). It outlines a structured approach for the entire lifecycle of medical software, from design and development to deployment and maintenance.

The standard acts as a guide to ensure that medical software is reliable, effective, and most importantly, safe for patient use. It focuses on risk management, detailing steps to identify, evaluate, and control risks that could affect software performance or safety. IEC 62304 is a critical framework that helps medical device companies create software that both meets market needs and protects patients. So, if you’re involved in medical software development, understanding and following this standard is a must.

The latest version of IEC 62304, known as IEC 62304 2006 amd1 2015, is a comprehensive framework that outlines the medical device software life cycle processes. This updated standard delves deep into software development, maintenance, and risk management. It sets the bar high for quality and safety, and its globally recognized guidelines are fundamental for organizations planning to market their products internationally.

The IEC 62304 standard is organized into the following key sections:

1. Scope of IEC 62304
2. Normative References
3. Terms and Definitions
4. General Requirements
5. Software Development Process
6. Software Maintenance Process
7. Software Risk Management Process
8. Software Configuration Management Process
9. Software Problem Resolution Process

The graphic below visualizes the scope of the IEC 62304 standard. In gray you can see items that are out of scope for IEC 62304, but which do have an impact on the overall device.

In the IEC 62304 standard, businesses developing software must classify each software-based system by the severity and possible harm that it can cause for patients.

The IEC 62304 has its own safety classification:

• Class A: No injury or damage to health is possible
• Class B: Non-serious injury is possible
• Class C: Death or serious injury is possible

You can learn more about Software as Medical Device (SaMD) safety classification in our previous article, which covers a high-level definition of SaMD and its classification.

As you have seen, there are different clauses in IEC 62304, but in this article we will focus on Clause 5, which is primarily concerned with the software development process, detailing requirements from the planning stage to the final verification and validation steps. This ensures that all software is designed and tested to meet the highest quality standards.

Below you can see Clause 5 of IEC 62304 detailing the different requirements that Software as Medical Device manufacturers should follow when developing SaMD.

This clause from IEC 62304 covers how the manufacturer should establish and maintain plans for software development. The plan should detail the activities, tasks, and responsibilities within the software development process, along with the sequence and interrelation of these activities. It should also define how the manufacturer will manage the configuration, and how software problem resolution will be handled.

This section outlines the need for manufacturers to establish and maintain documented software requirements. They should also analyze these requirements to ensure they are valid and suitably detailed.

This clause discusses the need to transform software requirements into a software architecture. This design must be evaluated for its ability to meet the needs of the required system, considering the risk management and safety strategy.

This section highlights the need for creating a detailed design from the software architecture. This design should have sufficient details necessary to implement the code. Here, we add functional and safety information, any assumptions or limitations, etc.

This clause requires that software units are implemented and verified against their design. The manufacturer should show that each software unit fulfills its requirements, and correctly implements the specified detailed design.

This clause outlines the need to integrate software units and perform integration testing. The testing should verify that the interactions between software units are correct, and that the integrated software satisfies the software requirements.

This section covers the system-level testing of the software. Manufacturers should test the whole software system in its operational environment to verify that it meets the software requirements.

This clause details the final step of the software development process. The manufacturer should objectively prove that the software has fulfilled the requirements and is ready for its intended use.

The table below shows which of the requirements from Clause 5 of the IEC 62304 apply to the various safety classes.

The IEC 62304 standard is more comprehensive and includes many other details that are important for understanding the context and specifics of these sub-clauses, but for the purposes of this article we are focusing on Clause 5.

ISO 13485 is another critical standard in the medical device sector, but its focus is broader. While IEC 62304 concentrates exclusively on the software component, ISO 13485 focuses on the overall quality management system for all types of medical devices.

While ISO 13485 governs quality management systems for medical devices in general, IEC 62304 has a more targeted approach focusing solely on the software component. Both are complementary and often used together for comprehensive quality management. You should use IEC 62304 along with ISO 13485 to handle everything from secure software design and risk evaluation to version control and long-term maintenance.

Although IEC 62304 provides the core principles for software development within a Quality Management System like that of ISO 13485, it doesn’t require that an organization holds an ISO 13485 certificate.

IEC 62304 is often used in conjunction with ISO 13485, which serves as a broader quality management system standard for medical devices, covering areas beyond just software.

The IEC 62304 standard also interfaces closely with ISO 14971, the risk management standard for medical devices, to ensure that software-related risks are systematically identified and mitigated. Additionally, IEC 62304 can be integrated with other product-specific medical device standards to create a comprehensive quality and safety management framework tailored for specialized medical technologies. Adherence to the applicable standards results in a presumption of conformity with the Medical Device Directive.

Below you can see the relationship between IEC 62304 and other medical device standards.

It is important to make clear that there’s no standalone certification just for adhering to IEC 62304. The recommended route is to align with ISO 13485’s guidelines by developing a compliant Quality Management System (QMS). Once that QMS is in place and meets ISO 13485 standards, you then also apply the specific rules and recommendations that come with IEC 62304.

The U.S. Food and Drug Administration (FDA) not only recognizes but also endorses IEC 62304, making it a key standard for anyone looking to market their SaMD in the United States. Following the guidelines set in IEC 62304 can significantly streamline the process of gaining regulatory approval. In fact, many experts consider FDA’s recognition of IEC 62304 as a testament to the standard’s global applicability.

Adopting the guidelines set out in IEC 62304 offers numerous advantages, including a standardized framework for the medical device software life cycle and its focus on safety which minimizes risks, maximizes reliability and fosters trust among patients and healthcare providers alike. In essence, aligning with the IEC 62304 standard can significantly enhance your market reputation, helping you achieve FDA clearance and product market fit.

While IEC 62304  is not legally obligated, its adoption is highly recommended for ensuring software quality and facilitating regulatory compliance, both of which are crucial in the medical device sector. Complying with IEC 62304 provides a clear pathway to quality and safety – critical components in the medical device sector.

IEC 62304 is a well-known standard in the field of Software As Medical Device. By following it, you’re taking a significant step to making sure your product is both safe and high-quality. This is not only important for patient safety but also for building trust in the medical community. While it’s not a legal must, using this standard is highly recommended for long-lasting business success.

If you’re aiming to meet these high standards, make sure to contact HTD Health – we are your trusted partner who can guide you in developing safe and effective Software as a Medical Device. Contact us to discuss your next SaMD project!