IEC 62304 is a functional safety standard similar to IEC 61508. Its title is “medical device software-software lifecycle processes.” IEC62304 is of the utmost importance for medical device software developers.
Scope of IEC-62304
As a functional safety standard, IEC 62304 deals with safe design and software maintenance. Its scope extends to the maintenance and development of medical device software when
- The software itself is a medical device
- The software is used as an integral part of the final medical device.
To ensure safety, this standard provides processes, activities, and different tasks.
Parts of IEC 62304
IEC 62304 comprises the following nine parts:
- Scope-Part 1
- Normative References-Part 2
- Terms and Definitions-Part 3
- General Requirements-Part 4
- Software Development Processes-Part 5
- Software Maintenance Processes-Part 6
- Software Risk Management Processes-Part 7
- Software Configuration Management Processes-Part 8, and
- Software Problem Resolution Processes-Part 9
Global-Regulation of Medical Device Industry
Several standards are implemented globally to regulate the medical device industry. With regards to the International Organization for Standardization, these standards include
- Quality Management-ISO 13485
- Risk Management-ISO 14971.
Similarly, the European Union (EU) and the USA have their own regulations. These are:
- EU Medical Device Regulation, the latest medical device regulations that have replaced EU Medical Device Directives in 2021
- FDA Regulations devised by the United States Food and Drug Administration.
IEC 62304 Software Safety Classification
The IEC 62304 classifies three different classes for the software:
- Class A: Software that cannot pose any injury or damage to health
- Class B: There is a possibility of non-serious injury
- Class C: Death or serious injury is possible from the software use.
IEC 62304 and Compliance by Software Developers
Complying with an international safety standard helps software developers in many places. For instance, if a software developer is compliant with this standard, the US’s FDA will accept compliance as proof of completion of regulatory processes, e.g., 501(k).
According to IEC 62304, well-documented processes are necessary for the developers to show better compliance. For this reason, parts 5-9 of the standard describe the software development and maintenance process.
IEC 62304: Software Development Process-Part 5
This part of IEC 6230 describes software development processes. It includes the following
- Development Planning-5.1
- Requirements Analysis-5.2
- Architectural Design-5.3
- Detailed Design-5.4
- Unit Implementation and Verification-5.5
- Integration and Integration Testing-5.6
- System Testing-5.7
All of these processes have activities and tasks which the developer must complete for each medical device class.
Examples of Implementation (for software belonging to Class B & C)
Software developers can use specific tools for fulfilling these requirements. For software belonging to classes B and C, a certified ALM tool can be used. Such a tool will help the developer generate
- test cases as per the requirements
- creating a requirements traceability matrix.
Software Unit Verification
IEC 62304 also requires developers to develop a software unit verification process for Class B and C devices. For example, developers may become able to verify a code against a coding standard for ensuring safe, secure, and reliable software. This can be done with the help of tools known as “Static Code Analyzers.”
IEC 62304: Software Maintenance Software-Part 6
This part describes processes for software maintenance and includes
- Establishment of software maintenance plan-6.1
- Problem and modification analysis-6.2
- Implementation of modifications-6.3
During this maintenance phase, it is essential to take user feedback and ensure safety. Developers can use a certified ALM tool for documenting the software maintenance plan while ensuring safety.
It is a very crucial process in the maintenance process. An ALM tool and a version control system can help developers observe all the changes occurring in the software development lifecycle. Software maintenance can also be reduced by:
- Writing the code according to an established standard
- Measuring the code quality.
IEC 62304: Software Risk Management Process-Part 7
This part describes software risk management processes and includes
- Software analysis contributing to hazardous situations-7.1
- Risk control measures-7.2
- Risk control measures’ verification-7.3
- Risk management of software changes-7.4
Examples of Implementation
With safety standards, demonstrating traceability from a hazardous situation is essential for risk control measures.
A certified ALM tool can identify hazards by conducting a Failure Modes and Effects Analysis (FMEA). This tool can then be used for connecting the threat with its appropriate risk control measure, which can then be automated using a traceability matrix.
IEC 62304: Software Configuration Management Process-Part 8
This part describes the software configuration management process and includes
- Configuration Identification-8.1
- Change Control-8.2
- Configuration Status Accounting-8.3
Examples of Implementation
With this standard, protection is provided against Software of Unknown Provenance (SOUP). SOUP is third-party software that includes open source libraries and operating systems. Part 8 of IEC 62304 contains a requirement for SOUP identification for all classes of the medical device. Static code analysis tools can be used to determine whether third-party software complies with meeting guidelines or not.
Software development tools such as Performance Static Analyzers and certified ALM tools can manage change through the software development lifecycle.
IEC 62304: Software Problem Resolution Process-Part 9
- This part describes the software problem resolution process and includes
- Problem Reports Preparation-9.1
- Problem Investigation-9.2
- Advise to Internal Parties-9.3
- Using Change Control Process-9.4
- Record Maintenance-9.5
- Problem Analysis for Trends-9.6
- Software Problem Resolution Verification-9.7
- Test Documentation Contents-9.8.
Examples of Implementation
Software problem resolution is required to be well-documented. All testing efforts can be documented with a certified ALM tool, and tests can be traced back to specific requirements or identified problems.
Use our IEC 62304-Compliant Software Solutions Today
Our solutions are prepared and developed on certified tools in the software development life cycle. Alysidia is a pioneer provider of these certified tools to help you achieve compliance with IEC 62034. Our Static Code Analysis tool is directly compliant to the IEC 62304’s Annex B.5.5, which puts forward the requirements of Static Code Analysis.
Reach out to us today by visiting our website Alysidia.com, and use our IEC 62304-compliant software solutions.