Software development according to IEC 62304: Which requirements do you have to fulfil?

IEC 62304 is an international standard that sets minimum requirements for the most important processes of the software life cycle. It applies both to manufacturers who develop their software as an independent medical device (standalone software) and to those who merely embed software in their medical device (embedded software).

Based on DIN EN ISO 14971, the standard also describes the role of risk management within the software development process. Specifically, IEC 62304 defines requirements for the following processes of the software life cycle:

Software development
Software maintenance
Software risk management
Software Configuration Management
Software problem solving

In addition to the specific requirements for the various processes, IEC 62304 requires the use of a quality management system, a risk management system and a software safety classification.

Safety classification according to IEC 62304

The safety classification allows manufacturers of medical devices to adjust the effort required for the documentation of their software. The higher the potential damage caused by a software error, the more effort they have to put into documenting their software development.

IEC 62304 distinguishes between safety classes A, B and C, whereby the most effort must be made for safety class C. The safety classes are defined as follows:

Safety class A

For safety class A, a software error must not cause injury or damage to health. However, there is an exception to this: software systems also fall into class A if an error can lead to a situation that endangers health, but the risk is acceptable – at the latest when risk control measures are initiated. However, these measures may only be outside the software.

Safety class B

No severe damage must be possible through software systems that fall into class B. In concrete terms, this means that a software error may lead to an unacceptable risk, but according to the risk control measures, it must not result in severe damage.

Safety class C

For software systems classified as Class C, a software error can lead to serious injury or even death.

Requirements for software development according to IEC 62304

Depending on the security class of the software, a different number of requirements must be met for the documentation of the software development:

Software development plan (A, B, C)
Software requirements analysis (A, B, C)
Software architecture design (B, C)
Software design creation (C)
Implementation and verification of software units (B, C)
Software integration and integration testing (B, C)
Software system test (B, C)
Software release (A, B, C)

In a software system, the security class of the individual components may well be assessed differently. Since a different number of the above-mentioned requirements have to be fulfilled depending on the security class, it makes a lot of sense to integrate functions with a high and functions with a low security class into different components.

Of course, it must be ensured that the risks are actually limited to the corresponding components.

Risk management according to ISO 62304

The entire risk management process is also subject to certain requirements according to IEC 62304:

Analysis of the hazard situation
Risk control measures
Verification of risk control measures
Risk management of changes in the software

The norm requires that risk analysis be integrated into the entire development process. Whether all normative requirements have been met can be determined by inspecting the entire documentation. This also includes the risk management file.

Analysis of the hazard situation
Risk control measures
Verification of risk control measures
Risk management of changes in the software

The BAYOOSOFT Risk Manager offers a solution for the documentation of software development that is compliant with IEC 62304. International laws and regulations, EU directives, FDA guidelines, product and process standards, guidance documents and quality management systems form the basis of the Risk Manager.

Good to know

Traceability matrices can be used to prove that the development of medical device software conforms to IEC 62304.

These ensure that customer requirements have been checked within the framework of suitable validation processes and that they have been incorporated into the software and verified against the requirements – a demanding task, especially for large systems.

As a standard-compliant solution, the BAYOOSOFT Risk Manager combines the extension modules Requirements Engineering and REST API with risk management according to ISO 14971.

Make an appointment today for an individual product presentation. Our risk management experts will be happy to give you a detailed presentation of the BAYOOSOFT Risk Manager.

inquiry

Software development according to IEC 62304: Which requirements do you have to fulfil?

Safety classification according to IEC 62304

Requirements for software development according to IEC 62304

Risk management according to ISO 62304

Latest News