Today in our International Standards series, we take a look at IEC 62304. This standard defines an agreed upon framework for developing, maintaining, and assessing software safety in relation to medical technology and devices.
Complying with this standard assures compliance with harmonized global standards including FDA and EU EMA regulations.
Below, we’ll take a closer look at what IEC 62304 is, how it works to help ensure medical software safety, and why it’s important to follow this framework from the conception of your medical technology through release and beyond.
What Is IEC 62304?
IEC 62304, officially titled Medical device software — Software life cycle processes, is a standard set forth by the International Electrotechnical Commission. This safety standard functions as a software lifecycle framework that provides processes, activities, and tasks for the safe design and maintenance of software used in or as medical devices.
Specifically, IEC 62304 is meant to be used in the development of standalone medical software (SaMD), software as a component of a physical medical device, and software used in the creation of medical technology. The standard sets forth different classifications to determine the safety risk of the software based on functionality and guides the manufacturer through different components to maximize safety based on this perceived risk.
As a software lifecycle process, this standard provides guidance for the planning, development, and post-market surveillance activities of SaMD and medical technology. It is meant to be implemented early in the planning stage and continued after the market launch.
How Does IEC 62304 Help Ensure Medical Tech Safety?
The IEC 62304 safety framework is meant to be implemented along with a standardized quality management system (QMS) and risk management system. With these systems in place, IEC 62304 allows for the safe development and implementation of software that goes beyond product testing and risk analysis.
It accomplishes this by defining three safety classifications for software. Each classification carries different requirements for process development documentation. The standard is broken into nine parts, including 5 clauses specific to lifecycle safety component implementation.
Safety Classifications
The three safety classifications established by IEC 62304 are as follows:
- Class A – No injury or damage to health is possible due to software failure (lowest class).
- Class B – Injury is possible with software failure, but would not be serious.
- Class C – Software failure could result in serious injury or death (highest class).
The required process development documentation for the software depends on the safety classification, as detailed in the table below.
Documentation | Class A | Class B | Class C |
Development planning | ✔ | ✔ | ✔ |
Requirements analysis | ✔ | ✔ | ✔ |
Architectural design | ✔ | ✔ | |
Detailed design | ✔ | ||
Unit implementation | ✔ | ✔ | ✔ |
Unit verification | ✔ | ✔ | |
Integration & integration testing | ✔ | ✔ | |
System testing | ✔ | ✔ | ✔ |
Release | ✔ | ✔ | ✔ |
Much of the SaMD and medical technology associated with managing diabetes care falls into Class C. Examples include insulin pumps, CGMs, insulin dose calculators, and systems meant to alert caretakers to dangerously low or high blood sugars.
Lifecycle Safety Components
The IEC 62304 standard contains nine parts, including five components (parts 5 through 9) specific to planning, developing, and maintaining software used with or as a medical device.
- Part 1: Scope
- Part 2: Normative references
- Part 3: Terms and definitions
- Part 4: General Requirements
- Part 5: Software development (outlines the process from design to release)
- Part 6: Software maintenance (describes required maintenance processes for released software)
- Part 7: Software risk management (specifies RM processes required, including assessing failures, identifying risks, and implementing risk prevention features)
- Part 8: Software configuration management (describes configuration management processes and requirements to manage the development environment)
- Part 9: Software problem resolution (describes problem resolution processes for tracking and evaluating issues that arise)
International Standards and Government Regulations
Like ISO 13485 and ISO 14971, IEC 62304 has been adopted by national regulatory organizations. This includes the US FDA and the European Union EMA. For companies looking to launch into multiple markets, this makes it easy to achieve compliance in various countries simply by following the processes set forth by this standard.
Still, complying with standard IEC 62304, especially for Class C software, can be difficult for manufacturers and developers not familiar with these guidelines.
The need to reconcile the flow between risk management strategies set by ISO 14971 and the functional lifecycle safety standards outlined in IEC 62304 can be an especially difficult task for software developers and medical device companies.
Here at Sequenex, we have the experience and knowledge needed to streamline the development process of diabetes software to align with all applicable standards and regulations. Our developers can work with your company to design and develop the software you need to launch your medical device or medical technology.
Contact us today to find out if we are the right partner to help you create safe SaMD for the ever-expanding medical technology market.